Hi I installed the server using auto install script, and now running ISPconfig 3.2 + Nginx + Ubuntu18.04 my website is load in http://www.mysite.com no problem. Questions: 1 .I tried to enable https (I checked the SSL setting box as shown in image) , but when I load my site in https, is shows "Welcome to nginx! page" instead of my website. I check the vhosts file (/ect/nginx/sites-available/mysite.com.vhost) and there is no 443 listen added to it. (why?) server { listen *:80; listen [::]:80; 2. I also want to enable Nginx for HTTP/2 support for all sites by following this guide: https://www.digitalocean.com/commun...-up-nginx-with-http-2-support-on-ubuntu-18-04 How should I enable this in ISPconfig? Should I add below codes via ISPconfig Nginx Directive Snippets, then add to each site via option setting? listen [::]:443 ssl http2 ipv6only=on; listen 443 ssl http2;
http/2 should be supported by default when SSL is enabled. For SSL to work, you need to enable SSL and install a SSL certificate. You can get a free one from Let's Encrypt by checking the checkbox for Let's Encrypt. Or upload one under the "SSL" tab of your website. It is also possible to generate a self signed certificate, by going to the SSL tab and choosing the action "create certificate". But this cert won't be trusted by browsers so it will show a warning.
thanks so much for the tips. It works perfectly now. I was confused by old document. All I need to to to enable https and http2 is to: for my localhost test site: check the SSL box, and in SSL tab select Create Cert for live site: checking the checkbox for Let's Encrypt I thought I checked the SSL box will auto create the self-signed SSL cert, and I was wrong.
Do I understand it correctly, that I only have to install the letsencrypt certbot and other packages of the OS and check the two checkboxes: SSL and Let's Encrypt SSL in the Domain Tab of ISPConfig in order for https to work? I did so and unfortunately I'm getting the error: Secure Connection Failed An error occurred during a connection to beamtenfilz.de. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem.
Are the checkboxes still enabled? If not, go through: https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/ If so, go to the SSL tab, select the action "Delete certificate", and save. Then disable and re-enable Let's Encrypt.
Many thanks Th0m for your quick reply! I got through the FAQ and followed the steps. I deleted the certificates. The key field was still filled with the key. I deleted that one also, I unchecked the SSL and Let's Encrypt SSL boxes and saved the config. After saving I checkt if the SSL Tab hat no entries at all. Then I checked the Let's Encrypt SSL and SSL boxes and saved again. Then I tested with https://domain1.de and also https://cloud.domain1.de Unfortunately I'm getting the same error as mentioned above. http://cloud.domain1.de works.
I tried to generate a certificate manually with the following command. Unfortunately I couldn't find the certificate. malta12:/var/www/rothmedia.de/web# certbot-auto certonly -w /var/www/rothmedia.de/web -d rothmedia.de -d www.rothmedia.de -d cloud.rothmedia.de Bootstrapping dependencies for Debian-based OSes... (you can skip this with --no-bootstrap) Hit:1 http://repo.mysql.com/apt/debian buster InRelease Hit:2 http://deb.debian.org/debian testing InRelease Hit:3 http://deb.debian.org/debian testing-updates InRelease Hit:4 http://deb.debian.org/debian-security testing-security InRelease Reading package lists... Done Reading package lists... Done Building dependency tree Reading state information... Done Note, selecting 'python-is-python2' instead of 'python' Note, selecting 'python-dev-is-python2' instead of 'python-dev' Package python-virtualenv is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source E: Package 'python-virtualenv' has no installation candidate
You should never use the certbot command manually. This can break the integration with ISPConfig. Did you install your system according to the perfect server guide? Maybe you missed a step?
