Using SSL Issue

[cam246]

Hello,

I am using Sentora 1.0.3 on Ubuntu 14.04.
I just set up SSL for one of my domains on my Sentora Installation, But now whenever I type https:// on any other domains on the server it will display the files on the domain that actually has SSL.
Sort of confusing...
I set up https://billing.example.com but now when I go to https://other.example.com it displays billing.example.com website under the other.example.com domain.

I haven't set up SSL for any other domains other than billing.example.com

Is there any know work around for this?

Thanks,
Cam

[TGates]

Sounds like your redirects are not setup correctly. Hard to say without seeing your httpd-vhosts.conf file or without knowing how you implemented SSL.

[cam246]

I used Lets Encrypt. http://docs.sentora.org/?node=103
I will post my httpd-vhosts.conf file tonight when I get a chance.

[cam246]

Here is the full httpd-vhosts.conf file.
http://pastebin.com/T5x1cKjG

I noticed the rewrite says {HTTP_HOST} does that mean whatever host is entered?

Code:

RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]

[TGates]

One thing I noticed is that billing-gullo-me should be billing_gullo_me (typo?)

Also, this:

Code:

# Custom VH settings (if any exist)
<DirectoryMatch "/var/sentora/hostdata/billing-gullo-me/public_html/">
    php_admin_value open_basedir "/var/sentora/hostdata/billing-gullo-me/public_html/:/tmp/:/"
</DirectoryMatch>

Does not need to be there, it is already set above and that the line you have entered defeats open_basedir security by allowing the domain to access the server root! (Major security risk)

You should also have a port forward for that domain (Available through the custom vhost entry area) that will redirect port 80 for that domain to be forwarded to port 443.

[cam246]

Hello,
billing-gullo-me is the sentora client name.
Thanks for showing me the security issue! I removed it!
I do have the correct port set and I checked the forward port box.
http://img.gullo.me/uploads/big/c6e42201...9099d6.png

Just as an example for you if you go to https://img.gullo.me it will display the billing.gullo.me site.
Very strange..

PS. img.gullo.me isnt in the vhosts.conf I sent, I just set it up last night.

[TGates]

Ok,
I'm not sure what is going on here, there is no domain or sub domain defined in the vhost entry for documentroot, directory, and open_basedir?
Document root is incorrect:

Code:

DocumentRoot "/var/sentora/hostdata/billing-gullo-me/public_html/"

Should be:

Code:

DocumentRoot "/var/sentora/hostdata/billing-gullo-me/public_html/billing_gullo_me/"

Same with:

Code:

<Directory "/var/sentora/hostdata/billing-gullo-me/public_html/">

Should be:

Code:

<Directory "/var/sentora/hostdata/billing-gullo-me/public_html/billing_gullo_me/">

And also the open_basedir entry is off the same way.

Also, when i visit the domain https://img.gullo.me it says insecure connection because the SSL cert is not for that domain. You should not be using https:// for a non-SSL site. (Of course it forwards to the billing site, it's the only https:// in your vhost...)

http://img.gullo.me/ works just fine!

[cam246]

My domains Home directory is set to Root.
http://img.gullo.me/uploads/big/b01e4bcf...85f2b0.png

Is there no way to isolate that or have an error message pop up other than the browser one? I'm just thinking if another user happened to type https:// on any other domain it would bring them to someone else's site.

Or is my best bet just to set up ssl on all domains?

[cam246]

So I did some research and figured out that it wouldn't be possible unless the billing domain was on its own IP address. I ended up just adding SSL to sentora itself so now if anyone adds https:// to any other domains on my server it will just bring them to the sentora login page instead of a different website.

[TGates]

So I did some research and figured out that it wouldn't be possible unless the billing domain was on its own IP address.

This is not true as I have multiple SSL and non-SSL domains/sub domains configured on my server even some are on different user accounts.

I ended up just adding SSL to sentora itself so now if anyone adds https:// to any other domains on my server it will just bring them to the sentora login page instead of a different website.

This will work. (It is how mine shows up if a non-https site is loaded using https)
I will have to look into this to sort out why https://domain.com redirects to the first SSL site rather than just pushing the user to the regular http site.
But, as I mentioned, people will not usually type in https:// by accident. 99% will do http:// first then get redirected to https:// (if available).