Migration from ISCP with SSL Hack listen on 8443 not working in IMSCP

Shinzan · Dec 28th 2012

Hi guys, i ran 1.07 ISCP until this week, I was a happy user of that project all the way back to the VHCS days, and I really waited and watched to decide whether to come with you guys or the EASYSCP folk. I'm confident I went with the right fork.

Ubuntu 12.04
IMSCP 1.1.0-rc1.3

With that said my ISPCP box used the mod in their howto for SSL to listen on port 8443, I have a godaddy Turbo SSL certificate and use it for 2 domains.

I copied the contents of my 00_master.conf from ISPCP 1.07 into the 00_master.conf of IMSCP but apache will not start, /var/log/apache2/error.log yields no log entries. I did find the wiki article

http://wiki.i-mscp.net/doku.ph…nel_on_port_8443_with_ssl which looks like the mod i used, is there something fundamentally different about 1.07 ispcp and IMSCP 1.1.0-rc1.3 that you might be able to point out to help me fix my problem or give me some advice to point me in the right direction?

I am unclear for the docs on using your own SSL certificates within IMSCP and the forums tend to say you can only use one ip per SSL domain, which my turbo ssl certificate allows me 5 domains, so thats the direction i want to go. Where Should I start

Here is my old ispCP 1.07 master.conf that worked like a champ:

I of course did a global replace on all ISPCP to imscp for path references:
so 2 questions why am i not getting log entries for apache and any thoughts on why this doesn't work:

