This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

[MODULE] Certificate Manager
#42
[Not Solved] RE: [Module] Certificate Manager
Hi,

I have some issues with the way CertM implements ssl.

First its not working with varnish. 
Sentora doen't look at wich port for apache is configured in "Sentora apache settings", so the setting "vhost override port" the port is still 80. Certm takes this over and break the virual host by this. 

This is an issue for sentora i believe to look in setting for the right override port.

Second the way ssl is now implementen in "vhost custom settings" you cannot use any "global vhost settings" configured in sentora anymore. I had global vhost entry set voor webmail (webmail.*) and in break up vhosts and thus apache..

I believe its better if CertM creates whole new vhosts entry's listing to 443 instead of adding it into custom settings voor a vhost created to listen to port 80 or 8080 in case of my settup with varnish:

Example:

Sentora creates a :80 vhosts:

Code:
# DOMAIN: ldehooge.nl
<virtualhost *:8080>
ServerName ldehooge.nl
ServerAlias  www.ldehooge.nl
ServerAdmin 83ffb53a@opayq.com
DocumentRoot "/var/sentora/hostdata/webimproved/public_html/ldehooge_nl"
php_admin_value open_basedir "/var/sentora/hostdata/webimproved/public_html/ldehooge_nl:/var/sentora/temp/"
php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, exec"
ErrorLog "/var/sentora/logs/domains/webimproved/ldehooge.nl-error.log"
CustomLog "/var/sentora/logs/domains/webimproved/ldehooge.nl-access.log" combined
CustomLog "/var/sentora/logs/domains/webimproved/ldehooge.nl-bandwidth.log" common
<Directory "/var/sentora/hostdata/webimproved/public_html/ldehooge_nl">
 Options +FollowSymLinks -Indexes
 AllowOverride All
 Order Allow,Deny
 Allow from all
</Directory>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
AddType application/x-httpd-php .php3 .php
DirectoryIndex index.html index.htm index.php index.asp index.aspx index.jsp index.jspa index.shtml index.shtm
# Custom Global Settings (if any exist)
</VirtualHost>^M
^M
# Configuration for WebMail^M
<VirtualHost *:8080>^M
ServerAlias webmail.* ^M
DocumentRoot "/etc/sentora/panel/etc/apps/webmail/"^M
AddType application/x-httpd-php .php^M
<Directory "/etc/sentora/panel/etc/apps/webmail/">^M
Options +FollowSymLinks -Indexes^M
AllowOverride All^M
</Directory>
# Custom VH settings (if any exist)

</virtualhost>
# END DOMAIN: ldehooge.nl
################################################################


Let CertM Create a seperate 443 vhost in the same file sentora does:


Code:
# DOMAINSSL: ldehooge.nl
<VirtualHost *:443>
ServerName ldehooge.nl
[size=small][font=Monaco, Consolas, Courier, monospace]ServerAlias  www.ldehooge.nl[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]ServerAdmin 83ffb53a@opayq.com[/font][/size]
DocumentRoot "/var/sentora/hostdata/webimproved/public_html/ldehooge_nl"
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/www.ldehooge.nl.crt
SSLCertificateKeyFile /etc/pki/tls/private/www.ldehooge.key
SSLCertificateChainFile /etc/pki/tls/certs/CA_Intermediate.cert
SSLCACertificateFile /etc/pki/tls/certs/CA_Root.cert
php_admin_value open_basedir "/var/sentora/hostdata/webimproved/public_html/ldehooge_nl:/var/sentora/temp/"
[size=small][font=Monaco, Consolas, Courier, monospace]php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, exec"[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]ErrorLog "/var/sentora/logs/domains/webimproved/ldehooge.nl-error.log"[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]CustomLog "/var/sentora/logs/domains/webimproved/ldehooge.nl-access.log" combined[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]CustomLog "/var/sentora/logs/domains/webimproved/ldehooge.nl-bandwidth.log" common[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]<Directory "/var/sentora/hostdata/webimproved/public_html/ldehooge_nl">[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]  Options +FollowSymLinks -Indexes[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]  AllowOverride All[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]  Order Allow,Deny[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]  Allow from all[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]</Directory>[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]AddType application/x-httpd-php .php3 .php[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]DirectoryIndex index.html index.htm index.php index.asp index.aspx index.jsp index.jspa index.shtml index.shtm[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]# Custom Global Settings (if any exist)[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]</VirtualHost>^M[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]^M[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]# Configuration for WebMail^M[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]<VirtualHost *:8080>^M[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace] ServerAlias webmail.* ^M[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace] DocumentRoot "/etc/sentora/panel/etc/apps/webmail/"^M[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace] AddType application/x-httpd-php .php^M[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace] <Directory "/etc/sentora/panel/etc/apps/webmail/">^M[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace] Options +FollowSymLinks -Indexes^M[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace] AllowOverride All^M[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace] </Directory>[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]# Custom VH settings (if any exist)[/font][/size]

