SSL website problems

17 posts / 0 new
Last post
#1 Mon, 12/18/2006 - 00:27
sgrayban

SSL website problems

I am trying to create a new SSL website and all I get is "SSL cannot be enabled unless a virtual IP interface or private port is enabled" for a error.

In the module "Virtual IP" I have assigned the available IP's VM can use but still no go. I must be missing something either easy to miss or I am just stupid here.

I use virtual network interfaces if that makes any difference.

Anyone could shed some light on this for me?

Mon, 12/18/2006 - 09:54
Joe
Joe's picture

Hey Scott,

At the bottom of the virtual server creation form, there's a field labeled "Network interface". You need to choose "Virtual with IP", and if you've specified addresses that Virtualmin can use, you'll have a dropdown that you can choose the address from. If you haven't specified any addresses it'll just be a text field, and you can either select "Already active" for addresses that already exist on the system, or you can leave it unchecked and Virtualmin will create the address for you.

--

Check out the forum guidelines!

Wed, 12/20/2006 - 13:12 (Reply to #2)
sgrayban

Still there? I answered back but haven't gotten a reply back yet.

Mon, 12/18/2006 - 14:25
sgrayban

I found out they only show up if the virtual interface isn't up in ifconfig.

However, I think that should be overridden in the next release. I start all my interfaces at boot up just for simplicity since I now I'll forget to bring them if I need them.

What VM should do is keep a running tab of what SSL or FTP sites are assigned that IP.

Not all SSL sites use FTP and not all FTP sites use SSL. YOu may even have a normal website that never uses or needs SSL and now you have tied up that IP that could be used for SSL or FTP.

Right?

Wed, 12/20/2006 - 14:15
DanLong

Scott,
Joe pointed out that if you've already assigned a VI to an IP then on account creation enter the IP and check "already active".

It's best to let VM create the virtual interface during account creation by inserting the IP or choosing from the list of available IPs. VM does keep track of who's on what base but if you create the interface outside of VM you have to manually give control back to VM.

Joe and Jamie have done an awesome job of uncomplicating the virtual interface issue.

Remember that SSL can only support one virtual server on one IP. :-)

Wed, 12/20/2006 - 14:29 (Reply to #5)
sgrayban

What I see when I create a new server is...

"Network interface Shared, on IP xxxxx Virtual with allocated IP"

So the later will let you choose what IP to use?

Wed, 12/20/2006 - 14:44
DanLong

What version of VM are you using?

You can choose to default to shared IP in the module config or you can choose the latter and it will force a new IP selection (or choose shared) just to finish account creation.

The prompt appears that you've chosen shared by default, you then should hit the radio button to assign virtual with IP and it will create a virtual interface for you.

You should also have a change IP module.

So in all, there are at least 3 areas you can change or modify the IPs on virtual servers within VM.

Account creation
Modify virtual server
Change IP Address

Wed, 12/20/2006 - 18:19 (Reply to #7)
sgrayban

I'm using Version 3.31.gpl.

Maybe that is why I just don't see what every one else is seeing.

Wed, 12/20/2006 - 21:37 (Reply to #8)
DanLong

Hi Scott,
I have GPL 3.29 on a box and it shows..
In account creation at the very bottom.
*******************************************
Network interface * Shared, on IP 69.1xx.xxx.xxx Virtual with IP [[______________]] [[ ]] ( Already active )

***********************************************

I tried eveyconfig setting to make it go away but could find none. As said before, you mau try releasing the VI interfaces that you made under webmin network module and let VM do it for you.

Wed, 12/20/2006 - 23:27 (Reply to #9)
sgrayban

I really dislike this function of having Virtual Interfaces having to be down just to use the bloody IP's.

Please change this behaviour.

Thu, 12/21/2006 - 00:07 (Reply to #10)
Joe
Joe's picture

Hey Scott,

It has been changed. I agree with you...it is annoying.

In the current (and past couple) release, you can specify "Interface is already up" when you create the new virtual server.

--

Check out the forum guidelines!

Thu, 12/21/2006 - 02:26 (Reply to #11)
sgrayban

Uhhh am I missing a update then? I don't see this in the gpl version at all and there aren't any updates.

Thu, 12/21/2006 - 09:13 (Reply to #12)
DanLong

Hey Scott,

It's not a matter of the VIs being down, it's the matter of giving VM the responsibility to allocate. You can always setup VIs for other functions. The restrictions of a dedicated IP are dictated by apache and ProFTP. That's why it's best to leave VM do the setup and have as you stated earlier a running record of VIs in VM. Makes removeal so much easier in the event you need to suspend or cancel the customer.

Oh, and I upgraded one of the GPL 3.29 boxes to 3.31 and the function is still located at the bottom of create account so it should show for you, so this is puzzling.

Thu, 12/21/2006 - 23:57 (Reply to #13)
sgrayban

You're missing the entire point of the post.

1) I bring the Virtual Interfaces up at boot time.
2) VM doesn't like that and won't assign any IP's unless I bring the VI's down which is silly and annoying as hell.
3) I want to be able to override ANY IP settings that VM's has regardless what it thinks.

The point is that #3 I can't do unless I bring the VI that has the IP I want to assign is down.

Once I assign that IP to a website or IP FTP it won't matter whether or not the VI is up or down so why do I need to fight with the VI's when its pointless in the first place?

Thu, 12/21/2006 - 10:37
DM

I have deleted the ip from the Network interfaces "active now" list and after doing that if I try to use it as an ssl server I get the same error.

Fri, 12/22/2006 - 00:04
sgrayban

I'll make this as simple as possible for everyone to see the issue here.

Example:
ETH0:8 is assign IP 71.32.15.204 and isn't used by anything yet. It's just up.

VM won't use that VI simply because its UP. It doesn't care whether its in use or not.

That behaviour needs to be changed.

In the current GPL release of VM it won't let you assign the IP until you bring ETH0:8 down which is pointless.

Fri, 12/22/2006 - 00:13
sgrayban

Oh and another reason I bring all my IP's up is because its set that way with apache where I have defined all my shared IP's in the Vhosts.conf so when someone tries to use just the IP it automatically shows this error and informs them to use the host name.

VM defeats that purpose.