1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice

Plesk resets SSL directory settings in httpd.conf

Discussion in 'Plesk for Linux - 8.x and Older' started by lnxmtl, Jun 17, 2005.

  1. lnxmtl

    lnxmtl Guest

    0
     
    Hi,

    I'm having a problem with Plesk (7.5.2 / Fedora Core 2) since I installed a SSL certificate for my main domain.

    the https://mydomain.com page points to the Plesk default page instead of the httpsdocs directory of the domain.

    Here is the relevant part in /etc/httpd/conf/httpd.include :

    <VirtualHost xxx.xxx.xxx.xxx:443 >
    ServerName default-xxx-xxx-xxx-xxx
    UseCanonicalName Off
    DocumentRoot /home/httpd/vhosts/default/httpsdocs
    ScriptAlias /cgi-bin/ "/home/httpd/vhosts/default/cgi-bin/"
    SSLEngine on
    SSLVerifyClient none
    SSLCertificateFile /usr/local/psa/var/certificates/cert-xxxxxx
    SSLCACertificateFile /usr/local/psa/var/certificates/cert-xxxxxx
    <Directory "/home/httpd/vhosts/default/cgi-bin/">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
    </Directory>
    <Directory /home/httpd/vhosts/default/httpsdocs>
    SSLRequireSSL
    </Directory>
    </VirtualHost>


    I tried to edit it manually to change the following items :

    DocumentRoot /home/httpd/vhosts/mydomain.com/httpsdocs
    <Directory /home/httpd/vhosts/mydomain.com/httpdocs>
    SSLRequireSSL
    Options +Includes +ExecCGI
    AddHandler cgi-script .cgi
    </Directory>

    It worked, but during the night, a plesk internal cron job did overwrite the file and reverted my changes (naturally, same thing happens if a new site is added).

    Since this is in the main httpd.include file, the 'vhost.conf' trick won't work.

    I saw elsewhere on the board some people had trouble with IP moved from shared to exclusive, so I installed the site on a newly added exclusive IP and the result was no better.

    I finally tried to find where is the data in the database but could not find it.

    Do you know how to correct this problem, or the location where the data used by Plesk to rebuild /etc/httpd/conf/httpd.include is stored ?

    Thanks !
     
  2. hardweb

    hardweb Guest

    0
     
    All modifications to the httpd.include, should be added to a vhost.conf or vhost_ssl.conf file. The httpd.include files are overwritten by Plesk. You should search on this forum, a lot of people faced this issue.
     
  3. lnxmtl

    lnxmtl Guest

    0
     
    Thanks hardweb, but I was talking about the main httpd.include, the one in /etc/httpd/conf/httpd.include, not the domain's private httpd.include.

    In the domain's private httpd.include there is no <VirtualHost xxx.xxx.xxx.xxx:443 > directive, so the vhost_ssl.conf is not included when the
    "/usr/local/psa/admin/sbin/websrvmng --reconfigure-vhost --vhost-name=myDomain.com" command is executed.

    Also, what I need to do is not only to add directives, but to change the wrong settings made by Plesk, namely DocumentRoot parameters and the content of the <Directory> directive.

    I temporarily solved the problem by moving the whole section out of Plesk's reach (at least I hope so!), in httpd.conf, just before the
    "Include /etc/httpd/conf/httpd.include" command since the first VirtualHost command have precedence over subsequently defined VirtualHost directives for the same IP/Port.

    ---

    The problem is the lack of any SSL related configuration for the domain, despite the facts that in the control panel, everything seems to be ok (in the customer's IP pool, the certificate properly appears for the right IP and usage count for the certificate is properly set to 1).
    The certificate was installed at the server level, so that the myDomain.com:8443 access to the panel could use the same certificate (that part works well).
    It correctly appears in the serverwide cert repository, but not in the domain's repository (I have no previous experience with plesk SSL, so I don't know if this is the expected behavior).

    AFAIK, Plesk did not properly update it's tables to reflect the fact that this domain have a SSL certificate attached to it's (exclusive) IP address.

    Even if my 'dirty' fix does the job for now, I would rather make it work the normal, intended way.

    Any idea about what could cause Plesk to skip SSL configuration for a domain ?
     
  4. hardweb

    hardweb Guest

    0
     
    Be aware that all htttp.include files, the domain ones or the global one are eventually rewritten. All custom configs must go outside these files.
     
  5. jamesyeeoc

    jamesyeeoc Guest

    0
     
    In the control panel, go to Domains, Setup.

    Make sure there is a checkmark in 'SSL support'. If there is already, then uncheck it, click Ok, then go back in and checkmark it again and click Ok again. This will force the changes to occur to the httpd.conf file, Plesk may have gotten confused.

    This does not happen often, but I have seen it happen with Plesk products, as well as some MS products.
     
Loading...