RE: Sentora Feedback and Ideas
10-27-2017, 12:35 PM
(This post was last modified: 10-27-2017, 12:46 PM by translucide.)
(10-27-2017, 04:36 AM)TGates Wrote: We are aware of the user situation. It was done the way it is because Sentora was originally built to be able to be used on *nix as well as Windows. Since we have pretty much dropped Windows support, changing the user methods is part of our future changes.
Good to know! Can I help make this happen faster ? Where are you discussing this change ?
Another thing that I would like to put into sentora is generating an SSL cert with lets encrypt automatically for the sentora panel domain and set config to SSL by default.
I don't see why this is not the default setup.
Comment all lines in welcome.conf file (disable Testing 123 apache page) :
vi /etc/httpd/conf.d/welcome.conf
out all active lines in welcome.conf
Comment Listen 443 line in ssl.conf :
vi /etc/httpd/conf.d/ssl.conf
out that line like this :
443
Install Lets Encypt :
yum install mod_ssl openssl yum-utils certbot-apache
certbot --apache
Install sentora panel SSL certificate :
Into SentoraCP go to Sentora -> Admin -> Module Admin => Apache Config
Copy and paste into Global Sentora entry:
Redirect Permanent / https://sentora.domain.com/
Check "Force Update" checkbox. Save.
vi /etc/sentora/configs/apache/httpd-vhosts-ssl.conf
<VirtualHost *:443>
ServerAdmin zadmin@localhost
DocumentRoot "/etc/sentora/panel/"
ServerName sentora.domain.com
ErrorLog "/var/sentora/logs/sentora-error.log"
CustomLog "/var/sentora/logs/sentora-access.log" combined
CustomLog "/var/sentora/logs/sentora-bandwidth.log" common
AddType application/x-httpd-php .php
<Directory "/etc/sentora/panel/">
Options +FollowSymLinks -Indexes
AllowOverride All
Require all granted
</Directory>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/sentora.domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/sentora.domain.com/privkey.pem
SSLCACertificateFile /etc/letsencrypt/live/sentora.domain.com/chain.pem
</VirtualHost>
vi /etc/sentora/configs/apache/httpd.conf
the end of the file, add this line :
Include /etc/sentora/configs/apache/httpd-vhosts-ssl.conf
service httpd restart
Auto renew all lets encrypt certificates at 3 am every day so they do not expire :
vi /etc/crontab
this line :
0 3 * * * root certbot renew
service crond reload
And if we auto-generate an SSL cert for the sentora domain, we could use the same cert for FTP/TLS :
Create /etc/proftpd/tls.conf file :
mkdir /etc/proftpd
vi /etc/proftpd/tls.conf
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol SSLv23
TLSRSACertificateFile /etc/letsencrypt/live/sentora.domain.com/fullchain.pem
TLSRSACertificateKeyFile /etc/letsencrypt/live/sentora.domain.com/privkey.pem
TLSRequired on
TLSOptions AllowClientRenegotiations NoSessionReuseRequired
TLSRenegotiate required off
</IfModule>
Edit /etc/proftpd.conf file :
vi /etc/proftpd.conf
these lines to end of file :
PassivePorts 55000 60000
Include /etc/proftpd/tls.conf
Restart proftpd :
service proftpd restart
