Facebook
Twitter
JeremyHattula
New Pleskian
After two days of reading through forums without a clear answer and much experimentation (having almost 0 experience with linux systems, tho i've learned a lot in the the last two days) i came up with a working model for shared ssl on linux. Seeing some others had similar questions and i could not find a clear solutions i'll share what i came up with.
This is on a VPS server running Parallels Plesk Panel v11.0.9_build110120608.16 os_CentOS 6 on CentOS 6.4 (Final)
1. Set up your domain (ie secure.mydomain.com) in the Plesk Panel and associate your ssl certificate with that domain.
2. Go to the php settings for that domain and set the open_basedir param to "." or ".:/tmp" (you MUST include . )
3. Login via shell or vnc and open /var/www/vhosts/secure.mydomain.com/conf/vhost_ssl.conf edit it to:
3. From the command line in a terminal run
to read your new vhost_ssl.conf (note: i had to delete the backup file vhost_ssl.conf~ using gedit in gnome cause httpdmng was reading that one instead of vhost_ssl.conf)
4. Create a file such as sharedssl.sh with the following code (This is how i made mine you can customize it as you see fit)
5. Back in the Plesk Panel go to Tools & Settings > Event Manager > Add New Event Handler with the following settings
6. Restart Apache
Any new hosting plan will have a sharedssl folder that will be available via https://secure.mydomain.com/~customerdomain.com.
Works with everything except fastcgi (will return 500 error). I was apprehensive of using the linux admin as user (still not entirely sure how secure that is) but it was the only way to get around the suexec problem using userdir. As long as you have set open_basedir to "." it will limit PHP file access only to files in the users /sharedssl directory or additional directory specified in open_basedir!
As i said before i have about nill experience with linux systems and not sure this is best way to go but it does work. Any comments or suggestions will be super!
This is on a VPS server running Parallels Plesk Panel v11.0.9_build110120608.16 os_CentOS 6 on CentOS 6.4 (Final)
1. Set up your domain (ie secure.mydomain.com) in the Plesk Panel and associate your ssl certificate with that domain.
2. Go to the php settings for that domain and set the open_basedir param to "." or ".:/tmp" (you MUST include . )
3. Login via shell or vnc and open /var/www/vhosts/secure.mydomain.com/conf/vhost_ssl.conf edit it to:
Code:
<IfModule mod_suexec.c>
SuexecUserGroup adminusr psaserv
#Where adminusr is your primary linux login, not root
</IfModule>
<IfModule mod_userdir.c>
UserDir /var/www/vhosts/*/sharedssl
#I use a sharedssl directory for this as explained later you can change this to something else
</IfModule>
<Directory /var/www/vhosts/*/sharedssl>
Options +Includes +ExecCGI
AddHandler cgi-script .cgi
<IfModule mod_fcgi.c>
<Files ~ (\.php)>
SetHandler fcgid-script
FCGIWrapper /var/www/cgi-bin/cgi_wrapper/cgi_wrapper .php
Options +ExecCGI
allow from all
</Files>
</IfModule>
<IfModule mod_perl.c>
<Files ~ (\.pl$)>
SetHandler perl-script
PerlHandler ModPerl::Registry
Options ExecCGI
allow from all
PerlSendHeader On
</Files>
</IfModule>
<IfModule mod_python.c>
<Files ~ (\.py$)>
SetHandler python-program
PythonHandler mod_python.cgihandler
</Files>
</IfModule>
<IfModule mod_fcgid.c>
<Files ~ (\.fcgi)>
SetHandler fcgid-script
Options +FollowSymLinks +ExecCGI
allow from all
</Files>
</IfModule>
</Directory>3. From the command line in a terminal run
Code:
/usr/local/psa/admin/bin/httpdmng --reconfigure-domain secure.mydomain.com4. Create a file such as sharedssl.sh with the following code (This is how i made mine you can customize it as you see fit)
Code:
#!/bin/bash
echo "--------------------" >> /tmp/event_handler.log
/bin/date >> /tmp/event_handler.log
/usr/bin/id >> /tmp/event_handler.log
echo "Domain Created" >> /tmp/event_handler.log
echo "Name: ${1}" >> /tmp/event_handler.log
echo "User: ${2}" >> /tmp/event_handerl.log
#Comment out cp to make a blank directory or comment out mkdir to copy from skeleton
cp -R /var/www/vhosts/.skel/0/httpdocs /var/www/vhosts/${1}/sharedssl
#mkdir /var/www/vhosts/${1}/sharedssl
echo "Directory Created" >> /tmp/event_handler.log
echo "Path: /var/www/vhosts/${1}/sharedssl" >> /tmp/event_handler.log
chown -R ${2}:psaserv /var/www/vhosts/${1}/sharedssl
chmod -R 750 /var/www/vhosts/${1}/sharedssl
echo "chmod 750" >> /tmp/event_handler.log
echo "--------------------" >> /tmp/event_handler.log5. Back in the Plesk Panel go to Tools & Settings > Event Manager > Add New Event Handler with the following settings
Code:
Event: Hosting Settings Created
Priority: Normal (50)
User: root
Command: /path/to/sharedssl.sh ${NEW_DOMAIN_NAME} ${NEW_SYSTEM_USER}6. Restart Apache
Any new hosting plan will have a sharedssl folder that will be available via https://secure.mydomain.com/~customerdomain.com.
Works with everything except fastcgi (will return 500 error). I was apprehensive of using the linux admin as user (still not entirely sure how secure that is) but it was the only way to get around the suexec problem using userdir. As long as you have set open_basedir to "." it will limit PHP file access only to files in the users /sharedssl directory or additional directory specified in open_basedir!
As i said before i have about nill experience with linux systems and not sure this is best way to go but it does work. Any comments or suggestions will be super!
