Forum
SSL Configuration...please help
Matti
16 June 2018, 16:23
Hello, I'm too stupid for SSL;). I created my request using the LetsEncrypt script. No matter what configuration I'm testing. Either I can reach the web server via HTTP or via HTTPS. It would be nice and right if I were always available.
Where's my error in reasoning? I've already tested all sorts of options. Can someone just post an example hiawatha.conf here. Here my current:
Thank you in advance. Greeting Matti
Where's my error in reasoning? I've already tested all sorts of options. Can someone just post an example hiawatha.conf here. Here my current:
# GENERAL SETTINGS
#
ServerId = hiawatha
ServerString = creambeans
ConnectionsTotal = 1000
ConnectionsPerIP = 25
# BINDING SETTINGS
# A binding is where a client can connect to.
#
Binding {
Port = 80
# Interface = 94.130.185.214
}
#
Binding {
BindingID = SSL
Port = 443
# Interface = 94.130.185.214
# TLScertFile = tls/www.cremabeans.de.pem
MaxRequestSize = 4096
TimeForRequest = 3, 20
MaxKeepAlive = 30
}
# DEFAULT WEBSITE
# It is wise to use your IP address as the hostname of the default website
# and give it a blank webpage. By doing so, automated webscanners won't find
# your possible vulnerable website.
#
Hostname = 127.0.0.1
WebsiteRoot = /var/www/cremabeans
StartFile = index.html
AccessLogfile = /var/log/cremabeans/access.log
ErrorLogfile = /var/log/cremabeans/error.log
#ReverseProxy .* http://127.0.0.1:443/
# VIRTUAL HOSTS
# Use a VirtualHost section for each website you want to host.
#
VirtualHost {
# Hostname = *cremabeans.de
Hostname = *.cremabeans.de, *.cremaandbeans.de, *.cremabeans.com, *.cremaandbeans.com
# Hostname = www.cremabeans.de, www.cremaandbeans.de, www.cremabeans.com, www.cremaandbeans.com, *.cremabeans.de, *.cremaandbeans.de, *.cremabeans.com, *.cremaandbeans.com
RequiredBinding = SSL
RequireTLS = yes
TLScertFile = tls/cremabeans.de.pem
WebsiteRoot = /var/www/cremabeans/public
AccessLogfile = /var/log/cremabeans/log/access.log
ErrorLogfile = /var/log/cremabeans/log/error.log
# RequiredBinding = http, https
# ReverseProxy .* http://127.0.0.1:443/
TimeForCGI = 5
# UseFastCGI = PHP7
# UseToolkit = banshee
UseDirectory = static, files
}
Thank you in advance. Greeting Matti
Hugo Leisink
16 June 2018, 16:31
A binding will only speak TLS if the TLScertFile option is set. You set it in VirtualHost (which is ok), but it also needs to be set in Binding. If you only have one website, you don't need SNI. You can remote the TLScertFile option from VirtualHost and only set it in Binding.
Also, only use RequiredBinding if you really know what it does and you really need it.
The first hostname should not contain a wildcard.
Also, only use RequiredBinding if you really know what it does and you really need it.
The first hostname should not contain a wildcard.
Matti
17 June 2018, 08:22
Hi Hugo,
Thanks a lot. know works fine.
Thanks a lot. know works fine.
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
