This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

[SPLIT] Secure Sentora Login with Let's Encrypt
#21
RE: Secure Sentora Login with Let's Encrypt
(04-14-2016, 12:17 AM)NicolaiVdS Wrote: Tip after doing this you might wanna add a panel subdomain and add a port overide to it so when you visit panel.domain.tld you wil be the on https and not http

Huh
You do not add the panel login sub domain inside the panel. It is already added during install. It's in the instructions about the port override Wink
-TGates - Project Council

SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE

Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Reply
Thanks given by:
#22
RE: Secure Sentora Login with Let's Encrypt
Hi

I am getting the following error whet i start apache2

root@host2:~/letsencrypt# service apache2 start
* Starting web server apache2                                                                                                                                                                                                               (98)Address already in use: AH00072: make_sock: could not bind to address [::]:443
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
Action 'start' failed.
The Apache error log may have more information.

Thanks
Reply
Thanks given by:
#23
RE: Secure Sentora Login with Let's Encrypt
I believe you need the Universe Repository on Ubunut 14.04
Code:
sudo add-apt-repository "deb http://archive.ubuntu.com/ubuntu $(lsb_release -sc) universe"
My Sentora Resources
[Module] Mail Quota Count | Vagrant Box with Sentora

[Image: vanguardly-logo-micro.png]
Graphic and Web Design. Development.
www.vanguardly.com


Reply
Thanks given by:
#24
RE: Secure Sentora Login with Let's Encrypt
are you sure because if i dindt add the panel.domain.ltd and did a port forward i ended up on the http page and not the https
Reply
Thanks given by:
#25
RE: Secure Sentora Login with Let's Encrypt
You need to add a .htaccess entry (in the /panel/.htaccess) with redirect permanent to https at the very top.


Code:
RewriteEngine on

# Force SSL - Always first!
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://panel.domain.com/$1 [R,L]
-TGates - Project Council

SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE

Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Reply
Thanks given by:
#26
RE: Secure Sentora Login with Let's Encrypt
(04-22-2016, 03:09 PM)TGates Wrote: You need to add a .htaccess entry (in the /panel/.htaccess) with redirect permanent to https at the very top.


Code:
RewriteEngine on

# Force SSL - Always first!
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://panel.domain.com/$1 [R,L]


I also struggle with similar issue

browsers by default load only http site that drops "Firefox can't establish a connection to the server" same with panel and same with other domains
manually if i type in https than the site runs.

Is this proper .htaccess file?



Code:
# Standard Sentora Rewrite Ruleset
RewriteEngine on
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://s.lefetty.lv/$1 [R,L]
RewriteRule ^api/([^/\.]+)/?$ bin/api.php?m=$1 [L]
RewriteRule ^apps/([^/\.]+)/?$ etc/apps/$1 [L]

# Optionally you can uncomment the below line and configure your domain to only allow access from the FQDN.
#RewriteCond
%{SERVER_NAME} !^sentora\.domain\.com$
#RewriteRule
^ - [F]

# Deny access to some file types/directories
RewriteRule ^/?(\.git|\.tx|SQL|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F]
RewriteRule ^(etc/tmp|etc/zppy-cache|/etc/lib/pChart2/cache|etc/build) - [F,L,NC]

# Disable index listing
Options -Indexes
Reply
Thanks given by:
#27
RE: Secure Sentora Login with Let's Encrypt
NOTE: Ubuntu 14.04 Sentora: 1.0.3

This is my complete .htaccess (/etc/sentora/panel/.htaccess):
PHP Code:
RewriteEngine on

# Force SSL - Always first!
RewriteCond %{SERVER_PORT80 
RewriteRule 
^(.*)$ https://panel.domain.com/$1 [R,L]

# Standard Sentora Rewrite Ruleset
RewriteRule ^api/([^/\.]+)/?$ bin/api.php?m=$[L]
RewriteRule ^apps/([^/\.]+)/?$ etc/apps/$[L]

# Optionally you can uncomment the below line and configure your domain to only allow access from the FQDN.
#RewriteCond %{SERVER_NAME} !^panel\.domain\.com$ 
#RewriteRule ^ - [F]

# Deny access to some file types/directories
RewriteRule ^/?(\.git|\.tx|SQL|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F]
RewriteRule ^(etc/tmp|etc/zppy-cache|/etc/lib/pChart2/cache|etc/build) - [F,L,NC]

# Disable index listing
Options -Indexes 
Panel's default vhost entry (/etc/sentora/configs/apache/httpd-vhosts.conf):
PHP Code:
Listen 80

