With this changes every time you create a new hosting, it creates a ssl enabled folder, and the content there can ONLY be viewed under ssl, while having the normal folder without ssl. What I did was to alter some templates so this folder gets created and ready to use.
Please report any bugs/hints/whatever in the following board thread: http://www.isp-control.net/forum/thread-6088-post-49018.html
What to do:
You have to create a certificate under /etc/ssl/certs following the details from this howto: http://www.isp-control.net/documentation/howto/security/ssl_made_easy After that you should have four files in /etc/ssl/certs BASE_SERVER_VHOST.crt BASE_SERVER_VHOST.key (passwordless key, otherwise apache ask for the password at every restart) BASE_SERVER_VHOST-pass.key BASE_SERVER_VHOST.csr
Basically it consists in adding a second virtualhost to be created with port 443, and using the certs we created in the first step. <cli> <VirtualHost {DMN_IP}:80>
<IfModule suexec_module> SuexecUserGroup {SUEXEC_USER} {SUEXEC_GROUP} </IfModule>
ServerAdmin webmaster@{DMN_NAME} DocumentRoot {WWW_DIR}/{DMN_NAME}/htdocs
ServerName {DMN_NAME} ServerAlias www.{DMN_NAME} {DMN_NAME} *.{DMN_NAME}
Alias /errors {WWW_DIR}/{DMN_NAME}/errors/
RedirectMatch permanent ^/ftp([\/]?) http://{BASE_SERVER_VHOST}/ftp/ RedirectMatch permanent ^/pma([\/]?) http://{BASE_SERVER_VHOST}/pma/ RedirectMatch permanent ^/webmail([\/]?) http://{BASE_SERVER_VHOST}/webmail/
ErrorDocument 401 /errors/401.html ErrorDocument 403 /errors/403.html ErrorDocument 404 /errors/404.html ErrorDocument 500 /errors/500.html ErrorDocument 503 /errors/503.html
<IfModule mod_cband.c> CBandUser {DMN_GRP} </IfModule>
# httpd awstats support BEGIN. # httpd awstats support END.
# httpd dmn entry cgi support BEGIN. # httpd dmn entry cgi support END.
<Directory {WWW_DIR}/{DMN_NAME}/htdocs> # httpd dmn entry PHP support BEGIN. # httpd dmn entry PHP support END. Options -Indexes Includes FollowSymLinks MultiViews AllowOverride All Order allow,deny Allow from all </Directory>
# httpd dmn entry PHP2 support BEGIN. # httpd dmn entry PHP2 support END.
Include {CUSTOM_SITES_CONFIG_DIR}/{DMN_NAME}.conf
</VirtualHost>
<VirtualHost {DMN_IP}:443>
<IfModule suexec_module> SuexecUserGroup {SUEXEC_USER} {SUEXEC_GROUP} </IfModule>
ServerAdmin webmaster@{DMN_NAME} DocumentRoot {WWW_DIR}/{DMN_NAME}/htsdocs
ServerName {DMN_NAME} ServerAlias www.{DMN_NAME} {DMN_NAME} *.{DMN_NAME}
SSLEngine On SSLCertificateFile /etc/ssl/certs/{BASE_SERVER_VHOST}.crt SSLCertificateKeyFile /etc/ssl/certs/{BASE_SERVER_VHOST}.key
Alias /errors {WWW_DIR}/{DMN_NAME}/errors/
#RedirectMatch permanent ^/ftp([\/]?) http://{BASE_SERVER_VHOST}/ftp/ #RedirectMatch permanent ^/pma([\/]?) http://{BASE_SERVER_VHOST}/pma/ #RedirectMatch permanent ^/webmail([\/]?) http://{BASE_SERVER_VHOST}/webmail/
ErrorDocument 401 /errors/401.html ErrorDocument 403 /errors/403.html ErrorDocument 404 /errors/404.html ErrorDocument 500 /errors/500.html ErrorDocument 503 /errors/503.html
