This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Setting up muiltiple domains each on static IP each with separate SSL wildcard cert
#1
[Not Solved] Setting up muiltiple domains each on static IP each with separate SSL wildcard cert
Title: setting up muiltiple domains each on static IP each with separate SSL wildcard cert covering respective subdomains

Hi,

I wonder if someone can give me some advice/a technical steer:

We are using: Ubuntu 12.04, Zpanel 10.1.1


My Objective: is to
---------------------

1) create the following domains, over HTTP, each against their own static IP - thus:

- domain-A.co.uk - 88.208.201.24 - the primary IP for the box, also shared by box primary domain, NS1 and others, note: domain-A.co.uk was set up prior, and already has a wild card SSL installed & working OK against each of its subdomains.
- domain-B.co.uk - 88.208.203.64
- domain-C.co.uk - 88.208.203.68
- domain-D.co.uk - 88.208.203.69
- domain-E.co.uk - 88.208.203.70

2) for each of the above domains, to install seperate wildcard SSL certificates, such that I can serve the following eg:

http://domain-A.co.uk
https://domain-A.co.uk

http://subdom-1.domain-A.co.uk
https://subdom-1.domain-A.co.uk

http://subdom-2.domain-A.co.uk
https://subdom-2.domain-A.co.uk

...

http://domain-B.co.uk
https://domain-B.co.uk

http://subdom-1.domain-B.co.uk
https://subdom-1.domain-B.co.uk

- etc, etc

I have been using Zpanel for some time now and have already hade a minor mod to pick up SSL Vhosts entries via custom include from /etc/zpanel/configs/apache/httpd.conf - thus::

root@server:~# cat /etc/zpanel/configs/apache/httpd.conf
# ZPanel Apache Include file for CentOS Linux
# Written by Bobby Allen, 15/05/2011
# mod jrc 130113 extended to include ssl vhosts - see bot of file

# Set the Zpanel Alias (used for development, sable will eventually use a VHOST)
Alias /zpanel /etc/zpanel/panel
...
...
# Now we include the generic VHOST configuration file that holds all the ZPanel user hosted vhost data
Include /etc/zpanel/configs/apache/httpd-vhosts.conf

# mod jrc 130113 - include ssl vhosts entries
Include /etc/zpanel/configs/apache/httpd-ssl-vhosts.conf
# end mod jrc 130113
root@server:~#

- which so far, has worked pretty well for multiple subdomains of a SINGLE domain using a SINGLE IP and a SINGLE wildcard cert.

however, this is a customer campaign box, and they need to expand service to multiple domains, static IPs and separate SSL's as described above. (repuation management, etc).


what i've configured so far::
---------------------------------

1) ive assigned the new static IP's to the box (via ISP control panel), plus configured them on the server, thus:

root@server:~# cat /etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 88.208.201.24
netmask 255.255.252.0
gateway 88.208.200.1

auto eth0:1
iface eth0:1 inet static
address 88.208.202.29
netmask 255.255.252.0

# mod jrc 051014 add new fixed ip addresses for mlg

auto eth0:2
iface eth0:2 inet static
address 88.208.203.64
netmask 255.255.252.0


auto eth0:3
iface eth0:3 inet static
address 88.208.203.68
netmask 255.255.252.0


auto eth0:4
iface eth0:4 inet static
address 88.208.203.69
netmask 255.255.252.0


auto eth0:5
iface eth0:5 inet static
address 88.208.203.70
netmask 255.255.252.0

# end mod jrc 051014 add new fixed ip addresses for mlg
root@server:~#


2) i've set up the new domains via zpanel (shadow cust-admin acct - for domain-B.co.uk...domain-E.co.uk) - and set the DNS A records for each as their new IP addresses, respectively. After propagation they now all resolve fine over HTTP.

note: domain-A.co.uk was set up already and alr5eady had a wild card SSL installed & working OK

3) i've requested my ISP to implement ReverseDNS lookup against each of the new static IP's, forwarding to the corresponding new domain - they have done this, but as yet i have not been able to test it succcessfully..

4) i've created a new SSL CSR & privateKey for the (first) new domain - domain-B.co.uk, obtained my new certificate bundle from the SSL merchants, installed all snippets/files as prescribed.

ive tested the new SSL cert against domain-B.co.uk - but it doesn't work. It says:

'This connection is untrusted - domain-B.co.uk uses an invalid security certificate. The certificate is only valid for the following names: *.domain-A.co.uk, domain-A.co.uk (Error code: ssl_error_bad_cert_domain) '

i've checked all (SSL) vhosts entries - and they seem fine .... almost.

