I requested an option to compose custom directives for Apache SSL on https://www.virtualmin.com/node/53436, but then marked it as
works as designed with the following comment:
Let's concentrate on more important issues as we will use custom post creation script to remove directives for SSL version. So Jamie, please disregard this feature until hopefully one day, more people are interested in this, and instead could you please elaborate on https://www.virtualmin.com/node/53448.
because we decided to just remove all the 443 related lines in Apache configuration every time a virtual server is created with SSL option on executing the following code in post creation script:
if [ "$VIRTUALSERVER_ACTION" = "MODIFY_DOMAIN" ]; then
if [ "$VIRTUALSERVER_OLDSERVER_SSL" = "0" ] && [ "$VIRTUALSERVER_SSL" = "1" ]; then
sed -ie '\#<VirtualHost .*:443>#,\#</VirtualHost>#d' /etc/httpd/conf/httpd.conf
systemctl restart httpd
and everything works perfectly well: (1) Let's Encrypt certificates are created and renewed by Virtualmin and (2) Apache is stripped off all 443 records, because another proxy server manages the SSL certificates.
One big problem is remaining though - when we check Virtualmin configuration, then it gives:
The Apache configuration on your system does not appear to be listening on port 443, which is needed to host SSL websites. If you do not plan to host SSL sites, this feature should be disabled in Virtualmins's module configuration page.
because the line
Listen 443 https in the
/etc/httpd/conf.d/ssl.conf file is commented out.
As explained in https://www.virtualmin.com/node/53436 our proxy server, not Apache, listens to port 443, however because this association between Apache and SSL configuration is hardcoded in Virtualmin configuration check it fails. So I'd like to file a request to de-couple this hard-coded connection between Apache and SSL configuration as nowadays with SSL everywhere philosophy more and more software like proxy servers are coming up and I do believe Virtualmin has to grow further to start supporting them.
In essence this issue is about Virtualmin treating Apache and SSL configuration together, when in fact SSL configuration could be done via lot's of other proxy servers.
Thanks for consideration!