I have Virtualmin and it has apache and primary domain and encryption by Let's Encrypt.
I install gitlab on the subdomain and port 8443, but it doesn't work for me.
Turns on on the port but not on the subdomain.
I don't know how to connect a subdomain to open gitlab.
I don't know how to add a certificate from Virtualmin to a subdomain.
How do you do these two things?
Should I do it outside Virtualmin?
if you need a script like GitLab to run on a subdomain of the website, you need to create a sub server.
login to Virtualmin, select your domain, click create Virtual server,
from top tabs, select sub servers.
not if you want to create subdomain git.example.com, just type 'git' in domain and press [TAB].
in enable-feature section, select Setup SSL website too? and click create server.
after the sub server is created, go to the SSL section and request for let's encrypt the certificate.
To enable port 8443, go to webmin, networking, firewalld, on the list of ports and services, click add allowed port, add port 8443. and apply configuration.
just stop and start firewall to take effects.
Related
I'm trying to put a simple Wordpress site on Google Cloud with SSL.
I set up a load balancer using an instance group, as described here: https://docs.bitnami.com/google-templates/how-to/configure-lb-ssl-google-templates/
except I used one-click deployment instead of bitnami.
unmanaged instance group with the vm as a member
load balancer with the instance group on the backend, port 80
front end HTTPS, port 443
The front end works, this is my test site: https://thescanclub.com
However, insecure access is still possible to the backend I.P. and also the database! I must have left out a firewall or something. How would you fix this?
Back end IP to the vm: 34.150.136.72
PS... this is a small test site and may get a new vm if I have to redo it.
The Google Managed Certificate that you created resides within the Front End of the Load Balancer. This means that it will only use the Google's SSL certificate, and redirect from HTTP to HTTPS when you access your Wordpress site through the Load Balancer's front end IP address or through the domain (thescanclub.com).
Digging the A record of your domain, you'll see that it is not pointed to the VM's public IP but rather to a different one which I presume is the HTTPS Load Balancer's front end IP.
If you wish to access the website directly from the VM's public IP, then it will be best to set up a letsencrypt SSL certificate within the Bitnami instance and set up the HTTP to HTTPS redirection through it. Hope you find this documentation helpful.
I have setup a raspberry pi web server. I'm using nginx and google domains. I have a conf file for that domain in sites-available I configured the server_name to my domain name www.domain.com .domain.com;
The problem is that I can only access the website using .domain.com. When I try using www.domain.com I get redirect to ISP page (unable to find..).
Login to your domain provider's dashboard
If you haven't already added an A record to your DNS settings select Manage DNS and add an A record pointing to your IP address of the host.
You'll essentially need to add a CNAME record to your domain's DNS settings. The 'Name' field should be www
Depending on your provider you may have to wait till about 2- 48hrs to allow it to propagate.
I am running on Rancher platform and I have set up wordpress through wordpress stack. It is currently running on port 80 http. I wish to insert a free SSL with Let's encrypt and I know that Traefik stack is able to generate one for my wordpress. But I don't exactly know how.
Things that I tried:
I create a volume on wordpress /mnt/docker/traefik/acme:/etc/letsencrypt/acme
I configure Traefik with HTTP challenges, insert a proper email for acme and so on.
Not working =(
Rancher can manage your SSL certificates.
Here are the steps:
Add certificate (https://rancher.com/docs/rancher/v1.6/en/environments/certificates/)
Create a load balancer service, with the hostname needed for your wordpress certificate, select the appropriate ports, select the certificate.
Now the wordpress website would be available on the port selected in the Loadbalancer rules.
I have created a website and set it up on IIS on a Windows Server 2008 R2 which is on the local network. What should I do to be able to access that website by typing its name in the browser from client machine? Right now there're only two sites: One is the Default Website and the other one is my newly created one. If I type this IP in the browser of a remote computer, which has access to the server, the default website opens. If I add https:// to the ip address I get directed to my website. This means the website opened is decided upon the protocol (http or https). What if I add another website that would require SSL?
Actually the site you browse to is not decided by the protocol, it's decided by the port. By default HTTPS is port 443, and HTTP is port 80.
So if you have an HTTPS and HTTP protocol added to a website in IIS, you've created bindings for these two ports automatically.
This is visible by going into IIS clicking "Sites" from the "Connections" section in the left pane and then looking at the "Bindings" column in the center pane.
If you create another website on the host which uses SSL you would have to assign it to a different port.
