Page 2 of 2 FirstFirst 12
Results 16 to 20 of 20
  1. #16
    Join Date
    Apr 2016
    Posts
    55
    Points
    1,530
    Level
    15
    It's being limited to grade B due to the RC4 cipher even though I'm using the same cipher as another Interworx server we have and that gets a grade A. I've compared the ssl.conf files and they are pretty much identical.

    Is there other files that play a part in this? I see you mention the apache config file for the site. Is there a default one that would manage the control panel URL?


    Redirects:

    Is there a way to find out which file would control the redirects for the control panel? The reason I'm asking anything I put in the iworx.conf file such as:

    RewriteEngine on
    RewriteRule ^/siteworx(/)?$ https://%{HTTP_HOST}:2443/siteworx/\?domain=%{HTTP_HOST} [R,L]
    RewriteRule ^/nodeworx(/)?$ https://%{HTTP_HOST}:2443/nodeworx/ [R,L]
    RewriteRule ^/roundcube(/)?$ https://%{HTTP_HOST}:2443/roundcube/ [R,L]

    Does not seem to have any affect whatsoever - Even after cache clearing in the browser or apache restarts. But If i have the above options on another interworx server it works straight away. The person who originally set up the one we have been working on doesn't work here no more so I just have a tad feeling something is either missing in the iworx.conf file or it's been told to be controlled by else where - Is that's possible with this setup?
    Last edited by Bertie; 02-17-2017 at 02:36 AM.

  2. #17
    Join Date
    Apr 2012
    Posts
    2,150
    Points
    23,244
    Level
    66
    Hi Bertie

    My initial thoughts are

    Qualys grade - are you using the default cipher for nodeworx and your hostname siteworx (note - if you set the hostname siteworx cipher to a different cipher, qualys is checking this cipher, so both need to match)

    Control - yes, this depends upon if you clustered IW. A quick check would be to login to nodeworx, cluster. I suppose if they were clustered but the cluster stopped manual (i.e. Cluster removed manually), it may not have been fully

    Hence my post over opening a support ticket so Iw could have a look

    However, that said, I would advice you track the hostname through your systems, ping the domain, does it resolve correctly for the IP address, and is this IP address pointing at the correct server etc or are you running any load balancer or anything higher up then the IW

    Many thanks

    John

  3. #18
    Join Date
    May 2004
    Location
    Miami
    Posts
    1,279
    Points
    23,139
    Level
    66
    Quote Originally Posted by Bertie View Post
    It's being limited to grade B due to the RC4 cipher even though I'm using the same cipher as another Interworx server we have and that gets a grade A. I've compared the ssl.conf files and they are pretty much identical.

    Is there other files that play a part in this? I see you mention the apache config file for the site. Is there a default one that would manage the control panel URL?
    ssl.conf is for the public web server. So this would only affect SiteWorx websites.
    /siteworx, / nodeworx, /webmail, etc. all run on the Interworx apache server which has it's own ciphers.

    The easiest way to manage the ciphers for Interworx server is on the NodeWorx SSL page through the ciphers.
    If you want to edit SSL info for the Interworx server you can by going here: /home/interworx/etc/httpd/httpd-custom.conf

    This is the equivalent of the ssl.conf, but for the internal Interworx web server.

    Quote Originally Posted by Bertie View Post
    Redirects:

    Is there a way to find out which file would control the redirects for the control panel? The reason I'm asking anything I put in the iworx.conf file such as:

    RewriteEngine on
    RewriteRule ^/siteworx(/)?$ https://%{HTTP_HOST}:2443/siteworx/\?domain=%{HTTP_HOST} [R,L]
    RewriteRule ^/nodeworx(/)?$ https://%{HTTP_HOST}:2443/nodeworx/ [R,L]
    RewriteRule ^/roundcube(/)?$ https://%{HTTP_HOST}:2443/roundcube/ [R,L]
    The redirects are actually on the public web server in iworx.conf as you've figured out, since those are connection on the normal port. But once the redirect fires you are then on the Interworx internal web server.
    More info here: http://forums.interworx.com/threads/...ube-etc-to-SSL
    [ JUSTIN ]
    [ OFF unit ]
    [ WEB DESIGN / DEVELOPMENT, GRAPHIC DESIGN, OTHER STUFF
    ]

  4. The Following User Says Thank You to Justec For This Useful Post:


  5. #19
    Join Date
    Apr 2016
    Posts
    55
    Points
    1,530
    Level
    15
    Quote Originally Posted by Justec View Post
    ssl.conf is for the public web server. So this would only affect SiteWorx websites.
    /siteworx, / nodeworx, /webmail, etc. all run on the Interworx apache server which has it's own ciphers.

    The easiest way to manage the ciphers for Interworx server is on the NodeWorx SSL page through the ciphers.
    If you want to edit SSL info for the Interworx server you can by going here: /home/interworx/etc/httpd/httpd-custom.conf

    This is the equivalent of the ssl.conf, but for the internal Interworx web server.



    The redirects are actually on the public web server in iworx.conf as you've figured out, since those are connection on the normal port. But once the redirect fires you are then on the Interworx internal web server.
    More info here: http://forums.interworx.com/threads/...ube-etc-to-SSL

    Thanks for the mention of: httpd-custom.conf. I've managed to get the hostname SSL to an A+ by making changes in there.
    Last edited by Bertie; 02-20-2017 at 05:35 AM.

  6. #20
    Join Date
    Dec 2016
    Posts
    10
    Points
    327
    Level
    6
    If you do not setup a siteworx account as above, the nodeworx ssl still correctly works, but you cannot test fully

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •