Using SSL with ISPConfig3

Discussion in 'Installation/Configuration' started by pfahrun, Feb 21, 2012.

  1. pfahrun

    pfahrun New Member

    Dear ISPConfig3 admins,

    I installed my ISPConfig3 recently on a Debain server based on the common HowTo HowTo.

    Everything is working fine (PureFTPd, Postfix, Apache2, etc.). However I am experiencing trouble in using SSL on a website. I followed this instruction - but it will not work properly. As outlined in the instruction and the manual I assigned the server IP to the website. Although SSL is working now, I cannot reach my other websites, which i configured in ISPConfig3. I get always reditirected to the SSL website. If I leave the IP, SSL is not working, but at least my other websites are working.

    Do you have any idea how to solve it? It is driving me crazy...

    System:
    Debian Server on a virtual machine with VMWare | One unique physical IP

    In the following you find the config Files.
    httpd.conf - kein Inhalt

    port.conf
    Code:
    # If you just change the port or add more ports here, you will likely also
    # have to change the VirtualHost statement in
    # /etc/apache2/sites-enabled/000-default
    # This is also true if you have upgraded from before 2.2.9-3 (i.e. from
    # Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
    # README.Debian.gz
    
    NameVirtualHost *:80
    Listen 80
    
    <IfModule mod_ssl.c>
        # If you add NameVirtualHost *:443 here, you will also have to change
        # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
        # to <VirtualHost *:443>
        # Server Name Indication for SSL named virtual hosts is currently not
        # supported by MSIE on Windows XP.
    Listen 443
    </IfModule>
    
    <IfModule mod_gnutls.c>
    Listen 443
    </IfModule>
    ISPConfig.config
    Code:
    ################################################
    # ISPConfig Logfile configuration for vlogger
    ################################################
    
    LogFormat "%v %h %l %u %t \"%r\" %>s %B \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig
    CustomLog "| /usr/local/ispconfig/server/scripts/vlogger -s access.log -t \"%Y%m%d-access.log\" -d \"/etc/vlogger-dbi.conf\" /var/log/ispconfig/httpd" combined_ispconfig
    
    <Directory /var/www/clients>
        AllowOverride None
        Order Deny,Allow
        Deny from all
    </Directory>
    
    # Do not allow access to the root file system of the server for security reasons
    <Directory />
        AllowOverride None
        Order Deny,Allow
        Deny from all
    </Directory>
    
    <Directory /var/www/conf>
        AllowOverride None
        Order Deny,Allow
        Deny from all
    </Directory>
    
    # Except of the following directories that contain website scripts
    <Directory /usr/share/phpmyadmin>
            Order allow,deny
            Allow from all
    </Directory>
    
    <Directory /usr/share/phpMyAdmin>
            Order allow,deny
            Allow from all
    </Directory>
    
    <Directory /usr/share/squirrelmail>
            Order allow,deny
            Allow from all
    </Directory>
    
    # allow path to awstats and alias for awstats icons
    <Directory /usr/share/awstats>
            Order allow,deny
            Allow from all
    </Directory>
    
    Alias /awstats-icon "/usr/share/awstats/icon"
    
    
    NameVirtualHost *:80 
    NameVirtualHost *:443 
    vhost file for the SSL website:
    Code:
    
    
        # suexec enabled
        SuexecUserGroup web8 client1
        # Clear PHP settings of this website
        <FilesMatch "\.ph(p3?|tml)$">
            SetHandler None
        </FilesMatch>
        # php as fast-cgi enabled
    	# For config options see: [url]http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html[/url]
        <IfModule mod_fcgid.c>
            IdleTimeout 300
            ProcessLifeTime 3600
            # MaxProcessCount 1000
            DefaultMinClassProcessCount 0
            DefaultMaxClassProcessCount 100
            IPCConnectTimeout 3
            IPCCommTimeout 360
            BusyTimeout 300
        </IfModule>
        <Directory /var/www/login1.tld/web>
            AddHandler fcgid-script .php .php3 .php4 .php5
            FCGIWrapper /var/www/php-fcgi-scripts/web8/.php-fcgi-starter .php
            Options +ExecCGI
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
        <Directory /var/www/clients/client1/web8/web>
            AddHandler fcgid-script .php .php3 .php4 .php5
            FCGIWrapper /var/www/php-fcgi-scripts/web8/.php-fcgi-starter .php
            Options +ExecCGI
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
    
    
        # add support for apache mpm_itk
        <IfModule mpm_itk_module>
          AssignUserId web8 client1
        </IfModule>
    
        <IfModule mod_dav_fs.c>
    	  # Do not execute PHP files in webdav directory
          <Directory /var/www/clients/client1/web8/webdav>
    	    <FilesMatch "\.ph(p3?|tml)$">
              SetHandler None
            </FilesMatch>
          </Directory>
          # DO NOT REMOVE THE COMMENTS!
          # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
          # WEBDAV BEGIN
          # WEBDAV END
        </IfModule>
    
    
    </VirtualHost>
    <VirtualHost *:443>
          DocumentRoot /var/www/login1.tld/web
      
