Hi,
I was experimenting with an email-only plan for some of our customers when I noticed that the per-site SSL features were disabled for them. The newly created sites didn't have a Manage SSL option in Virtualmin, they also weren't getting a self-signed cert in their home directory, and for services where SSL was used, such as Postfix, they were ending up with master.cf entries referencing (global) server certs/keys that I had specified in main.cf.
I do have SSL enabled for both Postfix and Dovecot in the global Virtualmin Configuration, and of course Apache for the standard mail+web sites/plans. Those settings are more or less at their defaults. My email-only plan features are: Admin user, Virtual IP, Home dir, Mail for domain, and Webmin login. Allowed capabilities: Can manage aliases, users, SSL certificates, make and restore backups, create catchall aliases, change domain's password.
I'm not sure if this is intentional or just an unexpected situation with Apache disabled. I imagine most people don't turn off Apache, but nevertheless it'd be nice to have the SSL features for other services regardless. Would it be possible to check if one or more services have SSL, whether that's Apache/SSL, Dovecot, Postfix, FTP, etc, and enable self-signed cert generation and management so long as the Manage capability is on?
Thanks,
Mike
Comments
Submitted by JamieCameron on Fri, 08/11/2017 - 14:21 Comment #1
Yeah, this is a missing feature in Virtualmin currently - the per-IP SSL cert for Postfix and Dovecot is always copied from apache (or nginx), so there's no way to set this up without an SSL website.
Submitted by mhokenson on Fri, 08/11/2017 - 14:40 Comment #2
Ah, ok. I'll probably just work up a second server template for the email-only setup with an alternate Apache vhost config. Change the DocumentRoot to /var/www/html and add some redirects to effectively disable web while leaving all the SSL functionality in place.
Thanks for the reply!
Mike
Submitted by JamieCameron on Fri, 08/11/2017 - 17:23 Comment #3
Yeah, you could still turn on SSL for a domain but not actually have any web content.