# Configuration for Sentora control panel.
<VirtualHost *:80>
ServerAdmin webmaster@domain.com
DocumentRoot 
"/etc/sentora/panel/"
ServerName panel.domain.com
ErrorLog 
"/var/sentora/logs/sentora-error.log" 
CustomLog "/var/sentora/logs/sentora-access.log" combined
CustomLog 
"/var/sentora/logs/sentora-bandwidth.log" common
AddType application
/x-httpd-php .php
<Directory "/etc/sentora/panel/">
Options +FollowSymLinks -Indexes
    AllowOverride All
    Require all granted
</Directory>

# Custom settings are loaded below this line (if any exist)

</VirtualHost
SSL vhost (/etc/sentora/configs/apache/ssl/panel_domain_com.conf):
PHP Code:
# Configuration for Sentora control panel.
<VirtualHost *:443>
ServerAdmin webmaster@domain.com
DocumentRoot 
"/etc/sentora/panel/"
ServerName panel.domain.com
ErrorLog 
"/var/sentora/logs/sentora-error.log" 
CustomLog "/var/sentora/logs/sentora-access.log" combined
CustomLog 
"/var/sentora/logs/sentora-bandwidth.log" common
AddType application
/x-httpd-php .php
<Directory "/etc/sentora/panel/">
Options +FollowSymLinks -Indexes
    AllowOverride All
    Require all granted
</Directory>

# Custom settings are loaded below this line (if any exist)
SSLEngine on
SSLProtocol ALL 
-SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH
+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile 
/etc/letsencrypt/live/panel.domain.com/cert.pem
SSLCertificateKeyFile 
/etc/letsencrypt/live/panel.domain.com/privkey.pem
SSLCertificateChainFile 
/etc/letsencrypt/live/panel.domain.com/chain.pem
# Keeping below for future upgrades.
# Requires Apache >= 2.4
SSLCompression off
</VirtualHost
How I get the SSL vhosts (/etc/sentora/configs/apache/httpd.conf)(at bottom):
PHP Code:
# Sentora Apache Include file
# Written by Bobby Allen, 15/05/2011

# Set the Sentora Alias (used for development, sable will eventually use a VHOST)
#Alias /Sentora /etc/sentora/panel

# Set a default server name for the master configuration to suppress Apache daemon warnings
ServerName localhost

# Setup the directory settings and PHP security flags for the Sentora application directory.
<Directory /etc/sentora/panel>
 
   Options +FollowSymLinks
    DirectoryIndex index
.php
    
<IfModule mod_php5.c>
 
       AddType application/x-httpd-php .php
        php_flag magic_quotes_gpc Off
        php_flag track_vars On
        php_flag register_globals Off
        php_admin_value upload_tmp_dir 
/var/sentora/temp
    
</IfModule>
</
Directory>

# Disallow web access to directories that don't need it/that we don't want people looking in!
<Directory /etc/sentora/panel/cnf/>
 
   Require all denied 
</Directory>
<
Directory /etc/sentora/panel/modules/*/hooks>
    Require all denied 
</Directory>

# Set server tokens
ServerTokens Prod

# Now we include the generic VHOST configuration file that holds all Sentora user hosted vhost data
Include /etc/sentora/configs/apache/httpd-vhosts.conf

# include SSL Vhosts
Listen 443
Include /etc/sentora/configs/apache/ssl/panel_domain_com.conf 
-TGates - Project Council

SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE

Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Reply
Thanks given by: LaxeDLL
#28
RE: Secure Sentora Login with Let's Encrypt
(06-16-2016, 12:44 AM)TGates Wrote: NOTE: Ubuntu 14.04 Sentora: 1.0.3

This is my complete .htaccess (/etc/sentora/panel/.htaccess):
PHP Code:
RewriteEngine on

# Force SSL - Always first!
RewriteCond %{SERVER_PORT80 
RewriteRule 
^(.*)$ https://panel.domain.com/$1 [R,L]

# Standard Sentora Rewrite Ruleset
RewriteRule ^api/([^/\.]+)/?$ bin/api.php?m=$[L]
RewriteRule ^apps/([^/\.]+)/?$ etc/apps/$[L]

# Optionally you can uncomment the below line and configure your domain to only allow access from the FQDN.
#RewriteCond %{SERVER_NAME} !^panel\.domain\.com$ 
#RewriteRule ^ - [F]

# Deny access to some file types/directories
RewriteRule ^/?(\.git|\.tx|SQL|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F]
RewriteRule ^(etc/tmp|etc/zppy-cache|/etc/lib/pChart2/cache|etc/build) - [F,L,NC]

