Ispmanager 6 lite, pro, host documentation

SSL for external applications

To enable usage of SSL for external applications:

  1. In the Main menu, open Settings;
  2. Navigate to Web-server settings;
  3. Open SSL for external applications;
  4. Check the box Enable work with external applications through SSL.
Note!
The configuration provides a secure connection for accessing applications such as phpMyAdmin and Roundcube. For correct operation, use any open port (port 1501 is used by default).

To manage certificates:

  1. In the Main Menu, open Settings.
  2. Go to Panel settings.
  3. Click the SSL certificates drop-down list.

Provide secure access to the control panel by issuing a certificate for the specified domain. This certificate will allow you to log in to additional applications associated with that domain by simply using the appropriate domain name when logging into the control panel.

Web server configuration files

When this feature is used, it creates a set of configuration files for the web server. The configuration files are modified in the following cases:

  • you turn the feature on or off;
  • feature settings change;
  • a panel certificate is added or removed;
  • reinstalling the web server to obtain information about panel certificates using ihttpd.certs API request. Configuration files differ depending on the web server used.

Apache

A configuration file and folder are created:

rhel: /etc/httpd/conf.d/ssl_vhosts_inc.conf
      /etc/httpd/ssl_cert_vhosts
debian: /etc/apache2/conf.d/ssl_vhosts_inc.conf
        /etc/apache2/ssl_cert_vhosts

Example of ssl_vhosts_inc.conf:  

IncludeOptional /etc/httpd/ssl_cert_vhosts/*.conf
Listen 1501

For each certificate in the panel a configuration file named <certificate name>.conf is created in the directory. When a certificate is removed from the panel's list of certificates, the corresponding configuration file is deleted.

Example of manager.conf:

<VirtualHost 172.31.97.76:1501>
    ServerName localhost
    <IfModule headers_module>
        Header always set Strict-Transport-Security "max-age=31536000; preload"
    </IfModule>
    SSLCertificateFile "/usr/local/mgr5/etc/manager.crt"
    SSLCertificateKeyFile "/usr/local/mgr5/etc/manager.key"
    SSLCipherSuite EECDH:+AES256:-3DES:RSA+AES:!NULL:!RC4
    SSLEngine on
    SSLHonorCipherOrder on
    SSLProtocol TLSv1 TLSv1.1 TLSv1.2
</VirtualHost>

Nginx

A configuration file and folder are created:

/etc/nginx/conf.d/ssl_servers_inc.conf
/etc/nginx/ssl_cert_servers

File ssl_servers_inc.conf:  

include /etc/nginx/ssl_cert_servers/*.conf;

For each certificate in the panel a configuration file named <certificate name>.conf is created in the directory. When a certificate is removed from the panel's list of certificates, the corresponding configuration file is deleted.  

Example of manager.conf:

server {
        server_name localhost;
        disable_symlinks if_not_owner;
        include /etc/nginx/vhosts-includes/*.conf;
        add_header Strict-Transport-Security "max-age=31536000;";
        listen 1501 ssl;
        listen 172.31.97.76:1501 ssl default_server;
        ssl_certificate "/usr/local/mgr5/etc/manager.crt";
        ssl_certificate_key "/usr/local/mgr5/etc/manager.key";
        ssl_ciphers EECDH:+AES256:-3DES:RSA+AES:!NULL:!RC4;
        ssl_prefer_server_ciphers on;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
}

Openlitespeed

The folllowing configuration files and folders will be created:

/usr/local/lsws/conf/listeners/ssl_vhosts_inc.conf
/usr/local/lsws/conf/ssl_conf/manager-ssl.conf
/usr/local/lsws/conf/ssl_conf
/usr/local/lsws/conf/ssl_conf/mapping

 File  ssl_vhosts_inc.conf:

include /usr/local/lsws/conf/ssl_cert_listeners/*.conf

Example of manager-ssl.conf:  

listener manager-cert-listen {
    address 172.31.97.76:1501
    secure 1
    keyFile /usr/local/mgr5/etc/manager.key
    certFile /usr/local/mgr5/etc/manager.crt
    map Default *
    include /usr/local/lsws/conf/ssl_conf/mapping/*.conf
}

In the /usr/local/lsws/conf/ssl_conf directory, a configuration file named <certificate name>.conf is created for each panel certificate. In the /usr/local/lsws/conf/ssl_conf/mapping directory a configuration file named <certificate name>-map.conf is created for each certificate in the panel. When a certificate is removed from the list of certificates in the panel, the corresponding configuration files are deleted.

Example  manager.conf:  

virtualHost manager-cert-vhost {
    vhDomain site.domain
    vhRoot Default/
    docRoot Default/html
    context / {
        extraHeaders Header set Strict-Transport-Security "max-age=31536000; preload"
    }
    vhssl {
        keyFile /usr/local/mgr5/etc/manager.key
        certFile /usr/local/mgr5/etc/manager.crt
        certChain 1
    }
    include /usr/local/lsws/conf/vhosts-includes/*.conf
}

Example of manager-map.conf: 

map manager-cert-vhost site.domain