httpd Listen 443 not needed in vhost.conf

[chongma]

For support, please use our forums: http://forums.sentora.org/, you can search for solutions there. Feel free to open a new question if none of the threads solve your problem. Please, do NOT use this issue tracker for support.

For bug reports please provide the following information:

Operating System: CentOS 7 Operating System Version number: 7-2.1511 Sentora Version: 1.0.3 Issue: httpd cannot start once ssl website is configured How to reproduce it: port override to 443 in apache config Suggested fix or solution if you have any: sentora should not write Listen 443 at top of /etc/sentora/configs/apache/httpd-vhosts.conf this directive is provided by mod_ssl in ssl.conf Thank you on the behalf of the Sentora Team.

V 0.0.2

[Caffe1neAdd1ct]

This may be the case for CentOS 7, needs testing on CentOS 6 and other supported operating systems.

I'll test and get back on this one.

[nlubello]

254 Pull request submitted.

Tested on Ubuntu. Works great

[MBlagui]

OK looks ok will check it.

Despite most of the issue happen depend on how you implement SSL. If you use override that's the main issue. SSL should not be added that way. It should be another full VHOST and then you choose using .htaccess to redirect or not.

[GordonHannan]

In CentOS 7, the "Listen 443" command breaks the panel functionality. When I removed it from my Sentora 1.0.3 install, the SSL/Panel started working. Can we alter the code to not add this?

[MBlagui]

I used the panel on daily basis and no issues.

M B

[chongma]

MB do you use CentOS 7 though? because you have 2 reporters saying that Listen 443 is already defined in ssl.conf on that platform. so there isn't a need to add it at the top of vhosts

[TGates71]

You are looking at this 'backwards'. Sentora needs to control all the vhost configs SSL or not. Therefore, you need to remove the Listen 443 in the ssl.conf file. Please read the tutorials on the forums about using SSL with Sentora. Panel login: http://forums.sentora.org/showthread.php?tid=3297 All other domains/sub domains: http://forums.sentora.org/showthread.php?tid=2535

[MBlagui]

I'm using centos 7 yes on most of my servers as this is my preferred distrib.

But will check it back as you point to it

[TGates71]

@MBlagui , this is explained in the tutorials on the forums for SSL regarding CentOS. CentOS(7?) uses the ssl.conf by default while Ubuntu (and older CentOS?) does not. This needs to be examined in the CentOS Sentora installer setup. Listen 443 in ssl.conf should be disabled or removed during install so that Sentora can control it's behavior in the httpd-vhosts.conf as it is currently designed. We can re-examine a better SSL handling at a later date as we have discussed before. Removing it from Sentora is not the fix, removing from the ssl.conf or bypassing the ssl.conf is the solution to keep compatibility with all supported OS.

[chongma]

ok i see the line in the tutorial. i did look at those tutorials but do not remember seeing a line saying to remove Listen 443. shouldn't SSL be configured out of the box though? also if it detected CentOS 7 then it could not add Listen 443 to vhosts and then it would solve the problem anyway?

[TGates71]

SSL should be from the start from now on since all browsers are starting to conform to the https sites only. We will also have to work on getting the let's encrypt module completed. Maybe even move it into the core. Possibly for v1.0.5?

[chongma]

sentora should then require that mod_ssl and openssl be required packages at installation? could it automatically generate a certificate for the control panel? or would that require asking for lets encrypt credentials during install?

[MBlagui]

Take care let's encrypt require always public IP's. So if you install and enable SSL while dns not available or you are in a local environnement you won't be able to use let's encrypt!

[modcar]

I'm sorry, I don't really see that being a problem. If we have the option to say no to LE if we're setting up a test system.....

[TGates71]

This is only noticed on CentOS 7. Will add a check to skip Listen 443 if CentOS.

[Bizarrus]

The best way is, to install mod_ssl as default by Sentora with their own configuration file.

If you install mod_ssl after Sentora already has been installed and created an VHost Port-redirect to 443, the Listen 443 is duplicated (once in the default mod_ssl configuration, second generated by Sentora in VHost configuration)

[Dukecitysolutions]

This has been resolved in v2 installer.