(02-12-2015, 09:24 AM)SupaYoshi Wrote: So I had trouble securing my sentora panel with SSL, and I thusly had to create a topic of it. But I now understand SSL thanks to the help of 'Me.B.', thank you yet again. all credits go to you.
Okay, so let's get started. There are a few requirements before we can get started with this tutorial.
- Your Sentura panel is currently working without hassle.
- You're running apache
- You have created a self-signed SSL certificate or bought one. (Do not ask how to do this, please google it instead.)
- You are not currently running anything else on port 443.
- SSH access to your Box. (duh)
Okay, ready? First off we need to enable SSL in apache.
Do this by enabling the SSL module with the following command:
Note: Do run this command as root, or add sudo in front of it if you are on Debian/Ubuntu.Code:a2enmod ssl
Let's make SSL a little more secure against a Poodle attack as well as man in the middle attacks:
Edit the file: /etc/apache2/mods-enabled/ssl.conf
(nano /etc/apache2/mods-enabled/ssl.conf)
Scroll to around or on line 75, stating:
# The protocols to enable.
# Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2
# SSL v2 is no longer supported
Comment out the line stating:
Add the following code below it,Code:SSLProtocol all
]Code:SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "CDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5"
This disables vulnerable SSL protocols and makes your server more secure.
Let's perform a short test to see if Apache is still currently running:
Test results okay? Then restart apache to make sure everything is okay.Code:apachectl configtest
*make sure you restart services as either sudo or root.Code:service apache2 restart
Did the test fail? STOP NOW, DO NOT CONTINUE UNTIL YOU HAVE FIXED THE ERROR!!
Now it is time to get your SSL panel working correctly.
Yes that's right, we are finally there. We are going to enable your SSL panel! Woooo.
Go to the folder: /etc/sentura/configs/apache2/
You can use cd for this (duh...)
Code:cd /etc/sentora/configs/apache2/
Time to create your SSL virtualhost file in this folder. This folder contains all the apache config files when you use Sentora. Now let's make a new file called: http-panel-ssl.conf
Code:nano /etc/sentora/configs/apache2/http-panel-ssl.conf
Put the following information in it and edit the variables as given here.
Please note: The SSL certificates for this example are in the folder /etc/apache2/ssl/ if yours are somewhere else you can also add them to another folder or make a symbolic link, as long as the path there is correct you are fine.Code:Listen 443
# Configuration for Sentora control panel with SSL.
<VirtualHost *:443>
ServerAdmin zadmin@localhost
DocumentRoot "/etc/sentora/panel/"
ServerName yoursentora.admin.domainurl
ErrorLog "/var/sentora/logs/sentora-error.log"
CustomLog "/var/sentora/logs/sentora-access.log" combined
CustomLog "/var/sentora/logs/sentora-bandwidth.log" common
AddType application/x-httpd-php .php
<Directory "/etc/sentora/panel/">
Options +FollowSymLinks -Indexes
AllowOverride All
Require all granted
</Directory>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/ your SSL certificate CRT file
SSLCertificateKeyFile /etc/apache2/ssl/ your SSL certificate key FILE
SSLCACertificateFile /etc/apache2/ssl/ your ROOT CA certificate CRT file
</VirtualHost>
Done? Great! Almost completely done. Now save the file !
Now, ready? Let's include this file in the apache config file that sentora uses as default: (in case you did not know this yet)
Scroll all the way to the bottom where it states the following:Code:/etc/sentora/configs/apache/httpd.conf
Now add the following code right below that:Code:# Now we include the generic VHOST configuration file that holds all Sentora user hosted vhost data
Include /etc/sentora/configs/apache/httpd-vhosts.conf
Code:# Include SSL configuration for SSL panel
Include /etc/sentora/configs/apache/http-panel-ssl.conf
Save the file, and restart the apache service.
*sudo or root, remember? >_>Code:service apache2 restart
Okay, no errors? You're good to go, try going to your panel by putting https:// in front of the URL!
That should be all!
Optional: Always force SSL.
In case you want to force SSL on the panel URL, in case you forget to type https://, or one of your users doesn't care about https? Do as follows:
Go to the folder /etc/sentora/panel/
Creat a a new file called .htaccess
Add the following code to it at the bottom of the file:Code:nano .htaccess
Save the file and you're good to go!Code:SSL
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
*Please note this only works if mod_rewrite is enabled, to enable this do the following:
Code:a2enmod rewrite && service apache2 restart
Your panel should now be secured by SSL including all apps like phpmyadmin and others.
Optional: test your server at https://www.ssllabs.com/ssltest/index.html
Hello!
Grammar nazi here.
I just wanted to increase the readability of your post, so please do not take offence at my humble commentary upon thy thread!