A Couple Questions

[Xtreme2damax]

I recently followed this guide to set up a CentOS server with ISPCOnfig3.

One things I noticed is that secure traffic isn't redirected to port *443 which means if I try to access a secure page with http:// instead of https:// I either get a blank page or with the ISPConfig 3 control panel get some html informing me I am trying to access a secure page and to try typing https:// instead.

Another thing since I've followed the tutorial to the end I am wondering what's left to do to secure/harden the server?

[falko]

Quote:

Originally Posted by Xtreme2damax

One things I noticed is that secure traffic isn't redirected to port *443 which means if I try to access a secure page with http:// instead of https:// I either get a blank page or with the ISPConfig 3 control panel get some html informing me I am trying to access a secure page and to try typing https:// instead.

Do you use rewrite rules that redirect http traffic to https?

[Xtreme2damax]

Quote:

Originally Posted by falko

Do you use rewrite rules that redirect http traffic to https?

No, not currently but I was wondering how to do this on the server level so it applies to all websites and domains hosted on the system.

[till]

You can add the rewrite rule in the apache vhost master template which is used to create ne vhosts. You find the templates in /usr/local/ispconfig/server/conf/

[Xtreme2damax]

Quote:

Originally Posted by till

You can add the rewrite rule in the apache vhost master template which is used to create ne vhosts. You find the templates in /usr/local/ispconfig/server/conf/

What's the name of the file I need to edit? Is it apache_apps.vhost.master or apache_ispconfig.conf.master?

[Xtreme2damax]

Just to be a bit clearer I would like to set this on a server level so when any website/domain hosted on the server tries to access a secure page using http:// instead of https:// (such as the ISPConfig panel) they are auto redirected to https:// and can login to the panel. I don't want to redirect normal http traffic accessing non-secure pages.

I am a bit confused how to do this and was wondering if someone can post instructions on how to accomplish this? I don't have much experience with setting up and configuring a webserver from scratch.

[Xtreme2damax]

For some reason mail isn't working. I set up a forum and created a new user but the welcome/verification email never arrives.

[falko]

Quote:

Originally Posted by Xtreme2damax

For some reason mail isn't working. I set up a forum and created a new user but the welcome/verification email never arrives.

Any errors in your mail log?

[Xtreme2damax]

Quote:

Originally Posted by falko

Any errors in your mail log?

Don't think there's any errors but this is what's in /var/log/maillog

Quote:

Mar 2 01:41:01 host postfix/smtpd[4237]: disconnect from localhost[::1]
Mar 2 01:41:01 host imapd: Connection, ip=[::1]
Mar 2 01:41:01 host pop3d: Connection, ip=[::1]
Mar 2 01:41:01 host pop3d: Disconnected, ip=[::1]
Mar 2 01:41:01 host imapd: Disconnected, ip=[::1], time=0

Edit: Do I need PHP-Sendmail? The forum script's mail settings gives an option of either PHP-Mail or SMTP.

Edit: Alright, I did find the proper mail log.

Quote:

