MRatWork Forum by Mustafa Ramadhan
Sawo Project - Kloxo-MR Discussions => Kloxo-MR Technical Helps => Topic started by: aamirrajpoot on 2016-06-21, 07:48:33
-
Hi,
I just installed Kloxo-MR 7.0.0.b-2016062004. I have been updating it since 201510 something.
I have installed letsencrypt certificate and it is added without any problem. I can see that in the list. But I am not able to access the website via https, firefox message. Unable to Connect.
-
Here is the telnet result for both 80 and 443.
telnet domain.com 80
Trying xxx.131.211.247...
Connected to domain.com.
Escape character is '^]'.
telnet domain.com 443
Trying xxx.131.211.247...
telnet: connect to address xxx.131.211.247: Connection refused
telnet: Unable to connect to remote host
-
Try update to Kloxo-MR 7.0 latest version.
-
Mentioned in my first Message I am using Kloxo-MR 7.0.0.b-2016062004
Again updating it to Kloxo-MR 7.0.0.b-2016062102 now
-
Try delete letsencrypt ssl certificate, run 'sh /script/fixssl; sh /script/fixweb; sh /script/restart-web -y' and then add again letsencrypt ssl certificate.
-
Removed certificate
Executed the commands you mentioned `sh /script/fixssl; sh /script/fixweb; sh /script/restart-web -y`
Re-Added certificate
Didnt worked,
Re-Executed the `sh /script/fixssl; sh /script/fixweb; sh /script/restart-web -y`
Still connection is refusing
-
Read log in 'log manager'.
-
Which Log, i tried Apache, LetsEncrypt they look okay to me
-
Try test your ssl via https://www.ssllabs.com/ssltest/
-
https://www.ssllabs.com/ssltest/analyze.html?d=domain.com
Assessment failed: Unable to connect to the server
I guess my server is not responding to port 443
-
netstat -tuplen
I found i have 8443 port, and then I can open my site using
-
Add azan.school ssl files (taken from /home/kloxo/ssl) as attachment.
-
Port 80 and 433 must be opened.
-
Could you please explain how I can do that? I am on Centos 6.8 Final with Kloxo-MR: 7.0.0.b-2016062102
I tried to following but still telnet is responding connection refused
$ iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
$ iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
$ iptables-save | sudo tee /etc/sysconfig/iptables
$ service iptables restart
$ service iptables restart
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
[root@server ~]# telnet localhost 443
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
Here is nmap results
nmap localhost
Starting Nmap 5.51 ( http://nmap.org ) at 2016-06-21 08:39 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000040s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 982 closed ports
PORT STATE SERVICE
21/tcp open ftp
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop3
143/tcp open imap
465/tcp open smtps
587/tcp open submission
993/tcp open imaps
995/tcp open pop3s
2200/tcp open ici
3306/tcp open mysql
7777/tcp open cbt
7778/tcp open interwise
8080/tcp open http-proxy
8083/tcp open us-srv
8084/tcp open unknown
8443/tcp open https-alt
Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds
-
I think, using IPtables/Firewall is useless in OS with Kloxo-MR!.
If you want create letsencrypt ssl need port 80 (http:) opened. In certain condition, need port 443 opened too.
-
Agreed, IPtables didnt worked. My port 80 is opened, and i need to open port 443. How I can open it? All tutorials on the net are realted to IPTables,
I can access site https://azan.school:8443/ but not https://azan.school/
-
By default, Kloxo-MR already 'disable' for IPTables. Yes, it's with 'dirty' trick.
Kloxo-MR rename /etc/sysconfig/iptables to /etc/sysconfig/iptables.kloxosave and /etc/sysconfig/ip6tables to /etc/sysconfig/ip6tables.kloxosave. And then run 'chkconfig --del iptables; service iptables stop'
-
I did as you said,
1. renamed the iptables to iptables.kloxosave
2. chkconfig --del iptables;
3. service iptables stop
Rebooted, still port is not open
-
inform here 'chkconfig --list|grep iptables; service iptables status'.
-
# chkconfig --list|grep iptables; service iptables status
iptables: Firewall is not running.
-
Open /etc/services and add:
https 443/tcp # http protocol over TLS/SSL
https 443/udp # http protocol over TLS/SSL
https 443/sctp # http protocol over TLS/SSL
-
It is already in the file
I am getting this in email for last couple of hours now
Host: server.xxxxxxxx.com
Date: Jun-21 01:57
Port: 443
Action: sh /script/restart-web --force >/dev/null 2>&1
-
Please focus to 1 issue!.
-
The lines you asked to add are already in the file `/etc/services`.
-
Dear MR.
