1 Topic by christophk

  • christophk
  • Member
  • Offline
  • Registered: 2016-05-23
  • Posts: 54

Topic: Other SSL sites

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.8
- Linux/BSD distribution name and version: Ubuntu 16.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? no
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi,
I am reading  https://docs.iredmail.org/use.a.bought. … icate.html  over and over again but I do not understand where (to what conf file or into what location location) I should add the server config for my other sites.

Like:

server {

       listen 443  ssl;
       ssl on;
       server_name www.example.com
       ....

         }

Dear Zhang, can I ask you for a bit more clarification.

Every Post concerning SSL seems to be different.

Chris

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by raystrach

  • raystrach
  • Member
  • Offline
  • Registered: 2012-05-21
  • Posts: 37

Re: Other SSL sites

christophk wrote:

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.8
- Linux/BSD distribution name and version: Ubuntu 16.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? no
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi,
I am reading  https://docs.iredmail.org/use.a.bought. … icate.html  over and over again but I do not understand where (to what conf file or into what location location) I should add the server config for my other sites.

Like:

server {

       listen 443  ssl;
       ssl on;
       server_name www.example.com
       ....

         }

Dear Zhang, can I ask you for a bit more clarification.

Every Post concerning SSL seems to be different.

Chris

i am no expert on nginx but i know you can add server blocks as required.

probably the cleanest way of doing so would be to create a mydomain.com.conf file and put it in the "sites-enabled" sub directory under nginx. the code might look something like this (not including a possible reference to a tmpl file)

server {

       listen 443  ssl;
       server_name mydomain.com www.mydomain.com;


    root /path/to/rootdir;
    index index.php index.html;


    ssl_certificate      /etc/letsencrypt/live/mydomain.com/fullchain.pem;
   ssl_certificate_key  /etc/letsencrypt/live/mydomain.com/privkey.pem;


         }

you would do one for each domain that needs a cert.

it is quite possible the lets encrypt will or will not do this for you when getting the cert if the block exists. not sure as i normally use apache

take note that this only applies to http requests, not mail connections through your mail access points. you have not given any context on that

hope this helps

rs

3 Reply by swejun

  • swejun
  • Member
  • Offline
  • Registered: 2017-07-26
  • Posts: 84

Re: Other SSL sites

christophk wrote:

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.8
- Linux/BSD distribution name and version: Ubuntu 16.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? no
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi,
I am reading  https://docs.iredmail.org/use.a.bought. … icate.html  over and over again but I do not understand where (to what conf file or into what location location) I should add the server config for my other sites.

Like:

server {

       listen 443  ssl;
       ssl on;
       server_name www.example.com
       ....

         }

Dear Zhang, can I ask you for a bit more clarification.

Every Post concerning SSL seems to be different.

Chris

My Nginx config files related to SSL looks as follows. I think it is the standard locations when installing from scratch


# ls -l /etc/nginx/sites-enabled/ 

total 0
lrwxrwxrwx 1 root root 42 Nov  2  2017 00-default.conf -> /etc/nginx/sites-available/00-default.conf
lrwxrwxrwx 1 root root 46 Nov  2  2017 00-default-ssl.conf -> /etc/nginx/sites-available/00-default-ssl.conf


# more  /etc/nginx/sites-available/00-default-ssl.conf

#
# Note: This file must be loaded before other virtual host config files,
#
# HTTPS
server {
    include /etc/nginx/templates/netdata.tmpl;
    include /etc/nginx/sites-conf.d/default-ssl/*.conf;
}


/etc/nginx/sites-conf.d/default-ssl/0-listen.conf

listen 443;
listen [::]:443;


/etc/nginx/sites-conf.d/default-ssl/1-include-tmpl-ssl.conf

include /etc/nginx/templates/ssl.tmpl;

/etc/nginx/templates/ssl.conf

ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:!SEED;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/pki/tls/dh2048_param.pem;
ssl_certificate /etc/pki/tls/certs/digicert-bundle.crt;
ssl_certificate_key /etc/pki/tls/private/private.key;

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,094

Re: Other SSL sites

with iRedMail-0.9.8, ssl cert/key location is defined in /etc/nginx/templates/ssl.tmpl. But if you want to use different ssl cert for other web domain, you can simply copy ssl.tmpl to other file name and load it in the "server {}" block for the web domain.

- Nginx uses 'include ...' directive to load given file, so it should be easy to understand the scope.
- Main config file is /etc/nginx/nginx.conf, read it first, then you will find it loads modular config files from different directories.