I was going to ask this in an earlier post (http://www.howtoforge.com/forums/showthread.php?p=195404#post195404) but this really is a separate question. I'm adding SSL to a few sites that will be running in Ispconfig. The server is behind a router/firewall that now has a single public IP routed to the server's private IP of 192.168.31.202. That private IP is also the one I set as the "default" server IP in ISPConfig. I have 5 public IP's that I can use. I know I need a separate public IP for each certificate. When you use the System>Edit server IP>Add new IP address, do you add a new private IP, then I'd use the router to point the public IP to it, or just add the public IP directly to ISPConfig? I've tried to experiment with it, but so far it hasn't worked. I tried adding a new public IP address in ISPC, then switched one site to use that IP instead of the *. I made sure the DNS entries reflected the change, but I could never access the site after making the change. I don't know if I'm missing a step somewhere, or there are other changes that have to be done manually. Also, when setting up a site that will use SSL, do you need to set up two seperate entries in the Sites section, one for HTTP and one for HTTPS?
You use private IP addresses for all services like web etc. except of dns records. no. Just enable the ssl checkbox in the site settings and create a ssl certificate.
So all I need to do is add 192.168.31.203 to the System>Edit server IP>Add new IP address, then set my router to point the second public IP to that private address? Do I check the HTTP NameVirtualHost box? That could be a DNS problem. Do I need to change/add anything to the DNS records? I already changed the A record to reflect the new IP. I'm using my own server as NS1, but it's using the first public IP address still. It's also been 12 hours and I'm still showing the old IP when I DIG the URL. It just might not have been long enough yet I guess. Do I have to edit the /etc/hosts or /etc/network/interfaces manually for it to see the new public or private IP's?
Yes, thats the default. Are you sure that your server is the authoritive nameserver for this domain? To query the local dns server use: dig @localhost domain.tld Public IP addresses have only be configured on your router and not your server. Private IP addresses have to be configured on your server of course in the config files.
I did notice that if I don't check it, the original virtualhost gets edited to add the new IP. If I do check it, the virtualhost gets edited, but it also added a new virtualhost for an SSL version, even thought I didn't ask for it yet. That's not a problem. I did check that. I checked it again this morning, and it had changed. I know they say it takes up to 48 hours to change, but usually my DNS changes take only a few hours for some reason. I guess this one was more "normal". ISPConfig must be doing something because after adding the new IP to the server on ISPC, ifconfig -a now shows the new private IP address added, and I didn't edit /etc/network/interfaces.
