This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

[HOW TO] How to secure your sentora panel with SSL (HTTPS) easy guide
#1
[HOW TO] How to secure your sentora panel with SSL (HTTPS) easy guide
So I had trouble securing my sentora panel with SSL and I had to create a topic over it. But now I understand it thanks to the help of Me.B. Thanks again. Wink all credits go to you.

Okay let's start. There are a few requirements before we can start with this tutorial.
  • Your Sentura panel is currently working fine.
  • Your running apache
  • You created SSL certificates self-signed or bought them. (don't ask how to do this, Google it)
  • You aren't running anything else on port 443 currently.
  • SSH access to your Box. (doh)

Okay ready? First off we need to enable SSL in apache.
Do this by enabling the module SSL with the following command:
Code:
a2enmod ssl
Note: Run this command as root or add sudo in front of it if you are on Debian / Ubuntu.

Let's make SSL a little more secure against Poodle attack and man in the middle attacks:
edit the file:  /etc/apache2/mods-enabled/ssl.conf
(nano /etc/apache2/mods-enabled/ssl.conf)

Scroll to around or on line 75, stating:
       #   The protocols to enable.
       #   Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2
       #   SSL v2  is no longer supported

comment out the line stating:
Code:
SSLProtocol all
Add the following code under it,
Code:
       SSLProtocol all -SSLv2 -SSLv3
       SSLHonorCipherOrder on
       SSLCipherSuite "CDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5"
]

This disables vulnerable SSL protocols and makes your server more secure!

Let's do a short test to see if Apache is still working corrently
Code:
apachectl configtest
Test okay? Restart apache to make sure everything is okay?
Code:
service apache2 restart
*make sure you restart services as either sudo or root.

DOES THIS TEST FAIL?! STOP NOW DO NOT CONTINUE YET TILL YOU HAVE THIS FIXED!!

Time to get your SSL panel working right?
Yes that is right we are finally? there. Wink We are going to enable your SSL panel! Woooo  Cool

Go to the folder, /etc/sentura/configs/apache2/
You can use cd for this (doh...)
Code:
cd /etc/sentura/configs/apache2/

Time to create your SSL virtualhost file in this folder. This folder contains all the apache config files when you use Sentura. So let's make a new file called...   http-panel-ssl.conf
Code:
nano /etc/sentura/configs/apache2/http-panel-ssl.conf

Put the following information in it and edit the variables as given here.


Code:
Listen 443
# Configuration for Sentora control panel with SSL.
<VirtualHost *:443>
ServerAdmin zadmin@localhost
DocumentRoot "/etc/sentora/panel/"
ServerName yoursentora.admin.domainurl
ErrorLog "/var/sentora/logs/sentora-error.log"
CustomLog "/var/sentora/logs/sentora-access.log" combined
CustomLog "/var/sentora/logs/sentora-bandwidth.log" common
AddType application/x-httpd-php .php
<Directory "/etc/sentora/panel/">
Options +FollowSymLinks -Indexes
  AllowOverride All
  Require all granted
</Directory>
SSLEngine on
 SSLCertificateFile /etc/apache2/ssl/ your SSL certificate CRT file
 SSLCertificateKeyFile /etc/apache2/ssl/ your SSL certificate key FILE
 SSLCACertificateFile /etc/apache2/ssl/ your ROOT CA certificate CRT file

</VirtualHost>
Please note: The SSL certificates in this example are in the folder /etc/apache2/ssl/ if yours are somewhere else you can also add em to another folder or make a symbolic link, as long as the path here is correct you are fine.

Done this? Great! Almost done. Save the file !  Big Grin
Now, ready? Let's include this file into the apache config file that sentora uses as default which is, (in case you did not know this yet)
Code:
/etc/sentora/configs/apache/httpd.conf
Scroll all the way to the bottom where it states,
Code:
# Now we include the generic VHOST configuration file that holds all Sentora user hosted vhost data
Include /etc/sentora/configs/apache/httpd-vhosts.conf
Now add the following code right under that:
Code:
# Include SSL configuration for SSL panel
Include /etc/sentora/configs/apache/http-panel-ssl.conf

Save the file, and restart the apache service.
Code:
service apache2 restart
*sudo or root, remember? >_>

Okay, no errors? Your good to go, try going to your panel by putting https:// infront of the url!
That should be it!


Optional: Always force SSL.
In case you want to force SSL on the panel URL always in case you forget to type https:// or one of your users doesn't care about https? Do this,

Go to the folder /etc/sentora/panel/
Creata a new file called .htaccess
Code:
nano .htaccess
Add the following code in it at the bottom of the file:
Code:
#Enforce
SSL
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Save the file and your good to go!

