RE: secure sentora with https?
02-12-2015, 08:12 AM
(This post was last modified: 02-12-2015, 08:39 AM by SupaYoshi.)
(02-12-2015, 07:50 AM)Me.B Wrote: Requirement here.
Having your SSL certificate issued & ok.
Basic knowledge over apache admin & conf files.
1. create a new file for panel SSL Setup:
/etc/sentora/configs/http-panel-ssl.conf
Code:Listen 443
# Configuration for Sentora control panel with SSL.
<VirtualHost *:443>
ServerAdmin zadmin@localhost
DocumentRoot "/etc/sentora/panel/"
ServerName panel.FQDNN
ErrorLog "/var/sentora/logs/sentora-error.log"
CustomLog "/var/sentora/logs/sentora-access.log" combined
CustomLog "/var/sentora/logs/sentora-bandwidth.log" common
AddType application/x-httpd-php .php
<Directory "/etc/sentora/panel/">
Options +FollowSymLinks -Indexes
AllowOverride All
Order allow,deny
Allow from all
</Directory>
SSLEngine on
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;^M SSLHonorCipherOrder on
SSLCertificateFile /etc/sentora/configs/ssl/sentora.crt
SSLCertificateKeyFile /etc/sentora/configs/ssl/sentora.pem
SSLCertificateChainFile /etc/sentora/configs/ssl/sentora.crt
</VirtualHost>
you need to replace : ServerName panel.FQDNN with your panel sub domain you had setup.
You will notice we need 3 files here for your SSL ( you can change the path if you want):
SSLCertificateFile /etc/sentora/configs/ssl/sentora.crt
SSLCertificateKeyFile /etc/sentora/configs/ssl/sentora.pem
SSLCertificateChainFile /etc/sentora/configs/ssl/sentora.crt
Once this config file setup.
You can include it in the main apache conf file would be last one after all previous sentora include files.
Once you do the setup and add this file your panel can be accessed using 80 & port 443 under HTTPS on the same time. Up to you then using a .htaccess to enforce https or leave it.
Would this be ok & clear?
M B
I've done everything as you said, works good but now I get 503, Forbidden error when I go to the https website.
EDIT: After i removed the Order allow,deny
from the config you gave me it works,
My config now looks like this exactly the same as the config does for the normal sentura panel.
Few changes I made,
- Why do you include a file that is in the root directory /etc/sentura/configs/ why not put it next to the other ones? /etc/sentura/configs/apache/ ? I made it include this way.
Code:
# Include SSL thingy for panel
Include /etc/sentora/configs/apache/http-panel-ssl.conf- I do the SSL protocol a little different, I do this,
Code:
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "CDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5"This because SSLv2 and SSLv3 are vulnerable to poodle attacks please edit that.
Code:
Listen 443
# Configuration for Sentora control panel with SSL.
<VirtualHost *:443>
ServerAdmin zadmin@localhost
DocumentRoot "/etc/sentora/panel/"
ServerName domain.something.something
ErrorLog "/var/sentora/logs/sentora-error.log"
CustomLog "/var/sentora/logs/sentora-access.log" combined
CustomLog "/var/sentora/logs/sentora-bandwidth.log" common
AddType application/x-httpd-php .php
<Directory "/etc/sentora/panel/">
Options +FollowSymLinks -Indexes
AllowOverride All
# Order allow,deny
Require all granted
</Directory>
SSLEngine on
# SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
# SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;^M SSLHonorCipherOrder on
SSLCertificateFile /etc/apache2/ssl/cert.crt
SSLCertificateKeyFile /etc/apache2/ssl/cert.key
SSLCACertificateFile /etc/apache2/ssl/rootca.crt
</VirtualHost>