By Default CWP Server is using Modified Nginx server which is called CWP server and It is used for Admin, Client & Webmail Panel Login. I am also using Let's Encrypt SSL for my CWP Admin, Client & Webmail Panel .
Follow This Article : ( Part 1)
CWP: How to Configure Let's Encrypt SSL Certificate for your server Hostname/FQDN on CWP7.admin
N.B: I am using the below cipherlist
https://cipherli.st/
https://mozilla.github.io/server-side-tls/ssl-config-generator/
https://wiki.mozilla.org/Security/Server_Side_TLS
https://ssl-config.mozilla.org/#server=apache&server-version=2.4.39&config=intermediate&openssl-version=1.0.2k-fips
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
https://ssldecoder.org/
CWP Admin Panel Link (by hostname)
CWP Admin Panel Link: http://server1.datahead.biz:2030
CWP Admin Panel Link: http://server1.datahead.biz:2086
CWP Admin Panel SSL Link: https://server1.datahead.biz:2031
CWP Admin Panel SSL Link: https://server1.datahead.biz:2087
CWP User Panel Link (by hostname)
CWP User Panel Link: http://server1.datahead.biz:2082
CWP User Panel SSL Link: https://server1.datahead.biz:2083
CWP Webmail Panel Link (by hostname)
CWP Webmail Panel Link: http://server1.datahead.biz:2095
CWP Webmail Panel SSL Link: https://server1.datahead.biz:2096
Admin Panel Directory:
Now Open the cwpsrv.conf file , find the below code marked as red and comment(#) it .
Use the code that is marked as blue . Don't forget to replace the Server FQDN .
https://www.ssllabs.com/ssltest/index.html
Follow This Article : ( Part 1)
CWP: How to Configure Let's Encrypt SSL Certificate for your server Hostname/FQDN on CWP7.admin
N.B: I am using the below cipherlist
https://cipherli.st/
https://mozilla.github.io/server-side-tls/ssl-config-generator/
https://wiki.mozilla.org/Security/Server_Side_TLS
https://ssl-config.mozilla.org/#server=apache&server-version=2.4.39&config=intermediate&openssl-version=1.0.2k-fips
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
https://ssldecoder.org/
CWP Admin Panel Link (by hostname)
CWP Admin Panel Link: http://server1.datahead.biz:2030
CWP Admin Panel Link: http://server1.datahead.biz:2086
CWP Admin Panel SSL Link: https://server1.datahead.biz:2031
CWP Admin Panel SSL Link: https://server1.datahead.biz:2087
CWP User Panel Link (by hostname)
CWP User Panel Link: http://server1.datahead.biz:2082
CWP User Panel SSL Link: https://server1.datahead.biz:2083
CWP Webmail Panel Link (by hostname)
CWP Webmail Panel Link: http://server1.datahead.biz:2095
CWP Webmail Panel SSL Link: https://server1.datahead.biz:2096
Admin Panel Directory:
# cd /usr/local/cwpsrv/conf/
User Panel Directory:# cd /usr/local/cwpsrv/conf/
For Admin Panel: Now Open the cwpsrv.conf file , find the below code marked as red and comment(#) it .
Use the code that is marked as blue . Don't forget to replace the Server FQDN .
# vi /usr/local/cwpsrv/conf/cwpsrv.conf
#ssl_session_timeout 90m;
#ssl_certificate /etc/pki/tls/certs/hostname.bundle;
#ssl_certificate_key /etc/pki/tls/private/hostname.key;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers HIGH:!aNULL:!MD5;
#ssl_prefer_server_ciphers on;
ssl_certificate /etc/letsencrypt/live/server1.datahead.biz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/server1.datahead.biz/privkey.pem;
#ssl_protocols TLSv1.3;# Requires nginx >= 1.13.0 else use TLSv1.2
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam.pem; # openssl dhparam -out /etc/nginx/dhparam.pem 4096
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
For Client Panel: # vi /usr/local/cwpsrv/conf.d/users.conf
#ssl_session_timeout 90m;
#ssl_certificate /etc/pki/tls/certs/hostname.bundle;
#ssl_certificate_key /etc/pki/tls/private/hostname.key;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers HIGH:!aNULL:!MD5;
#ssl_prefer_server_ciphers on;
ssl_certificate /etc/letsencrypt/live/server1.datahead.biz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/server1.datahead.biz/privkey.pem;
#ssl_protocols TLSv1.3;# Requires nginx >= 1.13.0 else use TLSv1.2
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam.pem; # openssl dhparam -out /etc/nginx/dhparam.pem 4096
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
For Webmail Panel: # vi /usr/local/cwpsrv/conf.d/webmail.conf
#ssl_session_timeout 90m;
#ssl_certificate /etc/pki/tls/certs/hostname.bundle;
#ssl_certificate_key /etc/pki/tls/private/hostname.key;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers HIGH:!aNULL:!MD5;
#ssl_prefer_server_ciphers on;
ssl_certificate /etc/letsencrypt/live/server1.datahead.biz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/server1.datahead.biz/privkey.pem;
#ssl_protocols TLSv1.3;# Requires nginx >= 1.13.0 else use TLSv1.2
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam.pem; # openssl dhparam -out /etc/nginx/dhparam.pem 4096
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
Secure your api ( Do the same )# vi user-api.conf
# vi api.conf
Finally check the syntax and reload/restart the server# /usr/local/cwpsrv/bin/cwpsrv -t
# systemctl restart cwp-phpfpm
# systemctl restart cwpsrv
Check your SSL Certificate: https://www.ssllabs.com/ssltest/index.html
Comments
Post a Comment
You are always welcome to comment here, but your remarks should be relevant to the conversation. To keep the exchanges focused and engaging, we reserve the right to remove off-topic comments, or self-promoting URLs and vacuous messages.
We will try to reply to your queries as soon as time allows.
Regards,
Admin