Separate IP and SSL for a Customer

Discussion in 'Installation/Configuration' started by jon, Oct 6, 2010.

Page 1 of 2
  1. jon

    jon Member

    I have an ISPConfig 3 server running with several clients. One of the clients needs an SSL certificate, so I have assigned them a separate static IP. I'm wondering what the proper ISPConfig way to set this up is. Of course I don't want any other clients to be able to select (or see would be even better) this IP. Can someone guide me the right way? I've done SSL sites with Apache2 many many times, but would like to stick to the ISPConfig way so things don't get messed up on an upgrade (that's happened once already). Thanks in advance.
     
    jon, Oct 6, 2010
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    If you create the websites as admin user for your clients, then no client can change the settings on the first tab like the IP address.

    So the steps are:

    1) Login as admin user and create the website for this client.
    2) select the IP, enable the ssl checkbox, then go to the ssl tab and enter the details for the ssl cert and select create as action and click on save. After a few minutes, go back zo the site and you will find the sl csr and self signed crt in the fields on the ssl tab.
    3) If you want a officially signed ssl cert, take the sl csr, let it sign by a ssl authority and copy the ssl crt that you get back into the ssl crt field and select save as action.
     
    till, Oct 6, 2010
    #2
  3. jon

    jon Member

    That sounds good, but for adding the IP address, do I go in to System -> Server IP addresses and add both the mail IP and the customers IP there?
     
    jon, Oct 7, 2010
    #3
  4. DUCKFACE

    DUCKFACE Banned

    Last edited: May 12, 2011
    DUCKFACE, Oct 8, 2010
    #4
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    The email system does not realy on IP adresses for accounts. So there is no email IP. IP Adresses ae for websites (apache) only.
     
    till, Oct 8, 2010
    #5
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats correct and the normal bahviour of the apache webserver. Ýou can use the SSL IP for only one website. So no other website may use this IP for http or https. This is not ispconfig specific, it is the way that ssl works.
     
    till, Oct 8, 2010
    #6
  7. DUCKFACE

    DUCKFACE Banned

    Last edited: May 12, 2011
    DUCKFACE, Oct 9, 2010
    #7
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    You have to add as many IP addresses as you want to have SSL records on that machine. Please see SSL specification RFC for details. Thats not specific to ispconfig.
     
    till, Oct 9, 2010
    #8
  9. jon

    jon Member

    Sorry, that should have read main, not mail
     
    jon, Oct 9, 2010
    #9
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    All IP-Adresses that should be used for websites (vhosts) have to be added there incl. the main IP of the server.
     
    till, Oct 9, 2010
    #10
  11. jon

    jon Member

    Seems perfect, thanks a lot.
     
    jon, Oct 13, 2010
    #11
  12. xciso

    xciso Member

    Sorry if i update an old thread, but i have the same question.

    I have 2 ip adresses.
    ip1 i have for main. It is used to server, and all websites i create.
    ip2 will be used for one client. To use SSL.

    I read that i should insert both my main ip adress and ofcurse the additional ip adress.
    I think i should have the box "HTTP NameVirtualHost" checked for the additional ip so the user can use it.
    But if i should insert my main ip. Should this box be checked or unchecked?

    I bought the manual for isp3, but i dont understand exactly.

    Thanks!!
    BTW: My ip adresses är public.
     
    xciso, Aug 19, 2011
    #12
  13. till

    till Super Moderator Staff Member ISPConfig Developer

    The box has to be checked for every IP address that you want to use for a website. there is no difference between main and additional IP's.
     
    till, Aug 19, 2011
    #13
  14. xciso

    xciso Member

    I insert my ip adresses under "edit server ip"
    Then i change one client to the new so the client can get SSL.
    Now when i visit the cliets website i see:

    It works!
    This is the default web page for this server.
    The web server software is running but no content has been added, yet.

    And when i try www.xxx.com/admin i get:
    Not Found
    The requested URL /admin/ was not found on this server.

    I know that admin directory exist.
    What can i do?


    EDIT: One more question. The client that i change ip on, should i change the dns to the new ip?
    If i will do that. Should i do it on everything that point to the shared ip?

    xxx.com
    ftp
    mail
    www
     
    Last edited: Aug 21, 2011
    xciso, Aug 21, 2011
    #14
  15. falko

    falko Super Moderator Howtoforge Staff

    Take a look at the vhost configuration. Is the IP address correct?
     
    falko, Aug 22, 2011
    #15
  16. xciso

    xciso Member

    Where to look?
     
    xciso, Aug 22, 2011
    #16
  17. falko

    falko Super Moderator Howtoforge Staff

    On Debian/Ubuntu, the vhost configuration files are stored in the /etc/apache2/sites-available/ directory.
     
    falko, Aug 23, 2011
    #17
  18. xciso

    xciso Member

    sorry. but i dont really understand
    /etc/apache2/sites-available/clientname

    Is it right with clientname or what shell i type?
     
    xciso, Aug 23, 2011
    #18
  19. falko

    falko Super Moderator Howtoforge Staff

    Can you take a look at the contents by typing
    Code:
    cat /etc/apache2/sites-available/[I]<vhost>[/I]
    ? Is the IP address correct?
     
    falko, Aug 24, 2011
    #19
  20. xciso

    xciso Member

    When i type in: cat /etc/apache2/sites-available/<vhost>
    I get: -bash: syntax error near unexpected token `newline'
     
    xciso, Aug 25, 2011
    #20
Page 1 of 2

Share This Page