Apache2 vhost SSL configuration running on Plesk

[ollidiemaus]

I have a problem with configuring ssl in apache 2 vhost configuration running plesk.
My Server is running on a virtual machine with plesk 12.

And basically I just want to setup ssl for the domain.

I know there is a plugin espacially for this but I also need an ssl certificate for my mongodb so i thought it would be good to use the same cert for both of these.

In the file "/var/www/vhosts/system/example.de/conf/httpd.conf"
Is the line Include

"/var/www/vhosts/system/example.de/conf/vhost_ssl.conf"

So I believe in can configure stuff in the vhost_ssl.conf file

This is my vhost_ssl.conf file:

SLEngine on
SSLVerifyClient none
SSLCertificateFile /etc/letsencrypt/live/example.de/fullchain.pem

But when i try to reconfigure my domain i get this Error:

ERR [util_exec] proc_close() failed ['/opt/psa/admin/bin/apache_control_adapter' '--restart' '--restart-interval' '0' '--http-port' '7080' '--https-port' '7081'] with exit code [255]
ERR [panel] Apache config (14588122890.93280300) generation failed: Template_Exception: Can not restart web server: Service /etc/init.d/apache2 failed to start
Service /etc/init.d/apache2 failed to start

file: /opt/psa/admin/plib/Service/Driver/Web/Server/Apache.php
line: 110
code: 0
Can not restart web server: Service /etc/init.d/apache2 failed to start
Service /etc/init.d/apache2 failed to start


So I believe there is something wrong with my Configuration

I'm pretty new in this whole self hosting stuff, but parse will be shut down so I need to host the stuff by myself.

I'm already pretty sure that this is some noob question but I cannot find any solution in the web.

 

[Lloyd_mcse]

Hi ollidiemaus,
The files...

/var/www/vhosts/system/domain.tld/conf/vhost_ssl.conf
and
/var/www/vhosts/system/domain.tld/conf/vhost.conf

Are controlled in Plesk..

Plesk -> Domains -> domain.tld -> Apache and Nginx Settings ->
Additional directives for HTTPS
Additional directives for HTTP

But you cannot add SSL certificate directives there as they are already added via the templates.
Just install the Lets Encrypt Extension and browse to...

Plesk -> Domains -> domain.tld -> Lets Encrypt

And it will set it up for you.
I hope that helps
Regadrs

Lloyd

 

[ollidiemaus]

I tried out the Lets Encrypt plugin.
But like I said I also wanna secure my mongodb via ssl and therefore i wanna use the same certificate.
But the problem is that the Lets Encrypt plugin creates several different files with different filenames each time... but after each renewal i need to link the new certificate to mongodb.

But you said its already added via the templates.
So could i remove ssl from the template and apply it via vhost_ssl.conf ?

Greetings,
Olli

 

[Lloyd_mcse]

So could i remove ssl from the template and apply it via vhost_ssl.conf ?

Simply, no. Templates adjust all domains.

In theory you could just secure the domain with Lets Encrypt, and then download the cert, create a pem file and upload it to /etc/mysql/ and then edit the file /etc/mysql/my.cnf adding the paths to the .pem file.
But then you'll be doing that every 2 or 3 months, easier just to buy a certificate for the host/mail server name and use that. RapidSSL do a 3 year cert for £25.
I know that's not the answer you wanted, maybe someone else has got around the limitations of Lets Encrypt?

Regards

Lloyd

 

[ollidiemaus]

Okay thank you anyways.
Maybe its not even a Problem with certificate ...
I could not connect to my mongodb via curl and i thought it would be an certificate issue.
But maybe I configured nginx reverse proxy the wrong way.

This is what i would normaly write in /etc/nginx/sites-enabled/default :
# HTTP - redirect all requests to HTTPS
server {
listen 80;
listen [::]:80 default_server ipv6only=on;
return 301 https://$host$request_uri;
}

# HTTPS - serve HTML from /usr/share/nginx/html, proxy requests to /parse/
# through to Parse Server
server {
listen 443;
server_name your_domain_name;

root /usr/share/nginx/html;
index index.html index.htm;

ssl on;
# Use certificate and key provided by Let's Encrypt:
ssl_certificate /etc/letsencrypt/live/your_domain_name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your_domain_name/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

# Pass requests for /parse/ to Parse Server instance at localhost:1337
location /parse/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:1337/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_redirect off;
}

location / {
try_files $uri $uri/ =404;
}
}

But withing Plex and apache2 running where do I configure this reverse Proxy?
I already have nginx installed and activated via Domains->domain.tld-> Settings for apache and nginx

 

[Lloyd_mcse]

Hi,
most of that is already in the templates, and any additional nginx directives you can add in...

Plesk -> Domains -> domain.tld -> Apache and Nginx Settings -> Nginx Settings

There you can add gzip, cache control etc.
I hope that helps
Regards

Lloyd

 

[ollidiemaus]

Okay for anyone interested the plesk Lets Encrypt Extension also stores their files in /opt/psa/var/modules/letsencrypt/etc/live/domain.tld/