Code

<VirtualHost 66.76.201.61:80>
ServerName admin.controlpanel.com
ServerAlias webmail.*
RewriteEngine on
RewriteCond %{HTTP_HOST} ^webmail\..* [NC]
RewriteRule ^/(.*) https://admin.controlpanel.com/webmail/ [R=301]
#RewriteLog "/var/log/apache2/rewrite.log"
Redirect permanent /webmail https://admin.controlpanel.com/webmail
Redirect permanent /pma https://admin.controlpanel.com/pma
Redirect permanent /ftp https://admin.controlpanel.com/ftp
Redirect permanent / https://admin.controlpanel.com/admin/index.php
</VirtualHost>
<VirtualHost 66.76.201.61:443>
ServerName admin.controlpanel.com
ServerAlias webmail.*
Alias /webmail /var/www/imscp/gui/tools/webmail/
Alias /pma /var/www/imscp/gui/tools/pma/
Alias /ftp /var/www/imscp/gui/tools/filemanager/
SSLEngine On
SSLCertificateFile /etc/ssl/idsnetworks.com.crt
SSLCertificateKeyFile /etc/ssl/idsnetworks.key
SSLCertificateChainFile /etc/ssl/gd_bundle.crt
RewriteEngine on
RewriteCond %{HTTP_HOST} ^admin.controlpanel.com$ [NC]
RewriteCond %{REQUEST_URI} !^\/(webmail|pma|ftp)($|\/.*) [NC]
RewriteCond %{REQUEST_URI} !^\/php5\/php5-fcgi-starter\/webmail\/index.php [NC]
RewriteCond %{REQUEST_URI} !^\/php5\/php5-fcgi-starter\/pma\/.* [NC]
RewriteCond %{REQUEST_URI} !^\/php5\/php5-fcgi-starter\/ftp\/.* [NC]
RewriteRule ^/.* https://admin.controlpanel.com:8443/ [L]
#RewriteLogLevel 4
#RewriteLog "/var/log/apache2/rewrite.log"
<IfModule suexec_module>
SuexecUserGroup vu2000 vu2000
</IfModule>
<IfModule mod_fcgid.c>
<Directory /var/www/imscp/gui>
FCGIWrapper /var/www/fcgi/master/php5-fcgi-starter .php
Options +ExecCGI
</Directory>
<Directory "/var/www/fcgi/master">
AllowOverride None
Options +ExecCGI MultiViews -Indexes
Order allow,deny
Allow from all
</Directory>
</IfModule>
<IfModule mod_fastcgi.c>
ScriptAlias /php5/ /var/www/fcgi/master/
<Directory "/var/www/fcgi/master">
AllowOverride None
Options +ExecCGI MultiViews -Indexes
Order allow,deny
Allow from all
</Directory>
</IfModule>
</VirtualHost>
<VirtualHost 66.76.201.62:443>
ServerName mydomain.com
ServerAlias webmail.*
Alias /webmail /var/www/imscp/gui/tools/webmail/
Alias /pma /var/www/imscp/gui/tools/pma/
Alias /ftp /var/www/imscp/gui/tools/filemanager/
SSLEngine On
SSLCertificateFile /etc/ssl/idsnetworks.com.crt
SSLCertificateKeyFile /etc/ssl/idsnetworks.key
SSLCertificateChainFile /etc/ssl/gd_bundle.crt
<IfModule suexec_module>
SuexecUserGroup vu2011 vu2011
</IfModule>
ServerAdmin [email protected]
DocumentRoot /var/www/virtual/mydomain.com/htdocs
ServerName mydomain.com
ServerAlias www.mydomain.com mydomain.com *.mydomain.com
Alias /errors /var/www/virtual/mydomain.com/errors/
RedirectMatch permanent ^/ftp([\/]?) http://admin.controlpanel.com/ftp/
RedirectMatch permanent ^/pma([\/]?) http://admin.controlpanel.com/pma/
RedirectMatch permanent ^/webmail([\/]?) http://admin.controlpanel.com/webmail/
ErrorDocument 401 /errors/401.html
ErrorDocument 403 /errors/403.html
ErrorDocument 404 /errors/404.html
ErrorDocument 500 /errors/500.html
ErrorDocument 503 /errors/503.html
<IfModule mod_cband.c>
CBandUser mydomain.com
</IfModule>
# httpd awstats support BEGIN.
<Location /stats>
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^(.+)\?config=([^\?\&]+)(.*) $1\?config=mydomain.com&$3 [NC,L]
</IfModule>
AuthType Basic
AuthName "Statistics for domain mydomain.com"
AuthUserFile /var/www/virtual/mydomain.com/.htpasswd
AuthGroupFile /var/www/virtual/mydomain.com/.htgroup
Require group statistics
</Location>
# httpd awstats support END.
# httpd dmn entry cgi support BEGIN.
# httpd dmn entry cgi support END.
<Directory /var/www/virtual/mydomain.com/htdocs>
# httpd dmn entry PHP support BEGIN.
# httpd dmn entry PHP support END.
Options -Indexes Includes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
# httpd dmn entry PHP2 support BEGIN.
<IfModule mod_php5.c>
php_admin_value open_basedir "/var/www/virtual/mydomain.com/:/var/www/virtual/mydomain.com/phptmp/:/usr/share/php/"
php_admin_value upload_tmp_dir "/var/www/virtual/mydomain.com/phptmp/"
php_admin_value session.save_path "/var/www/virtual/mydomain.com/phptmp/"
php_admin_value sendmail_path '/usr/sbin/sendmail -f vu2013 -t -i'
</IfModule>
<IfModule mod_fastcgi.c>
ScriptAlias /php5/ /var/www/fcgi/mydomain.com/
<Directory "/var/www/fcgi/mydomain.com">
AllowOverride None
Options +ExecCGI -MultiViews -Indexes
Order allow,deny
Allow from all
</Directory>
</IfModule>
<IfModule mod_fcgid.c>
<Directory /var/www/virtual/mydomain.com/htdocs>
FCGIWrapper /var/www/fcgi/mydomain.com/php5-fcgi-starter .php
Options +ExecCGI
</Directory>
<Directory "/var/www/fcgi/mydomain.com">
AllowOverride None
Options +ExecCGI MultiViews -Indexes
Order allow,deny
Allow from all
</Directory>
</IfModule>
# httpd dmn entry PHP2 support END.
Include /etc/apache2/imscp/mydomain.com.conf
</VirtualHost>
<VirtualHost 66.76.201.61:8443>
ServerAdmin [email protected]
DocumentRoot /var/www/imscp/gui
ServerName admin.controlpanel.com
Alias /errors /var/www/imscp/gui/errordocs/
ErrorDocument 401 /errors/401.html
ErrorDocument 403 /errors/403.html
ErrorDocument 404 /errors/404.html
ErrorDocument 500 /errors/500.html
ErrorDocument 503 /errors/503.html
SSLEngine On
SSLCertificateFile /etc/ssl/idsnetworks.com.crt
SSLCertificateKeyFile /etc/ssl/idsnetworks.key
SSLCertificateChainFile /etc/ssl/gd_bundle.crt
Alias /pma /var/www/imscp/gui/tools/pma/
Alias /webmail /var/www/imscp/gui/tools/webmail/
Alias /ftp /var/www/imscp/gui/tools/filemanager/
#Fix path for entering roundcube from imscp
Redirect permanent /tools/webmail/src/login.php /tools/webmail/index.php
RewriteEngine on
RewriteCond %{HTTP_HOST} ^webmail\..* [NC]
RewriteRule ^/(.*) https://admin.controlpanel.com:8443/tools/webmail/$1 [L,R]
#RewriteLog "/var/log/apache2/rewrite.log"
<IfModule suexec_module>
SuexecUserGroup vu2000 vu2000
</IfModule>
<Directory /var/www/imscp/gui>
Options -Indexes Includes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<IfModule mod_fcgid.c>
<Directory /var/www/imscp/gui>
FCGIWrapper /var/www/fcgi/master/php5-fcgi-starter .php
Options +ExecCGI
</Directory>
<Directory "/var/www/fcgi/master">
AllowOverride None
Options +ExecCGI MultiViews -Indexes
Order allow,deny
Allow from all
</Directory>
</IfModule>
<IfModule mod_fastcgi.c>
ScriptAlias /php5/ /var/www/fcgi/master/
<Directory "/var/www/fcgi/master">
AllowOverride None
Options +ExecCGI MultiViews -Indexes
Order allow,deny
Allow from all
</Directory>
</IfModule>
<IfModule mod_php5.c>
<Directory /var/www/imscp/gui>
php_admin_value open_basedir "/var/www/imscp/gui/:/etc/imscp/:/var/run/imscp.lock:/proc/:/bin/df:/bin/mount:/var/log/rkhunter.log:/var/log/chkrootkit.log:/usr/share/php/"
php_admin_value session.save_path "/var/www/imscp/gui/phptmp/"
php_admin_value upload_tmp_dir "/var/www/imscp/gui/phptmp/"
</Directory>
</IfModule>
</VirtualHost>

