Difference between revisions of "Sentora SSL Letsencrypt"
From MS Computech
| (4 intermediate revisions by the same user not shown) | |||
| Line 8: | Line 8: | ||
#Listen 443 https | #Listen 443 https | ||
</pre> | </pre> | ||
| + | |||
<pre> | <pre> | ||
git clone https://github.com/letsencrypt/letsencrypt | git clone https://github.com/letsencrypt/letsencrypt | ||
| Line 13: | Line 14: | ||
./letsencrypt-auto --help | ./letsencrypt-auto --help | ||
service httpd stop | service httpd stop | ||
| − | ./letsencrypt-auto certonly --standalone -d domain.com -d www.domain.com | + | ./letsencrypt-auto certonly --standalone -d domain.com -d www.domain.com -d images.domain.com -d panel.domain.com |
service httpd start | service httpd start | ||
</pre> | </pre> | ||
| − | + | Changing Sentora port | |
| − | Changing Sentora port | ||
On Sentora Panel go to Admin -> Module Admin -> Apache Config > Override a Virtualhost [Select VHost] -> | On Sentora Panel go to Admin -> Module Admin -> Apache Config > Override a Virtualhost [Select VHost] -> | ||
Tick Port Override. | Tick Port Override. | ||
Forward Port 80 to Overriden Port: 443 | Forward Port 80 to Overriden Port: 443 | ||
| − | Custom Entry | + | Custom Entry |
| − | |||
<pre> | <pre> | ||
SSLEngine on | SSLEngine on | ||
| Line 35: | Line 34: | ||
SSLCompression off | SSLCompression off | ||
</pre> | </pre> | ||
| + | Redirect http to https | ||
| + | <pre> | ||
| + | # DOMAIN: siamtools.com | ||
| + | # PORT FORWARD FROM 80 TO: 443 | ||
| + | <virtualhost *:80> | ||
| + | ServerName siamtools.com | ||
| + | ServerAlias www.siamtools.com | ||
| + | ServerAdmin [email protected] | ||
| + | RewriteEngine on | ||
| + | ReWriteCond %{SERVER_PORT} !^443$ | ||
| + | RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L] | ||
| + | </virtualhost> | ||
| + | # END DOMAIN: siamtools.com | ||
| + | </pre> | ||
| + | |||
<pre> | <pre> | ||
php -q /etc/sentora/panel/bin/daemon.php | php -q /etc/sentora/panel/bin/daemon.php | ||
service apache2 restart | service apache2 restart | ||
| + | </pre> | ||
| + | |||
| + | Rewrite .htaccess http to https | ||
| + | <pre> | ||
| + | RewriteEngine On | ||
| + | |||
| + | # If your opencart installation does not run on the main web folder make sure y$ | ||
| + | |||
| + | RewriteBase / | ||
| + | |||
| + | #################### | ||
| + | #First rewrite any request to the wrong domain to use the correct one (here www$ | ||
| + | RewriteCond %{HTTP_HOST} !^www\. | ||
| + | RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301] | ||
| + | |||
| + | #Now, rewrite to HTTPS: | ||
| + | RewriteCond %{HTTPS} off | ||
| + | RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] | ||
</pre> | </pre> | ||
Your domain should now be secured by SSL. | Your domain should now be secured by SSL. | ||
You can test it here: https://www.ssllabs.com/ssltest/ | You can test it here: https://www.ssllabs.com/ssltest/ | ||
| + | |||
| + | ----------------------- | ||
| + | |||
| + | Config SSL httpd | ||
| + | |||
| + | 1. ไปที่ Admin > Sentora Config > Sentora Apache Port : 443 | ||
| + | 2. ไปที่ Admin > Module Admin > Apache Config > Apache Port : 443 | ||
| + | 3. ไปที่ Admin > Module Admin > Apache Config > Override a Virtual Host Setting > Select Your domain > Port Override:443 and check Forward Port 80 to Overriden Port | ||
| + | Custom entry | ||
| + | <pre> | ||
| + | # Custom Global Settings (if any exist) | ||
| + | SSLEngine on | ||
| + | SSLProtocol ALL -SSLv2 -SSLv3 | ||
| + | SSLHonorCipherOrder On | ||
| + | SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS | ||