*Please note this only works if mod_rewrite is enabled, to enable this:
Code:
a2enmod rewrite && service apache2 restart

Your panel should now be secured by SSL including all apps like phpmyadmin and others.

Optional: test your server at https://www.ssllabs.com/ssltest/index.html
Reply
Thanks given by: Me.B , Cantalupo , sosojni , khampol , ashok , duane
#2
RE: [HOW TO] How to secure your sentora panel with SSL (HTTPS) easy guide
Centos is almost similar to the above that apply only to Ubuntu.

On centos you need to modify /etc/httpd/conf/httpd.conf and include the new panel SSL conf file.

Thanks for the clean guide.

M B
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS
Reply
Thanks given by: Cantalupo
#3
RE: [HOW TO] How to secure your sentora panel with SSL (HTTPS) easy guide
Smile Smile Smile
Reply
Thanks given by:
#4
RE: [HOW TO] How to secure your sentora panel with SSL (HTTPS) easy guide
I have a question.
OP is using .htaccess to force https access to panel, and i am using is Global Sentory Entry:
Redirect permanent / https://subdomain.serverdomain.com/

Now what i'm wondering is is that same thing? Are there some negative effects of using Global entry?
I prefere to deal with this kind of stuff from inside sentora panel but if there are downsides ill switch to .htaccess
Reply
Thanks given by:
#5
RE: [HOW TO] How to secure your sentora panel with SSL (HTTPS) easy guide
no downside to switch to .htaccess. I rather like more that methode.

M B
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS
Reply
Thanks given by:
#6
RE: [HOW TO] How to secure your sentora panel with SSL (HTTPS) easy guide
I have followed the above to the letter on a clean installation of sentora, thinking there was something I did on my previous install thinking that it was causing the issue for me.

This clients website is still wanting to use the SSL certificate of the panel. I have not set any custom vhost options or anything. There is some sort of bug here. Exclamation Exclamation Exclamation

Some urgent help would be greatly appreciated.
Reply
Thanks given by:
#7
RE: [HOW TO] How to secure your sentora panel with SSL (HTTPS) easy guide
(03-01-2015, 08:56 PM)eagles051387 Wrote: I have followed the above to the letter on a clean installation of sentora, thinking there was something I did on my previous install thinking that it was causing the issue for me.

This clients website is still wanting to use the SSL certificate of the panel. I have not set any custom vhost options or anything. There is some sort of bug here. Exclamation Exclamation Exclamation

Some urgent help would be greatly appreciated.

It sounds like you have installed the website's SSL certificate incorrectly but if the client is using Windows XP or older (or any OS that doesn't support SNI) then a separate IP address for each SSL certificate is required, else their computer will always pick the first SSL vhost not matter if it is for the correct website or not.
Before posting, update your profile with your OS, Sentora version and server type!

Reply
Thanks given by:
#8
RE: [HOW TO] How to secure your sentora panel with SSL (HTTPS) easy guide
(03-01-2015, 09:09 PM)jacobg830 Wrote:
(03-01-2015, 08:56 PM)eagles051387 Wrote: I have followed the above to the letter on a clean installation of sentora, thinking there was something I did on my previous install thinking that it was causing the issue for me.

This clients website is still wanting to use the SSL certificate of the panel. I have not set any custom vhost options or anything. There is some sort of bug here. Exclamation  Exclamation  Exclamation

Some urgent help would be greatly appreciated.

It sounds like you have installed the website's SSL certificate incorrectly but if the client is using Windows XP or older (or any OS that doesn't support SNI) then a separate IP address for each SSL certificate is required, else their computer will always pick the first SSL vhost not matter if it is for the correct website or not.

Im trying to access this via firefox on windows 7 64bit. Same issue occurs on chrome. The SSL certificate is a wildcard certificate. The issue is that this website is for an entirely different domain then this clients site. At what point in this posts steps could I have gone wrong?

I am now in an incognito window getting the sentora login instead of the website which I am finding very odd.
Reply
Thanks given by:
#9
RE: [HOW TO] How to secure your sentora panel with SSL (HTTPS) easy guide
how to do it on centos 6
Reply
Thanks given by:
#10
RE: [HOW TO] How to secure your sentora panel with SSL (HTTPS) easy guide
Same on centos 6.

M B
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS
Reply
Thanks given by:


Possibly Related Threads…
Thread Author Replies Views Last Post
Secure Sentora With SSLForFree Chris L 1 4 ,622 01-22-2020, 09:19 PM
Last Post: ralphharder
Fail2ban for Sentora (Centos 7) bbspike 14 44 ,483 01-14-2020, 07:32 AM
Last Post: Vedran B
Timeout for Sentora Admin Panel minufreelance 12 44 ,976 11-24-2018, 12:33 PM
Last Post: fearworks

Forum Jump:


Users browsing this thread: 1 Guest(s)