Display More

Thank you very much for continuing with this fantastic control panel!

gOOvER · Dec 28th 2012

Maybe you should do a normal migration and add after successfull migration the Certificate to the Domain.

i don't know the SSL Patch for ispCP, because i never used.

Do you use the cert on a Domain?

**Nuxwin** · Dec 28th 2012

Hello ;

First, welcome in our community.

I would recommend you to follow the normal update path (from ispCP to i-MSCP) using the migration script and then restore your exotic configuration after. Of course, we can provide you free support if you get wrong.

Thanks you for using i-MSCP.

Shinzan · Dec 28th 2012

Quote from gOOvER

Maybe you should do a normal migration and add after successfull migration the Certificate to the Domain.

i don't know the SSL Patch for ispCP, because i never used.

Do you use the cert on a Domain?

I did the normal migration per the wiki from 1.07 to 1.1.0-rc1.3 , and of course that overwrote the 00_master.conf with the imscp version (which is what is currently running)

I used open ssl to generate a new CSR then rekeyed by certificate with godaddy I have one certificate gd_bundle.crt and mydomain.crt from Godaddy, which is a wildcard SSL Cert, which i have dropped into /etc/ssl/

Is there an article that describes how to integrate those .crts into IMSCP?

Thanks for the super fast reply!

David

gOOvER · Dec 28th 2012

Maybe this help:

http://forum.i-mscp.net/Thread…ert?highlight=certificate

**Nuxwin** · Dec 28th 2012

Quote from Shinzan

I did the normal migration per the wiki from 1.07 to 1.1.0-rc1.3 , and of course that overwrote the 00_master.conf with the imscp version (which is what is currently running)

I used open ssl to generate a new CSR then rekeyed by certificate with godaddy I have one certificate gd_bundle.crt and mydomain.crt from Godaddy, which is a wildcard SSL Cert, which i have dropped into /etc/ssl/

Is there an article that describes how to integrate those .crts into IMSCP?

Thanks for the super fast reply!

David

Display More

It's the certificate for the panel access ? If yes, you must run the imscp_setup script with the --reconfigure option as follow:

Code

# cd /var/www/imscp/engine/setup
# perl imscp-setup --debug --reconfigure

And then, when you are asked about SSL, you answer yes and say that you have your own certificate. After, the installer will ask you about your certificate information.

Thanks for using i-MSCP.

Shinzan · Dec 28th 2012

Code

# cd /var/www/imscp/engine/setup
# perl imscp-setup --debug --reconfigure

And then, when you are asked about SSL, you answer yes and say that you have your own certificate. After, the installer will ask you about your certificate information.

Thanks that did the trick, that was pretty dang painless! Last question the Control Panel is running over SSL but my turbo Cert is untrusted on my other domain. Where is the file i need to edit for my virtual host to listen for that certificate? Do I need a seperate IP address for Each domain on SSL Wildcard Certificates? I just went ahead and assumed it best to have an one ssl per ip address, like i did in ISPCP. I put my panel on x.x.x.61 and mydomain.com on x.x.x.62

Everything works fine admin.controlpanel.com (x.x.x.61) its https:// however when i navigate to mydomain.com works and https://mydomain.com does not, I'm thinking i just need to put another virtual host entry in the 00_master.conf ?

