This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

secure sentora with https?
#1
secure sentora with https?
Hi I want to secure the default sentora url with SSL. I have a vhost entry using SSL now, but I want the main panel secured with SSL.

Which config do I edit for that? And where do I put my SSL information in for the panel?
Let me know please
Reply
Thanks given by:
#2
RE: secure sentora with https?
You should do this manually and add it in apache config file.

M B
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS
Reply
Thanks given by:
#3
RE: secure sentora with https?
(02-12-2015, 05:09 AM)Me.B Wrote: You should do this manually and add it in apache config file.

M B

So i should add it into /etc/sentora/configs/apache/httpd-vhosts.conf?
Reply
Thanks given by:
#4
RE: secure sentora with https?
better you do all the config in another file and include it in apache main config. Don't touche sentora originally configured files.
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS
Reply
Thanks given by:
#5
RE: secure sentora with https?
(02-12-2015, 05:21 AM)Me.B Wrote: better you do all the config in another file and include it in apache main config. Don't touche sentora originally configured files.

I really don't understand why it has to be so hard to enable SSL for the control panel.. I have to create a default config file? Can't I just set the SSL certificate in the Global Sentora Entry? And change the port to 443?

Because when I do put it in there, it works but I get SSL on port 80... any idea?
Reply
Thanks given by:
#6
RE: secure sentora with https?
Me.B. Please let me know how I can enable SSL for my domains, without having them force SSL (redirect port 80 to 443)

And I want to enable SSL for my sentora URL too. Where do I do this, I read the wiki pages but they are not very helpful since they make you end up with ssl working on port 80..
Reply
Thanks given by:
#7
RE: secure sentora with https?
Requirement here.

Having your SSL certificate issued & ok.

Basic knowledge over apache admin & conf files.

1. create a new file for panel SSL Setup:
/etc/sentora/configs/http-panel-ssl.conf

Code:
Listen 443
# Configuration for Sentora control panel with SSL.
<VirtualHost *:443>
ServerAdmin zadmin@localhost
DocumentRoot "/etc/sentora/panel/"
ServerName panel.FQDNN
ErrorLog "/var/sentora/logs/sentora-error.log"
CustomLog "/var/sentora/logs/sentora-access.log" combined
CustomLog "/var/sentora/logs/sentora-bandwidth.log" common
AddType application/x-httpd-php .php
<Directory "/etc/sentora/panel/">
Options +FollowSymLinks -Indexes
   AllowOverride All
   Order allow,deny
   Allow from all
</Directory>
SSLEngine on
  SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
  SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;^M    SSLHonorCipherOrder on
  SSLCertificateFile /etc/sentora/configs/ssl/sentora.crt
  SSLCertificateKeyFile /etc/sentora/configs/ssl/sentora.pem
  SSLCertificateChainFile /etc/sentora/configs/ssl/sentora.crt
</VirtualHost>

you need to replace : ServerName panel.FQDNN with your panel sub domain you had setup.

You will notice we need 3 files here for your SSL ( you can change the path if you want):

 SSLCertificateFile /etc/sentora/configs/ssl/sentora.crt
  SSLCertificateKeyFile /etc/sentora/configs/ssl/sentora.pem
  SSLCertificateChainFile /etc/sentora/configs/ssl/sentora.crt

Once this config file setup.

You can include it in the main apache conf file would be last one after all previous sentora include files.

Once you do the setup and add this file your panel can be accessed using 80 & port 443 under HTTPS on the same time. Up to you then using a .htaccess to enforce https or leave it.

Would this be ok & clear?

M B
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS
Reply
Thanks given by: Cantalupo
#8
RE: secure sentora with https?
(02-12-2015, 07:50 AM)Me.B Wrote: Requirement here.

Having your SSL certificate issued & ok.

Basic knowledge over apache admin & conf files.

1. create a new file for panel SSL Setup:
/etc/sentora/configs/http-panel-ssl.conf


Code:
Listen 443
# Configuration for Sentora control panel with SSL.
<VirtualHost *:443>
ServerAdmin zadmin@localhost
DocumentRoot "/etc/sentora/panel/"
ServerName panel.FQDNN
ErrorLog "/var/sentora/logs/sentora-error.log"
CustomLog "/var/sentora/logs/sentora-access.log" combined
CustomLog "/var/sentora/logs/sentora-bandwidth.log" common
AddType application/x-httpd-php .php
<Directory "/etc/sentora/panel/">
Options +FollowSymLinks -Indexes
   AllowOverride All
   Order allow,deny
   Allow from all
</Directory>
SSLEngine on
  SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
  SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;^M    SSLHonorCipherOrder on
  SSLCertificateFile /etc/sentora/configs/ssl/sentora.crt
  SSLCertificateKeyFile /etc/sentora/configs/ssl/sentora.pem
  SSLCertificateChainFile /etc/sentora/configs/ssl/sentora.crt
</VirtualHost>

you need to replace : ServerName panel.FQDNN with your panel sub domain you had setup.

