This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

How to add SSL withtout messing up your config for FREE
#1
How to add SSL withtout messing up your config for FREE
Tip 1:

Yes you can add ssl support for your websites without blowing out apache config or vhosts thanks to cloudflare:

https://blog.cloudflare.com/introducing-universal-ssl/

So all you have to do is setup your domain with cloudflare ( enable their DNS server to manage your domain) and use their reverse proxy in fleximode ( HTTPS >>> HTTP) that will forward all traffic to SSL toward your http backend.

https://support.cloudflare.com/hc/en-us/...CloudFlare

All for free as you can use cloudflare SSL certificates. 

But won't protect you from NSA snooping as your cloudflare > your server traffic will not be protected.

Tip 2:

You can grab free SSL certificates supported by most browser with startssl:
https://www.startssl.com/

M B
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS

Reply
Thanks given by:
#2
RE: How to add SSL withtout messing up your config for FREE
Another Tip:

Install a free startCom SSL certificate and install this in your server:

Below is my setup for my webmail setup (This is inside a virtualhost override for a domain to allow to have the webmail running at: https://webmail.jwd.de/

for the vhost overide see: Using Custom Vhost Entries for Webmail, MySQL, Etc.

Code:
</VirtualHost>

# Configuration for WebMail - webmail.jwd.de

Listen 80.83.120.44:443
<VirtualHost *:80>
   ServerName webmail.jwd.de
   Redirect permanent / https://webmail.jwd.de
</Virtualhost>

<VirtualHost 80.83.120.44:443>
   ServerAdmin webmaster[at]jwd.de
   DocumentRoot "/etc/sentora/panel/etc/apps/webmail/"
   ServerName webmail.jwd.de
    php_admin_value open_basedir "/etc/sentora/panel/etc/apps/webmail/:/etc/sentora/configs/roundcube/:/var/sentora/temp/"
    php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, exec"


   AddType application/x-httpd-php .php3 .php
   <Directory /etc/sentora/panel/etc/apps/webmail/>
       Require all granted
       AllowOverride All
       <IfModule mod_php5.c>
               php_admin_flag engine on
       </IfModule>
   </Directory>
   SSLEngine on
   SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
   SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;^M    SSLHonorCipherOrder on
   SSLCertificateFile /srv/hostdata/zadmin/ssl_certs/webmail_jwd_de/webmail.jwd.de.crt
   SSLCertificateKeyFile /srv/hostdata/zadmin/ssl_certs/webmail_jwd_de/webmail.jwd.de.pem
   SSLCertificateChainFile /srv/hostdata/zadmin/ssl_certs/startssl-class1-intermediate.crt

Please make sure you include "   SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2" in your ssl setup, because alot apache installations still enable the insecure SSLv3.

One more Tip:

Test if your SSL setup is correct by testing with https://www.ssllabs.com/ssltest/

J
Reply
Thanks given by:
#3
RE: How to add SSL withtout messing up your config for FREE
Your setup is insecure as it miss all about suhosin disabling a lot of functions & not applying openbase_dir here!
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS

Reply
Thanks given by:
#4
RE: How to add SSL withtout messing up your config for FREE
(12-02-2014, 10:37 PM)Me.B Wrote: Your setup is insecure as it miss all about suhosin disabling a lot of functions & not applying openbase_dir here!

Your right. i had that turned off for testing. I added working values to the posted code above.
Reply
Thanks given by:
#5
RE: How to add SSL withtout messing up your config for FREE
You don't have to mess up anything in your apache configs..

Just put this in your global sentora vhost inside the config panel. Wait a moment or force refresh.

Redirect Permanent / https://cp.test.nl/
</VirtualHost>
<VirtualHost *:443>
ServerName cp.test.nl:443
DocumentRoot "/etc/sentora/panel/"
ServerAlias *.cp.test.nl
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/cp.crt
SSLCertificateKeyFile /etc/apache2/ssl/ssl.key
SSLCertificateChainFile /etc/apache2/ssl/sub.class1.server.ca.pem
AddType application/x-httpd-php .php
<Directory "/etc/sentora/panel/">
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>

Sorry for reopening such an old topic. Didn't notice it.
Reply
Thanks given by:
#6
RE: How to add SSL withtout messing up your config for FREE
The above is a hack not a clean solution for me.

M B
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS

Reply
Thanks given by:
#7
RE: How to add SSL withtout messing up your config for FREE
(10-22-2014, 07:03 AM)Me.B Wrote: Tip 1:

Yes you can add ssl support for your websites without blowing out apache config or vhosts thanks to cloudflare:

https://blog.cloudflare.com/introducing-universal-ssl/

So all you have to do is setup your domain with cloudflare ( enable their DNS server to manage your domain) and use their reverse proxy in fleximode ( HTTPS >>> HTTP) that will forward all traffic to SSL toward your http backend.

https://support.cloudflare.com/hc/en-us/...CloudFlare

All for free as you can use cloudflare SSL certificates. 

But won't protect you from NSA snooping as your cloudflare > your server traffic will not be protected.

Tip 2:

You can grab free SSL certificates supported by most browser with startssl:
https://www.startssl.com/

M B


Hi, I was trying the Tip 1, but the 443 port on my domain is closed. How to open that port without having to install any SSL certificates?
Reply
Thanks given by:
#8
RE: How to add SSL withtout messing up your config for FREE
Cloudflare won't need port 443 as they will forward all SSL requests to port 80.

Check cloudflare website for more informations.

M B
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS

Reply
Thanks given by:


Possibly Related Threads...
Thread Author Replies Views Last Post
Corectly config the iptables to open ports (Centos 6.x) Mykael 0 2 123 05-16-2016, 12:17 AM
Last Post: Mykael
Secure your domain with Free SSL/TLS Certificates (Centos 7) PsyKitty 8 11 885 02-18-2016, 07:07 PM
Last Post: kineticsnc
Domain Free Cantalupo 2 4 162 02-16-2015, 04:23 AM
Last Post: Anonymous User

Forum Jump:


Users browsing this thread: 1 Guest(s)