RE: SSL support in sentora
09-16-2016, 04:09 PM
(This post was last modified: 09-16-2016, 04:12 PM by Nigel.)
I've already done this years ago. How has it taken so long to implement my idea?
(02-15-2016, 09:05 PM)Me.B Wrote: *** PLEASE thread for developers or if you have sys admin knowledge ***
We are currently planning to add SSL support.
Current draft will be rewrite apache admin module and I think I found interesting solution there even to get apache module easier to extend.
Adding SSL will not be the old way using port override but instead will create a second vhost with the exact same config and adding 6 lines
Code:SLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile /etc/letsencrypt/live/domain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/domain.com/chain.pem
The above example is over let's encrypt but we would have a new folder in config where we store all SSL:
/etc/sentora/config/ssl or apache/ssl.
We could add a tool to help generating let's encrypt SSL in the right folder or even auto generate it. Same over custom SSL self signed ( let's encrypt support only public servers).
Also I think we sould more and more restrict modules access to all folders in sentora. So it can't be done like @[Diablo925] did in his module. May be later splitting the sensistive work in a API outside of the panel that can have wider access, instead of mixing the GUI with more complexe scripts.
We need to add ssl certificates validation in order to avoid that apache fails. May be a config test safe fail too and starting sentora eigther with old valid config too. Goal will less issues and users getting it the wrong way.
Uploading CSR, can be added too, but it may be later?
Mainly we need help, input and solutions.
I'm checking Diablo925 module too, as it's the existing one covering this field. I can send you some of current alpha work.
Update 1: in GUI we could add
https://www.metachris.com/2015/12/compar...tpsforfree
Looks intersting.
@[Diablo925] @[bbspike]
Also @[TGates] @[5050]
***Retail***
SCPH-39002, Running FCMB, HDD-OSD, Mini-OPL.
SCPH-30002 RSW (Automobile Collection Snow White)
SCPH-10000 x2
SCPH-15000
SCPH-18000 x2
DESR-7700
SCPH-2040X x2
Linux Kit
PSBBN V0.20, V0.30
HDD Utility V1.00, V1.01
***Dev***
DTL-H30102 Running FCMB, HDD-OSD, Mini-OPL.
DTL-H20400 - Boxed
SCPH-39002, Running FCMB, HDD-OSD, Mini-OPL.
SCPH-30002 RSW (Automobile Collection Snow White)
SCPH-10000 x2
SCPH-15000
SCPH-18000 x2
DESR-7700
SCPH-2040X x2
Linux Kit
PSBBN V0.20, V0.30
HDD Utility V1.00, V1.01
***Dev***
DTL-H30102 Running FCMB, HDD-OSD, Mini-OPL.
DTL-H20400 - Boxed
