Table of Contents

With this changes every time you create a new hosting, it creates a ssl enabled folder, and the content there can ONLY be viewed under ssl, while having the normal folder without ssl. What I did was to alter some templates so this folder gets created and ready to use.

Please report any bugs/hints/whatever in the following board thread: http://www.isp-control.net/forum/thread-6088-post-49018.html

What to do:

Create a default certificate

You have to create a certificate under /etc/ssl/certs following the details from this howto: http://www.isp-control.net/documentation/howto/security/ssl_made_easy After that you should have four files in /etc/ssl/certs BASE_SERVER_VHOST.crt BASE_SERVER_VHOST.key (passwordless key, otherwise apache ask for the password at every restart) BASE_SERVER_VHOST-pass.key BASE_SERVER_VHOST.csr

Changes in dmn_entry.tpl

Basically it consists in adding a second virtualhost to be created with port 443, and using the certs we created in the first step. <cli> <VirtualHost {DMN_IP}:80> 

  <IfModule suexec_module>
         SuexecUserGroup {SUEXEC_USER} {SUEXEC_GROUP}
  </IfModule>
  ServerAdmin     webmaster@{DMN_NAME}
  DocumentRoot    {WWW_DIR}/{DMN_NAME}/htdocs
  ServerName      {DMN_NAME}
  ServerAlias     www.{DMN_NAME} {DMN_NAME} *.{DMN_NAME}
  Alias /errors   {WWW_DIR}/{DMN_NAME}/errors/
  RedirectMatch permanent ^/ftp([\/]?)		http://{BASE_SERVER_VHOST}/ftp/
  RedirectMatch permanent ^/pma([\/]?)		http://{BASE_SERVER_VHOST}/pma/
  RedirectMatch permanent ^/webmail([\/]?)	http://{BASE_SERVER_VHOST}/webmail/
  ErrorDocument 401 /errors/401.html
  ErrorDocument 403 /errors/403.html
  ErrorDocument 404 /errors/404.html
  ErrorDocument 500 /errors/500.html
  ErrorDocument 503 /errors/503.html
  <IfModule mod_cband.c>
      CBandUser {DMN_GRP}
  </IfModule>
  # httpd awstats support BEGIN.
  # httpd awstats support END.
  # httpd dmn entry cgi support BEGIN.
  # httpd dmn entry cgi support END.
  <Directory {WWW_DIR}/{DMN_NAME}/htdocs>
      # httpd dmn entry PHP support BEGIN.
      # httpd dmn entry PHP support END.
      Options -Indexes Includes FollowSymLinks MultiViews
      AllowOverride All
      Order allow,deny
      Allow from all
  </Directory>
  # httpd dmn entry PHP2 support BEGIN.
  # httpd dmn entry PHP2 support END.
  Include {CUSTOM_SITES_CONFIG_DIR}/{DMN_NAME}.conf

</VirtualHost>

<VirtualHost {DMN_IP}:443> 

  <IfModule suexec_module>
         SuexecUserGroup {SUEXEC_USER} {SUEXEC_GROUP}
  </IfModule>
  ServerAdmin     webmaster@{DMN_NAME}
  DocumentRoot    {WWW_DIR}/{DMN_NAME}/htsdocs
  ServerName      {DMN_NAME}
  ServerAlias     www.{DMN_NAME} {DMN_NAME} *.{DMN_NAME}
  SSLEngine On
  SSLCertificateFile /etc/ssl/certs/{BASE_SERVER_VHOST}.crt
  SSLCertificateKeyFile /etc/ssl/certs/{BASE_SERVER_VHOST}.key
  Alias /errors   {WWW_DIR}/{DMN_NAME}/errors/
  #RedirectMatch permanent ^/ftp([\/]?)                http://{BASE_SERVER_VHOST}/ftp/
  #RedirectMatch permanent ^/pma([\/]?)                http://{BASE_SERVER_VHOST}/pma/
  #RedirectMatch permanent ^/webmail([\/]?)    http://{BASE_SERVER_VHOST}/webmail/
  ErrorDocument 401 /errors/401.html
  ErrorDocument 403 /errors/403.html
  ErrorDocument 404 /errors/404.html
  ErrorDocument 500 /errors/500.html
  ErrorDocument 503 /errors/503.html
  <IfModule mod_cband.c>
      CBandUser {DMN_GRP}
  </IfModule>
  # httpd awstats support BEGIN.
  # httpd awstats support END.
  # httpd dmn entry cgi support BEGIN.
  # httpd dmn entry cgi support END.
  <Directory {WWW_DIR}/{DMN_NAME}/htsdocs>
      # httpd dmn entry PHP support BEGIN.
      # httpd dmn entry PHP support END.
      Options -Indexes Includes FollowSymLinks MultiViews
      AllowOverride All
      Order allow,deny
      Allow from all
  </Directory>
  # httpd dmn entry PHP2 support BEGIN.
  <IfModule mod_php5.c>
      php_admin_value open_basedir "{WWW_DIR}/{DMN_NAME}/:{WWW_DIR}/{DMN_NAME}/phptmp/:{PEAR_DIR}/"
      php_admin_value upload_tmp_dir "{WWW_DIR}/{DMN_NAME}/phptmp/"
      php_admin_value session.save_path "{WWW_DIR}/{DMN_NAME}/phptmp/"
      php_admin_value sendmail_path '/usr/sbin/sendmail -f {SUEXEC_USER} -t -i'
  </IfModule>
  <IfModule mod_fastcgi.c>
      ScriptAlias /php5/ {STARTER_DIR}/{DMN_NAME}/
      <Directory "{STARTER_DIR}/{DMN_NAME}">
          AllowOverride None
          Options +ExecCGI -MultiViews -Indexes
          Order allow,deny
          Allow from all
      </Directory>
  </IfModule>
  <IfModule mod_fcgid.c>
      <Directory {WWW_DIR}/{DMN_NAME}/htsdocs>
          FCGIWrapper {STARTER_DIR}/{DMN_NAME}/php{PHP_VERSION}-fcgi-starter .php
          Options +ExecCGI
      </Directory>
      <Directory "{STARTER_DIR}/{DMN_NAME}">
          AllowOverride None
          Options +ExecCGI MultiViews -Indexes
          Order allow,deny
          Allow from all
      </Directory>
  </IfModule>
  # httpd dmn entry PHP2 support END.

