Learn about Centmin Mod LEMP Stack today
Register Now

Beta Branch add check_dns function to inc/nginx_addvhost.inc in 123.09beta01

Discussion in 'Centmin Mod Github Commits' started by eva2000, Aug 22, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    29,053
    6,594
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,790
    Local Time:
    4:46 PM
    Nginx 1.13.x
    MariaDB 5.5
  2. eva2000

    eva2000 Administrator Staff Member

    29,053
    6,594
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,790
    Local Time:
    4:46 PM
    Nginx 1.13.x
    MariaDB 5.5
    Updated Centmin Mod 123.09beta01's centmin.sh menu option 2 routine in inc/nginx_addvhost.inc for additional check_dns function to check if the site domain/subdomain you are adding has a valid DNS A record.

    This allows an earlier stage check and opportunity for end user to abort nginx vhost setup if the domain DNS hasn't been updated so you can update domain's DNS before re-running centmin.sh menu option 2. This may save some headaches for Letsencrypt SSL integration via addons/acmetool.sh as the domain verification stay of issuing a Letsencrypt SSL certificate requires valid domain DNS A record pointing to server's IP address.

    Example of 2 runs for acme000.domain1.com with invalid DNS and acme3.domain1.com with valid DNS via centmin.sh menu option 2.

    Code (Text):
    ./centmin.sh 
    
    --------------------------------------------------------
         Centmin Mod Menu 123.09beta01 domain1.com    
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  XCache Re-install
    7).  APC Cache Re-install
    8).  XCache Install
    9).  APC Cache Install
    10). Memcached Server Re-install
    11). MariaDB 5.2/5.5 & 10.x Upgrade Sub-Menu
    12). Zend OpCache Install/Re-install
    13). Install/Reinstall Redis PHP Extension
    14). SELinux disable
    15). Install/Reinstall ImagicK PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: pigz,pbzip2,lbzip2...
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Install/Re-Install
    21). Update - Nginx + PHP-FPM + Siege
    22). Add Wordpress Nginx vhost + Cache Plugin
    23). Update Centmin Mod Code Base
    24). Exit
    --------------------------------------------------------
    Enter option [ 1 - 24 ] 2
    --------------------------------------------------------
    

    invalid DNS acme000.domain1.com example
    Code (Text):
    ---------------------------------------------
    
    ---------------------------------------------------------------
    Important Information
    ---------------------------------------------------------------
    
    You are about to create an Nginx vhost site account with/without
    HTTPS/SSL support. Details of this process are outlined on site
    at domain1.com/nginx_domain_dns_setup.html. Also read the
    continually updated Getting Started Guide for Centmin Mod usage
    at domain1.com/getstarted.html which covers the pure-ftpd
    ftp username that is auto generated with the Nginx vhost site.
    
    Do you want to continue with Nginx vhost site creation ? [y/n] y
    
    Enter vhost domain name to add (without www. prefix): acme000.domain1.com
    
    Create a self-signed SSL certificate Nginx vhost? [y/n]: n
    Get Letsencrypt SSL certificate Nginx vhost? [y/n]: y
    
    ---------------------------------------------------------------
    To get Letsencrypt SSL certificate, you must already have updated intended
    domain vhost name's DNS A record to this server's IP addresss.
    If top level domain, DNS A record is needed also for www. version of domain
    otherwise, Letsencrypt domain name validation will fail.
    ---------------------------------------------------------------
    continue [y/n] ? y
    
    
    acme000.domain1.com is not a top level domain
    current DNS A record IP address for acme000.domain1.com is: 
    !! Error: missing DNS A record for acme000.domain1.com
    
    Abort this Nginx vhost domain setup to setup proper DNS A record(s) first? [y/n]: y
    

    valid DNS acme3.domain1.com example
    Code (Text):
    ---------------------------------------------------------------
    Important Information
    ---------------------------------------------------------------
    
    You are about to create an Nginx vhost site account with/without
    HTTPS/SSL support. Details of this process are outlined on site
    at domain1.com/nginx_domain_dns_setup.html. Also read the
    continually updated Getting Started Guide for Centmin Mod usage
    at domain1.com/getstarted.html which covers the pure-ftpd
    ftp username that is auto generated with the Nginx vhost site.
    
    Do you want to continue with Nginx vhost site creation ? [y/n] y
    
    Enter vhost domain name to add (without www. prefix): acme3.domain1.com
    
    Create a self-signed SSL certificate Nginx vhost? [y/n]: n
    Get Letsencrypt SSL certificate Nginx vhost? [y/n]: y
    
    ---------------------------------------------------------------
    To get Letsencrypt SSL certificate, you must already have updated intended
    domain vhost name's DNS A record to this server's IP addresss.
    If top level domain, DNS A record is needed also for www. version of domain
    otherwise, Letsencrypt domain name validation will fail.
    ---------------------------------------------------------------
    continue [y/n] ? y
    
    
    acme3.domain1.com is not a top level domain
    your server IP address: 111.222.333.444
    current DNS A record IP address for acme3.domain1.com is: 111.222.333.444
    
    Abort this Nginx vhost domain setup to setup proper DNS A record(s) first? [y/n]: n
    
     
  3. pamamolf

    pamamolf Well-Known Member

    2,539
    231
    63
    May 31, 2014
    Ratings:
    +394
    Local Time:
    9:46 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    But how i can transfer from another server a domain that is already use https ?

    As usually i create the vhost and transfer the files and then i change the DNS......
     
  4. JarylW

    JarylW Active Member

    213
    39
    28
    Jun 19, 2014
    Singapore
    Ratings:
    +99
    Local Time:
    2:46 PM
    Backup sql on old server and restore on new one? Replaces URLs is domain changed?
     
