SSL on Aegir sites

Posted by mihha on November 27, 2009 at 10:42pm

We attempted to get SSL to work with sites that we host under Aegir 0.3. Unfortunately this was ether very difficult or impossible with Aegir version 0.3. Sites would lose http vs https redirection location and was quite messy (we are using securepages to set pages that need encription).

In order to overcome this we installed Aegir 0.4, as it has experimental SSL support.

We are at the point where we do see that SSL is disabled for our site. We do not understand how we should enable this:
1) If we should enable SSL for each site from the hostmaster GUI. If so then we could not find the GUI based option to enable SSL for the site. Note that we have enabled the SSL support under HOSTING | FEATURES | EXPERIMENTAL | SSL support is checked.

2) Or should we instead edit the files manually.

All we want to achieve is that we get SSL support for Login page on few of our sites, managed by Aegir.

Mihajlo
Kontrola

Comments

SSL on Aegir 0.4Alpha2

Posted by j2parker on December 4, 2009 at 6:37pm

The following has worked for me on Ubuntu 8.04.

1) Edit virtual host config file at /var/aegir/config/vhost.d/example.com_80

Insert the following after Servername example.com

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

2) Create virtual host config file /var/aegir/config/vhost.d/example.com_443

Insert the following:

< VirtualHost *:443>

    RewriteEngine On
    SSLEngine on

    SSLOptions +StrictRequire

    ServerName example.com

    DocumentRoot /var/aegir/platform/drupal-6.14

    SSLCertificateFile <path to cert>/server.crt
    SSLCertificateKeyFile <path to cert>/server.key

    SSLProtocol all
    SSLCipherSuite HIGH:MEDIUM

    php_value session.cookie_secure 1

    <Directory "/var/aegir/platform/drupal-6.14/sites/example.com/files">
     SetHandler This_is_a_Drupal_security_line_do_not_remove
    </Directory>

< /VirtualHost>

** Delete the space following "<" on the first and last line. I had to add it to get d.o to display the code. There shouldn't be a space preceding /VirtualHost.

3) Edit server file /var/aegir/config/vhost.d/example.com.server

Insert the following:

NameVirtualHost *:443

Be aware that if you verify a platform or site after making the above changes then /var/aegir/config/vhost.d/example.com_80 will be rewritten undoing #1 above.

Thanks for your post. I

Posted by mihha on December 4, 2009 at 6:55pm

Thanks for your post.
I actually set ssl and ssl_redirect columns (in hosting_site database table) to 1 and that trick worked - Aegir was seeing selected site as SSL (and added SSLEngine On into the configuration after site was verified).

My idea of this test was just to see how aegir is going to handle sites that are fully or partially ssl. This option is still in experimental (in development) so it does not work for me.

I have some sites that I want partially secured. I've added Apache configuration manually. But I've used one trick that is going to work for you also ;)
Instead of putting that configuration in existing configuration file, create new file (I am naming them with suffix _443) and add all your configuration. That way when you do verification, your SSL configuration will not be lost ;)

Greetings

Mihajlo
Kontrola

I actually used the

Posted by tiato on January 4, 2010 at 11:52pm

I actually used the configuration template at g.d.o. here: http://groups.drupal.org/node/25038

which worked great except instead of adding rewrite rules which would risk being removed on verify I created a seperate config suffix_443 and simply copied over the SetEnv lines from suffix_80

SetEnv db_type  mysqli
SetEnv db_name  db
SetEnv db_user  db_user
SetEnv db_passwd  XXXXXX
SetEnv db_host  localhost

restarted apache and SSL is working great

Comments

SSL on Aegir 0.4Alpha2

Thanks for your post. I

I actually used the

Aegir hosting system

Group organizers

Group categories

Topic

New groups

Group notifications