Mar 2 03:43:52 host postfix/smtpd[2212]: connect from unknown[127.0.0.1]
Mar 2 03:43:52 host postfix/smtpd[2212]: 6273D20096F: client=unknown[127.0.0.1]
Mar 2 03:43:52 host postfix/cleanup[2155]: 6273D20096F: message-id=<20130302084349.AAD1B20083F@host.domain.com>
Mar 2 03:43:52 host postfix/qmgr[2060]: 6273D20096F: from=<fail2ban@example.com>, size=812, nrcpt=1 (queue active)
Mar 2 03:43:52 host amavis[2207]: (02207-01) Passed CLEAN, <fail2ban@example.com> -> <root@host.xtemu.com>, Message-ID: <20130302084349.AAD1B20083F@host.domain.com>, mail_id: w0twF10RpqQs, Hits: -0.001, size: 382, queued_as: 6273D20096F, 682 ms
Mar 2 03:43:52 host postfix/smtp[2161]: AAD1B20083F: to=<****@host.xtemu.com>, orig_to=<root>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.9, delays=0.22/0.03/1.9/0.68, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02207-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 6273D20096F)
Mar 2 03:43:52 host postfix/qmgr[2060]: AAD1B20083F: removed
Mar 2 03:43:52 host postfix/local[2218]: 6273D20096F: to=<****@host.domain.com>, relay=local, delay=0.12, delays=0.06/0.02/0/0.04, dsn=2.0.0, status=sent (delivered to mailbox)
Mar 2 03:43:52 host postfix/local[2218]: warning: host not found: localhost
Mar 2 03:43:52 host postfix/qmgr[2060]: 6273D20096F: removed
Mar 2 03:48:52 host postfix/smtpd[2212]: timeout after END-OF-MESSAGE from unknown[127.0.0.1]
Mar 2 03:48:52 host postfix/smtpd[2212]: disconnect from unknown[127.0.0.1]
Mar 2 03:53:52 host clamd[1927]: No stats for Database check - forcing reload
Mar 2 03:53:52 host clamd[1927]: Reading databases from /var/lib/clamav
Mar 2 03:53:58 host clamd[1927]: Database correctly reloaded (1908666 signatures)
Mar 2 03:58:48 host postfix/qmgr[2060]: 0CB53200A6F: from=<*******@host.domain.com>, size=1017, nrcpt=1 (queue active)
Mar 2 03:58:49 host postfix/smtp[2833]: connect to gmail-smtp-in.l.google.com[2607:f8b0:400d:c00::1a]:25: Network is unreachable
Mar 2 03:59:19 host postfix/smtp[2833]: connect to gmail-smtp-in.l.google.com[173.194.68.26]:25: Connection timed out
Mar 2 03:59:19 host postfix/smtp[2833]: connect to alt1.gmail-smtp-in.l.google.com[2a00:1450:400c:c00::1a]:25: Network is unreachable
Mar 2 03:59:49 host postfix/smtp[2833]: connect to alt1.gmail-smtp-in.l.google.com[173.194.78.26]:25: Connection timed out
Mar 2 03:59:49 host postfix/smtp[2833]: connect to alt2.gmail-smtp-in.l.google.com[2a00:1450:4013:c00::1a]:25: Network is unreachable
Mar 2 03:59:49 host postfix/smtp[2833]: 0CB53200A6F: to=<X*******@gmail.com>, relay=none, delay=6892, delays=6831/0.07/61/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[2a00:1450:4013:c00::1a]:25: Network is unreachable)
Mar 2 04:03:48 host postfix/qmgr[2060]: 4D1482009E8: from=<ispconfig@host.xtemu.com>, size=858, nrcpt=1 (queue active)
Mar 2 04:03:48 host postfix/smtp[3078]: connect to gmail-smtp-in.l.google.com[2607:f8b0:400d:c00::1a]:25: Network is unreachable
Mar 2 04:03:58 host clamd[1927]: SelfCheck: Database status OK.
Mar 2 04:04:18 host postfix/smtp[3078]: connect to gmail-smtp-in.l.google.com[173.194.68.26]:25: Connection timed out
Mar 2 04:04:18 host postfix/smtp[3078]: connect to alt1.gmail-smtp-in.l.google.com[2a00:1450:400c:c00::1a]:25: Network is unreachable
Mar 2 04:04:48 host postfix/smtp[3078]: connect to alt1.gmail-smtp-in.l.google.com[173.194.78.26]:25: Connection timed out
Mar 2 04:04:48 host postfix/smtp[3078]: connect to alt2.gmail-smtp-in.l.google.com[2a00:1450:4013:c00::1a]:25: Network is unreachable
Mar 2 04:04:48 host postfix/smtp[3078]: 4D1482009E8: to=<********@gmail.com>, relay=none, delay=21391, delays=21331/0.08/60/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[2a00:1450:4013:c00::1a]:25: Network is unreachable)

Another question, what should /etc/hosts and /etc/resolv.conf contain? I am a bit confused with those so any help would be appreciated.

My current /etc/hosts:

Quote:

127.0.0.1 host.mydomain.com host
::1 host.mydomain.com host

This is what I currently have in /etc/resolv.conf:

Quote:

nameserver 192.168.1.1
# Generated by NetworkManager
domain mydomain.com
search mydomain.com

[Xtreme2damax]

Another problem I am experiencing is with Mybb (bulletin board), whenever I try to upload attachments I get a 500 internal server error.