[size=small][font=Monaco, Consolas, Courier, monospace]</virtualhost>[/font][/size]
# END DOMAINSSL: ldehooge.nl



This way a domain can be reached both ports and the user can choose with url's needs to be ssl or not.
Also any global vhosts entry's will not break up and will be automatic implement with the ssl vhosts also.


Ofcouse the sentora vhosts file als needs a listing to 443 rule.
[Image: logo2.png]

My being on this forum is all personal and all is done here by me has nothing to with the company Web Improved I work for Smile
Reply
Thanks given by:


Messages In This Thread
[MODULE] Certificate Manager - by Diablo925 - 09-24-2015, 05:09 AM
RE: [Module] Certificate Manager - by TGates - 09-24-2015, 06:34 AM
RE: [Module] Certificate Manager - by MarkDark - 09-24-2015, 06:51 AM
RE: [Module] Certificate Manager - by MarkDark - 09-24-2015, 07:01 AM
RE: [Module] Certificate Manager - by TGates - 09-24-2015, 07:35 AM
RE: [Module] Certificate Manager - by Diablo925 - 09-24-2015, 02:47 PM
RE: [Module] Certificate Manager - by Diablo925 - 09-24-2015, 03:18 PM
RE: [Module] Certificate Manager - by TGates - 09-24-2015, 05:11 PM
RE: [Module] Certificate Manager - by TGates - 09-24-2015, 05:18 PM
RE: [Module] Certificate Manager - by Diablo925 - 09-24-2015, 08:30 PM
RE: [Module] Certificate Manager - by TGates - 09-25-2015, 02:59 AM
RE: [Module] Certificate Manager - by bbspike - 09-24-2015, 11:26 PM
RE: [Module] Certificate Manager - by Diablo925 - 09-25-2015, 03:48 AM
RE: [Module] Certificate Manager - by kandrews - 09-25-2015, 07:25 AM
RE: [Module] Certificate Manager - by Diablo925 - 10-03-2015, 09:55 PM
RE: [Module] Certificate Manager - by Diablo925 - 10-04-2015, 12:56 AM
RE: [Module] Certificate Manager - by MarkDark - 10-09-2015, 07:09 PM
RE: [Module] Certificate Manager - by Diablo925 - 10-09-2015, 07:44 PM
RE: [Module] Certificate Manager - by TGates - 10-10-2015, 03:34 AM
RE: [Module] Certificate Manager - by Diablo925 - 10-10-2015, 03:52 AM
RE: [Module] Certificate Manager - by MarkDark - 10-10-2015, 06:44 AM
RE: [Module] Certificate Manager - by Diablo925 - 10-10-2015, 06:53 AM
RE: [Module] Certificate Manager - by MarkDark - 10-10-2015, 03:19 PM
RE: [Module] Certificate Manager - by Diablo925 - 10-11-2015, 11:31 PM
RE: [Module] Certificate Manager - by Diablo925 - 10-11-2015, 11:38 PM
RE: [Module] Certificate Manager - by Diablo925 - 10-21-2015, 11:05 PM
RE: [Module] Certificate Manager - by TGates - 10-22-2015, 05:35 AM
RE: [Module] Certificate Manager - by Diablo925 - 10-22-2015, 09:44 PM
RE: [Module] Certificate Manager - by eseelke - 11-12-2015, 10:25 AM
RE: [Module] Certificate Manager - by Diablo925 - 11-12-2015, 03:44 PM
RE: [Module] Certificate Manager - by bbspike - 11-13-2015, 06:50 AM
