Posts: 10
Threads: 0
Joined: Feb 2015
Reputation:
0
Sex: Undisclosed
Thanks: 0
Given 3 thank(s) in 2 post(s)
SSL Separation Between Sentora and Client Domains
02-18-2015, 04:34 AM
(This post was last modified: 02-18-2015, 07:19 PM by JWTech .)
I'm having trouble getting client domains to stick to their own non-SSL domains. Apparently VHosts and myself don't seem get along all that well.
I've got the panel subdomain setup for SSL (working), and a _default_ entry for port 443 with a redirect to port 80 (only works when I remove the previous mentioned entry). Basically the two entries are fighting over port 443 and I'm not familiar enough with VHosts to know how to configure properly. Right now anything on HTTPS forwards to the panel's secure page (not ideal).
Any thoughts?
Posts: 3 ,663
Threads: 241
Joined: May 2014
Reputation:
85
Sex: Male
Thanks: 408
Given 599 thank(s) in 464 post(s)
RE: repost of setting up sentora subdomain to use SSL
02-18-2015, 06:02 AM
What is going on here? You DO NOT add your panel login subdomain to the DNS manager at all, this is done for you when you do the installation!
(It is the first entry in your httpd-vhosts.conf file)
If you want to SSL your panel login, you go to Module Admin > Apache Config > Global Sentora Entry and put the SSL info in there.
Example:
Code:
SSLEngine on
SSLCertificateFile C:/zpanel/bin/apache/ssl_certs/__.domain.com.crt
SSLCertificateKeyFile C:/zpanel/bin/apache/ssl_certs/__.domain.com.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog c:/zpanel/logs/ssl/ssl_zpx_request.log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
(Yeah, my setup is odd right now as I am using a hybrid zpanel/sentora setup on Windows until I get my unix box online)
BTW, I am using a self-signed wildcard certificate for subdomains of my main domain.
-TGates - Project Council
SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE
Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Posts: 4 ,002
Threads: 193
Joined: Jul 2014
Reputation:
83
Sex: Undisclosed
Thanks: 72
Given 435 thank(s) in 395 post(s)
RE: repost of setting up sentora subdomain to use SSL
02-18-2015, 06:08 AM
Please open another thread as the issue is not the same that will help others following the discussion & finding the solutions too.
JWTech current SSL was is a hack. It's not the best solution, I don't follow it and think we will change the docs over that.
My solution always create /etc/sentora/apache/ssl directory where you will paste all SSL vhosts FULLY configured there.
Then instead of playing with override in main apache config add
include /etc/sentora/apache/ssl/*
Don't forget if you add a FULL Vhost manually you need to copy suhosin & openbase_dir setup and enable SSL mainly on it.
M B
Posts: 10
Threads: 0
Joined: Feb 2015
Reputation:
0
Sex: Undisclosed
Thanks: 0
Given 3 thank(s) in 2 post(s)
RE: repost of setting up sentora subdomain to use SSL
02-18-2015, 06:43 AM
(This post was last modified: 02-18-2015, 07:20 PM by JWTech .)
Thanks for splitting the thread,
Me.B .
And yeah, I've been running my SSL Vhost entries from the ssl.conf file (CentOS). My issue's been more of a Vhost configuration issue than a placement one, I'm just not familiar enough with it to setup the proper SSL separation between the panel SSL (commercial certificate) and the client SSL (which I just want routed to port 80 until I work out whether SNI is even possible).
Posts: 54
Threads: 3
Joined: Aug 2014
Reputation:
0
Sex: Undisclosed
Thanks: 4
Given 4 thank(s) in 3 post(s)
RE: SSL Separation Between Sentora and Client Domains
02-18-2015, 09:13 PM
ahh.. There are 2 different types of SSL installation in Sentora.
Just pay attention in client domain here, not the Sentora panel.