<Directory /var/www/cloud.rothmedia.de> AllowOverride None Require all denied </Directory> <VirtualHost 85.25.213.11:80> DocumentRoot /var/www/clients/client1/web9/nextcloud ServerName cloud.rothmedia.de ServerAdmin [email protected] ErrorLog /var/log/ispconfig/httpd/cloud.rothmedia.de/error.log <Directory /var/www/cloud.rothmedia.de/nextcloud> # Clear PHP settings of this website <FilesMatch ".+\.ph(p[345]?|t|tml)$"> SetHandler None </FilesMatch> Options +SymlinksIfOwnerMatch AllowOverride All Require all granted # ssi enabled AddType text/html .shtml AddOutputFilter INCLUDES .shtml Options +Includes </Directory> <Directory /var/www/clients/client1/web9/nextcloud> # Clear PHP settings of this website <FilesMatch ".+\.ph(p[345]?|t|tml)$"> SetHandler None </FilesMatch> Options +SymlinksIfOwnerMatch AllowOverride All Require all granted # ssi enabled AddType text/html .shtml AddOutputFilter INCLUDES .shtml Options +Includes </Directory> <IfModule mod_ruby.c> <Directory /var/www/cloud.rothmedia.de/nextcloud> Options +ExecCGI </Directory> RubyRequire apache/ruby-run #RubySafeLevel 0 AddType text/html .rb AddType text/html .rbx <Files *.rb> SetHandler ruby-object RubyHandler Apache::RubyRun.instance </Files> <Files *.rbx> SetHandler ruby-object RubyHandler Apache::RubyRun.instance </Files> </IfModule> <IfModule mod_perl.c> PerlModule ModPerl::Registry PerlModule Apache2::Reload <Directory /var/www/cloud.rothmedia.de/nextcloud> PerlResponseHandler ModPerl::Registry PerlOptions +ParseHeaders Options +ExecCGI </Directory> <Directory /var/www/clients/client1/web9/nextcloud> PerlResponseHandler ModPerl::Registry PerlOptions +ParseHeaders Options +ExecCGI </Directory> <Files *.pl> SetHandler perl-script </Files> </IfModule> <IfModule mod_python.c> <Directory /var/www/cloud.rothmedia.de/nextcloud> <FilesMatch "\.py$"> SetHandler mod_python </FilesMatch> PythonHandler mod_python.publisher PythonDebug On </Directory> <Directory /var/www/clients/client1/web9/nextcloud> <FilesMatch "\.py$"> SetHandler mod_python </FilesMatch> PythonHandler mod_python.publisher PythonDebug On </Directory> </IfModule> # cgi enabled <Directory /var/www/clients/client1/web9/cgi-bin> AllowOverride All Require all granted </Directory> ScriptAlias /cgi-bin/ /var/www/clients/client1/web9/cgi-bin/ <FilesMatch "\.(cgi|pl)$"> SetHandler cgi-script </FilesMatch> # suexec enabled <IfModule mod_suexec.c> SuexecUserGroup web9 client1 </IfModule> <IfModule mod_fastcgi.c> <Directory /var/www/clients/client1/web9/cgi-bin> Require all granted </Directory> <Directory /var/www/cloud.rothmedia.de/nextcloud> <FilesMatch "\.php[345]?$"> <If "-f '%{REQUEST_FILENAME}'"> SetHandler php-fcgi </If> </FilesMatch> </Directory> <Directory /var/www/clients/client1/web9/nextcloud> <FilesMatch "\.php[345]?$"> <If "-f '%{REQUEST_FILENAME}'"> SetHandler php-fcgi </If> </FilesMatch> </Directory> Action php-fcgi /php-fcgi virtual Alias /php-fcgi /var/www/clients/client1/web9/cgi-bin/php-fcgi-85.25.213.11-80-cloud.rothmedia.de FastCgiExternalServer /var/www/clients/client1/web9/cgi-bin/php-fcgi-85.25.213.11-80-cloud.rothmedia.de -idle-timeout 300 -socket /var/lib/php7.4-fpm/web17.sock -pass-header Authorization -pass-header Content-Type </IfModule> <IfModule mod_proxy_fcgi.c> #ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ unix:///var/lib/php7.4-fpm/web17.sock|fcgi://localhost//var/www/clients/client1/web9/nextcloud/$1 <Directory /var/www/clients/client1/web9/nextcloud> <FilesMatch "\.php[345]?$"> <If "-f '%{REQUEST_FILENAME}'"> SetHandler "proxy:unix:/var/lib/php7.4-fpm/web17.sock|fcgi://localhost" </If> </FilesMatch> </Directory> </IfModule> # add support for apache mpm_itk <IfModule mpm_itk_module> AssignUserId web9 client1 </IfModule> <IfModule mod_dav_fs.c> # Do not execute PHP files in webdav directory <Directory /var/www/clients/client1/web9/webdav> <ifModule mod_security2.c> SecRuleRemoveById 960015 SecRuleRemoveById 960032 </ifModule> <FilesMatch "\.ph(p3?|tml)$"> SetHandler None </FilesMatch> </Directory> DavLockDB /var/www/clients/client1/web9/tmp/DavLock # DO NOT REMOVE THE COMMENTS! # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE! # WEBDAV BEGIN # WEBDAV END </IfModule> </VirtualHost>
Well as far as I remember, yes. The ICPConfig management site under port 8080 ist working with an self signed certificate under https:// And also webmail under Roundcube is working with SSL only with the same certificate.
You say you are using nginx but this is a Apache vhost. Are you using Apache instead of nginx? Did you configure this correctly in ISPConfig?
No, I just jumped into this thread. I thought not to begin another one, because I have similar issues. I'm using ISPConfig 3.2.1 with Debian Testing Bulleseye, PHP 7.4 and Apache 2.4.46. In the ISPConfig configurartion file is entered apache as web server.
You are indeed using Debian testing. Code: Hit:2 http://deb.debian.org/debian testing InRelease Hit:3 http://deb.debian.org/debian testing-updates InRelease Hit:4 http://deb.debian.org/debian-security testing-security InRelease Debian buster is supported, but I have seen no info that Debian testing is supported. So my guess is it just plain does not work. And you have confused me and @Th0m with your thread hijacking.
Please don't, as you can see it can confuse us and it can spam the OP with notifications for no reason. Instead open a new thread and eventually refer to this one.
Sorry for that. I'll try to downgrade to php7.3 and do an update on ISPConfig and hopefully it will all work as supposed. I'm really happy and impressed about your work on ISPConfig. I used for a couple of years ispCPOmega and am happy with this new and fresh looking Server Management Tool!