[SPLIT] Secure Sentora Login with Let's Encrypt

[TGates]

Tip after doing this you might wanna add a panel subdomain and add a port overide to it so when you visit panel.domain.tld you wil be the on https and not http

You do not add the panel login sub domain inside the panel. It is already added during install. It's in the instructions about the port override

[etienne7702]

Hi

I am getting the following error whet i start apache2

root@host2:~/letsencrypt# service apache2 start
* Starting web server apache2                                                                                                                                                                                                               (98)Address already in use: AH00072: make_sock: could not bind to address [::]:443
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
Action 'start' failed.
The Apache error log may have more information.

Thanks

[apinto]

I believe you need the Universe Repository on Ubunut 14.04

Code:

sudo add-apt-repository "deb http://archive.ubuntu.com/ubuntu $(lsb_release -sc) universe"

[NicolaiVdS]

are you sure because if i dindt add the panel.domain.ltd and did a port forward i ended up on the http page and not the https

[TGates]

You need to add a .htaccess entry (in the /panel/.htaccess) with redirect permanent to https at the very top.

Code:

RewriteEngine on

# Force SSL - Always first!
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://panel.domain.com/$1 [R,L]

[LaxeDLL]

You need to add a .htaccess entry (in the /panel/.htaccess) with redirect permanent to https at the very top.

Code:

RewriteEngine on

# Force SSL - Always first!
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://panel.domain.com/$1 [R,L]

I also struggle with similar issue

browsers by default load only http site that drops "Firefox can't establish a connection to the server" same with panel and same with other domains
manually if i type in https than the site runs.

Is this proper .htaccess file?

Code:

# Standard Sentora Rewrite Ruleset
RewriteEngine on
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://s.lefetty.lv/$1 [R,L]
RewriteRule ^api/([^/\.]+)/?$ bin/api.php?m=$1 [L]
RewriteRule ^apps/([^/\.]+)/?$ etc/apps/$1 [L]

# Optionally you can uncomment the below line and configure your domain to only allow access from the FQDN.

#RewriteCond

%{SERVER_NAME} !^sentora\.domain\.com$

#RewriteRule

^ - [F]

# Deny access to some file types/directories
RewriteRule ^/?(\.git|\.tx|SQL|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F]
RewriteRule ^(etc/tmp|etc/zppy-cache|/etc/lib/pChart2/cache|etc/build) - [F,L,NC]

# Disable index listing
Options -Indexes

[TGates]

NOTE: Ubuntu 14.04 Sentora: 1.0.3

This is my complete .htaccess (/etc/sentora/panel/.htaccess):

PHP Code:

RewriteEngine on

# Force SSL - Always first!
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://panel.domain.com/$1 [R,L]

# Standard Sentora Rewrite Ruleset
RewriteRule ^api/([^/\.]+)/?$ bin/api.php?m=$1 [L]
RewriteRule ^apps/([^/\.]+)/?$ etc/apps/$1 [L]

# Optionally you can uncomment the below line and configure your domain to only allow access from the FQDN.
#RewriteCond %{SERVER_NAME} !^panel\.domain\.com$ 
#RewriteRule ^ - [F]

# Deny access to some file types/directories
RewriteRule ^/?(\.git|\.tx|SQL|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F]
RewriteRule ^(etc/tmp|etc/zppy-cache|/etc/lib/pChart2/cache|etc/build) - [F,L,NC]

# Disable index listing
Options -Indexes 


Panel's default vhost entry (/etc/sentora/configs/apache/httpd-vhosts.conf):

PHP Code:

Listen 80

# Configuration for Sentora control panel.
<VirtualHost *:80>
ServerAdmin webmaster@domain.com
DocumentRoot "/etc/sentora/panel/"
ServerName panel.domain.com
ErrorLog "/var/sentora/logs/sentora-error.log" 
CustomLog "/var/sentora/logs/sentora-access.log" combined
CustomLog "/var/sentora/logs/sentora-bandwidth.log" common
AddType application/x-httpd-php .php
<Directory "/etc/sentora/panel/">
Options +FollowSymLinks -Indexes
    AllowOverride All
    Require all granted
</Directory>

# Custom settings are loaded below this line (if any exist)

</VirtualHost> 


SSL vhost (/etc/sentora/configs/apache/ssl/panel_domain_com.conf):

PHP Code:

# Configuration for Sentora control panel.
<VirtualHost *:443>
ServerAdmin webmaster@domain.com
DocumentRoot "/etc/sentora/panel/"
ServerName panel.domain.com
ErrorLog "/var/sentora/logs/sentora-error.log" 
CustomLog "/var/sentora/logs/sentora-access.log" combined
CustomLog "/var/sentora/logs/sentora-bandwidth.log" common
AddType application/x-httpd-php .php
<Directory "/etc/sentora/panel/">
Options +FollowSymLinks -Indexes
    AllowOverride All
    Require all granted
</Directory>

# Custom settings are loaded below this line (if any exist)
SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile /etc/letsencrypt/live/panel.domain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/panel.domain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/panel.domain.com/chain.pem
# Keeping below for future upgrades.
# Requires Apache >= 2.4
SSLCompression off
</VirtualHost> 


How I get the SSL vhosts (/etc/sentora/configs/apache/httpd.conf)(at bottom):

PHP Code:

