ssl problem

Discussion in 'Installation/Configuration' started by sfimedia, Jun 9, 2009.

  1. sfimedia

    sfimedia New Member

    I have tried to setup ssl one one of my domains through the ispconfig cp but could not do it for some reason. I am sure I set up ssl at the installation but cannot rememeber athough I do go through https to get to the admin area so I assumed it was there somewhere.

    Anyway I reinstalled mod_ssl etc. Everything is fine but when I go to https on any of my sites I get the centos test screen. I assume since I installed after ispconfig, ispconfig does not recogonise it.

    So in short what do I need to do to get https working on an individual domain basis through ispconfig? ie when I check ssl in admin.
     
  2. till

    till Super Moderator

    You have to enable ssl in the site settings of the isponfig site were you want to use ssl and then create a ssl cert in ispconfig.
     
  3. sfimedia

    sfimedia New Member

    If I installed mod_ssl after ispconfig would this overwrite any files or setup a generic ssl system outside ispconfig. Every site whether ssl is checked in the site admin has https coming up with the apache test page but cannot see any of the domain pages.
     
  4. falko

    falko Super Moderator

    What's the output of
    Code:
    ifconfig
    , and what's in Vhosts_ispconfig.conf?
     
  5. sfimedia

    sfimedia New Member

    vhost details for the secure domain

    #
    ######################################
    # Vhost: www.xxxxx.uk:80
    ######################################
    #
    #
    <VirtualHost 87.106.63.85:80>
    ServerName www.xxxxx.uk:80
    ServerAdmin webmaster@xxxx.uk
    DocumentRoot /var/www/web24/web
    ServerAlias xxxx.uk secure.xxxx.uk
    DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
    Alias /cgi-bin/ /var/www/web24/cgi-bin/
    AddHandler cgi-script .cgi
    AddHandler cgi-script .pl
    ErrorLog /var/www/web24/log/error.log
    AddType application/x-httpd-php .php .php3 .php4 .php5
    php_admin_flag safe_mode Off
    <IfModule mod_ruby.c>
    <Directory /var/www/web24/web>
    Options +ExecCGI
    </Directory>
    RubyRequire apache/ruby-run
    #RubySafeLevel 0
    <Files *.rb>
    SetHandler ruby-object
    RubyHandler Apache::RubyRun.instance
    </Files>
    <Files *.rbx>
    SetHandler ruby-object
    RubyHandler Apache::RubyRun.instance
    </Files>
    </IfModule>
    <IfModule mod_python.c>
    <Directory /var/www/web24/web>
    Options +Indexes +FollowSymLinks +MultiViews
    AllowOverride Indexes AuthConfig Limit FileInfo
    Order allow,deny
    allow from all
    AddHandler mod_python .py
    PythonHandler mod_python.publisher
    PythonDebug On
    </Directory>
    </IfModule>
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
    Alias /error/ "/var/www/web24/web/error/"
    ErrorDocument 400 /error/invalidSyntax.html
    ErrorDocument 401 /error/authorizationRequired.html
    ErrorDocument 403 /error/forbidden.html
    ErrorDocument 404 /error/fileNotFound.html
    ErrorDocument 405 /error/methodNotAllowed.html
    ErrorDocument 500 /error/internalServerError.html
    ErrorDocument 503 /error/overloaded.html
    AliasMatch ^/~([^/]+)(/(.*))? /var/www/web24/user/$1/web/$3
    AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web24/user/$1/web/$3
    <IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
    RewriteRule .* - [F]
    </IfModule>
    </VirtualHost>
    #
    #

    ifconfig settings


    eth0 Link encap:Ethernet HWaddr 00:30:05:F7:7C:D0
    inet addr:87.106.63.85 Bcast:87.106.63.85 Mask:255.255.255.255
    inet6 addr: fe80::230:5ff:fef7:7cd0/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:25264954 errors:0 dropped:0 overruns:0 frame:0
    TX packets:12384927 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:3849587283 (3.5 GiB) TX bytes:2415340702 (2.2 GiB)
    Interrupt:23 Base address:0xc000

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:54985 errors:0 dropped:0 overruns:0 frame:0
    TX packets:54985 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:4997349 (4.7 MiB) TX bytes:4997349 (4.7 MiB)
     
    Last edited: Jun 10, 2009
  6. falko

    falko Super Moderator

    I don't see an SSL vhost in Vhosts_ispconfig.conf...
     
  7. sfimedia

    sfimedia New Member

    exactly, any idea why? I go into the ispconfig admin area using https but nothing appear on the domains once I check checkbox ssl.
     
