This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

SSL support in sentora
#1
SSL support in sentora
*** PLEASE thread for developers or if you have sys admin knowledge ***

We are currently planning to add SSL support.

Current draft will be rewrite apache admin module and I think I found interesting solution there even to get apache module easier to extend.

Adding SSL will not be the old way using port override but instead will create a second vhost with the exact same config and adding 6 lines
 
Code:
SLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile /etc/letsencrypt/live/domain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/domain.com/chain.pem

The above example is over let's encrypt but we would have a new folder in config where we store all SSL:
/etc/sentora/config/ssl or apache/ssl.

We could add a tool to help generating let's encrypt SSL in the right folder or even auto generate it. Same over custom SSL self signed ( let's encrypt support only public servers).

Also I think we sould more and more restrict modules access to all folders in sentora. So it can't be done like Diablo925 did in his module. May be later splitting the sensistive work in a API outside of the panel that can have wider access, instead of mixing the GUI with more complexe scripts. 

We need to add ssl certificates validation in order to avoid that apache fails. May be a config test safe fail too and starting sentora eigther with old valid config too. Goal will less issues and users getting it the wrong way.

Uploading CSR, can be added too, but it may be later?

Mainly we need help, input and solutions. 

I'm checking Diablo925 module too, as it's the existing one covering this field. I can send you some of current alpha work.


Update 1: in GUI we could add
https://www.metachris.com/2015/12/compar...tpsforfree

Looks intersting.

Diablo925 bbspike

Also TGates 5050
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask

200$ free to start your VPS 60 days credit
Reply
Thanks given by:


Messages In This Thread
SSL support in sentora - by Me.B - 02-15-2016, 09:05 PM
RE: SSL support in sentora - by bbspike - 02-16-2016, 06:26 AM
RE: SSL support in sentora - by Me.B - 02-16-2016, 06:38 AM
RE: SSL support in sentora - by bbspike - 02-16-2016, 06:42 AM
RE: SSL support in sentora - by Me.B - 02-16-2016, 06:50 AM
RE: SSL support in sentora - by 5050 - 02-22-2016, 09:35 PM
RE: SSL support in sentora - by TGates - 02-23-2016, 05:54 AM
RE: SSL support in sentora - by Me.B - 02-23-2016, 06:11 AM
RE: SSL support in sentora - by jacobg830 - 02-24-2016, 06:04 AM
RE: SSL support in sentora - by Nigel - 09-16-2016, 04:09 PM

Possibly Related Threads…
Thread Author Replies Views Last Post
Update redirect to Sentora login to an error page if a sub domain does not exist TGates 3 4 ,205 11-14-2024, 11:49 AM
Last Post: TGates
Why is there no support for debian? kevwebbie 3 1 ,817 07-09-2024, 11:57 PM
Last Post: Gregnew
Need Sentora HELP ? Alemiz 4 13 ,036 10-26-2018, 04:09 PM
Last Post: republicus

Forum Jump:


Users browsing this thread: 1 Guest(s)