# Sentora Apache Include file
# Written by Bobby Allen, 15/05/2011

# Set the Sentora Alias (used for development, sable will eventually use a VHOST)
#Alias /Sentora /etc/sentora/panel

# Set a default server name for the master configuration to suppress Apache daemon warnings
ServerName localhost

# Setup the directory settings and PHP security flags for the Sentora application directory.
<Directory /etc/sentora/panel>
    Options +FollowSymLinks
    DirectoryIndex index.php
    <IfModule mod_php5.c>
        AddType application/x-httpd-php .php
        php_flag magic_quotes_gpc Off
        php_flag track_vars On
        php_flag register_globals Off
        php_admin_value upload_tmp_dir /var/sentora/temp
    </IfModule>
</Directory>

# Disallow web access to directories that don't need it/that we don't want people looking in!
<Directory /etc/sentora/panel/cnf/>
    Require all denied 
</Directory>
<Directory /etc/sentora/panel/modules/*/hooks>
    Require all denied 
</Directory>

# Set server tokens
ServerTokens Prod

# Now we include the generic VHOST configuration file that holds all Sentora user hosted vhost data
Include /etc/sentora/configs/apache/httpd-vhosts.conf

# include SSL Vhosts
Listen 443
Include /etc/sentora/configs/apache/ssl/panel_domain_com.conf 


[LaxeDLL]

NOTE: Ubuntu 14.04 Sentora: 1.0.3

This is my complete .htaccess (/etc/sentora/panel/.htaccess):

PHP Code:

RewriteEngine on

# Force SSL - Always first!
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://panel.domain.com/$1 [R,L]

# Standard Sentora Rewrite Ruleset
RewriteRule ^api/([^/\.]+)/?$ bin/api.php?m=$1 [L]
RewriteRule ^apps/([^/\.]+)/?$ etc/apps/$1 [L]

# Optionally you can uncomment the below line and configure your domain to only allow access from the FQDN.
#RewriteCond %{SERVER_NAME} !^panel\.domain\.com$ 
#RewriteRule ^ - [F]

# Deny access to some file types/directories
RewriteRule ^/?(\.git|\.tx|SQL|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F]
RewriteRule ^(etc/tmp|etc/zppy-cache|/etc/lib/pChart2/cache|etc/build) - [F,L,NC]

# Disable index listing
Options -Indexes 


Panel's default vhost entry (/etc/sentora/configs/apache/httpd-vhosts.conf):

PHP Code:

Listen 80

# Configuration for Sentora control panel.
<VirtualHost *:80>
ServerAdmin webmaster@domain.com
DocumentRoot "/etc/sentora/panel/"
ServerName panel.domain.com
ErrorLog "/var/sentora/logs/sentora-error.log" 
CustomLog "/var/sentora/logs/sentora-access.log" combined
CustomLog "/var/sentora/logs/sentora-bandwidth.log" common
AddType application/x-httpd-php .php
<Directory "/etc/sentora/panel/">
Options +FollowSymLinks -Indexes
    AllowOverride All
    Require all granted
</Directory>

# Custom settings are loaded below this line (if any exist)

</VirtualHost> 


SSL vhost (/etc/sentora/configs/apache/ssl/panel_domain_com.conf):

PHP Code:

# Configuration for Sentora control panel.
<VirtualHost *:443>
ServerAdmin webmaster@domain.com
DocumentRoot "/etc/sentora/panel/"
ServerName panel.domain.com
ErrorLog "/var/sentora/logs/sentora-error.log" 
CustomLog "/var/sentora/logs/sentora-access.log" combined
CustomLog "/var/sentora/logs/sentora-bandwidth.log" common
AddType application/x-httpd-php .php
<Directory "/etc/sentora/panel/">
Options +FollowSymLinks -Indexes
    AllowOverride All
    Require all granted
</Directory>

# Custom settings are loaded below this line (if any exist)
SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile /etc/letsencrypt/live/panel.domain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/panel.domain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/panel.domain.com/chain.pem
# Keeping below for future upgrades.
# Requires Apache >= 2.4
SSLCompression off
</VirtualHost> 


How I get the SSL vhosts (/etc/sentora/configs/apache/httpd.conf)(at bottom):

PHP Code:

# Sentora Apache Include file
# Written by Bobby Allen, 15/05/2011

# Set the Sentora Alias (used for development, sable will eventually use a VHOST)
#Alias /Sentora /etc/sentora/panel

# Set a default server name for the master configuration to suppress Apache daemon warnings
ServerName localhost

# Setup the directory settings and PHP security flags for the Sentora application directory.
<Directory /etc/sentora/panel>
    Options +FollowSymLinks
    DirectoryIndex index.php
    <IfModule mod_php5.c>
        AddType application/x-httpd-php .php
        php_flag magic_quotes_gpc Off
        php_flag track_vars On
        php_flag register_globals Off
        php_admin_value upload_tmp_dir /var/sentora/temp
    </IfModule>
</Directory>

# Disallow web access to directories that don't need it/that we don't want people looking in!
<Directory /etc/sentora/panel/cnf/>
    Require all denied 
</Directory>
<Directory /etc/sentora/panel/modules/*/hooks>
    Require all denied 
</Directory>

# Set server tokens
ServerTokens Prod

# Now we include the generic VHOST configuration file that holds all Sentora user hosted vhost data
Include /etc/sentora/configs/apache/httpd-vhosts.conf

# include SSL Vhosts
Listen 443
Include /etc/sentora/configs/apache/ssl/panel_domain_com.conf 


Thank you so much, this worked perfectly

[TGates]

Glad it helped, I wish there was an easier way lol.

[sammascanio]

How to remove ssl from panel Sentora via terminal? Please help me I got error