David

Shinzan · Dec 31st 2012

[quote='Shinzan','http://migration.i-mscp.net/index.php/Thread/?postID=9278#post9278']

Code

# cd /var/www/imscp/engine/setup# perl imscp-setup --debug --reconfigure

Well I went ahead and just manually added a virtual host entry to 00_master_ssl.conf and it looks like this:

My base IP is x.x.x.61 btw

Code

<VirtualHost x.x.x.62:443>
#
# SSL Start
#
SSLEngine On
SSLCertificateFile /etc/ssl/mycert.com.crt
SSLCertificateKeyFile /etc/ssl/mycert.com.key
SSLCertificateChainFile /etc/ssl/gd_bundle.crt
#
# SSL End
#
ServerAdmin [email protected]
DocumentRoot /var/www/imscp/gui/public
ServerName www.mydomain.com
Alias /errors /var/www/imscp/gui/public/errordocs/
ErrorDocument 401 /errors/401.html
ErrorDocument 403 /errors/403.html
ErrorDocument 404 /errors/404.html
ErrorDocument 500 /errors/500.html
ErrorDocument 503 /errors/503.html
Alias /pma /var/www/imscp/gui/public/tools/pma/
Alias /webmail /var/www/imscp/gui/public/tools/webmail/
Alias /ftp /var/www/imscp/gui/public/tools/filemanager/
Alias /ispLogos /var/www/imscp/gui/data/ispLogos
<IfModule mpm_itk_module>
AssignUserID vu2000 vu2000
</IfModule>
<IfModule !mpm_itk_module>
<IfModule suexec_module>
SuexecUserGroup vu2000 vu2000
</IfModule>
</IfModule>
<Directory /var/www/imscp/gui/public>
Options -Indexes Includes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
<Location /ispLogos>
Options -Indexes
Order allow,deny
Allow from all
</Location>
<IfModule mod_fcgid.c>
<Directory /var/www/imscp/gui/public>
FCGIWrapper /var/www/fcgi/master/php5-fcgid-starter .php
Options +ExecCGI
</Directory>
<Directory "/var/www/fcgi/master">
AllowOverride None
Options +ExecCGI MultiViews -Indexes
Order allow,deny
Allow from all
</Directory>
</IfModule>
<IfModule mod_fastcgi.c>
ScriptAlias /php5/ /var/www/fcgi/master/
<Directory "/var/www/fcgi/master">
AllowOverride None
Options +ExecCGI MultiViews -Indexes
Order allow,deny
Allow from all
</Directory>
</IfModule>
<IfModule php5_module>
<Directory /var/www/imscp/gui/public>
php_admin_value sendmail_path '/usr/sbin/sendmail -f [email protected] -t -i'
php_admin_value open_basedir "/var/www/imscp/gui/:/etc/imscp/:/var/run/imscp.lock:/proc/:/bin/df:/bin/mount:/var/log/rkhunter.log:/var/log/chkrootkit.log:/usr/share/php:/usr/share/pear/"
php_admin_value session.save_path "/var/www/imscp/gui/data/sessions/"
php_admin_value upload_tmp_dir "/var/www/imscp/gui/data/tmp/"
php_value include_path ".:/var/www/imscp/gui/library/:/usr/share/php"
php_admin_value suhosin.session.encrypt "off"
</Directory>
</IfModule>
</VirtualHost>

Display More

But after doing that mydomain.com redirects to my x.x.x.61 admin.controlpanel.com Any thoughts as to why this redirect is happening it seems like anthing on 443 is being hijacked however chrome does not report a redirect (and it would if there was a redirect) Whats going on here?

Thanks!!!

David

**Cool** · Dec 31st 2012

may some dns missmatch

on your .61 ip i find 12 domains (not your normal domain)
on your .62 ip i find 1 domain (not your normal domain)

a ping to your admin.domain.tld leads to your mail. domain.tld
a ping to your domain.tld leads to your mail.domain.tld

in chrome your admin.domain.tld shows up under https with a godaddy class2 cert (green)
in chrome your domain.tld shows up under https a self signed cert (red)

Shinzan · Dec 31st 2012

Quote from Cool

may some dns missmatch

on your .61 ip i find 12 domains (not your normal domain)
on your .62 ip i find 1 domain (not your normal domain)

a ping to your admin.domain.tld leads to your mail. domain.tld
a ping to your domain.tld leads to your mail.domain.tld

in chrome your admin.domain.tld shows up under https with a godaddy class2 cert (green)
in chrome your domain.tld shows up under https a self signed cert (red)

Display More

I don't undertand what kind of dns mismatch could occur I am using the exact box i used for ispCP 1.07 my .62 resolves to the correct addresss on www. it only redirects wierdly on https://www.

also domain.tld should be red (only https://admin.domain.tld is on the certificate) along with https://mydomain1.tld (on x.x.x.62 with a problem ) and https://myotherdomiain2.tld (x.x.x.61 which also works no problem)

Any other thoughts?

David

Migration from ISCP with SSL Hack listen on 8443 not working in IMSCP

Share

Daily visitors