  8. falko

    falko Super Moderator

    What's the output of
    Code:
    ls -la /root/ispconfig
    ? Are there any warnings in /home/admispconfig/ispconfig/ispconfig.log?
    Do you get any errors when you run
    Code:
    /root/ispconfig/php/php /root/ispconfig/scripts/writeconf.php
    ?
     
  9. sfimedia

    sfimedia New Member

    right I have the secure server working and picking up the files within the domain I need to have it working on, the problem is my other domains not related to this domain are also showing these files. So for instance if the https://domain1.co.uk/index.php is great and what I want. But my other accounts ie https://domain2.co.uk/index.php is showing up the with the site files from domain1 as is all the other https domains not using http though thankfully.

    Any ideas?? How I can stop https working on the other domains.

    Thanks in advance
     
  10. falko

    falko Super Moderator

    Can you post your Vhosts_ispconfig.conf again?
     
  11. sfimedia

    sfimedia New Member

    Thanks for this. Domain 1 is the domain which is working with the secure files etc which is great. So you type https://www.domain1.co.uk/blah this will work. Domain 2 is the picking up domain 1 when logging into https://www.domain2.co.uk/blah. But not when you type http://www.domain2.co.uk/blah it will pick up its actual files. It will only be a matter of time when my clients will see this odd website on the secure server.

    Tried to add ssl to domain 2 but it says that it is already ssl with other domain which is correct.






