Quantcast
Channel: Sentora Support Forums - All Forums
Viewing all articles
Browse latest Browse all 4655

Set up SSL manually

$
0
0
Here is the much anticipated tutorial on how to add SSL MANUALLY to any domain on your Sentora server.

Notes:
  • This tutorial is for advanced users only. (Use at your own risk!)
  • This tutorial is based on the steps taken on an Ubuntu 14.04 server.
  • I also used WinSCP for editing and creating files and folders. (Not command line)
  • This will show how to do one domain on the zadmin account, but can be edited for multiple domains/sub domains.
  • Let's Encrypt certificates are also used. You may need to change the certificate paths to match your setup.
  • ALWAYS MAKE BACKUPS OF ORIGINAL FILES BEFORE MAKING CHANGES!
  • If you try this using the command line, you are on your own. Hit up Google for help with that...
Log in through SSH as ROOT user and navigate to:
Code:
/etc/sentora/configs/apache
Make a new folder called 'ssl':
Code:
/etc/sentora/configs/apache/ssl
Change to the new ssl folder and create a new text file that will be used to load your individual domain SSL configs:
Code:
/etc/sentora/configs/apache/ssl/ssl-vhosts.conf
(We will add content to this file a little later.)

Make another file to hold your domain's SSL information (domain_com.conf in this example):
(Make one file for each domain - makes it easier.)
Code:
/etc/sentora/configs/apache/ssl/domain_com.conf
Open this new file and add your domain's SSL information:
Code:
<virtualhost *:443>
ServerName domain.com
ServerAlias  www.domain.com
ServerAdmin webmaster@domain.com
DocumentRoot "/var/sentora/hostdata/zadmin/public_html/domain_com"
ErrorLog "/var/sentora/logs/domains/zadmin/domain.com-error.log"
CustomLog "/var/sentora/logs/domains/zadmin/domain.com-access.log" combined
CustomLog "/var/sentora/logs/domains/zadmin/domain.com-bandwidth.log" common
<Directory "/var/sentora/hostdata/zadmin/public_html/domain_com">
  Options +FollowSymLinks -Indexes
  AllowOverride All
  Require all granted
</Directory>
AddType application/x-httpd-php .php3 .php
ErrorDocument 404 /_errorpages/404.html
ErrorDocument 403 /_errorpages/403.html
ErrorDocument 500 /_errorpages/500.html
DirectoryIndex index.php index.html index.htm index.asp index.aspx index.jsp index.jspa index.shtml index.shtm

SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile /etc/letsencrypt/live/domain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/domain.com/chain.pem
# Keeping below for future upgrades.
# Requires Apache >= 2.4
SSLCompression off
</VirtualHost>

Save and exit.

Next, edit the ssl-vhosts.conf file to include our domain's new SSL vhost config:
(Just add another include for each additional domain)
Code:
Listen 443

# Main domain SSL
Include /etc/sentora/configs/apache/ssl/domain_com.conf

Save and exit.

NOTE about ssl-vhosts.conf file:
If you are adding your panel login, always include it LAST. Example:
Code:
Listen 443

# domain.com SSL
Include /etc/sentora/configs/apache/ssl/domain_com.conf

# Webmail login SSL
Include /etc/sentora/configs/apache/ssl/webmail_domain_com.conf

# Panel login SSL
Include /etc/sentora/configs/apache/ssl/panel_domain_com.conf


Don't forget to set the proper file and folder permissions for the new folder and it's files! They should be the same as
Code:
/etc/sentora/configs/apache/

Open:
Code:
/etc/sentora/configs/apache/httpd.conf

Scroll all the way to the end and after:
Code:
# Now we include the generic VHOST configuration file that holds all Sentora user hosted vhost data
Include /etc/sentora/configs/apache/httpd-vhosts.conf
Add:
Code:
# include SSL vhosts AFTER including the default generic VHOST configuration file
Include /etc/sentora/configs/apache/ssl/ssl-vhosts.conf
So it looks like this:
Code:
# Now we include the generic VHOST configuration file that holds all Sentora user hosted vhost data
Include /etc/sentora/configs/apache/httpd-vhosts.conf

# include SSL vhosts AFTER including the default generic VHOST configuration file
Include /etc/sentora/configs/apache/ssl/ssl-vhosts.conf

Restart apache according to your OS.

If all your paths and certificate names are correct you should have both http and https for this domain.
If you have errors, go back and double check your work! (Filenames, certificate names, file paths, etc.)

FORCE HTTPS ONLY:
If you wish to use https only for the domain, add or edit the .htaccess file in the root of the domain's public folder:
Code:
/var/sentora/hostdata/zadmin/public_html/domain_com/.htaccess
.htaccess file content:
Code:
RewriteEngine On

# Force SSL - Always first!
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

Now your domain will redirect to https.

.htaccess file for Sentora panel login: (/etc/sentora/panel/)
Code:
RewriteEngine on

# Force SSL - Always first!
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://panel.domain.com/$1 [R,L]

# Standard Sentora ... blah blah blah

CentOS NOTE:
There was an issue with a default install on CentOS where unused (by Sentora) .conf files were being loaded that caused an issue with SSL.

Code:
/etc/httpd/conf/httpd.conf

Comment out this line (near the bottom):

Code:
#IncludeOptional
conf.d/*.conf

Good luck!

Donations for any of my modules or forum help can be sent to HERE Thanks!

Viewing all articles
Browse latest Browse all 4655

Latest Images

Trending Articles



Latest Images