You will notice we need 3 files here for your SSL ( you can change the path if you want):

 SSLCertificateFile /etc/sentora/configs/ssl/sentora.crt
  SSLCertificateKeyFile /etc/sentora/configs/ssl/sentora.pem
  SSLCertificateChainFile /etc/sentora/configs/ssl/sentora.crt

Once this config file setup.

You can include it in the main apache conf file would be last one after all previous sentora include files.

Once you do the setup and add this file your panel can be accessed using 80 & port 443 under HTTPS on the same time. Up to you then using a .htaccess to enforce https or leave it.

Would this be ok & clear?

M B

I've done everything as you said, works good but now I get 503, Forbidden error when I go to the https website.


EDIT: After i removed the Order allow,deny
from the config you gave me it works,

My config now looks like this exactly the same as the config does for the normal sentura panel.

Few changes I made,
- Why do you include a file that is in the root directory /etc/sentura/configs/ why not put it next to the other ones? /etc/sentura/configs/apache/ ? I made it include this way.
Code:
# Include SSL thingy for panel
Include /etc/sentora/configs/apache/http-panel-ssl.conf

- I do the SSL protocol a little different, I do this,
Code:
SSLProtocol all -SSLv2 -SSLv3
        SSLHonorCipherOrder on
        SSLCipherSuite "CDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5"

This because SSLv2 and SSLv3 are vulnerable to poodle attacks please edit that.
Code:
Listen 443
# Configuration for Sentora control panel with SSL.
<VirtualHost *:443>
ServerAdmin zadmin@localhost
DocumentRoot "/etc/sentora/panel/"
ServerName domain.something.something
ErrorLog "/var/sentora/logs/sentora-error.log"
CustomLog "/var/sentora/logs/sentora-access.log" combined
CustomLog "/var/sentora/logs/sentora-bandwidth.log" common
AddType application/x-httpd-php .php
<Directory "/etc/sentora/panel/">
Options +FollowSymLinks -Indexes
   AllowOverride All
#   Order allow,deny
   Require all granted
</Directory>
SSLEngine on
#  SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
#  SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;^M    SSLHonorCipherOrder on
  SSLCertificateFile /etc/apache2/ssl/cert.crt
  SSLCertificateKeyFile /etc/apache2/ssl/cert.key
  SSLCACertificateFile /etc/apache2/ssl/rootca.crt

</VirtualHost>
Reply
Thanks given by:
#9
RE: secure sentora with https?
Okay now this works, I want to enable the same thing for my domain i have in my sentora httpd-vhosts.conf. (i do this with the panel as required)

Just a suggestion would be to do this on default, it is very weird to have non-ssl websites nowdays, especially since google is going to rank websites higher using ssl sooner or later. (rumor) and that this is very hard to setup for each domain that you add and in case you have customers or use this packet for resellers you can't expect them to go through all this trouble.

Why doesn't sentora open up port 443 by default? Smile with self signed certificates at least.

Anyway, to continue. I have a domain added to sentura.

I go to Control Panel, Module admin, Apache Config, and I go to ovverride a Virtual Host setting.

I select the domain I want to overwrite, and I want both port 80 and 443 to work with that domain...
The tutorial on this forum expects all traffic to be enabled over SSL. I don't want that, I only want certain urls to be SSL... so I am trying to do a custom entry without changing the normal virtual host one.. is that even possible?
So not a override but an addition for ssl?
Reply
Thanks given by:
#10
RE: secure sentora with https?
Ok great ot hear that.

Notice default SSL would require that you have SSL certificates ready and built. Would not be cool to setup SSL with own made SSL as you can see in chrome it will trigger errors and don't think google will rank higher such websites. We will work on improving SSL for sure and trying to find the right balance.

MB
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS
Reply
Thanks given by:


Possibly Related Threads…
Thread Author Replies Views Last Post
Is Sentora dead? rajeevrrs 2 2 ,879 12-17-2022, 09:20 AM
Last Post: TGates
Sentora debug and error files johnnyp 0 1 ,098 10-27-2022, 06:16 PM
Last Post: johnnyp
Transfer Account to another Sentora BenI 1 2 ,487 07-21-2022, 07:19 PM
Last Post: Nigel

Forum Jump:


Users browsing this thread: 1 Guest(s)