With this changes every time you create a new hosting, it creates a ssl enabled folder, and the content there can ONLY be viewed under ssl, while having the normal folder without ssl.
What I did was to alter some templates so this folder gets created and ready to use.
Please report any bugs/hints/whatever in the following board thread: http://www.isp-control.net/forum/thread-6088-post-49018.html
What to do:
==== Create a default certificate ====
You have to create a certificate under /etc/ssl/certs following the details from this howto:
http://www.isp-control.net/documentation/howto/security/ssl_made_easy
After that you should have four files in /etc/ssl/certs
BASE_SERVER_VHOST.crt
BASE_SERVER_VHOST.key (passwordless key, otherwise apache ask for the password at every restart)
BASE_SERVER_VHOST-pass.key
BASE_SERVER_VHOST.csr
==== Changes in dmn_entry.tpl ====
Basically it consists in adding a second virtualhost to be created with port 443, and using the certs we created in the first step.
SuexecUserGroup {SUEXEC_USER} {SUEXEC_GROUP}
ServerAdmin webmaster@{DMN_NAME}
DocumentRoot {WWW_DIR}/{DMN_NAME}/htdocs
ServerName {DMN_NAME}
ServerAlias www.{DMN_NAME} {DMN_NAME} *.{DMN_NAME}
Alias /errors {WWW_DIR}/{DMN_NAME}/errors/
RedirectMatch permanent ^/ftp([\/]?) http://{BASE_SERVER_VHOST}/ftp/
RedirectMatch permanent ^/pma([\/]?) http://{BASE_SERVER_VHOST}/pma/
RedirectMatch permanent ^/webmail([\/]?) http://{BASE_SERVER_VHOST}/webmail/
ErrorDocument 401 /errors/401.html
ErrorDocument 403 /errors/403.html
ErrorDocument 404 /errors/404.html
ErrorDocument 500 /errors/500.html
ErrorDocument 503 /errors/503.html
CBandUser {DMN_GRP}
# httpd awstats support BEGIN.
# httpd awstats support END.
# httpd dmn entry cgi support BEGIN.
# httpd dmn entry cgi support END.
# httpd dmn entry PHP support BEGIN.
# httpd dmn entry PHP support END.
Options -Indexes Includes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
# httpd dmn entry PHP2 support BEGIN.
# httpd dmn entry PHP2 support END.
Include {CUSTOM_SITES_CONFIG_DIR}/{DMN_NAME}.conf
SuexecUserGroup {SUEXEC_USER} {SUEXEC_GROUP}
ServerAdmin webmaster@{DMN_NAME}
DocumentRoot {WWW_DIR}/{DMN_NAME}/htsdocs
ServerName {DMN_NAME}
ServerAlias www.{DMN_NAME} {DMN_NAME} *.{DMN_NAME}
SSLEngine On
SSLCertificateFile /etc/ssl/certs/{BASE_SERVER_VHOST}.crt
SSLCertificateKeyFile /etc/ssl/certs/{BASE_SERVER_VHOST}.key
Alias /errors {WWW_DIR}/{DMN_NAME}/errors/
#RedirectMatch permanent ^/ftp([\/]?) http://{BASE_SERVER_VHOST}/ftp/
#RedirectMatch permanent ^/pma([\/]?) http://{BASE_SERVER_VHOST}/pma/
#RedirectMatch permanent ^/webmail([\/]?) http://{BASE_SERVER_VHOST}/webmail/
ErrorDocument 401 /errors/401.html
ErrorDocument 403 /errors/403.html
ErrorDocument 404 /errors/404.html
ErrorDocument 500 /errors/500.html
ErrorDocument 503 /errors/503.html
CBandUser {DMN_GRP}
# httpd awstats support BEGIN.
# httpd awstats support END.
# httpd dmn entry cgi support BEGIN.
# httpd dmn entry cgi support END.
# httpd dmn entry PHP support BEGIN.
# httpd dmn entry PHP support END.
Options -Indexes Includes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
