Submitted by yngens on Wed, 09/06/2017 - 00:58
In templates we can edit or completely remove directives and settings for new websites
:
ServerName ${DOM}
ServerAlias www.${DOM}
DocumentRoot ${HOME}/public_html
ErrorLog /var/log/virtualmin/${DOM}_error_log
CustomLog /var/log/virtualmin/${DOM}_access_log combined
ScriptAlias /cgi-bin/ ${HOME}/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory ${HOME}/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
</Directory>
<Directory ${HOME}/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
</Directory>
However, when we go with "Apache SSL website enabled?" then the directives are written to Apache configuration file without possibility to pre-set them. We terribly need not to write anything in the Apache configuration file, because a proxy software is going to take care of custom SSL directives.
So I'd like to request to provide similar option in templates, where users could either preset directives or leave them completely empty. And until and if this request is accepted I wonder what would be the best workaround?
Thanks for consideration!
Status:
Closed (works as designed)
Comments
Submitted by yngens on Wed, 09/06/2017 - 00:59 Comment #1
Submitted by andreychek on Wed, 09/06/2017 - 09:43 Comment #2
Jamie may need to comment to know exactly how this is done, but it appears that enabling the SSL feature copies the port 80 version of the existing domain's Apache config, rather than using the template.
If you edit the Server Template, and then enable SSL on an existing domain, your Server Template changes won't be used there.
However, if you were to create a new domain, your Server Template changes would be used for the port 80 config, and then copied to the port 443 config when SSL is enabled.
If you need to apply changes from the Server Template to an existing domain, you could always disable the "Apache website" feature and then re-enable it.
Submitted by yngens on Wed, 09/06/2017 - 11:58 Comment #3
Eric, all we need is to prevent Virtualmin to write anything to Apache config file when SSL is enabled as we need to delegate management of SSL and 443 to a proxy server.
Submitted by JamieCameron on Wed, 09/06/2017 - 18:51 Comment #4
In that case, why not just skip enabling the SSL feature entirely for the domain if it's going to be handled by a proxy?
Submitted by yngens on Wed, 09/06/2017 - 20:34 Comment #5
Well, proxy doesn't do anything but terminate SSL certificate, so SSL certificate still needs to be generated by Virtualmin's Let's Encrypt and AFAIK that's only possible if domain's SSL is enabled. Can Let's Encrypt be generated without SSL feature checked? Maybe through CLI? Is there a Virtualmin command to request Lets Encrypt without domain's SSL feature?
Submitted by yngens on Wed, 09/06/2017 - 20:42 Comment #6
Let's concentrate on more important issues as we will use custom post creation script to remove directives for SSL version. So Jamie, please disregard this feature until hopefully one day, more people are interested in this, and instead could you please elaborate on https://www.virtualmin.com/node/53448.
Submitted by yngens on Wed, 09/20/2017 - 19:09 Comment #7
Just adding the relevant issue...
Submitted by JoeDoe on Tue, 10/09/2018 - 09:55 Comment #8
Hey,
Im facing the same issue as that the config from port 80 is copied to SSL config (e.g. virtualhost block). I have this issue that i want to have different Rewrite rules per non-SSL and SSL. For example i've entered these Rewrite rules in the Server Templates to rewrite webmail.domain.tld to Parent proxy at a different URL. but im facing the issue now that non-SSL traffic is also able to access webmail.domain.tld without a redirect to https. I've tried to make a redirect that would suite both Virtualhost blocks (non-SSL and SSL) but this is just a work around for a feature that would be very handy to have.
The thing is that i cannot make separate Redirects or Rewrite Rules for non-SSL / SSL, in the Server Template.