  5. eva2000

    eva2000 Administrator Staff Member

    29,053
    6,594
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,790
    Local Time:
    4:46 PM
    Nginx 1.13.x
    MariaDB 5.5
    if both servers use centmin mod, run acmetool.sh on old server to get domain with letsencrypt ssl cert first, then transfer site to new server and run acmetool.sh again on new server. I'd backup the nginx vhost for the site before running acmetool.sh

    or make use of SANs multi-domain letsencrypt certs to add a domain alias to SSL certificate and nginx vhost on existing domain's server Letsencrypt - Official acmetool.sh testing thread for Centmin Mod 123.09beta01 | Centmin Mod Community

    1. so setup subdomain.oldserverdomain.com as a domain alias on old and new servers for your oldserverdomain.com nginx vhost - Domains - How to Park domain on top of another (domain aliases) ? | Centmin Mod Community
    2. update subdomain.oldserverdomain.com DNS A record to point to old server first
    3. Then run on old server pass live or lived flag - recommend live flag or non-https default
      Code (Text):
      ./acmetool.sh issue oldserverdomain.com,subdomain.oldserverdomain.com

      so ssl cert covers oldserverdomain.com, www. version of oldserverdomain.com and subdomain.oldserverdomain.com
    4. then on new server setup oldserverdomain.com nginx vhost and manually add subdomain.oldserverdomain.com as a domain alias to that vhost. Use subdomain alias for testing and accessing your new server copy of transferred site
    5. transfer old server's files / data and vhost files including obtained ssl certificates at /usr/local/nginx/conf/ssl/oldserverdomain.com which contain letsencrypt ssl certificates
    6. then update dns for oldserverdomain.com and subdomain.oldserverdomain.com to point to new server IP
    7. once dns is fully propogated just run acmetool.sh on new server again
      Code (Text):
      ./acmetool.sh issue oldserverdomain.com,subdomain.oldserverdomain.com

      may need reissue rather than issue
      Code (Text):
      ./acmetool.sh reissue oldserverdomain.com,subdomain.oldserverdomain.com

      so to get acme.sh cronjob all setup on new server
    8. though you may not need subdomain.oldserverdomain.com part if you don't need live access to new server concurrently for other visitors, you can use local hosts file edit to preview new server version. In that case just transfer the letsencrypt ssl certs from old server at /usr/local/nginx/conf/ssl/oldserverdomain.com which contain letsencrypt ssl certificates along with your site data files like you usually do. Then on new server run acmetool.sh
      Code (Text):
      ./acmetool.sh reissue oldserverdomain.com
     
    Last edited: Aug 23, 2016
  6. eva2000

    eva2000 Administrator Staff Member

    29,053
    6,594
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,790
    Local Time:
    4:46 PM
    Nginx 1.13.x
    MariaDB 5.5
    actually thinking about it, i might add to acmetool.sh a option just to issue an ssl certificate but not install it into nginx vhost/touch the nginx vhost files which can be used for server moves so can copy ssl cert alone to new server temporarily for server moves

    though it's quite easy to just copy /usr/local/nginx/conf/ssl/oldserverdomain.com ssl cert files along with site domain vhost files and site file/data to new server too
     
  7. eva2000

    eva2000 Administrator Staff Member

    29,053
    6,594
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,790
    Local Time:
    4:46 PM
    Nginx 1.13.x
    MariaDB 5.5
    more thoughts, you can actually copy over the entire acme.sh setup too probably

    1. on new server run acmetool install only ./acmetool.sh acmeinstall
    2. copy /root/.acme.sh contents from old server to new server
    3. copy /usr/local/nginx/conf/ssl/oldserverdomain.com ssl cert files along with site domain vhost files and site file/data to new server too
     
  8. JarylW

    JarylW Active Member

    213
    39
    28
    Jun 19, 2014
    Singapore
    Ratings:
    +99
    Local Time:
    2:46 PM
    hmmm.. doesn't acmetool create ssl somewhere in /etc/letsencrypt or /etc/acmetool or similar for cronjob? maybe i am confused with old automation tool
     
  9. eva2000

    eva2000 Administrator Staff Member

    29,053
    6,594
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,790
    Local Time:
    4:46 PM
    Nginx 1.13.x
    MariaDB 5.5
    acmetool.sh runs 2 stages one for issue and one for installcert. Issue is for ssl letsnecrypt domain validation and getting ssl cert issued saved to /root/.acme.sh/domain.com directory. The installcert stage is to copy /root/.acme.sh/domain.com/* ssl cert files to centmin mod nginx ssl vhost directory /usr/local/nginx/conf/ssl/domain.com and use this path to update nginx ssl vhost to point to for ssl cert location. So you can technically just copy /usr/local/nginx/conf/ssl/domain.com over with your nginx ssl vhost and site should work for at least how long you ssl cert expiry has <90 days if you just issued etc.

    that's why you need to install acmetool.sh via acmeinstall option on new server so the cronjob is setup and copy over /root/.acme.sh data from old server to new server afterwards so a record of installcert path is found from file at /root/.acme.sh/domain.com/
     
    • Informative Informative x 1
  10. pamamolf

    pamamolf Well-Known Member

    2,539
    231
    63
    May 31, 2014
    Ratings:
    +394
    Local Time:
    9:46 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    Don't know but i hope to get an easy way to add ssl on an existing vhost for my servers that i use already and an easy way for new ones that don't use Centminmod and have ssl and transferring to Centminmod....

    The above doesn't sound so easy but you know better and i hope at the end when i try it to be ok :)