SSL support in sentora
02-15-2016, 09:05 PM
(This post was last modified: 02-15-2016, 09:15 PM by Me.B.)
*** PLEASE thread for developers or if you have sys admin knowledge ***
We are currently planning to add SSL support.
Current draft will be rewrite apache admin module and I think I found interesting solution there even to get apache module easier to extend.
Adding SSL will not be the old way using port override but instead will create a second vhost with the exact same config and adding 6 lines
The above example is over let's encrypt but we would have a new folder in config where we store all SSL:
/etc/sentora/config/ssl or apache/ssl.
We could add a tool to help generating let's encrypt SSL in the right folder or even auto generate it. Same over custom SSL self signed ( let's encrypt support only public servers).
Also I think we sould more and more restrict modules access to all folders in sentora. So it can't be done like Diablo925 did in his module. May be later splitting the sensistive work in a API outside of the panel that can have wider access, instead of mixing the GUI with more complexe scripts.
We need to add ssl certificates validation in order to avoid that apache fails. May be a config test safe fail too and starting sentora eigther with old valid config too. Goal will less issues and users getting it the wrong way.
Uploading CSR, can be added too, but it may be later?
Mainly we need help, input and solutions.
I'm checking Diablo925 module too, as it's the existing one covering this field. I can send you some of current alpha work.
Update 1: in GUI we could add
https://www.metachris.com/2015/12/compar...tpsforfree
Looks intersting.
Diablo925 bbspike
Also TGates 5050
We are currently planning to add SSL support.
Current draft will be rewrite apache admin module and I think I found interesting solution there even to get apache module easier to extend.
Adding SSL will not be the old way using port override but instead will create a second vhost with the exact same config and adding 6 lines
Code:
SLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile /etc/letsencrypt/live/domain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/domain.com/chain.pem
The above example is over let's encrypt but we would have a new folder in config where we store all SSL:
/etc/sentora/config/ssl or apache/ssl.
We could add a tool to help generating let's encrypt SSL in the right folder or even auto generate it. Same over custom SSL self signed ( let's encrypt support only public servers).
Also I think we sould more and more restrict modules access to all folders in sentora. So it can't be done like Diablo925 did in his module. May be later splitting the sensistive work in a API outside of the panel that can have wider access, instead of mixing the GUI with more complexe scripts.
We need to add ssl certificates validation in order to avoid that apache fails. May be a config test safe fail too and starting sentora eigther with old valid config too. Goal will less issues and users getting it the wrong way.
Uploading CSR, can be added too, but it may be later?
Mainly we need help, input and solutions.
I'm checking Diablo925 module too, as it's the existing one covering this field. I can send you some of current alpha work.
Update 1: in GUI we could add
https://www.metachris.com/2015/12/compar...tpsforfree
Looks intersting.
Diablo925 bbspike
Also TGates 5050
No support using PM (Auto adding to IGNORE list!), use the forum.
How to ask
10$ free to start your VPS
How to ask
10$ free to start your VPS