This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

[MODULE] Certificate Manager
#41
RE: [Module] Certificate Manager
Just made som update will test and release Smile

Just release version 1.0.6

fixes the problem that it do not save to the vhost file
Sentora 1.0.3 on [Image: DO_Logo_Horizontal_Blue-3db19536.png]

-= Github =-  -= My Repo =-

My Modules
Reply
Thanks given by: TGates
#42
RE: [Module] Certificate Manager
Hi,

I have some issues with the way CertM implements ssl.

First its not working with varnish. 
Sentora doen't look at wich port for apache is configured in "Sentora apache settings", so the setting "vhost override port" the port is still 80. Certm takes this over and break the virual host by this. 

This is an issue for sentora i believe to look in setting for the right override port.

Second the way ssl is now implementen in "vhost custom settings" you cannot use any "global vhost settings" configured in sentora anymore. I had global vhost entry set voor webmail (webmail.*) and in break up vhosts and thus apache..

I believe its better if CertM creates whole new vhosts entry's listing to 443 instead of adding it into custom settings voor a vhost created to listen to port 80 or 8080 in case of my settup with varnish:

Example:

Sentora creates a :80 vhosts:

Code:
# DOMAIN: ldehooge.nl
<virtualhost *:8080>
ServerName ldehooge.nl
ServerAlias  www.ldehooge.nl
ServerAdmin 83ffb53a@opayq.com
DocumentRoot "/var/sentora/hostdata/webimproved/public_html/ldehooge_nl"
php_admin_value open_basedir "/var/sentora/hostdata/webimproved/public_html/ldehooge_nl:/var/sentora/temp/"
php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, exec"
ErrorLog "/var/sentora/logs/domains/webimproved/ldehooge.nl-error.log"
CustomLog "/var/sentora/logs/domains/webimproved/ldehooge.nl-access.log" combined
CustomLog "/var/sentora/logs/domains/webimproved/ldehooge.nl-bandwidth.log" common
<Directory "/var/sentora/hostdata/webimproved/public_html/ldehooge_nl">
 Options +FollowSymLinks -Indexes
 AllowOverride All
 Order Allow,Deny
 Allow from all
</Directory>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
AddType application/x-httpd-php .php3 .php
DirectoryIndex index.html index.htm index.php index.asp index.aspx index.jsp index.jspa index.shtml index.shtm
# Custom Global Settings (if any exist)
</VirtualHost>^M
^M
# Configuration for WebMail^M
<VirtualHost *:8080>^M
ServerAlias webmail.* ^M
DocumentRoot "/etc/sentora/panel/etc/apps/webmail/"^M
AddType application/x-httpd-php .php^M
<Directory "/etc/sentora/panel/etc/apps/webmail/">^M
Options +FollowSymLinks -Indexes^M
AllowOverride All^M
</Directory>
# Custom VH settings (if any exist)

</virtualhost>
# END DOMAIN: ldehooge.nl
################################################################


Let CertM Create a seperate 443 vhost in the same file sentora does:


