Sponsor:

Server and Web Integrator
Link:
Kloxo-MR logo
6.5.0 or 7.0.0
Click for "How to install"
Donation/Sponsorship:
Kloxo-MR is open-source.
Donate and or Sponsorship always welcome.
Click to:
Click Here
Please login or register. 2017-11-07, 16:52:34

Author Topic: SSL Hiawatha  (Read 2769 times)

0 Members and 1 Guest are viewing this topic.

Offline fossxplorer

  • Master
  • **
  • Posts: 635
  • Karma: +0/-0
    • View Profile
SSL Hiawatha
« on: 2015-06-08, 23:09:49 »
Hi,
why doesn't hiawtha with SSl cert work with own IP assinged to a client?

One of my customer uses a subdomain of the domain Kloxo itself uses.
For Kloxo CP i'm using a wildcard SSL cert, but for this customers subdomain i've purchased a seperate SSL cert.
Is that a problem?

EDIT: i tried to switch to Apache only, and it worked immediately. Some issues with Hiawatha and SSL certs then.
Mustafa, any idea?
« Last Edit: 2015-06-08, 23:19:39 by fossxplorer (formerly 'Mella') »
Kloxo-MR!

Online MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,381
  • Karma: +112/-9
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: SSL Hiawatha
« Reply #1 on: 2015-06-08, 23:19:21 »
Try use the same cert for subdomain.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline fossxplorer

  • Master
  • **
  • Posts: 635
  • Karma: +0/-0
    • View Profile
Re: SSL Hiawatha
« Reply #2 on: 2015-06-08, 23:20:40 »
I can't give the customer the SSL key for our main domain :)

As i update, it works fine with Apache only.
« Last Edit: 2015-06-08, 23:22:41 by fossxplorer (formerly 'Mella') »
Kloxo-MR!

Offline fossxplorer

  • Master
  • **
  • Posts: 635
  • Karma: +0/-0
    • View Profile
Re: SSL Hiawatha
« Reply #3 on: 2015-06-08, 23:29:01 »
Tried to switch back to Hiawatha proxy and got
service  hiawatha  start
Starting Hiawatha web server: listen(http(s)): Address already in use
                                                           [  OK  ]

Hmm....

#killall hiawatha
hiawatha: no process killed
# netstat -plan | grep 443
]#

What's the problem?


Kloxo-MR!

Online MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,381
  • Karma: +112/-9
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: SSL Hiawatha
« Reply #4 on: 2015-06-08, 23:34:17 »
Try 'pkill -9 httpd; sh /script/restart-web -y'.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline fossxplorer

  • Master
  • **
  • Posts: 635
  • Karma: +0/-0
    • View Profile
Re: SSL Hiawatha
« Reply #5 on: 2015-06-08, 23:36:53 »
[root@mail ~]# pkill -9 httpd; sh /script/restart-web -y

Stopping Hiawatha web server:                              [FAILED]
Starting Hiawatha web server:                              [listen(http(s)): Address already in use
  OK  ]
-------------------------------------------------------------------

Stopping httpd:                                            [FAILED]
Starting httpd:                                            [  OK  ]
-------------------------------------------------------------------

Stopping php54m-fpm:                                       [  OK  ]
Starting php54m-fpm:                                       [  OK  ]
-------------------------------------------------------------------

- For help, type '/script/restart-web [--help|-h]'
[root@mail ~]# service  hiawatha  status
hiawatha dead but pid file exists
[root@mail ~]#


Try 'pkill -9 httpd; sh /script/restart-web -y'.
Kloxo-MR!

Offline fossxplorer

  • Master
  • **
  • Posts: 635
  • Karma: +0/-0
    • View Profile
Re: SSL Hiawatha
« Reply #6 on: 2015-06-08, 23:47:20 »
I'll run on Apache only mode now.
You can get access to my server tomorrow.
Thanks a lot for now!
Kloxo-MR!

Offline fossxplorer

  • Master
  • **
  • Posts: 635
  • Karma: +0/-0
    • View Profile
Re: SSL Hiawatha
« Reply #7 on: 2015-08-14, 00:56:11 »
Ok, now i need to get Hiawatha reverse proxy up and running.
I still fails with SSL clients.
This post here also indicates Kloxo-MR doesn't support reverse proxy and SSL clients kloxo-mr-technical-helpsssl-problem-with-hiawatha.html.

I've assigned an IP for one of the client setup with SSL. Apache alone works fine with SSL, but not when switching to Hiawatha. Also, netstat shows that that dedicated IP is assigned to listen on port 80 and not 443!


@Mustafa, can you please fix this?
Kloxo-MR!

Online MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,381
  • Karma: +112/-9
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: SSL Hiawatha
« Reply #8 on: 2015-08-14, 01:50:09 »
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline fossxplorer

  • Master
  • **
  • Posts: 635
  • Karma: +0/-0
    • View Profile
Re: SSL Hiawatha
« Reply #9 on: 2015-09-05, 14:18:46 »
Yeah i did, but it looks like Kloxo-MR's config of Hiawatha is quite different here.
@Mustafa, are you able to get this running?
Right now i'm forced to used Apache alone to serve TLS customer sites and Apache is too slow.
Working reverse proxy with TLS is very important feature IMHO.
Thanks.
Kloxo-MR!

Online MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,381
  • Karma: +112/-9
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: SSL Hiawatha
« Reply #10 on: 2015-09-05, 14:32:41 »
Where you think Hiawatha configs is different between KLoxo-MR and 'default' from hiawatha itself?.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline fossxplorer

  • Master
  • **
  • Posts: 635
  • Karma: +0/-0
    • View Profile
Re: SSL Hiawatha
« Reply #11 on: 2015-09-05, 22:21:07 »
It was quite some time ago i did the tests and comparison, but i might be wrong here too!
Now i don't have Hiawatha proxy enabled.

I don't have another instance of Kloxo-MR to test unfortunately, but we definitely need Hiawatha proxy with TLS working. This is THE best feature with Kloxo-MR IMHO!
 

Where you think Hiawatha configs is different between KLoxo-MR and 'default' from hiawatha itself?.
Kloxo-MR!

Online MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,381
  • Karma: +112/-9
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: SSL Hiawatha
« Reply #12 on: 2015-09-06, 05:30:40 »
Hiawatha configs since the time release for web server always the same. Different thing is latest Hiawatha only support TLSv1.1+ and disabled SSLv2+.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

 


Top 10 Social Networking:    Facebook    Twitter    LinkedIn    Pinterest    Google Plus    Tumblr    Instagram    VK    Flickr    Vine

Page created in 0.053 seconds with 17 queries.

web stats analysis
 
Mirror created by MasterkinG32.CoM