If you have a client domain eg:
HTTP://yourclient.domain and you want to forward it to
HTTPS://yourclient.domain
USE the following:
Overriding Vhost via MODULE ADMIN>>APACHE CONFIG>>Select the Vhost to Override
eg: yourclient.domain
1) Port Override -> 443
2) Custom Entry:
Code:
SSLEngine on
SSLCertificateFile C:/zpanel/bin/apache/ssl_certs/__.domain.com.crt
SSLCertificateKeyFile C:/zpanel/bin/apache/ssl_certs/__.domain.com.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog c:/zpanel/logs/ssl/ssl_zpx_request.log \
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
Now the result for that will be:
HTTP://yourclient.domain will always be forwarded to SSL 443 eg:
HTTPS://yourclient.domain
so there is no way to view this via port 80 or standard HTTP
Now if you want to view your client domain in a separate socket port HTTP and HTTPS at the same time?
All you need to do is the following:
Create a SSL-VHOST and name it like for example: "httpd-ssl-vhost.conf"
Open your Sentora Config -> "httpd-vhost.conf" then copy and paste the vhost which is the "yourclient.domain" in your created "httpd-ssl-vhost.conf.
Example below:
Code:
# DOMAIN: yourclient.domain
<virtualhost *:80>
ServerName yourclient.domain
ServerAlias www.yourclient.domain
ServerAdmin panel@yourclient.domain
DocumentRoot "/var/sentora/hostdata/zadmin/public_html/yourclient_domain"
php_admin_value open_basedir "/var/sentora/hostdata/zadmin/public_html/yourclient_domain:/var/sentora/temp/"
php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, exec"
ErrorLog "/var/sentora/logs/domains/zadmin/yourclient.domain-error.log"
CustomLog "/var/sentora/logs/domains/zadmin/yourclient.domain-access.log" combined
CustomLog "/var/sentora/logs/domains/zadmin/yourclient.domain-bandwidth.log" common
<Directory "/var/sentora/hostdata/zadmin/public_html/yourclient_domain">
Options +FollowSymLinks -Indexes
AllowOverride All
Order Allow,Deny
Allow from all
</Directory>
AddType application/x-httpd-php .php3 .php
ErrorDocument 404 /_errorpages/404.html
ErrorDocument 510 /_errorpages/510.html
ErrorDocument 500 /_errorpages/500.html
ErrorDocument 403 /_errorpages/403.html
DirectoryIndex index.html index.htm index.php index.asp index.aspx index.jsp index.jspa index.shtml index.shtm
# Custom Global Settings (if any exist)
# Custom VH settings (if any exist)
</virtualhost>
# END DOMAIN: yourclient.domain
################################################################
After pasting the code, modify it like this: example code below:
Code:
# DOMAIN: yourclient.domain
<virtualhost *:443>
ServerName yourclient.domain
ServerAlias www.yourclient.domain
ServerAdmin panel@yourclient.domain
DocumentRoot "/var/sentora/hostdata/zadmin/public_html/yourclient_domain"
php_admin_value open_basedir "/var/sentora/hostdata/zadmin/public_html/yourclient_domain:/var/sentora/temp/"
php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, exec"
ErrorLog "/var/sentora/logs/domains/zadmin/yourclient.domain-ssl-error.log"
CustomLog "/var/sentora/logs/domains/zadmin/yourclient.domain-ssl-access.log" combined
CustomLog "/var/sentora/logs/domains/zadmin/yourclient.domain-ssl-bandwidth.log" common
<Directory "/var/sentora/hostdata/zadmin/public_html/yourclient_domain">
Options +FollowSymLinks -Indexes
AllowOverride All
Order Allow,Deny
Allow from all
</Directory>
AddType application/x-httpd-php .php3 .php
ErrorDocument 404 /_errorpages/404.html
ErrorDocument 510 /_errorpages/510.html
ErrorDocument 500 /_errorpages/500.html
ErrorDocument 403 /_errorpages/403.html
DirectoryIndex index.html index.htm index.php index.asp index.aspx index.jsp index.jspa index.shtml index.shtm
# Custom Global Settings (if any exist)
# Custom VH settings (if any exist)
#LET'S ADD YOUR SSL CERTIFICATE, KEY, PEM and BUNDLES HERE
SSLEngine on
SSLCertificateFile C:/zpanel/bin/apache/ssl_certs/__.domain.com.crt
SSLCertificateKeyFile C:/zpanel/bin/apache/ssl_certs/__.domain.com.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
</virtualhost>
# END DOMAIN: yourclient.domain
################################################################
save it!