Code:
# DOMAINSSL: ldehooge.nl
<VirtualHost *:443>
ServerName ldehooge.nl
[size=small][font=Monaco, Consolas, Courier, monospace]ServerAlias  www.ldehooge.nl[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]ServerAdmin 83ffb53a@opayq.com[/font][/size]
DocumentRoot "/var/sentora/hostdata/webimproved/public_html/ldehooge_nl"
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/www.ldehooge.nl.crt
SSLCertificateKeyFile /etc/pki/tls/private/www.ldehooge.key
SSLCertificateChainFile /etc/pki/tls/certs/CA_Intermediate.cert
SSLCACertificateFile /etc/pki/tls/certs/CA_Root.cert
php_admin_value open_basedir "/var/sentora/hostdata/webimproved/public_html/ldehooge_nl:/var/sentora/temp/"
[size=small][font=Monaco, Consolas, Courier, monospace]php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, exec"[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]ErrorLog "/var/sentora/logs/domains/webimproved/ldehooge.nl-error.log"[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]CustomLog "/var/sentora/logs/domains/webimproved/ldehooge.nl-access.log" combined[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]CustomLog "/var/sentora/logs/domains/webimproved/ldehooge.nl-bandwidth.log" common[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]<Directory "/var/sentora/hostdata/webimproved/public_html/ldehooge_nl">[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]  Options +FollowSymLinks -Indexes[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]  AllowOverride All[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]  Order Allow,Deny[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]  Allow from all[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]</Directory>[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]AddType application/x-httpd-php .php3 .php[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]DirectoryIndex index.html index.htm index.php index.asp index.aspx index.jsp index.jspa index.shtml index.shtm[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]# Custom Global Settings (if any exist)[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]</VirtualHost>^M[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]^M[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]# Configuration for WebMail^M[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]<VirtualHost *:8080>^M[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace] ServerAlias webmail.* ^M[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace] DocumentRoot "/etc/sentora/panel/etc/apps/webmail/"^M[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace] AddType application/x-httpd-php .php^M[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace] <Directory "/etc/sentora/panel/etc/apps/webmail/">^M[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace] Options +FollowSymLinks -Indexes^M[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace] AllowOverride All^M[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace] </Directory>[/font][/size]
[size=small][font=Monaco, Consolas, Courier, monospace]# Custom VH settings (if any exist)[/font][/size]

[size=small][font=Monaco, Consolas, Courier, monospace]</virtualhost>[/font][/size]
# END DOMAINSSL: ldehooge.nl



This way a domain can be reached both ports and the user can choose with url's needs to be ssl or not.
Also any global vhosts entry's will not break up and will be automatic implement with the ssl vhosts also.


Ofcouse the sentora vhosts file als needs a listing to 443 rule.
[Image: logo2.png]

My being on this forum is all personal and all is done here by me has nothing to with the company Web Improved I work for Smile
Reply
Thanks given by:
#43
RE: [Module] Certificate Manager
First off, Sentora (or it's modules) are not built to use varnish. This would be a custom install as yours is and this can break the way different modules work like in your case. For those using a 'default' installation, the certificate manager works just fine with custom entries. I am not sure what varnish requires, but you could try and customize the module to work in your setup or maybe Diablo925 can help you sort it out Wink
-TGates - Project Council

SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE

Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Reply
Thanks given by:
#44
RE: [Module] Certificate Manager
(11-27-2015, 04:02 AM)TGates Wrote: First off, Sentora (or it's modules) are not built to use varnish. This would be a custom install as yours is and this can break the way different modules work like in your case. For those using a 'default' installation, the certificate manager works just fine with custom entries. I am not sure what varnish requires, but you could try and customize the module to work in your setup or maybe Diablo925 can help you sort it out Wink

Soms points i agree and soms not tgates.
Ofcourse varnish is not standard for sentora. That is not the point. Varnish is not conflicting with anything since my sentora uses ssl and override varnish because varnish doesnt understand ssl.

The point is that sentora gives you the possebilty to change the apache port. If thats the case it seems fair to me that sentora takes this change in account when using vhost port override function in vhost custom setting. Or am i wrong? Cause now sentora has vhost port override option with port 80 hardcoded while it should look at config sentora apache port.

Second even with default installation the custom vhost i post in my above post are not working with the settings certm creates.
[Image: logo2.png]

My being on this forum is all personal and all is done here by me has nothing to with the company Web Improved I work for Smile
Reply
Thanks given by:
#45
RE: [Module] Certificate Manager
the biggest issue to make port 80 and 443 works is that sentora use openbase and Suhosin and the easy way was to use the settings and not add all info to the nye vhost
Sentora 1.0.3 on [Image: DO_Logo_Horizontal_Blue-3db19536.png]

-= Github =-  -= My Repo =-

My Modules
Reply
Thanks given by:
#46
RE: [Module] Certificate Manager
Got it working now by changing the hardcoded 80 port in the files controller from Certman and the daemonhook file from the apache_admin module.
[Image: logo2.png]

My being on this forum is all personal and all is done here by me has nothing to with the company Web Improved I work for Smile
Reply
Thanks given by:
#47
RE: [Module] Certificate Manager
Interesting, I will have to take a look...  the ports should not be hardcoded anywhere Huh
-TGates - Project Council

SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE

Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Reply
Thanks given by:
#48
RE: [Module] Certificate Manager
Hello Diablo,

I have one more issue. Don't get me wrong i appreciate every work you have done!
But a SSL manager is the one importing thing Sentora really needed. And i want it to be perfectSmile

The issue is that Certmanager allow you to upload 3 files: Key, Domain and CA. This config works mostly fine on desktops. But on tablets and phone, especially chrome for android wants to see the chain file also before trusting the certificates.