        ServerName login1.tld
        ServerAlias [url]www.login1.tld[/url]
        ServerAdmin [email][email protected][/email]
    
        ErrorLog /var/log/ispconfig/httpd/login1.tld/error.log
    
    
        ErrorDocument 400 /error/400.html
        ErrorDocument 401 /error/401.html
        ErrorDocument 403 /error/403.html
        ErrorDocument 404 /error/404.html
        ErrorDocument 405 /error/405.html
        ErrorDocument 500 /error/500.html
        ErrorDocument 502 /error/502.html
        ErrorDocument 503 /error/503.html
    
        <IfModule mod_ssl.c>
    	SSLEngine on
        SSLCertificateFile /var/www/clients/client1/web8/ssl/login1.tld.crt
        SSLCertificateKeyFile /var/www/clients/client1/web8/ssl/login1.tld.key
        </IfModule>
        <Directory /var/www/login1.tld/web>
            Options FollowSymLinks
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
        <Directory /var/www/clients/client1/web8/web>
            Options FollowSymLinks
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
    
    
    
        # suexec enabled
        SuexecUserGroup web8 client1
        # Clear PHP settings of this website
        <FilesMatch "\.ph(p3?|tml)$">
            SetHandler None
        </FilesMatch>
        # php as fast-cgi enabled
    	# For config options see: [url]http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html[/url]
        <IfModule mod_fcgid.c>
            IdleTimeout 300
            ProcessLifeTime 3600
            # MaxProcessCount 1000
            DefaultMinClassProcessCount 0
            DefaultMaxClassProcessCount 100
            IPCConnectTimeout 3
            IPCCommTimeout 360
            BusyTimeout 300
        </IfModule>
        <Directory /var/www/login1.tld/web>
            AddHandler fcgid-script .php .php3 .php4 .php5
            FCGIWrapper /var/www/php-fcgi-scripts/web8/.php-fcgi-starter .php
            Options +ExecCGI
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
        <Directory /var/www/clients/client1/web8/web>
            AddHandler fcgid-script .php .php3 .php4 .php5
            FCGIWrapper /var/www/php-fcgi-scripts/web8/.php-fcgi-starter .php
            Options +ExecCGI
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
    
    
        # add support for apache mpm_itk
        <IfModule mpm_itk_module>
          AssignUserId web8 client1
        </IfModule>
    
        <IfModule mod_dav_fs.c>
    	  # Do not execute PHP files in webdav directory
          <Directory /var/www/clients/client1/web8/webdav>
    	    <FilesMatch "\.ph(p3?|tml)$">
              SetHandler None
            </FilesMatch>
          </Directory>
          # DO NOT REMOVE THE COMMENTS!
          # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
          # WEBDAV BEGIN
          # WEBDAV END
        </IfModule>
    
    
    </VirtualHost>
     
  2. pfahrun

    pfahrun New Member

    Warum ist die httpd.conf eigetnlcih leer? Ist das normal bei ISPConfig3?
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    Dont mix * and IP in the website settings. Set all websites to use the IP address and not *.



    Thats normal on Debian Linux and not related to ISPConfig. The file exists on Debian for legacy reasons and is not used anymore.
     
  4. pfahrun

    pfahrun New Member

    Thank you Till.

    I assigned the IP to all websites. But I still have the weird problem that independently from the entered domain only one (my joomla page) is opened. Except when I use the prefix https:// for my ssl website - Than the website will be opened. Any ideas?

    I associated the domains with the IP address of my server in the host file of my windows client (C:\Windows\System32\drivers\etc) to access the websites. I do not think that there is something wrong as it worked fine without SSL.
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    SSL is a IP based protocol, so when you use https, then the only ssl based website will get opned that is defoned on that IP. The domain name does not matter here.

    If you use http, then apache should show the website based on the Domain name. You should ensure that all domains point to that IP in dns and that they have a a record for the domain and a a or cname record for the www subdomain and that auto subdomain www is enabled in the website in all sites.

    The behaviour that I described here is the normal behaviour of apache when you use ssl, for that reason you use normally a dedicated IP address for the SSL website which is not used by any other site.
     
  6. pfahrun

    pfahrun New Member

    It is kind of weird - even if I disable SSL and assign IPs to my various webistes only the first website, I assigned the IP to is shown for every domain. Kind of funny that it is working (without SSL) if I use * for the IP....I have the feeling ISPConfig 3 attempts to drive me crazy...

    Do I realy need to use DNS? TO be honest I have no idea how to configure it properly. What do I enter for ns1 and ns2?

    Thank you very much in advance.
     
  7. pfahrun

    pfahrun New Member

    I also added DNS entries for every domain - still nothing is working. A ssoon as I use the static IP for one website every domain request shows the same website....I have no clue what I am doing wrong
     
  8. falko

    falko Super Moderator ISPConfig Developer

    Can you check if your hostnames/domains point to the correct IP addresses? You can check like this:
    Code:
    dig www.yourdomain.com
     

Share This Page