# Disable index listing
Options -Indexes 
Panel's default vhost entry (/etc/sentora/configs/apache/httpd-vhosts.conf):
PHP Code:
Listen 80

# Configuration for Sentora control panel.
<VirtualHost *:80>
ServerAdmin webmaster@domain.com
DocumentRoot 
"/etc/sentora/panel/"
ServerName panel.domain.com
ErrorLog 
"/var/sentora/logs/sentora-error.log" 
CustomLog "/var/sentora/logs/sentora-access.log" combined
CustomLog 
"/var/sentora/logs/sentora-bandwidth.log" common
AddType application
/x-httpd-php .php
<Directory "/etc/sentora/panel/">
Options +FollowSymLinks -Indexes
    AllowOverride All
    Require all granted
</Directory>

# Custom settings are loaded below this line (if any exist)

</VirtualHost
SSL vhost (/etc/sentora/configs/apache/ssl/panel_domain_com.conf):
PHP Code:
# Configuration for Sentora control panel.
<VirtualHost *:443>
ServerAdmin webmaster@domain.com
DocumentRoot 
"/etc/sentora/panel/"
ServerName panel.domain.com
ErrorLog 
"/var/sentora/logs/sentora-error.log" 
CustomLog "/var/sentora/logs/sentora-access.log" combined
CustomLog 
"/var/sentora/logs/sentora-bandwidth.log" common
AddType application
/x-httpd-php .php
<Directory "/etc/sentora/panel/">
Options +FollowSymLinks -Indexes
    AllowOverride All
    Require all granted
</Directory>

# Custom settings are loaded below this line (if any exist)
SSLEngine on
SSLProtocol ALL 
-SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH
+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile 
/etc/letsencrypt/live/panel.domain.com/cert.pem
SSLCertificateKeyFile 
/etc/letsencrypt/live/panel.domain.com/privkey.pem
SSLCertificateChainFile 
/etc/letsencrypt/live/panel.domain.com/chain.pem
# Keeping below for future upgrades.
# Requires Apache >= 2.4
SSLCompression off
</VirtualHost
How I get the SSL vhosts (/etc/sentora/configs/apache/httpd.conf)(at bottom):
PHP Code:
# Sentora Apache Include file
# Written by Bobby Allen, 15/05/2011

# Set the Sentora Alias (used for development, sable will eventually use a VHOST)
#Alias /Sentora /etc/sentora/panel

# Set a default server name for the master configuration to suppress Apache daemon warnings
ServerName localhost

# Setup the directory settings and PHP security flags for the Sentora application directory.
<Directory /etc/sentora/panel>
 
   Options +FollowSymLinks
    DirectoryIndex index
.php
    
<IfModule mod_php5.c>
 
       AddType application/x-httpd-php .php
        php_flag magic_quotes_gpc Off
        php_flag track_vars On
        php_flag register_globals Off
        php_admin_value upload_tmp_dir 
/var/sentora/temp
    
</IfModule>
</
Directory>

# Disallow web access to directories that don't need it/that we don't want people looking in!
<Directory /etc/sentora/panel/cnf/>
 
   Require all denied 
</Directory>
<
Directory /etc/sentora/panel/modules/*/hooks>
    Require all denied 
</Directory>

# Set server tokens
ServerTokens Prod

# Now we include the generic VHOST configuration file that holds all Sentora user hosted vhost data
Include /etc/sentora/configs/apache/httpd-vhosts.conf

# include SSL Vhosts
Listen 443
Include /etc/sentora/configs/apache/ssl/panel_domain_com.conf 

Thank you so much, this worked perfectly Heart
Reply
Thanks given by:
#29
RE: Secure Sentora Login with Let's Encrypt
Glad it helped, I wish there was an easier way lol.
-TGates - Project Council

SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE

Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Reply
Thanks given by:
#30
RE: Secure Sentora Login with Let's Encrypt
How to remove ssl from panel Sentora via terminal? Please help me I got error
Reply
Thanks given by:


Possibly Related Threads…
Thread Author Replies Views Last Post
Secure Sentora Domains with Let's Encrypt TGates 27 97 ,137 06-08-2024, 05:06 PM
Last Post: andykimpe
Secure Sentora With SSLForFree Chris L 1 5 ,317 01-22-2020, 09:19 PM
Last Post: ralphharder
Fail2ban for Sentora (Centos 7) bbspike 14 48 ,676 01-14-2020, 07:32 AM
Last Post: Vedran B

Forum Jump:


Users browsing this thread: 3 Guest(s)