I have installed an ISPConfig server behind a Nethserver with reverse proxy and I have difficulties with HTTPS, specifically the situation is as follows:
The nethserver is fully exposed;
the server with ISPConfig has a local address;
the ISOP config panel security certificate I generate from nethserver and route it via reverse proxy.
However, when I create a website and install wordpress I get page loading anomalies due to mixed content blocking. Even if I create the certificate and route it from nethserver it is the same thing.
Other factor is that from ISPConfig no I can secure with let’s ecncrypt the site.
The provider provides a public IP address that I have routed to nethserver which publicly is reachable whereas if I want to verify the public ip on my-ip.it I get another address
what should i verify?
Now I’ve disabled the certificate in nethserver for the website and try to create it into ISPConfig but obtained this:
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
root@webdelante:/# letsencrypt certonly --webroot -w /var/www -d nuovo2.coopdelante.it
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for nuovo2.coopdelante.it
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Detail: 18.104.22.168: Invalid response from http://nuovo2.coopdelante.it/.well-known/acme-challenge/5JDXoG9ZaK2Ai3Dbui7V-drHJvtK456IaQgdXaBOSAY: 404
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
And welcome to the NethServer community.
A Reverse Proxy can and WILL cause problems if you’re not aware of the fact that a LOT of applications need and use Websockets, something that NethServers reverse Proxy can handle, but not enough to cover all situations.
Websockets need “path” information, not just the target URL for a true reverse Proxy.
LetsEncrypt SSL certs are another issue. for more than one Server behind an IP, the easiest way would be to change your domain hoster to one which supports DNS verification for LE certs, instead of the default http. NethServer 7 supports only the HTTP verification. You can only pass port 80 to one server…
You could use aliases in the NethServer certificate request, but this can entail further issues.
I do not think putting ISPconfig behind a reverse proxy on NethServer 7 is a good idea.
Both products have very different goals and implementations!
My 2 cents
@ernesto i am curious as to why you would want to run ispconfig behind nethserver,
are there any benefits you hoped to achieve with NS at the front. i would understand as a firewall.
Is it that you only have one public ip address, that’s currently connected to nethserver, and ispconfig is connected on a private IP.
Thank you very much Andy,
I hadn’t considered websockets, that’s information I had missed. At this point I see it complicated… the nethserver I use for the other modules (nethvoice,nethservice) and I had the need to host a site, I know in nethserver you can with the webserver application but it seems that the php and mysql version is old, so I had thought of a separate machine with ISPConfig.
Yes, this is the scenario
Newer PHP versions are possible in the dropdown in Virtual Host…
Also newer versions of MariaDB/MySQL are possible, eg NextCloud runs with 10.5 (AFAIK and Offhand…). Actually, in several NethServers, there are almost always several different versions of MariaDB running at the same time.
Containers (Docker) makes this possible.
My 2 cents
I’ll give it a try, it might be the solution and avoid having ISPConfig behind nethserver