# httpd dmn entry PHP2 support BEGIN.
php_admin_value open_basedir "{WWW_DIR}/{DMN_NAME}/:{WWW_DIR}/{DMN_NAME}/phptmp/:{PEAR_DIR}/"
php_admin_value upload_tmp_dir "{WWW_DIR}/{DMN_NAME}/phptmp/"
php_admin_value session.save_path "{WWW_DIR}/{DMN_NAME}/phptmp/"
php_admin_value sendmail_path '/usr/sbin/sendmail -f {SUEXEC_USER} -t -i'
ScriptAlias /php5/ {STARTER_DIR}/{DMN_NAME}/
AllowOverride None
Options +ExecCGI -MultiViews -Indexes
Order allow,deny
Allow from all
FCGIWrapper {STARTER_DIR}/{DMN_NAME}/php{PHP_VERSION}-fcgi-starter .php
Options +ExecCGI
AllowOverride None
Options +ExecCGI MultiViews -Indexes
Order allow,deny
Allow from all
# httpd dmn entry PHP2 support END.
==== Changes in vh_entry.tpl ====
We also add port 443 here
NameVirtualHost {IP}:80
NameVirtualHost {IP}:443
# httpd [{DMN_GRP}] dmn group entry BEGIN.
# httpd [{DMN_GRP}] dmn group entry END.
# httpd [{ALS_NAME}] als entry BEGIN.
# httpd [{ALS_NAME}] als entry END.
==== Changes in ispcp-dmn-mngr ====
Some changes in the domain manager so it creates the default htsdocs folder that we will need.
--- /root/ispcp-dmn-mngr 2009-07-17 17:36:19.000000000 +0200
+++ ispcp-dmn-mngr 2009-07-17 17:42:56.000000000 +0200
@@ -1576,6 +1576,62 @@
}
}
+
+ #
+ # Default domain ssl page template;
+ #
+ # check if htdocs folder not exists
+ if (!(-e "$www_dir/$dmn_name/htsdocs/")) {
+ $rs = make_dir(
+ "$www_dir/$dmn_name/htsdocs",
+ $sys_user,
+ $sys_group,
+ 0775
+ );
+ return $rs if ($rs != 0);
+
+ my ($index_tpl, $err_cfg_dir) = (undef, undef);
+ my $vhost = $main::cfg{'BASE_SERVER_VHOST'};
+ $err_cfg_dir = "$main::cfg{'GUI_ROOT_DIR'}/domain_default_page";
+ ($rs, $index_tpl) = get_tpl($err_cfg_dir, 'index.html');
+ return $rs if ($rs != 0);
+
+ my $decoded_dmn_name = idn_to_unicode($dmn_name, 'utf-8');
+ my %tag_hash = (
+ '{DOMAIN_NAME}' => $decoded_dmn_name,
+ '{BASE_SERVER_VHOST}' => $vhost
+ );
+ ($rs, $cfg) = prep_tpl(\%tag_hash, $index_tpl);
+ return $rs if ($rs != 0);
+
+ ($rs, $rdata) = store_file(
+ "$www_dir/$dmn_name/htsdocs/index.html",
+ $cfg,
+ $sys_user,
+ $sys_group,
+ 0644
+ );
+ return $rs if ($rs != 0);
+
+ $rs = sys_command("$main::cfg{'CMD_CP'} -Rp $root_dir/gui/domain_default_page/images $www_dir/$dmn_name/htsdocs/");
+ return $rs if ($rs != 0);
+
+ $rs = setfmode("$www_dir/$dmn_name/htsdocs/images", $sys_user, $sys_group, 0755);
+ return $rs if ($rs != 0);
+
+ opendir(DIR, "$www_dir/$dmn_name/htsdocs/images/");
+ my @files = readdir(DIR);
+ closedir(DIR);
+
+ foreach (@files) {
+ # ignore . and .. :
+ next if ($_ eq "." || $_ eq "..");
+ $rs = setfmode("$www_dir/$dmn_name/htsdocs/images/$_", $sys_user, $sys_group, 0644);
+ return $rs if ($rs != 0);
+ }
+ }
+
+
#
# php.ini for the new domain
#
==== You are done! ====
If you did this changes in the files prior to install (in the configs/your_distro/.. ) it will work from the begining.
Otherwise, if you did the changes in /etc/ispcp/ you might have to regenerate the apache configurations so the "NameVirtualHost ip_address:443" gets created.