ISPConfig 3.1 unable to enable SSL option in Website... and more..

Discussion in 'Installation/Configuration' started by PVasileff, Oct 10, 2016.

  1. PVasileff

    PVasileff Member

    1. I make a fresh installation on OpenVZ VPS with Debian 7..
    After add a new website and try to enable SSL option on it - in /etc/apache2/sites-enabled/100-domain.com.vhost doesnt exist <VirtualHost> for port 443..

    2. ISPConfig 3.1 Web panel work too slow with Mozilla Firefox 49.0.1.. may be the problem it is in /etc/apache2/sites-enabled/000-ispconfig.vhost and SSLCipherSuite..
    With 3.0.5.4p9 this problem doesnt exist..

    Here is /etc/apache2/sites-enabled/000-ispconfig.vhost from 3.1:
    Code:
    ######################################################
    # This virtual host contains the configuration
    # for the ISPConfig controlpanel
    ######################################################
    
    Listen 8080
    NameVirtualHost *:8080
    
    <VirtualHost _default_:8080>
      ServerAdmin webmaster@localhost
    
      <Directory /var/www/ispconfig/>
        <FilesMatch "\.ph(p3?|tml)$">
          SetHandler None
        </FilesMatch>
      </Directory>
      <Directory /usr/local/ispconfig/interface/web/>
        <FilesMatch "\.ph(p3?|tml)$">
          SetHandler None
        </FilesMatch>
      </Directory>
    
      <IfModule mod_fcgid.c>
        DocumentRoot /var/www/ispconfig/
        SuexecUserGroup ispconfig ispconfig
        <Directory /var/www/ispconfig/>
          Options -Indexes +FollowSymLinks +MultiViews +ExecCGI
          AllowOverride AuthConfig Indexes Limit Options FileInfo
          <FilesMatch "\.php$">
            SetHandler fcgid-script
          </FilesMatch>
          FCGIWrapper /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter .php
                Order allow,deny
          Allow from all
              </Directory>
        IPCCommTimeout  7200
        MaxRequestLen 15728640
      </IfModule>
    
      <IfModule mpm_itk_module>
        DocumentRoot /usr/local/ispconfig/interface/web/
        AssignUserId ispconfig ispconfig
        AddType application/x-httpd-php .php
        <Directory /usr/local/ispconfig/interface/web>
          # php_admin_value open_basedir "/usr/local/ispconfig/interface:/usr/share:/tmp"
          Options +FollowSymLinks
          AllowOverride None
                Order allow,deny
          Allow from all
                php_value magic_quotes_gpc        0
        </Directory>
      </IfModule>
    
      # ErrorLog /var/log/apache2/error.log
      # CustomLog /var/log/apache2/access.log combined
      ServerSignature Off
    
      <IfModule mod_security2.c>
        SecRuleEngine Off
      </IfModule>
    
      # SSL Configuration
      SSLEngine On
        SSLProtocol All -SSLv2 -SSLv3
        SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
      SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
      #SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle
    
      SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
      SSLHonorCipherOrder On
    
      <IfModule mod_headers.c>
        Header always add Strict-Transport-Security "max-age=15768000"
            RequestHeader unset Proxy early
      </IfModule>
    
      </VirtualHost>
    
    
    <Directory /var/www/php-cgi-scripts>
      AllowOverride None
        Order Deny,Allow
      Deny from all
      </Directory>
    
    <Directory /var/www/php-fcgi-scripts>
      AllowOverride None
        Order Deny,Allow
      Deny from all
      </Directory>
    
    And from 3.0.5.4p9:

    Code:
    ######################################################
    # This virtual host contains the configuration
    # for the ISPConfig controlpanel
    ######################################################
    
    Listen 8080
    NameVirtualHost *:8080
    
    <VirtualHost _default_:8080>
      ServerAdmin webmaster@localhost
    
      <FilesMatch "\.ph(p3?|tml)$">
        SetHandler None
      </FilesMatch>
    
      <IfModule mod_fcgid.c>
        DocumentRoot /var/www/ispconfig/
        SuexecUserGroup ispconfig ispconfig
        <Directory /var/www/ispconfig/>
          Options -Indexes +FollowSymLinks +MultiViews +ExecCGI
          AllowOverride AuthConfig Indexes Limit Options FileInfo
              <FilesMatch "\.php$">
                      SetHandler fcgid-script
              </FilesMatch>
          FCGIWrapper /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter .php
                Order allow,deny
          Allow from all
                  </Directory>
        IPCCommTimeout  7200
            MaxRequestLen 15728640
      </IfModule>
    
      <IfModule mpm_itk_module>
        DocumentRoot /usr/local/ispconfig/interface/web/
            AssignUserId ispconfig ispconfig
        AddType application/x-httpd-php .php
        <Directory /usr/local/ispconfig/interface/web>
          # php_admin_value open_basedir "/usr/local/ispconfig/interface:/usr/share:/tmp"
          Options +FollowSymLinks
          AllowOverride None
                Order allow,deny
          Allow from all
                      php_value magic_quotes_gpc        0
        </Directory>
      </IfModule>
    
      # ErrorLog /var/log/apache2/error.log
      # CustomLog /var/log/apache2/access.log combined
      ServerSignature Off
    
      <IfModule mod_security2.c>
        SecRuleEngine Off
      </IfModule>
    
      # SSL Configuration
      SSLEngine On
      SSLProtocol All -SSLv2 -SSLv3
      SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
      SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
      #SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle
    
    </VirtualHost>
    
    <Directory /var/www/php-cgi-scripts>
        AllowOverride None
                Order Deny,Allow
        Deny from all
            </Directory>
    
    <Directory /var/www/php-fcgi-scripts>
        AllowOverride None
            Order Deny,Allow
        Deny from all
            </Directory>
    
    
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Enabling the ssl option enables just the ability to have ssl in a website, it does not create a ssl cert. The nexz step after emabling the ssl checkbox is that you either enable the letsencrypt checkbox if you have letsencrypt installed and want to create free letsencrypt ssl cert or you create a self signed cert on the ssl tab.

    I don't have any speed problems in firefox with ISPConfig 3.1.
     

Share This Page