Threaded Mode | Linear Mode

Gleno0h · 11-17-2009 05:25 PM

This tutorial is bases on the "SSL made easy" tutorial.

First, install the dependencies:

Quote:apt-get install openssl

Generate the certificates:
$SERVER_NAME = your hostname
ex.
openssl genrsa -des3 -out $SERVER_NAME-pass.key 2048
becomes
openssl genrsa -des3 -out server1.example.com-pass.key 2048

Quote:cd /etc/ssl/certs
echo $SERVER_NAME
openssl genrsa -des3 -out $SERVER_NAME-pass.key 2048
openssl req -new -key $SERVER_NAME-pass.key -out $SERVER_NAME.csr
openssl rsa -in $SERVER_NAME-pass.key -out $SERVER_NAME.key
openssl x509 -req -days 365 -in $SERVER_NAME.csr -signkey $SERVER_NAME.key -out $SERVER_NAME.crt
chmod 444 *.crt
chmod 400 *.key

chmod 400 *.key didnt work on my linux debian but chmod 400 fullnameofthefile.key did work.

Enable SSL for apache and reload Apache2:

Quote:a2enmod ssl
/etc/init.d/apache2 reload

Nano (or your other favorite text-editor) the apache2 config file:

Quote:nano /etc/apache2/sites-available/00_master.conf

Copy everything between the Master begin comment and Master end comment and paste it below so you would have 2 virtual hosts in that file.

ex.

Quote:#
# Master Begin
#

<VirtualHost xxx.xxx.xxx.xxx:80>

and everything in between

</VirtualHost>

#
# Master End
#

#
# SSL Begin
#

<VirtualHost xxx.xxx.xxx.xxx:443>

and everything in between

</VirtualHost>

#
# SSL End
#

Please note, xxx.xxx.xxx.xxx is for illustration only.
Note2, The port and the SSL begin has to be 443 for SSL

Add this to "SSL begin" entry:

Quote:SSLEngine On
SSLCertificateFile /etc/ssl/certs/$SERVER_NAME.crt
SSLCertificateKeyFile /etc/ssl/certs/$SERVER_NAME.key
ServerAlias admin.$SERVER_NAME

So it looks like:

Quote:#
# SSL Begin
#

<VirtualHost 192.168.123.165:443>

ServerAdmin User@$SERVER_NAME
DocumentRoot /var/www/ispcp/gui
ServerName $SERVER_NAME
ServerAlias admin.$SERVER_NAME
SSLEngine On
SSLCertificateFile /etc/ssl/certs/$SERVER_NAME.crt
SSLCertificateKeyFile /etc/ssl/certs/$SERVER_NAME.key
ServerAlias admin.$SERVER_NAME

Alias /errors /var/www/ispcp/gui/errordocs/

ErrorDocument 401 /errors/401.html
ErrorDocument 403 /errors/403.html
Error...... ETC ETC ETC

Be sure to open port 443 and forward it.

Edit the default index.tpl file to enable the option for SSL with your favorite text-editor tool:

Quote:nano /var/www/ispcp/gui/themes/omega_original/index.tpl

Scroll down to the SSL section and uncomment it, then save the file as the same name; index.tpl

If you followed this correctly, you can now use the login panel with SSL and normal.

This is my first post and i hope this isnt a double post, i couldnt find anything on this.

Gleno0h.
*Credits to whoever made the SSL made easy tutorial;
SSL MADE EASY

sakal · 04-06-2010 09:28 PM

Very good , thanks for this

rAdKy · 05-03-2010 11:32 PM

Quote:Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator

In error logs is this:

[Mon May 03 16:30:40 2010] [warn] (104)Connection reset by peer: mod_fcgid: read data from fastcgi server error.
[Mon May 03 16:30:40 2010] [error] [client 77.85.168.6] Premature end of script headers: index.php

TheCry · 05-03-2010 11:58 PM

(05-03-2010 11:32 PM)rAdKy Wrote:
Quote:Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator

In error logs is this:

[Mon May 03 16:30:40 2010] [warn] (104)Connection reset by peer: mod_fcgid: read data from fastcgi server error.
[Mon May 03 16:30:40 2010] [error] [client 77.85.168.6] Premature end of script headers: index.php

Which Version of ispCP you are using?
Check the owner and ownergroup of the script!

rAdKy · 05-04-2010 12:04 AM

version is ispcp-omega-1.0.4
owner and ownergroup of the script are OK

this is my error when I try to open control panel ispcp ->> https://admin.domain.ltd

TheCry · 05-04-2010 12:14 AM

Quote:https://admin.domain.ltd

How should i open this site?

Mhhh... Did you have a backup of the index.php and the index.tpl?
And use the Howto from the Wiki:
http://www.isp-control.net/documentation..._made_easy
or
http://www.isp-control.net/documentation...e_services

My favorite is the second one...
How are the owner and the ownergroup?

rAdKy · 05-04-2010 12:26 AM

-r--r----- 1 vu2000 www-data 3823 2010-03-07 16:21 index.php

I use the second howto wiki step by step..

my 01_ssl_master.conf is:

Quote:<VirtualHost x.x.x.x:443>
#
# SSL Start
#
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.cert.pem
SSLCertificateKeyFile /etc/apache2/ssl/apache.key.pem
#
# SSL End
#

ServerAdmin admin@domain.ltd
DocumentRoot /var/www/ispcp/gui

ServerName admin.domain.ltd

ErrorLog /var/log/apache2/users/ssl.domain.ltd.info-error.log
TransferLog /var/log/apache2/users/ssl.domain.ltd.info-access.log
CustomLog /var/log/apache2/ssl.admin.domain.ltd-traf.log traff
CustomLog /var/log/apache2/ssl.admin.domain.ltd-combined.log combined
</VirtualHost>

TheCry · 05-04-2010 12:35 AM

My friend...
That's a poor config...
Make a copy of the 00_master.conf to 01_ssl_master.conf...
Then make the changes inside the 01_ssl_master.conf...

Code:

<VirtualHost x.x.x.x:443>

#

# SSL Start

#

SSLEngine On

SSLCertificateFile /etc/apache2/ssl/apache.cert.pem

SSLCertificateKeyFile /etc/apache2/ssl/apache.key.pem

#

# SSL End

#

And the rest ca be the same like in 00_master.conf...
In my opinion you should use other logfile names in the 01_ssl_master.conf

Edit:
I forgot... You need to enable this new configfile!

rAdKy · 05-04-2010 01:05 AM

TheCry@ Thank you Smile

It's ready Smile

**aseques** · 05-04-2010 01:05 AM

Hello everyone,
I am the author or the ssl_made_easy, also the current mantainer of another tutorial:
http://www.isp-control.net/documentation...efaultport

(05-04-2010 12:35 AM)TheCry Wrote: My friend...
That's a poor config...

Since this is based on what I did, I'll tell why it's done that way (in a single file). Basically the problem with separate files is that you cannot use wildcards.

The most interesting part of this configuration is the:

Code:

RewriteCond %{HTTP_HOST}   ^webmail\..* [NC]

    RewriteRule ^/(.*)         https://{BASE_SERVER_VHOST}/tools/webmail/ [R=301]

If you put that on 00_master_ssl.conf, it won't work, because the wildcards are only watched on the first file (it was a long time ago I did that, but it think it's still that way)

Finally, I'd recommend to use this setup:
http://www.isp-control.net/documentation...efaultport

It' allows you to have a ssl secured panel (the one at 8443) while having a ssl server in port 443 for the people that want https, but don't need a proper certificate+ip

Threaded Mode \| Linear Mode SSL and Normal login panel at the same time.
Author	Message