You are here
Paul Rinear - Sat, 2019/08/10 - 15:47
It does not appear the Webmin makes any changes at all to 0000-default.conf file when editing the default website. I cannot figure out where it makes changes at all.
I had to manually edit the configuration file to make SSI work. The Document Options settings under Webmin for the default appear to have no effect.
Is this some sort of permission issue or a bug?
Forum:
Tags:
Hi Paul
That's for posting regarding this. TBH, I prefer to edit the Apache config files directly myself, so aren't super familiar with Webmin in that regard.
However, I would expect it to work as designed. The only thing that occurs to me is that (same as manually editing the files directly) Apache needs to be restarted for config changes to be applied. Although obviously if you're using Webmin, you can use that to restart Apache too.
The only thing that occurs to me is that because by default we use a consolidated certificate for all TurnKey https services (i.e. Webmin, Webshell and Apache) we have removed the default certificate config location from the individual Apache sites, to a common location (IIRC it's now in ssl.conf).
So unless you are hosting on multiple domains, you may actually be better off replacing the default cert in /etc/ssl/private. Assuming that it matches the format of the current cert, it should also work for Webmin and Webshell too then.
It's perhaps also worth adding that unless you need/wish to use a 3rd party TLS cert (and assuming that you already have a domain set up), TurnKey has built in support for automagically getting free Let's Encrypt cert via the Confconsole - Let's Encrypt plugin.
Regardless, thanks for reporting. When I get a chance I'll investigate a little closer, but to make sure it doesn't get forgotten, I've opened an issue on our tracker.
Paul replied...
Paul replied via email, but unfortunately, it wasn't auto-posted.
Works here...?!
Whilst much of my response wasn't directly responding to your note re Webmin, I was trying the share info about how I would manage certs on my TurnKey LAMP server. Apologies if you found it irrelevant or side-stepping your feedback.
So I thought the best thing to do was to fire up a v15.1 LAMP appliance and check myself.
First thing I did was log in via SSH and generate a test certificate and key and placed them in a new directory, /etc/test-cert/ (cert.pem & cert.key). By default TurnKey includes etckeeper, which saves config changes in the /etc directory into version control. So I manually committed those changes. I then logged into Webmin and entered the Apache server config area. I double checked /etckeeper and noted that Webmin had written a few files (for internal use I assume) so I committed those too.
Then, in Webmin, I went into the Apache "Existing virtual host" config page, selected the third one down; the entry for "*.443". I.e. this one:
I then selected "SSL options". I changed both "Certificate/private key file" and "Private key file" from default, to "/etc/test-cert/cert.pem" and "/etc/test-cert/cert.key" respectively. I then clicked "Save".
I then went back to my SSH session and ran a git diff on /etc and this is the result that I got:
As you can see above, it appears that Webmin has indeed edited the /etc/apache2/sites-available/000-default.conf file and added the "SSLCertificateFile" and "SSLCertificateKeyFile" directives below:
For reference, here's the full contents of /etc/apache2/sites-available/000-default.conf after editing in Webmin:
The updated conf isn't formatted as nicely as it could be, but otherwise, it appears to be working as it should?!
If you think I missed something, or you can exactly explain how to reproduce your issue, please post back. For now, I'm going to close the issue that I opened yesterday, but if you can give more info on how I can reproduce it, then I'll reopen it.
Add new comment