Open the Sentora Config --> HTTPD.CONF
add this at the after "Include /etc/sentora/configs/apache/httpd-vhosts.conf"
The line should be like this: "Include /etc/sentora/configs/apache/httpd-ssl-vhosts.conf"
Save it!
TAKE NOTE: In Sentora, Make SURE you have created a dummy subdomain which contains a dummy SSL in Module Admin>>Apache Config>>Override Vhost
So that the LISTEN PORT 443 will be generated by Sentora by default if Override Vhost 443 is enabled.
Adding Listen 443 manually will kill your Apache service.
Now if you have done this all? Restart your Apache service
CentOS: service httpd restart
Open your browser and check
HTTP://yourclient.domain and
HTTPS://yourclient.domain
I hope this helps you! Good luck
Posts: 9
Threads: 5
Joined: Aug 2014
Reputation:
0
Sex: Male
Thanks: 1
Given 0 thank(s) in 0 post(s)
RE: SSL Separation Between Sentora and Client Domains
03-18-2015, 07:59 PM
Code:
##################################################
# Apache VHOST configuration file
# Automatically generated by Sentora 10.0.2
# Generated on: 12:25 2nd Jun 2013 WIT
##################################################
NameVirtualHost *:443
# Configuration for Sentora control panel.
SSLEngine on
SSLProtocol SSLv3
SSLCertificateFile /etc/apache2/ssl/Sentora.crt
SSLCertificateKeyFile /etc/apache2/ssl/Sentora.key
ServerAdmin zadmin@localhost
DocumentRoot "/etc/Sentora/panel/"
ServerName id-network.org
ServerAlias Sentora.id-network.org
Redirect Permanent / https://Sentora.id-network.org/
I don't understand only SSLV3 ? and Also how do we use CA Certificate ? CA Bundle not required ?
http://docs.sentora.org/?node=21
Posts: 4
Threads: 2
Joined: Feb 2015
Reputation:
0
Sex: Male
Thanks: 0
Given 0 thank(s) in 0 post(s)
RE: SSL Separation Between Sentora and Client Domains
04-01-2015, 01:24 AM
(This post was last modified: 04-01-2015, 01:27 AM by wakeupzee .)
(02-18-2015, 09:13 PM) Jayster Wrote: ahh.. There are 2 different types of SSL installation in Sentora.
Just pay attention in client domain here, not the Sentora panel.
If you have a client domain eg: HTTP://yourclient.domain and you want to forward it to HTTPS://yourclient.domain
USE the following:
Overriding Vhost via MODULE ADMIN>>APACHE CONFIG>>Select the Vhost to Override
eg: yourclient.domain
1) Port Override -> 443
2) Custom Entry:
Code:
SSLEngine on
SSLCertificateFile C:/zpanel/bin/apache/ssl_certs/__.domain.com.crt
SSLCertificateKeyFile C:/zpanel/bin/apache/ssl_certs/__.domain.com.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog c:/zpanel/logs/ssl/ssl_zpx_request.log \
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
Now the result for that will be:
HTTP://yourclient.domain will always be forwarded to SSL 443 eg: HTTPS://yourclient.domain
so there is no way to view this via port 80 or standard HTTP
Now if you want to view your client domain in a separate socket port HTTP and HTTPS at the same time?
All you need to do is the following:
Create a SSL-VHOST and name it like for example: "httpd-ssl-vhost.conf"
Open your Sentora Config -> "httpd-vhost.conf" then copy and paste the vhost which is the "yourclient.domain" in your created "httpd-ssl-vhost.conf.