I am stuck and still not able to open 443 port
-
It's about something wrong with your OS. Look like begin from iptables where actived by you.
-
I am not expert, so please tell me what steps I should take.
-
Okay, I have decided to do a clean install. But there are many email accounts and hostings on my server. What is the best way to migrate them to new server, without moving any configuration files
-
Using 'backup/restore' feature in Kloxo-MR will be backup all data (including website, database and email).
-
Great, thank you. Just to be on safe side, will this option also backup the configuration ? There are few issues, like FTP service stops sometime, or when I add a new website I need to fixweb etc.
Will those server settings will also be copied?
-
Great, thank you. Just to be on safe side, will this option also backup the configuration ? There are few issues, like FTP service stops sometime, or when I add a new website I need to fixweb etc.
Will those server settings will also be copied?
No need fixweb and restart-web after add domain. Just wait because every restart will be add in queue process.
-
I have created a new server, fresh installed Centos 6.8. After install I have installed KLOXOMR.
Later added only one domain, so I can try SSH. Still port 443 is not open, i have tried all the points mentioned in our last discussions.
A. Control Panel:
- Kloxo-MR: 7.0.0.b-2016062202
- Web: hiawatha-10.3.0-f.1.mr.el6.x86_64
- PHP: php54s-5.4.45-1.ius.el6 (fpm mode)
B. Plateform:
- OS: CentOS release 6.8 (Final) x86_64
- Hostname: server.aalasolutions.com
C. Services:
1. MySQL: MariaDB-server-10.0.26-1.el6.x86_64
2. PHP:
- Installed:
- Branch: php56w-cli-5.6.22-1.w6.x86_64
- Multiple:
* php56m-5.6.22-2.ius.el6
- Used: php56m-fpm
- Multiple: disable
3. Web Used: apache
- Hiawatha: hiawatha-10.3.0-f.1.mr.el6.x86_64
- Lighttpd: lighttpd-1.4.39-3.el6.x86_64
- Nginx: nginx-1.11.1-1.el6.ngx.x86_64
- Apache: httpd24u-2.4.20-3.ius.el6.x86_64
- PHP Type: php-fpm_event
- Secondary PHP: off
4. WebCache: trafficserver
- ATS: trafficserver-5.3.0-1.el6.x86_64
- Squid: --uninstalled--
- Varnish: --uninstalled--
5. Dns: bind
- Bind: bind-9.9.7-1.mr.el6.x86_64
- DJBDns: --uninstalled--
- NSD: --uninstalled--
- PowerDNS: --uninstalled--
- Yadifa: --uninstalled--
6. Mail: qmail-toaster-1.03-1.3.55.mr.el6.x86_64
- pop3/imap4: package courier-toaster is not installed
- smtp: qmail-toaster-1.03-1.3.55.mr.el6.x86_64
- spam: bogofilter-1.2.4-1.el6.x86_64
D. Memory:
total used free shared buffers cached
Mem: 2006 1793 212 0 55 1317
-/+ buffers/cache: 421 1585
Swap: 2047 0 2047
E. Disk Space:
Filesystem Size Used Avail Use% Mounted on
/dev/vda1 40G 4.8G 33G 13% /
-
Don't use webcache (like Varnish) if you want using https (aka ssl).
-
I was using web traffic server on old server, but not on new there is no caching
-
Inform here your 'sh /script/sysinfo' in new server.
-
I turned it on and off again, and after a restart it is working now.. will do more testing.
So far able to install SSL on 5 domains. Each time i do fixssl, fixweb and restart-web.
I think last time I had Cache that caused the issue, and now it just the couple of reboots and it is working now.
Question 1: if in future I install SSL for a domain, will it be added to que or I have to manually do the fixssl, fixweb and restart-web -y?
Question 2: Will it auto renew SSL or Do I have to run any command after 3 months?
-
No need running fixssl for latest update.
No renew feature at this moment. Still in progress.
-
I have added an SSL, but after 4 hours it was still not working. What is expected time for SSL to auto work. I had used fixssl to make the website work.
-
did you verify your apache conf file for your domain ?
Go to /home/apache/conf/domains/www.yourdomain.com.conf and modify the following lines :
<IfModule mod_ssl.c>
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/www.yourdomain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.yourdomain.com/privkey.pem
SSLCACertificatefile /etc/letsencrypt/live/www.yourdomain.com/chain.pem
</IfModule>
If necessary, restart apache. Let's encrypt works perfectly on my web server, I hope it will for you too :-)
-
No, latest version use ssl file inside /home/kloxo/ssl.
Beside Letsencrypt, Kloxo-MR 7.0 also serve for StartAPI (free also).
-
SSL is working fine for me. its just that when I add SSL for a domain, i have to run few commands