    #
    #
    ######################################
    # Vhost: www.domain2.co.uk:80
    ######################################
    #
    #
    <VirtualHost 87.106.63.85:80>
    ServerName www.domain2.co.uk:80
    ServerAdmin webmaster@domain2.co.uk
    DocumentRoot /var/www/web20/web
    ServerAlias www.xxxxxx.me.uk www.domain2.co.uk domain2.co.uk
    DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
    Alias /cgi-bin/ /var/www/web20/cgi-bin/
    AddHandler cgi-script .cgi
    AddHandler cgi-script .pl
    ErrorLog /var/www/web20/log/error.log
    AddType application/x-httpd-php .php .php3 .php4 .php5
    php_admin_flag safe_mode On
    php_admin_value open_basedir /var/www/web20/
    php_admin_value file_uploads 1
    php_admin_value upload_tmp_dir /var/www/web20/phptmp/
    php_admin_value session.save_path /var/www/web20/phptmp/
    <IfModule mod_ruby.c>
    <Directory /var/www/web20/web>
    Options +ExecCGI
    </Directory>
    RubyRequire apache/ruby-run
    #RubySafeLevel 0
    <Files *.rb>
    SetHandler ruby-object
    RubyHandler Apache::RubyRun.instance
    </Files>
    <Files *.rbx>
    SetHandler ruby-object
    RubyHandler Apache::RubyRun.instance
    </Files>
    </IfModule>
    <IfModule mod_python.c>
    <Directory /var/www/web20/web>
    Options +Indexes +FollowSymLinks +MultiViews
    AllowOverride Indexes AuthConfig Limit FileInfo
    Order allow,deny
    allow from all
    AddHandler mod_python .py
    PythonHandler mod_python.publisher
    PythonDebug On
    </Directory>
    </IfModule>
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
    Alias /error/ "/var/www/web20/web/error/"
    ErrorDocument 400 /error/invalidSyntax.html
    ErrorDocument 401 /error/authorizationRequired.html
    ErrorDocument 403 /error/forbidden.html
    ErrorDocument 404 /error/fileNotFound.html
    ErrorDocument 405 /error/methodNotAllowed.html
    ErrorDocument 500 /error/internalServerError.html
    ErrorDocument 503 /error/overloaded.html
    AliasMatch ^/~([^/]+)(/(.*))? /var/www/web20/user/$1/web/$3
    AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web20/user/$1/web/$3
    <IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
    RewriteRule .* - [F]
    </IfModule>
    </VirtualHost>
    #
    #
    #
    ######################################
    # Vhost: www.domain1.uk:80
    ######################################
    #
    #
    <VirtualHost 87.106.63.85:80>
    ServerName www.domain1.uk:80
    ServerAdmin webmaster@domain1.uk
    DocumentRoot /var/www/web24/web
    ServerAlias domain1.uk secure.domain1.uk
    DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
    Alias /cgi-bin/ /var/www/web24/cgi-bin/
    AddHandler cgi-script .cgi
    AddHandler cgi-script .pl
    ErrorLog /var/www/web24/log/error.log
    AddType application/x-httpd-php .php .php3 .php4 .php5
    php_admin_flag safe_mode Off
    <IfModule mod_ruby.c>
    <Directory /var/www/web24/web>
    Options +ExecCGI
    </Directory>
    RubyRequire apache/ruby-run
    #RubySafeLevel 0
    <Files *.rb>
    SetHandler ruby-object
    RubyHandler Apache::RubyRun.instance
    </Files>
    <Files *.rbx>
    SetHandler ruby-object
    RubyHandler Apache::RubyRun.instance
    </Files>
    </IfModule>
    <IfModule mod_python.c>
    <Directory /var/www/web24/web>
    Options +Indexes +FollowSymLinks +MultiViews
    AllowOverride Indexes AuthConfig Limit FileInfo
    Order allow,deny
    allow from all
    AddHandler mod_python .py
    PythonHandler mod_python.publisher
    PythonDebug On
    </Directory>
    </IfModule>
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
    Alias /error/ "/var/www/web24/web/error/"
    ErrorDocument 400 /error/invalidSyntax.html
    ErrorDocument 401 /error/authorizationRequired.html
    ErrorDocument 403 /error/forbidden.html
    ErrorDocument 404 /error/fileNotFound.html
    ErrorDocument 405 /error/methodNotAllowed.html
    ErrorDocument 500 /error/internalServerError.html
    ErrorDocument 503 /error/overloaded.html
    AliasMatch ^/~([^/]+)(/(.*))? /var/www/web24/user/$1/web/$3
    AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web24/user/$1/web/$3
    <IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
    RewriteRule .* - [F]
    </IfModule>
    </VirtualHost>
    #
    <IfModule mod_ssl.c>
    <VirtualHost 87.106.63.85:443>
    ServerName www.domain1.uk:443
    ServerAdmin webmaster@domain1.uk
    DocumentRoot /var/www/web24/web
    ServerAlias domain1.uk secure.domain1.uk
    DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
    Alias /cgi-bin/ /var/www/web24/cgi-bin/
    AddHandler cgi-script .cgi
    AddHandler cgi-script .pl
    ErrorLog /var/www/web24/log/error.log
    AddType application/x-httpd-php .php .php3 .php4 .php5
    php_admin_flag safe_mode Off
    <IfModule mod_ruby.c>
    <Directory /var/www/web24/web>
    Options +ExecCGI
    </Directory>
    RubyRequire apache/ruby-run
    #RubySafeLevel 0
    <Files *.rb>
    SetHandler ruby-object
    RubyHandler Apache::RubyRun.instance
    </Files>
    <Files *.rbx>
    SetHandler ruby-object
    RubyHandler Apache::RubyRun.instance
    </Files>
    </IfModule>
    <IfModule mod_python.c>
    <Directory /var/www/web24/web>
    Options +Indexes +FollowSymLinks +MultiViews
    AllowOverride Indexes AuthConfig Limit FileInfo
    Order allow,deny
    allow from all
    AddHandler mod_python .py
    PythonHandler mod_python.publisher
    PythonDebug On
    </Directory>
    </IfModule>
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
    SSLEngine on
    SSLCertificateFile /var/www/web24/ssl/www.domain1.uk.crt
    SSLCertificateKeyFile /var/www/web24/ssl/www.domain1.uk.key
    Alias /error/ "/var/www/web24/web/error/"
    ErrorDocument 400 /error/invalidSyntax.html
    ErrorDocument 401 /error/authorizationRequired.html
    ErrorDocument 403 /error/forbidden.html
    ErrorDocument 404 /error/fileNotFound.html
    ErrorDocument 405 /error/methodNotAllowed.html
    ErrorDocument 500 /error/internalServerError.html
    ErrorDocument 503 /error/overloaded.html
    AliasMatch ^/~([^/]+)(/(.*))? /var/www/web24/user/$1/web/$3
    AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web24/user/$1/web/$3
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
    <IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
    RewriteRule .* - [F]
    </IfModule>
    </VirtualHost>
    </IfModule>
    #
     
  12. till

    till Super Moderator

    The setup and the behaviour of the server is fine. You need a dedicated IP address for every SSL enabled site, thats a requirement of the ssl protocol and not in ispconfig. So get an additional IP, select this IP for the second website and then you will be able to enable SSL for the second site.
     
  13. sfimedia

    sfimedia New Member

    I only want one ssl enabled website which works fine with this IP address. I just want the other domains not to show this website when you type in the https:// with the other domains hosted on my server. I don't want anything showing at all when you type https:// with the other domains. Surely this is not right?
     
  14. till

    till Super Moderator

    This is absolutely ok as it is now. SSL sites are IP based, so every other site that uses the same IP will be redirectde there. If you dont want the other sites to be redirected, then you need a different IP address for them.
     
  15. sfimedia

    sfimedia New Member

    ah okay I see!!! Yes this would be more secure. Thanks for this. Will purchase and IP for this domain.
     

Share This Page