Request Feature Enhancement for ISPConfig 3.x

Discussion in 'Feature Requests' started by ptiggerdine, Feb 19, 2007.

  1. ptiggerdine

    ptiggerdine New Member

    Firstly I like to thanks all developers and community members for this great product. Unfortunately I have to use plesk at work but once I can see an opening for ISPConfig I will suggest we go down this path.

    Exuse my ignorance if these feature exist already and I just haven't found them.

    My RFE is for templates in the domain side of things. Alot of the time we add domain with exactly the same information as the last domain (minus 1 or 2 changes). This would allow replication of the same information (e.g. NS1, NS2 MX A SPF ) much quicker and make it much easier for the resellers.

    My Second RFE is for a some sort ISPConfig agent. This would be the first part of have multiple ISPConfig servers being controlled from one central system.

    I think both of these feature would allow ISPConfig to be a real force in the data center and allow enterprise/consulting firms to offer commerical support and hence bring more developers and more users to the project.

    This is just my 2cents worth.

    Thanks inadvance & Regards,

    Peter Tiggerdine
     
  2. falko

    falko Super Moderator ISPConfig Developer

    did you check the "Hosting Plans"? Is that what you're looking for?

    We will have something like this in ISPConfig 3. :)
     
  3. Sheridan

    Sheridan New Member

    Hi to all.

    I would like to see support for multiple domains using one ssl cert in 3.x.
    At the moment i've to add the needed configuration by hand. Not much of a hassle but would be nice to get this handled by simply checking the ssl option.

    Thanks anyway.
    Sheridan
     
  4. martinfst

    martinfst ISPConfig Developer ISPConfig Developer

    I think you ask two questions.
    1. One Cert for multiple domains: this is not possible because of the way ssl is working. SSL Certs work for one domain and one IP. There is a special case for wildcard certs, which will allow multiple system hostnames to authenticate with the same Cert, but that's the only exception.

    2. Simply checking the ssl option and less manual steps. Again, not possible, as acquiring an official cert mandates an exchange of information between you and the Certificate Authority (Thawte, Verisign, many others). And for self-signed certs, you only have to do ' create cert' and you're done.

    Thanks for thinking with the developers, really appreciate it, but unfortunately your suggestion cannot be realized because of the design of SSL.
     
  5. djtremors

    djtremors ISPConfig Developer ISPConfig Developer

    I know what you mean. Best you can do is alter the master conf file which is used as a template when sites are changed or added.

    eg.
    /root/ispconfig/isp/conf/pri.domain.master
    /root/ispconfig/isp/conf/vhost.conf.master
    etc.

    But these would be global and not per hosting plan which would've been good.

    There alot more that ISPC could do but without making it more complex and alot of changes to existing code, all you can do is modify what you got.

    I've been playing around with inserting Includes() in parts of ISPC to call my own routines which makes plugging functions in easier... catch is new updates I have to reenter it in. *sigh*
     
  6. Sheridan

    Sheridan New Member

    I think i have to give you an example on what i mean with one cert for multiple domains.

    Let's think about a server that has the following hostname "server1.mydomain.com". server1.mydomain.com also exists as a valid dns A-record.
    So you now create a cert for "server1.mydomain.com". Then you have to configure apache to use name-based virtual hosts for <yourip>:443 like in the following example:


    Code:
    <IfModule mod_ssl.c>
    NameVirtualHost <ip-address>:443
    
    <VirtualHost <ip-address>:443>
            ServerName www.domain1.com:443
            ServerAdmin [email protected]
            DocumentRoot /var/www/web1/web
            ServerAlias domain1.com
            .....
    </VirtualHost>
    
    <VirtualHost <ip-address>:443>
            ServerName www.domain2.com:443
            ServerAdmin [email protected]
            DocumentRoot /var/www/web2/web
            ServerAlias domain2.com
            .....
    </VirtualHost>
    
    .....
    </IfModule>
    
    Maybe calling that "one cert for multiple domains" has been confusing, but the above configuration is definitely working and valid. Plesk, for example, supports that kind of apache configuration. I think it's the default behaviour until you upload or create your own cert.


    greets
    Sheridan
     
  7. falko

    falko Super Moderator ISPConfig Developer

  8. Sheridan

    Sheridan New Member

    But it's enough for most small webpages on shared servers to get an encrypted connection without having an official "valid" cert. I know that a cert only for one domain is the correct solution, but you don't always have enough ip's for that.

    Anyway. Would be nice to have support for that kind of setup, maybe with a big warning flashing into the admin's face when checking the approriate option. :D

    greets
    Sheridan
     
  9. nevis2us

    nevis2us New Member

    I second this move

    Lack of support for wildcard certificates is a real nuisance in ispconfig.
    Neither we nor our customers care much of what the apache docs say.
    This works and this is being used by many hosting providers. So why not?
    Thanks
     
    Last edited: May 22, 2007
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    Wildcard SSL certificates are a wildcard for subdomains, e.g. *.domain.com but they are not valid for just every domain (*). If you need this feature so urgently, feel free to contribute to the development :)
     

Share This Page