LetsEncrypt SSL cert on subdomain on specific port

6 posts / 0 new
Last post
#1 Tue, 07/30/2019 - 05:54
cron

LetsEncrypt SSL cert on subdomain on specific port

I've set up gitlab on a virtualmin server and I want to add a LetsEncrypt SSL cert so I can access it via HTTPS without warnings. I created a "sub-server" git.mydomain.com to keep it separate from my primary domain (which also has an SSL cert installed), and added a LetsEncrypt certificate for git.mydomain.com successfully through the interface, but it's not securing port 8180 where I have gitlab running.

Does anyone know how I can configure the LetsEncrypt cert to work for port 8180?

Tue, 07/30/2019 - 08:36
suskozaver

What's the exact error?

What's the setting for current SSL certificate for the sub-server?

What's in the apache conf file for the sub-server?

Tue, 07/30/2019 - 09:00
cron

Thanks for the reply. I should have mentioned, the main website uses Apache which gitlab is using nginx on port 8180.

There's no error as such - The 8180 port is simply not secure when I load it in a browser (the cert is not loaded).

The settings on the SSL tab in Virtualmin look as they do when a letsencrypt cert is installed. It shows letsencrypt as the cert provider and shows paths to the certs. The cert is working fine on the sub-server on port 80 from what I can tell.

The VirtualHost looks just as you would expect:

SuexecUserGroup "#1075" "#1051"
ServerName git.mydomain.com
ServerAlias www.git.mydomain.com
ServerAlias mail.git.mydomain.com
ServerAlias webmail.git.mydomain.com
ServerAlias admin.git.mydomain.com
DocumentRoot /home/myuser/domains/git.mydomain.com/public_html
ErrorLog /var/log/virtualmin/git.mydomain.com_error_log
CustomLog /var/log/virtualmin/git.mydomain.com_access_log combined
ScriptAlias /cgi-bin/ /home/myuser/domains/git.mydomain.com/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/myuser/domains/git.mydomain.com/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
<Directory /home/myuser/domains/git.mydomain.com/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.git.mydomain.com
RewriteRule ^(.*) https://git.mydomain.com:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.git.mydomain.com
RewriteRule ^(.*) https://git.mydomain.com:10000/ [R]
RemoveHandler .php
RemoveHandler .php7.2
RemoveHandler .php7.2
php_admin_value engine Off
<FilesMatch \.php$>
SetHandler proxy:fcgi://localhost:8006
</FilesMatch>
SSLEngine on
SSLCertificateFile /home/myuser/domains/git.mydomain.com/ssl.cert
SSLCertificateKeyFile /home/myuser/domains/git.mydomain.com/ssl.key
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCACertificateFile /home/myuser/domains/git.mydomain.com/ssl.ca
Tue, 07/30/2019 - 10:03
suskozaver

I have no expirience with nginx, is it possible you have to setup nginx to serve the SSL cert?

Wed, 07/31/2019 - 08:31
cron

You might be right. I'm not sure how to do that but I'll do some research and report back!

Thu, 08/01/2019 - 05:49
cron

I couldnt get ngnix working with the SSL cert so I configured gitlab to use apache rather than ngnix. I had to make a few manual tweaks to the apache VirtualHost for git.mydomain.com but as soon as I saved, everything sprang into life! Thanks for the help