I think its recommended to update the module to allow upload a SSLCertificateChainFile file. Maybe not mandatory.
[Image: logo2.png]

My being on this forum is all personal and all is done here by me has nothing to with the company Web Improved I work for Smile
Reply
Thanks given by:
#49
RE: [Module] Certificate Manager
Update:

Upgraded the code myself.

Add a file upload to module.zpm. Now i have:
  • Key
  • Domain
  • CA Root
  • CA intermediate
The files are uploaded and the vhosts file now have :
  • SSLCertificateFile
  • SSLCertificateKeyFile
  • SSLCACertificateFile
  • SSLCertificateChainFile
Working perfect now on phone crome for android.

Ran into one strange issue do.

I have my panel at cpanel.webimproved.nl and the company website on www.webimproved.
When i added ssl to www.webimproved.nl with your module apache broke. Looking in the vhosts file i saw that the module add everything twice! Think has something to do with:

Code:
            if($domain == ctrl_options::GetSystemOption('sentora_domain')) {
            
                
                $line = "# Made from Cert manager start" . fs_filehandler::NewLine();
                $line  .= fs_filehandler::NewLine();
                $line .= 'SSLEngine On' . fs_filehandler::NewLine();
                $line .= "SSLCertificateFile " . ctrl_options::GetSystemOption('hosted_dir') . $currentuser['username'] . "/ssl/" . $rootdir. "/". $domain.".crt". fs_filehandler::NewLine();
                $line .= "SSLCertificateKeyFile " . ctrl_options::GetSystemOption('hosted_dir') . $currentuser['username'] . "/ssl/" . $rootdir."/" . $domain.".key". fs_filehandler::NewLine();
                $line .= "SSLCACertificateFile " . ctrl_options::GetSystemOption('hosted_dir') . $currentuser['username'] . "/ssl/" . $rootdir."/caroot.crt". fs_filehandler::NewLine();
                $line .= "SSLCertificateChainFile  " . ctrl_options::GetSystemOption('hosted_dir') . $currentuser['username'] . "/ssl/" . $rootdir."/intermediate.crt". fs_filehandler::NewLine();
I see you lookup the sentora_domain. In my database the sentora_domain is cpanel.webimproved.nl
So i dont quite understand why the module gets confused there if is use www.webimproved.nl as domain voor certifcate.
[Image: logo2.png]

My being on this forum is all personal and all is done here by me has nothing to with the company Web Improved I work for Smile
Reply
Thanks given by:
#50
RE: [Module] Certificate Manager
First of all, Thanks for a very nice module Smile

But I have a question about the SSL from Letsencrypt

You get files like:

cert.pem
chain.pem
fullchain.pem
privkey.pem

But what file do I have to use in the Cert Manager, and in which order?

Domain Signing Certificate Key(.key): privkey.pem right?
Signed Server Certificate(.cer): ?
CA Certificate (.cer): ?

Kind regards
Jonathan
Reply
Thanks given by:


Possibly Related Threads…
Thread Author Replies Views Last Post
[Module] ELFileManager (build on elfinder) Diablo925 94 289 ,252 05-30-2024, 05:25 AM
Last Post: TGates
[MODULE] phpMyAdmin-AU (Auto-Update) TGates 14 44 ,964 06-15-2021, 06:54 AM
Last Post: TGates
[MODULE] SenBrand - Basic Branding module for Sentora TGates 20 49 ,479 06-04-2021, 11:47 AM
Last Post: ccr1969

Forum Jump:


Users browsing this thread: 2 Guest(s)