Forum Index Search Forum Register Log in

Runs on XP to Win 10

Current

Download 7.0

Download 7.1 Beta5 upgrade



A donation makes a contribution towards the time and effort that's going in to running this site.

Steffen

Contact:
My mail address is
at the top of the paypal form :

Your donations will help to keep this site alive and well.


Update your links !! November 2016 the forum is at www.apachelounge.com/sambar

In the forum there are links to sambarserver.info,
replace "sambarserver.info" with "apachelounge.com/sambar"
SLL certifying sambar

 
Post new topic   Reply to topic    Sambar Forum Index -> Coding & Script Corner
View previous topic :: View next topic  
Author Message
Chronamut



Joined: 23 Jan 2020
Posts: 2
Location: hamilton ontario canada

PostPosted: Thu 23 Jan '20 14:46    Post subject: SLL certifying sambar Reply with quote

hey guys, so I have been scratching my head trying to get this to work.

I use register.com to get my domain server name - I used this documentation from sambar to try to set it up:

http://wiesweg.no-ip.org:8080/syshelp/ssl.htm

my site is chronriddles.com

so let's break it down:

I used opensll in /bin to create the 2048 key as register.com requires 2048 not 1024:

openssl genrsa -rand randfile -out key.pem 2048

I then moved it to the config folder.

I then generated the csr:

openssl req -new -key key.pem -out req.pem -config ..\config\openssl.cnf

filled in all the attributes I needed to.

I then took the resulting certificate request code and sent it to register.com.

They verified and I was given 2 files:

chronriddles.crt: my primary certificate I am assuming
RSADomainValidationSecureServerCA.crt would be my intermediate certificate I guess.

now I don't know what to do at this point.

I changed the https to true in the config. I tried combining both files together and renaming them cert.pem as the instructions say to do that - but then I thought maybe it has something to do with certificate chain files like is mentioned so I tried to fun that string but got an error (i pointed it to congif).

openssl x509 -inform DES -in ca-bundle.crt -out ca-bundle.pem -text

(after moving ca-bundle.pem to try that)

or

openssl x509 -inform DES -in ..\config\ca-bundle.crt -out ca-bundle.pem -text

or

openssl x509 -inform DES -in ..\config\ca-bundle.crt -out ..\config\ca-bundle.pem -text


that gave me 2 errors regardless of what I tried:

7556:error:0D0680A8: asn1 encoding routines: ASN1_CHECK_TLEN: wrong tag: .\crypto\asn1\tasn_dec.c:1294:
7556:error:0D07803A: asn1 encoding routines: ASN1_ITEM_EX_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:380:Type=X509

when I tried to run my site it tells me I have a cypher mismatch - so I don't know what I am doing wrong - any help would be greatly appreciated. Do I have to add anything to ca-bundle.crt? How do I get both crt files I received to be seen as cert.pem? Do they have to be combined, or do I have to ru nthe openssl one for certificate chain files?Very confusing..

thanks!

-shawn-
Back to top
View user's profile Visit poster's website
Johannes
Moderator


Joined: 27 Nov 2005
Posts: 162
Location: SK,Canada

PostPosted: Fri 31 Jan '20 21:20    Post subject: Reply with quote

Hi there,

first, the supplied openssl is way to old
secondly, Sambar can not handle the new OpenSSL 1.1.0. The last one which works with Sambar is Openssl1.0.2

If you want to run your site with https, you need to run Apache or Nginx as SSL proxy in front of Sambar. This way all incoming SSL traffic will stop at the proxy and http traffic will than be forwarded to Sambar.

I am working myself on that right now and be half way through. Working on Debian though.

Johannes
Back to top
View user's profile Visit poster's website
Chronamut



Joined: 23 Jan 2020
Posts: 2
Location: hamilton ontario canada

PostPosted: Sat 01 Feb '20 2:46    Post subject: Reply with quote

hey there!

I actually solved the problem and bypassed sambar completely by using cloudflare to https certify it through my domain that i superimposed on sambar - it works and it shows as https Razz

https://chronriddles.com
Back to top
View user's profile Visit poster's website
Steffen



Joined: 07 Jun 2004
Posts: 418
Location: Netherlands

PostPosted: Sat 01 Feb '20 9:29    Post subject: Reply with quote

Johannes wrote:
Hi there,

If you want to run your site with https, you need to run Apache or Nginx as SSL proxy in front of Sambar. This way all incoming SSL traffic will stop at the proxy and http traffic will than be forwarded to Sambar.

I am working myself on that right now and be half way through. Working on Debian though.

Johannes


Yep, running here for years as Reverse Proxy in Apache :

In a vHost and Sambar running on Port 7089 :

ProxyPass / http://127.0.0.1:7089/
ProxyPassReverse / http://127.0.0.1:7089/
Back to top
View user's profile Visit poster's website
Johannes
Moderator


Joined: 27 Nov 2005
Posts: 162
Location: SK,Canada

PostPosted: Wed 05 Feb '20 19:51    Post subject: Reply with quote

Hi Steffen,

exactly, that is what I want to set up. But as I need STARTTLS for my Sambar Mail, I found out that Nginx can handle mail protocol too as Reverse Proxy.
So will set this up with Nginx to have all covered.

Will let you guys know how this will work, when done.

Johannes
Back to top
View user's profile Visit poster's website
Johannes
Moderator


Joined: 27 Nov 2005
Posts: 162
Location: SK,Canada

PostPosted: Sat 08 Feb '20 2:59    Post subject: Reply with quote

Steffen wrote:


Yep, running here for years as Reverse Proxy in Apache :

In a vHost and Sambar running on Port 7089 :

ProxyPass / http://127.0.0.1:7089/
ProxyPassReverse / http://127.0.0.1:7089/


Hi Steffen,

is there anything to set in Sambar to get the visitor's IP in the logs from Sambar?
I have setup one vhost behind Nginx. It is working as expected. But even with the correct settings for proxy_set_header directives, I am not able to see the visitor's IP in Sambar logs. How did you handle that, or do you have the IP from Apache in Sambar logs, as I have from Nginx ?

Any hint would be appreciated.
Thank you.

Johannes
Back to top
View user's profile Visit poster's website
Steffen



Joined: 07 Jun 2004
Posts: 418
Location: Netherlands

PostPosted: Sat 08 Feb '20 10:08    Post subject: Reply with quote

See the discussion about the IP at https://www.apachelounge.com/sambar/viewtopic.php?t=644

I cannot get that the IP is showing up in the logs, only as ENV var for example PHP:

PHP info:

HTTP_X_FORWARDED_SERVER www.land10web.com
HTTP_X_FORWARDED_HOST land10web.com
HTTP_X_FORWARDED_FOR 80.101.236.247
Back to top
View user's profile Visit poster's website
Johannes
Moderator


Joined: 27 Nov 2005
Posts: 162
Location: SK,Canada

PostPosted: Sat 08 Feb '20 17:39    Post subject: Reply with quote

Hi Steffen,

thank you.

That is in the right direction and I will have to use that already for for one custom form with sambar scripting which I currently have.

As far as the logs go, I did a little "fooling". Disabling the log files in Sambar (Sambar will not write the log files) instead, I created a link from the Nginx access log for the particular domain to the log directory in Sambar. Can read now the "original" Nginx logs as it was done by Sambar from the Sambar Admin area. Very Happy

If you are interested to view the visitors IP from the Sambar Admin area, you could do just the same with Apache's logs.

Johannes
Back to top
View user's profile Visit poster's website

Post new topic   Reply to topic    Sambar Forum Index -> Coding & Script Corner
Page 1 of 1