/ Register

Join the community today
Register Now

Sysadmin SSL and FTP issue

Discussion in 'System Administration' started by p3ntagon, Mar 22, 2017.

Tags:
Previous Thread Next Thread
Loading...
  1. Mar 22, 2017 #1
    p3ntagon

    p3ntagon New Member

    3
    1
    3
    Mar 22, 2017
    Österreich
    Ratings:
    +2
    Local Time:
    2:29 AM
    1.11.10
    i just installed Centminmod and i am very happy with it:

    - CentOS 7 | 64bit
    - nginx 1.11.10
    - changed hostname
    - installed wordpress
    - configured keyCDN
    - configured autoptimize

    Everything went fine, except 2 problems i am running into right now:

    1) i have:

    Mar 21 08:51 5.0K mydomain.info.ssl.conf

    so i guess i need to set up conf to use https instead of http manually like this?

    server {
    listen 443 ssl http2;
    server.mydomain.info mydomain.info www.mydomain.info;
    return 301 https://mydomain.info$request_uri;
    }

    2) i have problem understanding the FTP:

    i can use winscp and connect via sftp without any problem. but: during installation of centminmod i got FTP data:

    FTP hostname : my-ip
    FTP port : 21
    FTP mode : FTP (explicit SSL)
    FTP Passive (PASV) : ensure is checked/enabled
    FTP username created for mydomain.info : my-user
    FTP password created for mydomain.info : my-pwd

    when i am trying to use winscp again using the data given (ftp, port 21, passive-mode, explicit ssl) then i can connect to the server but i do not get files listed:

    Status: connect to XX.XXX.XXX.XXX:21...
    Status: connection established, waitinf for welcome message...
    Status: initialising TLS...
    Status: checking certificate...
    Status: TLS-connection established.
    Status: logged in
    Status: receiving index...
    Befehl: PWD
    Antwort: 257 "/" is your current location
    Befehl: TYPE I
    Antwort: 200 TYPE is now 8-bit binary
    Befehl: PASV
    Antwort: 227 Entering Passive Mode (XX,XXX,XXX,XXX,133,249)
    Befehl: MLSD
    Fehler: timeout after 20 seconds
    Fehler: could not receive index

    which ftp is installed with centminmod and how to configure correctly? or is it a port-problem - which ports do i have to open in my firewall beside 20/21? i already searched a lot but most of the things i found were outdated so any help appreciated!
     
  2. Mar 22, 2017 #2
    eva2000

    eva2000 Administrator Staff Member

    55,941
    12,283
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,870
    Local Time:
    10:29 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    There's generally 3 ways of setting up HTTPS SSL certificate for Centmin Mod Nginx HTTP/2 based HTTPS

    Method 1. The traditional way via centmin.sh menu option 2, 22 and selecting yes to self-signed ssl certificates first. Then converting the self-signed ssl certificate to paid or free (Letsencrypt) web browser trusted SSL certificates outlined at How to switch self-signed SSL certificate to paid SSL certificate ? You would still need to follow the same steps outlined at Nginx SPDY SSL Configuration for obtaining and purchasing the paid SSL certificate and most important part is the concatenation of the SSL provider provided filesto create the mentioned /usr/local/nginx/conf/ssl/domaincom/ssl-unified.crt and /usr/local/nginx/conf/ssl/domaincom/ssl-trusted.crtfiles referenced in your Nginx SSL vhost config file.

    You may need to also decide if you want to enable HTTP to HTTPS redirect outlined at How to force redirect from HTTP:// to HTTPS:// ?

    If you didn't answer yes at time of initial nginx vhost creation to self-signed ssl certificates, you can manually setup the self-signed ssl certificate via the vhost generator by checking self-signed ssl box and enter a domain name. This will outline instructions for manually creating and setting up self-signed ssl certificate and nginx vhost settings. Then for web browser trusted ssl certificates you switch follow - How to switch self-signed SSL certificate to paid SSL certificate ?.

    Method 2. Using and testing Centmin Mod 123.09beta01's new addons/acmetool.sh addon which is still in beta testing only for integrating Letsencrypt SSL certificates. And has both auto and manual methods.

    Method 3. Fully manual method for free Letsencrypt SSL certificates.
    You already have mydomain.info.ssl.conf so i assumed you used one of these 3 methods ? which one ?

    for http to https redirect, posted at centminmod.com/nginx_domain_dns_setup.html#httpsredirect

    key to testing is using 302 temp redirect first in a private incognito browser session otherwise the problems you can experience may end up being due to browser caching or 301 permanent redirects unless you clear browser cache and reboot local computer(s) and even then some web browsers don't let go of 301 permanent redirect browser cache that willingly :)
     
  3. Mar 22, 2017 #3
    eva2000

    eva2000 Administrator Staff Member

    55,941
    12,283
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,870
    Local Time:
    10:29 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    You can read up on pure-ftpd virtual ftp user setup at Pure-FTPD Virtual FTP Users
    so if on centmin mod 123.09beta01 open ftp ports needed are 21 and 30001-50011
     
  4. Mar 24, 2017 #4
    p3ntagon

    p3ntagon New Member

    3
    1
    3
    Mar 22, 2017
    Österreich
    Ratings:
    +2
    Local Time:
    2:29 AM
    1.11.10
    thanks a lot, @eva2000 you have been a great help!
     
Previous Thread Next Thread
Loading...

.