</VirtualHost> </cli>

Changes in vh_entry.tpl

We also add port 443 here <cli> NameVirtualHost {IP}:80 NameVirtualHost {IP}:443

# httpd [{DMN_GRP}] dmn group entry BEGIN. # httpd [{DMN_GRP}] dmn group entry END.

# httpd [{ALS_NAME}] als entry BEGIN. # httpd [{ALS_NAME}] als entry END. </cli>

Changes in ispcp-dmn-mngr

Some changes in the domain manager so it creates the default htsdocs folder that we will need.

<cli>

— /root/ispcp-dmn-mngr 2009-07-17 17:36:19.000000000 +0200 +++ ispcp-dmn-mngr 2009-07-17 17:42:56.000000000 +0200 @@ -1576,6 +1576,62 @@ 

              }
      }

+ + # + # Default domain ssl page template; + # + # check if htdocs folder not exists + if (!(-e “$www_dir/$dmn_name/htsdocs/”)) { + $rs = make_dir( + “$www_dir/$dmn_name/htsdocs”, + $sys_user, + $sys_group, + 0775 + ); + return $rs if ($rs != 0); + + my ($index_tpl, $err_cfg_dir) = (undef, undef); + my $vhost = $main::cfg{'BASE_SERVER_VHOST'}; + $err_cfg_dir = “$main::cfg{'GUI_ROOT_DIR'}/domain_default_page”; + ($rs, $index_tpl) = get_tpl($err_cfg_dir, 'index.html'); + return $rs if ($rs != 0); + + my $decoded_dmn_name = idn_to_unicode($dmn_name, 'utf-8'); + my %tag_hash = ( + '{DOMAIN_NAME}' ⇒ $decoded_dmn_name, + '{BASE_SERVER_VHOST}' ⇒ $vhost + ); + ($rs, $cfg) = prep_tpl(\%tag_hash, $index_tpl); + return $rs if ($rs != 0); + + ($rs, $rdata) = store_file( + “$www_dir/$dmn_name/htsdocs/index.html”, + $cfg, + $sys_user, + $sys_group, + 0644 + ); + return $rs if ($rs != 0); + + $rs = sys_command(“$main::cfg{'CMD_CP'} -Rp $root_dir/gui/domain_default_page/images $www_dir/$dmn_name/htsdocs/”); + return $rs if ($rs != 0); + + $rs = setfmode(“$www_dir/$dmn_name/htsdocs/images”, $sys_user, $sys_group, 0755); + return $rs if ($rs != 0); + + opendir(DIR, “$www_dir/$dmn_name/htsdocs/images/”); + my @files = readdir(DIR); + closedir(DIR); + + foreach (@files) { + # ignore . and .. : + next if ($_ eq ”.” || $_ eq ”..”); + $rs = setfmode(“$www_dir/$dmn_name/htsdocs/images/$_”, $sys_user, $sys_group, 0644); + return $rs if ($rs != 0); + } + } + + 

      #
      # php.ini for the new domain
      #

</cli>

You are done!

If you did this changes in the files prior to install (in the configs/your_distro/.. ) it will work from the begining. Otherwise, if you did the changes in /etc/ispcp/ you might have to regenerate the apache configurations so the “NameVirtualHost ip_address:443” gets created.