| + | |||
| + | SSLCertificateFile /etc/letsencrypt/live/tools.com-0001/cert.pem | ||
| + | SSLCertificateKeyFile /etc/letsencrypt/live/tools.com-0001/privkey.pem | ||
| + | SSLCertificateChainFile /etc/letsencrypt/live/siamtools.com-0001/chain.pem | ||
| + | |||
| + | #cloudflare | ||
| + | #SSLCertificateFile /certcf/tools.com.pem | ||
| + | #SSLCertificateKeyFile /certcf/tools.com.key | ||
| + | </pre> | ||
| + | Save VHOST | ||
| + | |||
| + | 4. แก้ไฟล์ /etc/sentora/config/apache/httpd.conf | ||
| + | <pre> | ||
| + | ServerName localhost | ||
| + | Listen 80 | ||
| + | </pre> | ||
| + | Restart Sentora + Apache | ||
| + | <pre> | ||
| + | sudo /usr/bin/php -q /etc/sentora/panel/bin/daemon.php | ||
| + | apachectl restart | ||
| + | </pre> | ||
Latest revision as of 11:25, 29 January 2017
วิธีการติดตั้ง SSL Letsencrypt บน Centos 7 Sentora
yum install git mod_ssl openssl python-certbot-apache nano /etc/httpd/conf.d/ssl.conf
nano /etc/httpd/conf.d/ssl.conf
#Listen 443 https
git clone https://github.com/letsencrypt/letsencrypt cd letsencrypt ./letsencrypt-auto --help service httpd stop ./letsencrypt-auto certonly --standalone -d domain.com -d www.domain.com -d images.domain.com -d panel.domain.com service httpd start
Changing Sentora port On Sentora Panel go to Admin -> Module Admin -> Apache Config > Override a Virtualhost [Select VHost] -> Tick Port Override. Forward Port 80 to Overriden Port: 443 Custom Entry
SSLEngine on SSLProtocol ALL -SSLv2 -SSLv3 SSLHonorCipherOrder On SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS SSLCertificateFile /etc/letsencrypt/live/domain.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/domain.com/chain.pem # Keeping bellow for future upgrades. # Requires Apache >= 2.4 SSLCompression off
Redirect http to https
# DOMAIN: siamtools.com # PORT FORWARD FROM 80 TO: 443 <virtualhost *:80> ServerName siamtools.com ServerAlias www.siamtools.com ServerAdmin [email protected] RewriteEngine on ReWriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L] </virtualhost> # END DOMAIN: siamtools.com
php -q /etc/sentora/panel/bin/daemon.php service apache2 restart
Rewrite .htaccess http to https
RewriteEngine On
# If your opencart installation does not run on the main web folder make sure y$
RewriteBase /
####################
#First rewrite any request to the wrong domain to use the correct one (here www$
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#Now, rewrite to HTTPS:
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Your domain should now be secured by SSL. You can test it here: https://www.ssllabs.com/ssltest/
Config SSL httpd
1. ไปที่ Admin > Sentora Config > Sentora Apache Port : 443 2. ไปที่ Admin > Module Admin > Apache Config > Apache Port : 443 3. ไปที่ Admin > Module Admin > Apache Config > Override a Virtual Host Setting > Select Your domain > Port Override:443 and check Forward Port 80 to Overriden Port Custom entry
# Custom Global Settings (if any exist) SSLEngine on SSLProtocol ALL -SSLv2 -SSLv3 SSLHonorCipherOrder On SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS SSLCertificateFile /etc/letsencrypt/live/tools.com-0001/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/tools.com-0001/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/siamtools.com-0001/chain.pem #cloudflare #SSLCertificateFile /certcf/tools.com.pem #SSLCertificateKeyFile /certcf/tools.com.key
Save VHOST
4. แก้ไฟล์ /etc/sentora/config/apache/httpd.conf
ServerName localhost Listen 80
Restart Sentora + Apache
sudo /usr/bin/php -q /etc/sentora/panel/bin/daemon.php apachectl restart