RE: [Module] Certificate Manager - by TGates - 11-13-2015, 02:54 PM
RE: [Module] Certificate Manager - by Diablo925 - 11-15-2015, 04:39 AM
RE: [Module] Certificate Manager - by bbspike - 11-26-2015, 06:40 PM
RE: [Module] Certificate Manager - by TGates - 11-27-2015, 04:02 AM
RE: [Module] Certificate Manager - by bbspike - 11-27-2015, 07:20 AM
RE: [Module] Certificate Manager - by Diablo925 - 11-27-2015, 05:54 PM
RE: [Module] Certificate Manager - by bbspike - 11-27-2015, 07:32 PM
RE: [Module] Certificate Manager - by TGates - 11-28-2015, 09:55 AM
RE: [Module] Certificate Manager - by bbspike - 11-29-2015, 04:07 AM
RE: [Module] Certificate Manager - by bbspike - 11-29-2015, 05:22 AM
RE: [Module] Certificate Manager - by JonathanNet - 12-15-2015, 08:04 AM
RE: [Module] Certificate Manager - by iraqiboy90 - 12-18-2015, 12:37 PM
RE: [Module] Certificate Manager - by culunsure - 12-30-2015, 07:44 PM
RE: [Module] Certificate Manager - by Jakeey802 - 12-31-2015, 09:32 AM
RE: [Module] Certificate Manager - by AgentD - 01-03-2016, 10:11 AM
RE: [Module] Certificate Manager - by Diablo925 - 01-09-2016, 05:26 AM
RE: [Module] Certificate Manager - by TGates - 01-09-2016, 05:46 AM
RE: [Module] Certificate Manager - by TGates - 01-09-2016, 06:31 AM
RE: [Module] Certificate Manager - by AgentD - 01-12-2016, 06:20 PM
RE: [Module] Certificate Manager - by bbspike - 01-12-2016, 10:20 PM
RE: [Module] Certificate Manager - by AgentD - 01-13-2016, 08:31 AM
RE: [Module] Certificate Manager - by Josvdwoude - 01-16-2016, 04:41 AM
RE: [Module] Certificate Manager - by Delbane - 03-19-2016, 09:45 AM
RE: [Module] Certificate Manager - by wishmaster - 05-05-2016, 04:52 AM
RE: [Module] Certificate Manager - by eirsik - 06-20-2016, 08:35 PM
RE: [Module] Certificate Manager - by Ron-e - 06-21-2016, 04:48 AM
RE: [Module] Certificate Manager - by eirsik - 06-21-2016, 10:27 PM
RE: [Module] Certificate Manager - by Ron-e - 06-22-2016, 12:17 AM
RE: [Module] Certificate Manager - by Unknown - 06-24-2016, 07:01 PM
RE: [Module] Certificate Manager - by Rynoxx - 06-27-2016, 12:15 AM
RE: [Module] Certificate Manager - by Ron-e - 06-28-2016, 12:32 AM
[MODULE] Certificate Manager - by donleo123 - 06-04-2018, 10:40 AM
RE: [MODULE] Certificate Manager - by longhb - 07-05-2018, 11:56 AM
RE: [MODULE] Certificate Manager - by mungujakisa - 08-07-2018, 06:31 AM
RE: [MODULE] Certificate Manager - by TGates - 07-17-2018, 05:15 AM

Possibly Related Threads...
Thread Author Replies Views Last Post
[Module] Let's Encrypt Bizarrus 50 19 492 05-24-2020, 03:44 PM
Last Post: muratkaragoz
[Module] Pydio jollyjoke 51 69 866 02-04-2020, 04:45 PM
Last Post: jollyjoke
[Module] Manage Categories jollyjoke 2 4 008 02-03-2020, 02:02 AM
Last Post: jollyjoke

Forum Jump:


Users browsing this thread: 1 Guest(s)