ServerDefaultPage SSL Support

    Services are for ftp, dovecot... The main problem is the needed cert. We'll find a solution :)

    Your right, sry. :D


    • Problem 1: the if statement is false (no vHost generation if panel SSL is off).
    • Problem 2: cert :) here i find the solution from @Nuxwin with redirect to DefaultPage non-SSL a good solution to evite all problems with non-valid certs.

    Sry for my bad english :)

    Mhh maybe possible trought a .htaccess which get included in the default-folder. (only suggestion, i am sure that you guys will find a solution)


    Example:

    Code
    1. RewriteCond %{SERVER_PORT} 443
    2. RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L]

    My pratices has shown that in that way no valid cert ist needed because it will redirect instantly :)

    Sry for my bad english :)

    No it's not working. SSL is already needed to create a connection between client and server. So a cert is needed before the server sends the redirection.
    For you it may worked because of the 301 redirect (you had a successful https connection before). Try with another browser, it should not work anymore :)

    Your right :)


    I don't have think about befor posting, i have a self-signed ssl for this domain :)


    I'm sure you will find a solution for that, its very annoying, because google follows dead links (subdomains) and indexes customer website with other domains :)

    Sry for my bad english :)

    @Ninos


    You're right. Because the SSL negotiation is performed first, the redirect idea is not really good.


    Other solutions could be


    The admin has an unlimited SANS UCC Certificate


    With such a certificate, the admin should normally able to add has many SAN to the certificate. Thus, any https A, B, C request could work without any warning as long as a SAN such as *.customer_domain.tld is added in the cert.


    The admin has no SANS UCC Certificate


    In that case, we have two solution:


    Solution 1: self-signed SANS UCC Certificate


    We can generate a self-signed SANS UCC Certificate, in which we could automatically add any customer SSL enabled domain as SAN entry. This means that the certificate would be regenerated each time a customer enable SSL (not so hard to do).


    The problem here is that the browsers will show a warning (no valid certificat).


    Solution 2: Add cloudflare API support in i-MSCP


    By doing this we could:


    Let the admin create a cloudflare account and enter it API data in the panel. Then, the panel would be able to:

    • Enable Flexible SSL feature
    • ...

    This solution is the best from my point of view because this could be an alternative to the self-signed certificate feature. Here, the SSL negotiation would be done by cloudflare server (no need to setup SSL on i-MSCP server). Also, the certificate would be valid (no warning).


    For instance, we use that for both https://i-mscp.net and https://youtrack.i-mscp.net



    Anyway, whatever we decide here, I'll add cloudflare support in i-MSCP.


    See also

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support
    Quote from Nuxwin

    Solution 1: self-signed SANS UCC Certificate

    I think the most of users are only able to fall back on this.

    Quote from Nuxwin

    Solution 2: Add cloudflare API support in i-MSCP

    Good idea for them who uses cloudflare but unfortunately I can not use this in my case. (dont use cloudflare)


    But i am sure you will find a pretty way :)


    Sry for OT.

    Sry for my bad english :)

    @alper061


    Would be only a configurable option ;)


    BTW: You can always create cloudflare free account.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support