Issues seem to be:
-------------------------

a) /etc/zpanel/configs/apache/httpd-vhosts.conf - contains only a default/catcha-ll NameVitualHost declaration - thus:
...
NameVirtualHost *:80
...

b) /etc/zpanel/configs/apache/httpd-vhosts.conf - by default Zpanel only created VHosts entries for this default NameVirtualHost - thus:
...
# DOMAIN: subdom-1.domain-A.co.uk
<virtualhost *:80>
ServerName subdom-1.domain-A.co.uk
ServerAlias subdom-1.domain-A.co.ukm
ServerAdmin admin@subdom-1.domain-A.co.uk
...
</virtualhost>
...

c) similarly all my entries in manually mantained file: /etc/zpanel/configs/apache/httpd-ssl-vhosts.conf - are of the form, thus:

# default catchall for *.domain-A.co.uk
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/ssl/certs/star.domain-A.co.uk.cert.pem
SSLCertificateKeyFile /etc/ssl/private/star.domain-A.co.uk.key.pem
SSLCertificateChainFile /etc/ssl/certs/intermediate_cert.xilo_comodo.star.domain-A.co.uk.pem
SSLCACertificateFile /etc/ssl/certs/ca_root_cert.xilo_comodo.pem.pem

ServerAdmin admin@domain-A.co.uk
ServerName *.domain-A.co.uk
DocumentRoot "/var/zpanel/hostdata/mlgadmin1/public_html/domain-A_co_uk"

ErrorLog "/var/zpanel/logs/domains/mlgadmin1/domain-A_co_uk.ssl-error.log"
CustomLog "/var/zpanel/logs/domains/mlgadmin1/domain-A_co_uk.ssl-access.log" combined

IndexIgnore *
</VirtualHost>


# subdom-1.domain-A.co.uk::
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/ssl/certs/star.domain-A.co.uk.cert.pem
SSLCertificateKeyFile /etc/ssl/private/star.domain-A.co.uk.key.pem
SSLCertificateChainFile /etc/ssl/certs/intermediate_cert.xilo_comodo.star.domain-A.co.uk.pem
SSLCACertificateFile /etc/ssl/certs/ca_root_cert.xilo_comodo.pem.pem

ServerAdmin admin@domain-A.co.uk
ServerName subdom-1.domain-A.co.uk
DocumentRoot "/var/zpanel/hostdata/mlgadmin1/public_html/subdom-1_domain-A_co_uk"

ErrorLog "/var/zpanel/logs/domains/mlgadmin1/subdom-1_domain-A_co_uk.ssl-error.log"
CustomLog "/var/zpanel/logs/domains/mlgadmin1/subdom-1_domain-A_co_uk.ssl-access.log" combined

IndexIgnore *
</VirtualHost>

...
etc. )

Problem in a nutshell
---------------------------

seems to be that via Zpanel at least, I do not have the flexibility to easily set up the configuration I need.

in particuar:

a) i think i need to use IP/NameVirtualHost specific vhosts entries - thus

<VirtualHost 88.208.201.24:80>

... for domain-A.co.uk and all/each subdomain


</VirtualHost>

...

<VirtualHost 88.208.203.64:80>

... for domain-B.co.uk and all/each subdomain

</VirtualHost>

... etc

- and similarly using <ip-address>:443 entries in my /etc/zpanel/configs/apache/httpd-ssl-vhosts.conf SSL vhosts file

NOTE: I know i can do the above (more or less) via zadmin, module admin, apache config, override vhosts entry for sub/domain - but it is VERY clunky/laborious method, and furthermore is NOT available to my customers via their 'non-admin' accounts (thus defeating the purpose of having Zpanel in the first place to some extent).

b) i believe i need some further entries at the top of /etc/zpanel/configs/apache/httpd-vhosts.conf - thus:

NameVirtualHost *:80
NameVirtualHost 88.208.201.24:80
NameVirtualHost 88.208.201.64:80
... etc

- plus, similar entries in my ssl vhosts file: /etc/zpanel/configs/apache/httpd-ssl-vhosts.conf - thus:

NameVirtualHost *:443
NameVirtualHost 88.208.201.24:443
NameVirtualHost 88.208.201.64:443
... etc

Q: is it even possible/permissible to declare multiple NameVirtualHost entries in this way?
- if so, then maybe i could include them via an ne custom file, included in /etc/zpanel/configs/apache/httpd.conf, just BEFORE the Include /etc/zpanel/configs/apache/httpd-vhosts.conf ?

Q: is there a quicker, easier or actually correct method to achieve my objective?


Please forgive my lack of some basic knowledge here - this is proving a bit of a stretching problem, though similar requirements have come up often in the past. (& for many other people here I note also, from other seemingly related threads).


Any advice or guidance would be very much appreciated.

Alternatively, if anyone out there is able to offer some professional technical support to help solve this, then we would be more than willing to pay for someone's time.

Rob Cain
Reply
Thanks given by:
#2
[Not Solved] RE: Setting up muiltiple domains each on static IP each with separate SSL wildcard cert
1. for the HTTP part it's not an issue as apache listing on port 80 on all avaible ip's.

And all vhosts are setup on *:80. So they are technically avaible on all ip's.

2. For HTTPS you need the usual procedure and create then override port for 443 setup. You need to read docs over SSL http://docs.sentora.org/?node=20

This was a quick reply... time to sleep for me here. If you have more questions or need more clarifications fire..
M B
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS

Reply
Thanks given by:


Possibly Related Threads...
Thread Author Replies Views Last Post
Problem setting up DKIM jgwhite66 1 1 836 01-25-2018, 08:22 AM
Last Post: TGates
Setting up different mail server for one domain in zpanel david768 0 1 964 12-11-2016, 07:30 PM
Last Post: david768
How to create a Wildcard Subdomain ? glenskie16 14 21 419 06-18-2016, 05:06 AM
Last Post: clu55ter

Forum Jump:


Users browsing this thread: 1 Guest(s)