SSL on port 8080 and 8081

Discussion in 'Installation/Configuration' started by EckyBrazz, Aug 2, 2012.

  1. EckyBrazz

    EckyBrazz New Member

    Hi,

    When I use https on port 8080 every thing is fine, but when I use https on port 8081 I get

    Code:
    Secure Connection Failed      
    An error occurred during a connection to XXXX.com.br:8081.
    SSL received a record that exceeded the maximum permissible length.
    (Error code: ssl_error_rx_record_too_long)
    
      The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
      Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
     
  2. till

    till Super Moderator

    There is no ssl for port 8081 enabled, so if you access a http vhost by https, you get the error message that you posted above.
     
  3. EckyBrazz

    EckyBrazz New Member

    How to enabel ssl on port 8081.

    My apps.vhost looks like this

    Code:
            listen 8081;
    
            server_name _;
    
            root   /var/www/apps;
    
            client_max_body_size 20M;
    
            location / {
                   index index.php index.html;
            }
    
            # serve static files directly
            location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt)$ {
                   access_log        off;
            }
    
            location ~ \.php$ {
                   try_files $uri =404;
                   include /etc/nginx/fastcgi_params;
                   fastcgi_pass unix:/var/lib/php5-fpm/apps.sock;
                   fastcgi_index index.php;
                   fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                   fastcgi_param PATH_INFO $fastcgi_script_name;
                   fastcgi_buffer_size 128k;
                   fastcgi_buffers 256 4k;
                   fastcgi_busy_buffers_size 256k;
                   fastcgi_temp_file_write_size 256k;
            }
    
            location ~ /\. {
                   deny  all;
            }
    
            location /phpmyadmin {
                   root /usr/share/;
                   index index.php index.html index.htm;
                   location ~ ^/phpmyadmin/(.+\.php)$ {
                           try_files $uri =404;
                           root /usr/share/;
                           include /etc/nginx/fastcgi_params;
                           # To access phpMyAdmin, the default user (like www-data on Debian/Ubuntu) must be used
                           fastcgi_pass 127.0.0.1:9000;
                           fastcgi_param HTTPS on; # <-- add this line
                           fastcgi_param HTTPS $fastcgi_https; # <-- add this line
                           fastcgi_index index.php;
                           fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                           fastcgi_buffer_size 128k;
                           fastcgi_buffers 256 4k;
                           fastcgi_busy_buffers_size 256k;
                           fastcgi_temp_file_write_size 256k;
                           fastcgi_read_timeout 240;
                   }
                   location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
                           root /usr/share/;
                   }
            }
            location /phpMyAdmin {
                   rewrite ^/* /phpmyadmin last;
            }
    
    
     
  4. falko

    falko Super Moderator

    Take a look at the ISPConfig vhost and copy over the SSL lines to the apps vhost (that way you will be using the same SSL cert as the ISPConfig interface).
     
  5. EckyBrazz

    EckyBrazz New Member

    Thanks for your reply Falko,

    It works, but had to take the lines out again, because the clients don't know that they have to use https now.

    Is it possible to configure it that they can choose either http or https ?
     
    Last edited: Aug 3, 2012
  6. falko

    falko Super Moderator

    No, not on the same port.
     
  7. Trixor

    Trixor New Member

    apps.vhost

    Hi,

    I am able to make it work by adjusting apps.vhost, but whenever I change
    something in the ISPConfig configuration, it overwrite's apps.vhost defaulting it back to a non-ssl connection. How can I configure it in ISPConfig so that it remains ssl, or if that is not possible, what action should I refrain from doing so it does not rewrite apps.vhost.

    Thanks,
    Trixor

    EDIT: And I figured something out that works:
    Put this in your Server config -> Web -> Apps-vhost port

    8081 ssl; ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt; ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key
     
    Last edited: Nov 7, 2012

Share This Page