This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Having both HTTP & HTTPS (Port 443 and Port 80) sites on a server
#1
Having both HTTP & HTTPS (Port 443 and Port 80) sites on a server
Most of my sites are using SSL with Let's Encrypt. However, I'm looking to migrate some sites over which don't currently have SSL. To make it seamless, and so end users don't get an error about a self signed certificate, I'm looking to enable port 80 traffic. Then, once the DNS change has fully propagated, I can get Let's Encrypt to issue a cert for the migrated site.

Right now my server is basically redirecting everything to port 443. Under the Apache Admin Module, I've got the Apache Port set to 443. All other domains have an overwritten Virtual Host Settings that forward to 443 and point towards the certificate. However, I can't seem to get a single domain to not try to redirect to port 80.

My vhosts file (/etc/sentora/configs/apache/httpd-vhosts.conf) only has "Listen 443" at the top. If I remember correctly, adding port 80 as well caused HTTPD to fail to restart/load.

I am running CentOS Core 7.3.1611 on kernel 2.6.32-042stab120.16 with Sentora 1.0.3 installed.

Thanks!
Gordon
Reply
Thanks given by:
#2
RE: Having both HTTP & HTTPS (Port 443 and Port 80) sites on a server
1. You can create let's encrypt SSL without HTTP 80 even public, you can use DNS to athentificate with let's encrypt.

2. you can have both 80 & 443 enabled, all you have to do is create the SSL vhost & include it manually & don't use the process in the doc to set port override.

M B
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS
Reply
Thanks given by: dsmarter
#3
RE: Having both HTTP & HTTPS (Port 443 and Port 80) sites on a server
(08-13-2017, 07:17 AM)dsmarter Wrote: I've got the Apache Port set to 443. All other domains have an overwritten Virtual Host Settings that forward to 443 and point towards the certificate. However, I can't seem to get a single domain to not try to redirect to port 80.

Apache service port should not be set to 443. It should always be 80 otherwise none of your non-ssl sites will work. All you need to do is change that back to 80 (From the command line as root you can enter: setso --set apache_port 80). If you are using SSL for your panel login, you change Sentora Apache Port to 443 and add your SSL information for the panel login in Global Sentora Entry adding a port forward at the end:
Code:
SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile /etc/letsencrypt/live/cp.xxxxxx.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cp.xxxxxx.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/cp.xxxxxx.com/chain.pem
# Keeping below for future upgrades.
# Requires Apache >= 2.4
SSLCompression off
</virtualhost>
# PORT FORWARD FROM 80 TO: 443
<virtualhost *:80>
ServerName cp.xxxxxx.com
ServerAdmin postmaster@xxxxxx.com
Redirect permanent / https://cp.xxxxxx.com/


For your other domains, you select them in the custom vhost section and set port override: 443 then check Forward Port 80 to Overriden Port and add your SSL information in the Custom Entry box:
Code:
SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile /etc/letsencrypt/live/xxxxxx.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/xxxxxx.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/xxxxxx.com/chain.pem
# Keeping below for future upgrades.
# Requires Apache >= 2.4
SSLCompression off
-TGates - Project Council

SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE

Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Reply
Thanks given by:
#4
RE: Having both HTTP & HTTPS (Port 443 and Port 80) sites on a server
To test this out (I had some issues switching from port 80 to port 443 on my prod server), I have set up a second VPS using this method.

The service port is 80 and I have attempted to use the VHost over ride to redirect from 80 to 443. I add in the 443 into the port override box, tick forward port 80 to overridden port and put in this:

Code:
SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile /etc/letsencrypt/live/my.domain/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/my.domain/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/my.domain/chain.pem
# Keeping bellow for future upgrades.
# Requires Apache >= 2.4
SSLCompression off
I run the sentora daemon and restart httpd service. I can see in the vhosts config that the re-direct vhosts entry has been correctly added.

Prior to doing the above, port 80 works fine. After doing the above, port 80 gives me a connection error. If I add https:// to the beginning of the domain it loads properly.

Any ideas what else I'm missing? Once I can get this working, I'll migrate my domains over and try to switch the original server over to a proper setup with port 80 as the service port.
Thanks,
Gordon
Reply
Thanks given by:
#5
RE: Having both HTTP & HTTPS (Port 443 and Port 80) sites on a server
PM me a copy of your httpd-vhosts.conf file and I'll take a look. You could be having the same issue as this thread: HTTP Service closed (Port 80 Closed)‍ ‍ which I am working on also.
-TGates - Project Council

SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE

Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Reply
Thanks given by:
#6
RE: Having both HTTP & HTTPS (Port 443 and Port 80) sites on a server
@TGates, I've PMed you the config.
Reply
Thanks given by:
#7
RE: Having both HTTP & HTTPS (Port 443 and Port 80) sites on a server
Okay, so now that I am home from work and can play around, I noticed that in the "/etc/sentora/configs/apache/httpd-vhosts.conf" file, "Listen 80" was not present. Once I add this, it seems to redirect correctly.

Hopefully this is useful to someone else!
Reply
Thanks given by:
#8
RE: Having both HTTP & HTTPS (Port 443 and Port 80) sites on a server
Whenever I run the Sentora Daemon, it Removes the Listen 80 from the "/etc/sentora/configs/apache/httpd-vhosts.conf" file. I added it to the top of "/etc/sentora/configs/apache/httpd.conf" and it remains when I run the daemon.

Is this the correct way to do this or is there a better way?

Thanks again,
Gordon
Reply
Thanks given by:
#9
RE: Having both HTTP & HTTPS (Port 443 and Port 80) sites on a server
This is the exact same issue as HTTP Service closed (Port 80 Closed)


Me.B I did a push to master branch with this fix. https://github.com/sentora/sentora-core/...76e30f3509

Quote:Fixes issue if not using any sites on port 80
Example: All sites are using SSL, Listen 80 was not being added to the
httpd-vhosts.conf file to allow redirect from 80 to 443.

This is where the issue is in /modules/apache_admin/hooks/OnDeamonRun.hook.php lines 60-63:
PHP Code:
    while ($rowport $portQuery->fetch()) {
        $customPorts[] = (empty($rowport['vh_custom_port_in'])) ? $VHostDefaultPort $rowport['vh_custom_port_in'];
    }
    $customPortList array_unique($customPorts); 

My suggested work around which seems to work for now unless there is  a better way is:
PHP Code:
   while ($rowport $portQuery->fetch()) {
 
       $customPorts[] = (empty($rowport['vh_custom_port_in'])) ? $VHostDefaultPort $rowport['vh_custom_port_in'];
 
   }
 
   // Adds default vhost port to Listen port array
 
   $customPorts[] = $VHostDefaultPort;
 
   $customPortList array_unique($customPorts); 
-TGates - Project Council

SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE

Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Reply
Thanks given by:
#10
RE: Having both HTTP & HTTPS (Port 443 and Port 80) sites on a server
ok will be checking
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS
Reply
Thanks given by:


Possibly Related Threads…
Thread Author Replies Views Last Post
Server Crash rsthomas 3 6 ,436 05-18-2022, 09:26 AM
Last Post: Nigel
Server Vs. Workstation zHostingSolutions 4 7 ,604 09-14-2021, 06:30 AM
Last Post: sparkrack
https without certificate redirects to panel iraqiboy90 10 19 ,155 02-28-2021, 11:20 AM
Last Post: iraqiboy90

Forum Jump:


Users browsing this thread: 1 Guest(s)