Example below:
Code:
# DOMAIN: yourclient.domain
<virtualhost *:80>
ServerName yourclient.domain
ServerAlias www.yourclient.domain
ServerAdmin panel@yourclient.domain
DocumentRoot "/var/sentora/hostdata/zadmin/public_html/yourclient_domain"
php_admin_value open_basedir "/var/sentora/hostdata/zadmin/public_html/yourclient_domain:/var/sentora/temp/"
php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, exec"
ErrorLog "/var/sentora/logs/domains/zadmin/yourclient.domain-error.log"
CustomLog "/var/sentora/logs/domains/zadmin/yourclient.domain-access.log" combined
CustomLog "/var/sentora/logs/domains/zadmin/yourclient.domain-bandwidth.log" common
<Directory "/var/sentora/hostdata/zadmin/public_html/yourclient_domain">
Options +FollowSymLinks -Indexes
AllowOverride All
Order Allow,Deny
Allow from all
</Directory>
AddType application/x-httpd-php .php3 .php
ErrorDocument 404 /_errorpages/404.html
ErrorDocument 510 /_errorpages/510.html
ErrorDocument 500 /_errorpages/500.html
ErrorDocument 403 /_errorpages/403.html
DirectoryIndex index.html index.htm index.php index.asp index.aspx index.jsp index.jspa index.shtml index.shtm
# Custom Global Settings (if any exist)
# Custom VH settings (if any exist)
</virtualhost>
# END DOMAIN: yourclient.domain
################################################################
After pasting the code, modify it like this: example code below:
Code:
# DOMAIN: yourclient.domain
<virtualhost *:443>
ServerName yourclient.domain
ServerAlias www.yourclient.domain
ServerAdmin panel@yourclient.domain
DocumentRoot "/var/sentora/hostdata/zadmin/public_html/yourclient_domain"
php_admin_value open_basedir "/var/sentora/hostdata/zadmin/public_html/yourclient_domain:/var/sentora/temp/"
php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, exec"
ErrorLog "/var/sentora/logs/domains/zadmin/yourclient.domain-ssl-error.log"
CustomLog "/var/sentora/logs/domains/zadmin/yourclient.domain-ssl-access.log" combined
CustomLog "/var/sentora/logs/domains/zadmin/yourclient.domain-ssl-bandwidth.log" common
<Directory "/var/sentora/hostdata/zadmin/public_html/yourclient_domain">
Options +FollowSymLinks -Indexes
AllowOverride All
Order Allow,Deny
Allow from all
</Directory>
AddType application/x-httpd-php .php3 .php
ErrorDocument 404 /_errorpages/404.html
ErrorDocument 510 /_errorpages/510.html
ErrorDocument 500 /_errorpages/500.html
ErrorDocument 403 /_errorpages/403.html
DirectoryIndex index.html index.htm index.php index.asp index.aspx index.jsp index.jspa index.shtml index.shtm
# Custom Global Settings (if any exist)
# Custom VH settings (if any exist)
#LET'S ADD YOUR SSL CERTIFICATE, KEY, PEM and BUNDLES HERE
SSLEngine on
SSLCertificateFile C:/zpanel/bin/apache/ssl_certs/__.domain.com.crt
SSLCertificateKeyFile C:/zpanel/bin/apache/ssl_certs/__.domain.com.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
</virtualhost>
# END DOMAIN: yourclient.domain
################################################################
save it!
Open the Sentora Config --> HTTPD.CONF
add this at the after "Include /etc/sentora/configs/apache/httpd-vhosts.conf"
The line should be like this: "Include /etc/sentora/configs/apache/httpd-ssl-vhosts.conf"
Save it!
TAKE NOTE: In Sentora, Make SURE you have created a dummy subdomain which contains a dummy SSL in Module Admin>>Apache Config>>Override Vhost
So that the LISTEN PORT 443 will be generated by Sentora by default if Override Vhost 443 is enabled.
Adding Listen 443 manually will kill your Apache service.
Now if you have done this all? Restart your Apache service
CentOS: service httpd restart
Open your browser and check HTTP://yourclient.domain and HTTPS://yourclient.domain
I hope this helps you! Good luck
Hi i am using ubantu 14.04
i add port override to 443 for my domain from apache config...
i got following error attached screenshot.... please help... sentora version 1.0.0
Attached Files
Thumbnail(s)