To browse to that new SSL website you would have to enter the port when browsing to it.
e.g. https://serverName:444
(You don't have to enter default ports, 80 & 443, your browser automatically infers which to use from the protocol type and adds them if no other is present)
This is inconvient for users so people get around this by registering domain names such as stackoverflow.com and pointing them to the address with the port e.g. https://stackoverflow.com:444, so users don't have to enter port numbers.
Have you added the website address to the host file which sits in the drives folder of the system32. If you add the website name against the IP in the host file you should be able to access it using the name rather than than IP address
Something like this- 10.18.20.108 test.stackoverflow.com
i have hosted the one website "www.example1.com" in port 443(https) in IIS 7. now i bought a new domain for "www.example2.com" for same IP. i would like to host the another website in this domain(www.example2.com) in port 443(i already used port 443 for "www.example1.com").
How can i do this? Is this possible to host two domains in port 443 in same IP? If yes could anyone please let me know the right way to do this? I am using IIS 7.
It CAN be done.
SSL Host Headers in IIS 7 allow you to use one SSL certificate for multiple IIS websites on the same IP address. Through the IIS Manager interface, IIS only allows you to bind one site on each IP address to port 443 using an SSL certificate. If you try to bind a second site on the IP address to the same certificate, IIS 7 will give you an error when starting the site up stating that there is a port conflict. In order to assign a certificate to be used by multiple IIS sites on the same IP address, you will need to set up SSL Host Headers by following the instructions below.
What Type of SSL Certificate Do You Need?
Because you can only use one certificate, that certificate needs to work with all the hostnames of the websites that you use it with (otherwise you will receive a name mismatch error). For example, if each of your IIS 7 websites uses a subdomain of a single common domain name (like in the example below), you can get a Wildcard Certificate for *.mydomain.com and it will secure site1.mydomain.com, site2.mydomain.com, etc.
If, on the other hand, your IIS 7 sites all use different domain names (mail.mydomain1.com, mail.mydomain2.com, etc.), you will need to get a Unified Communications Certificate (also called a SAN certificate).
Setting up SSL Host Headers on IIS 7
Obtain an SSL certificate and install it into IIS 7. For step-by-step instructions on how to do this, see Installing an SSL Certificate in Windows Server 2008 (IIS 7.0).
Once the certificate is installed into IIS, bind it to the first site on the IP address.
Open the command prompt by clicking the start menu and typing “cmd” and hitting enter.
Navigate to C:\Windows\System32\Inetsrv\ by typing “cd C:\Windows\System32\Inetsrv\” on the command line.
In the Inetsrv folder, run the following command for each of the other websites on the IP address that need to use the certificate (copy both lines):
appcmd set site /site.name:"<IISSiteName>" /+bindings.[protocol='https',bindingInformation='*:443:<hostHeaderValue>']
Replace <IISSiteName> with the name of the IIS site and <hostHeaderValue> with the host header for that site (site1.mydomain.com)
Test each website in a browser. It should bring up the correct page and show the lock icon without any errors. If it brings up the web page of the first IIS site, then SSL Host Headers haven’t been set up correctly.
in iis 7.5 or newer versions
- Sites > Add Website
- Site Name: example2.com
- Physical Path: select directory
- Binding: same ip as example.com
- Host name: example2.com
then in binding check this for both websites
You can't in IIS7 - each HTTPS binding requires a unique IP/port combination because the Host Header cannot be used to differentiate sites using SSL. This is because the host header is not visible during the SSL handshake.
Your workaround is to differentiate the sites by binding to a different external IP, or by binding to a port other than 443. Both options are less than ideal I know.
There's a great MSDN blog on this.
Fortunately IIS8 appears to have a solution in the form of Server Name Indication (SNI).
Interestingly this is not an IIS quirk, Apache has the same issue, as would any web server before the introduction of SNI.
I currently use IIS 6.0.
I have managed to set up multiple web sites using port 443 and different certificates.
From the IIS manager, go to the web site and edit site bindings.
Simply make sure that the Require Server Name Indication box is ticked and leave the IP address: as All Unassigned.
You now use the same port (443) for multiple sites by selecting the appropriate certificate for the site from the dropdown list of certificates.
We also host multiple sites in port 443 but we need UNIQUE IP addresses for each site.
You cannot bind multiple sites to port 443 using only one IP address.
Unless there is a work-around, but I'm not aware of any.
This article may help:
http://www.harbar.net/articles/ssl.aspx
If you are using a wildcard certificate, just use the format *.domainname.com in the friendly name and the IIS GUI will enable the hostname control for you when you are editing the binding.
Source