SSL config on .vhosts - ISPConfig protected folders

Discussion in 'ISPConfig 3 Priority Support' started by Barbara, Mar 6, 2016.

  1. Barbara

    Barbara New Member

    Could you provide some insight and recommendations. When using SSL config on .vhosts - ISPConfig protected folders function opens port 80, deletes cipher config and redirect. This blows the SSL config away making it a little too risky to give to an end user (client) - end user won't understand what happened. How would you recommend we handle this?

    ISPConfig 3.0.5.4p8, Ubuntu 14.04LTS, Nginx Perfect Server
    Letsencrypt Certificates applied to domains and ISPConfig
    Ispconfig Interface protected w/ .htaccess (post-339134)

    (1) domainname.tld.vhost [configuration] modified for SSL:
    server {
    listen 80;
    server_name domainname.tld www.domainname.tld;
    return 301 https://$host$request_uri;
    }
    server {
    listen 100.200.30.40.500 ssl;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
    listen [1000:b123:400:50::600:7000]:443 ssl;
    ssl_certificate /var/www/clients/client1/web1/ssl/domainname.tld.crt;
    ssl_certificate_key /var/www/clients/client1/web1/ssl/domainname.tld.key;
    server_name domainname.tld www.domainname.tld;

    (2) Unit Test From ISPConfig / Web Access / Protected Folders & Protected Folder Users:
    After adding protected folder and user, .vhost configuration updated by ISPConfig deletes redirect, opens port 80 on IPv4 & IPv6, and removes lines: ssl_prefer_server_ciphers on; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

    domainname.tld.vhost [configuration] after ISPConfig Protected Folders & User added:
    server {
    listen 100.200.30.40.500:80;
    listen [1000:b123:400:50::600:7000]:80;

    listen 100.200.30.40.500 ssl;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    listen [1000:b123:400:50::600:7000]:443 ssl;
    ssl_certificate /var/www/clients/client1/web1/ssl/domainname.tld.crt;
    ssl_certificate_key /var/www/clients/client1/web1/ssl/domainname.tld.key;

    server_name domainname.tld www.domainname.tld;

    root /var/www/domainname.tld/web;
    ...
    ...
    location /_/protected_directory/ {
    auth_basic "Members Only";
    auth_basic_user_file /var/www/clients/client1/web1/web/_/protected_directory/.htpasswd;

    location ~ \.php$ {
    try_files /gdgdggdg7e7w0d71d08f4r3e.htm @php;
    }
    }
    (3) After Step 2 Protected Directory> html5 audio and jwplayer video fail on android mobile:
    Media (audio, video) within protected directory fails to load on Android 4.4. Works on Win desktop. Media plays on mobile when protection on directory removed. Ever experience this before?
    --Barbara--
     
    Last edited: Mar 6, 2016
    Barbara, Mar 6, 2016
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Seems as if you manually edited the vhost config file. Thes vhost files may not be edited manually, they are completely managed by ispconfig and ispconfig will remove all manual changes.

    When you want to alter the default vhost template of an ispconfig server then copy the nginx vhost template from /usr/local/ispconfig/server/conf/ to /usr/local/ispconfig/server/conf-custom/ and edit the template in conf custom.

    If you want to modify the nginx setup for a single website, then use the Nginx directives field of the website for that, you can also alter existing sections of the file by using the ###merge### directive. The generated vhost file may never be aleterd as all your changes will be removed anyway.
    you can also alter
     
    till, Mar 6, 2016
    #2

Share This Page