<IfModule mod_cband.c> CBandUser {DMN_GRP} </IfModule>
# httpd awstats support BEGIN. # httpd awstats support END.
# httpd dmn entry cgi support BEGIN. # httpd dmn entry cgi support END.
<Directory {WWW_DIR}/{DMN_NAME}/htsdocs> # httpd dmn entry PHP support BEGIN. # httpd dmn entry PHP support END. Options -Indexes Includes FollowSymLinks MultiViews AllowOverride All Order allow,deny Allow from all </Directory>
# httpd dmn entry PHP2 support BEGIN. <IfModule mod_php5.c> php_admin_value open_basedir "{WWW_DIR}/{DMN_NAME}/:{WWW_DIR}/{DMN_NAME}/phptmp/:{PEAR_DIR}/" php_admin_value upload_tmp_dir "{WWW_DIR}/{DMN_NAME}/phptmp/" php_admin_value session.save_path "{WWW_DIR}/{DMN_NAME}/phptmp/" php_admin_value sendmail_path '/usr/sbin/sendmail -f {SUEXEC_USER} -t -i' </IfModule> <IfModule mod_fastcgi.c> ScriptAlias /php5/ {STARTER_DIR}/{DMN_NAME}/ <Directory "{STARTER_DIR}/{DMN_NAME}"> AllowOverride None Options +ExecCGI -MultiViews -Indexes Order allow,deny Allow from all </Directory> </IfModule> <IfModule mod_fcgid.c> <Directory {WWW_DIR}/{DMN_NAME}/htsdocs> FCGIWrapper {STARTER_DIR}/{DMN_NAME}/php{PHP_VERSION}-fcgi-starter .php Options +ExecCGI </Directory> <Directory "{STARTER_DIR}/{DMN_NAME}"> AllowOverride None Options +ExecCGI MultiViews -Indexes Order allow,deny Allow from all </Directory> </IfModule>
# httpd dmn entry PHP2 support END.
</VirtualHost> </cli>
We also add port 443 here <cli> NameVirtualHost {IP}:80 NameVirtualHost {IP}:443
# httpd [{DMN_GRP}] dmn group entry BEGIN. # httpd [{DMN_GRP}] dmn group entry END.
# httpd [{ALS_NAME}] als entry BEGIN. # httpd [{ALS_NAME}] als entry END. </cli>
Some changes in the domain manager so it creates the default htsdocs folder that we will need.
<cli>
— /root/ispcp-dmn-mngr 2009-07-17 17:36:19.000000000 +0200 +++ ispcp-dmn-mngr 2009-07-17 17:42:56.000000000 +0200 @@ -1576,6 +1576,62 @@
} }
+ + # + # Default domain ssl page template; + # + # check if htdocs folder not exists + if (!(-e “$www_dir/$dmn_name/htsdocs/”)) { + $rs = make_dir( + “$www_dir/$dmn_name/htsdocs”, + $sys_user, + $sys_group, + 0775 + ); + return $rs if ($rs != 0); + + my ($index_tpl, $err_cfg_dir) = (undef, undef); + my $vhost = $main::cfg{'BASE_SERVER_VHOST'}; + $err_cfg_dir = “$main::cfg{'GUI_ROOT_DIR'}/domain_default_page”; + ($rs, $index_tpl) = get_tpl($err_cfg_dir, 'index.html'); + return $rs if ($rs != 0); + + my $decoded_dmn_name = idn_to_unicode($dmn_name, 'utf-8'); + my %tag_hash = ( + '{DOMAIN_NAME}' ⇒ $decoded_dmn_name, + '{BASE_SERVER_VHOST}' ⇒ $vhost + ); + ($rs, $cfg) = prep_tpl(\%tag_hash, $index_tpl); + return $rs if ($rs != 0); + + ($rs, $rdata) = store_file( + “$www_dir/$dmn_name/htsdocs/index.html”, + $cfg, + $sys_user, + $sys_group, + 0644 + ); + return $rs if ($rs != 0); + + $rs = sys_command(“$main::cfg{'CMD_CP'} -Rp $root_dir/gui/domain_default_page/images $www_dir/$dmn_name/htsdocs/”); + return $rs if ($rs != 0); + + $rs = setfmode(“$www_dir/$dmn_name/htsdocs/images”, $sys_user, $sys_group, 0755); + return $rs if ($rs != 0); + + opendir(DIR, “$www_dir/$dmn_name/htsdocs/images/”); + my @files = readdir(DIR); + closedir(DIR); + + foreach (@files) { + # ignore . and .. : + next if ($_ eq ”.” || $_ eq ”..”); + $rs = setfmode(“$www_dir/$dmn_name/htsdocs/images/$_”, $sys_user, $sys_group, 0644); + return $rs if ($rs != 0); + } + } + +
# # php.ini for the new domain #
</cli>
If you did this changes in the files prior to install (in the configs/your_distro/.. ) it will work from the begining. Otherwise, if you did the changes in /etc/ispcp/ you might have to regenerate the apache configurations so the “NameVirtualHost ip_address:443” gets created.