Current time: 11-16-2024, 03:41 AM Hello There, Guest! (LoginRegister)


Post Reply 
SSL support - script and instructions
Author Message
Feyr Offline


Posts: 4
Joined: Aug 2008
Reputation: 0
Post: #1
SSL support - script and instructions
i needed to host SSL sites on my ispcp installation, so i wrote a script to do it. i don't expect it to be in mainline because 1. it's in perl 2. it's quickly put together 3. it may have major bugs that could cause worldwar III. use at your own risk

installation instructions:
first install the attached script somewhere (i used /var/www/ispcp-bin)
then add a new file in /etc/cron.d with the following line (adjust the first path to the script)
*/6 * * * * root /var/www/ispcp-bin/upd-ssl.pl > /etc/apache2/sites-enabled/ispcp-ssl.conf

once that is done. the script is ready to go. do the following to create a new SSL site:

applied to a potential domain named http://www.test.com. where the common name of the certificate is "www.test.com"


in ISPCP:
as root,
1. go to settings (top menu) then manage IPs (left menu)
2. add your IP with the sitename and the alias as http://www.test.com
3. go to manage user, click "edit" next to the reseller
-fill in the two password fields (bug, you have to change the password every time. but you can reuse it if you remember it)
- click the checkbox next to the new IP you added
- click update
4. switch to the reseller
5. add a user as usual, but select the new IP as the domain IP


IN a root shell:
1. put the certificate AND the unencrypted key in a file named "www.test.com.pem", back it up safely
2. copy that file to /etc/apache2/ssl
3. edit /etc/ispcp/apache/ssl.list, add a line in the following format: "www.test.com http://www.test.com.pem" where the first argument is the site name and the second the certificate file we created in step 1
4. edit /etc/network/interfaces, add an ip like you normally would for an ip alias, don't forget to add the interface to the "auto" line
5. type ifup -a


last: wait 6 minutes

CAVEAT:
ispcp doesn't permit modifying a site's IP address, to add SSL to an existing site you have to delete it first


----


that's all, any comments, modifications, or unforseen bugs are welcome. i coded this in roughly an hour late at night, i wouldn't be surprised if it was full of them. but it seem to work

NOTE: rename the script to remove the .txt, forum didn't like my .pl extension..
NOTE: be careful of the http:// in my instructions, it's the forum software adding it. stick to what's logical


Attached File(s)
.txt  upd-ssl.pl.txt (Size: 1.36 KB / Downloads: 93)
(This post was last modified: 08-21-2008 10:10 PM by Feyr.)
08-21-2008 02:19 PM
Find all posts by this user Quote this message in a reply
BeNe Offline
Moderator
*****
Moderators

Posts: 5,899
Joined: Jan 2007
Reputation: 68
Post: #2
RE: SSL support - script and instructions
Fine - SSL is still a small hole in ispCP.
Ok everybody can do it on his own, but he - this sounds great.
Thanks for it!

Greez BeNe
08-21-2008 03:56 PM
Visit this user's website Find all posts by this user Quote this message in a reply
Feyr Offline


Posts: 4
Joined: Aug 2008
Reputation: 0
Post: #3
RE: SSL support - script and instructions
thanks,

i just wanted to add. it would be trivial to add a table in the database to replace the ssl.list file, and integrate it with a custom menu in ispcp: i just don't care that much for it and i don't have the time to do the menu part

i also wanted to give credit to Over the Top Computing Inc., who ultimately pays for this script and gave his OK for me to post it here
08-22-2008 02:18 AM
Find all posts by this user Quote this message in a reply
sseitz Offline
Junior Member
*

Posts: 17
Joined: Mar 2009
Reputation: 0
Post: #4
RE: SSL support - script and instructions
(08-21-2008 02:19 PM)Feyr Wrote:  that's all, any comments, modifications, or unforseen bugs are welcome. i coded this in roughly an hour late at night, i wouldn't be surprised if it was full of them. but it seem to work

Thanks for this!

By now your script ignores domainnames with dashes in it. I'm not really good in Perl Regexp, but I assume changing line 41 to
Code:
my @servname=map { $_ =~ /^\s+Servername\s+([\w-.]+)/i; $1 } grep(/ServerName/i, @tmpvirthost);

will do the trick.

cheers,

Stephan
04-06-2009 04:57 AM
Find all posts by this user Quote this message in a reply
Feyr Offline


Posts: 4
Joined: Aug 2008
Reputation: 0
Post: #5
RE: SSL support - script and instructions
(04-06-2009 04:57 AM)sseitz Wrote:  Thanks for this!

By now your script ignores domainnames with dashes in it. I'm not really good in Perl Regexp, but I assume changing line 41 to
Code:
my @servname=map { $_ =~ /^\s+Servername\s+([\w-.]+)/i; $1 } grep(/ServerName/i, @tmpvirthost);

will do the trick.

cheers,

Stephan

nice catch, yes that's indeed the place to change it

i'm attaching a new version with this fix included, i also added a feature to it since then that i didn't post

if there's a file ending with .CA matching an existing .pem file in /etc/apache2/ssl, it will add a "SSLCACertificateFile" with its path to the virtualhost of that site. this allows for chained certificates (like netsolssl.com does and probably a bunch of others)
.txt  upd-ssl.pl.txt (Size: 1.53 KB / Downloads: 61)
04-06-2009 07:17 AM
Find all posts by this user Quote this message in a reply
nuno Offline
Junior Member
*

Posts: 92
Joined: Jun 2008
Reputation: 1
Post: #6
RE: SSL support - script and instructions
Hi Feyr, first many thanks for this howto.

Can I ask if this script and instructions still are updated in this moment?

Regards
Nuno
(This post was last modified: 04-16-2010 10:00 AM by nuno.)
04-16-2010 09:59 AM
Find all posts by this user Quote this message in a reply
Feyr Offline


Posts: 4
Joined: Aug 2008
Reputation: 0
Post: #7
RE: SSL support - script and instructions
it's not updated per se, but i see no reason why it wouldn't work with any newer version: it acts on the apache config files, not the ispcp ones. the instructions might be a bit different: just remember that you need to give your ssl sites their own ip address in ispcp and you're good to go
04-16-2010 10:04 AM
Find all posts by this user Quote this message in a reply
mafia Offline
Banned

Posts: 170
Joined: May 2008
Post: #8
RE: SSL support - script and instructions
Hi Feyr,

ispCP Version 1.0.5
added to the command is how cron.dc cd / Nano

thank you
05-11-2010 01:37 AM
Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)