We Keep Coding

Plesk Implement client SSL certificates for authentication

I need to configure Plesk Apache
Where users will authenticate with a .pfx digital certificate
find text within files
Server Error
403
Forbidden
You do not have permission to access this document.
I use Plesk
I just want the /login/ folder
Request client certificate
https://site.plesk.page/login/
I couldn't get it to work.
Configuration file:
/var/www/vhosts/system/site.plesk.page/conf/httpd.conf
<IfModule mod_ssl.c>
<VirtualHost 177.234.155.186:7081 >
ServerName "site.plesk.page"
ServerAlias "www.site.plesk.page"
ServerAlias "ipv4.site.plesk.page"
UseCanonicalName Off
CustomLog /var/www/vhosts/system/site.plesk.page/logs/access_ssl_log plesklog
ErrorLog "/var/www/vhosts/system/site.plesk.page/logs/error_log"
DocumentRoot "/var/www/vhosts/site.plesk.page/httpdocs"
<IfModule mod_suexec.c>
SuexecUserGroup "cert_a1a3" "psacln"
</IfModule>
<IfModule mod_userdir.c>
UserDir "/var/www/vhosts/site.plesk.page/web_users/*"
</IfModule>
<IfModule mod_sysenv.c>
SetSysEnv PP_VHOST_ID "446fa1b6-1832-4b2b-ae5d-aab42b94bd29"
</IfModule>
Alias "/plesk-stat" "/var/www/vhosts/system/site.plesk.page/statistics"
<Location /plesk-stat/>
Options +Indexes
</Location>
<Location /plesk-stat/logs/>
Require valid-user
</Location>
Alias /webstat /var/www/vhosts/system/site.plesk.page/statistics/webstat
Alias /webstat-ssl /var/www/vhosts/system/site.plesk.page/statistics/webstat-ssl
Alias /ftpstat /var/www/vhosts/system/site.plesk.page/statistics/ftpstat
Alias /anon_ftpstat /var/www/vhosts/system/site.plesk.page/statistics/anon_ftpstat
Alias /awstats-icon /usr/share/awstats/wwwroot/icon
SSLEngine on
SSLProtocol -all +TLSv1.2
SSLHonorCipherOrder On
SSLVerifyClient none
SSLCertificateFile /usr/local/psa/var/certificates/scf6sEW8u
SSLCACertificateFile /usr/local/psa/var/certificates/ca-bundle.crt
SSLCACertificatePath /usr/local/psa/var/certificates/
SSLSessionCacheTimeout 1
<Directory /var/www/vhosts/site.plesk.page/httpdocs>
<IfModule mod_fcgid.c>
<Files ~ (\.fcgi$)>
SetHandler fcgid-script
Options +ExecCGI
</Files>
</IfModule>
<IfModule mod_proxy_fcgi.c>
<Files ~ (\.php$)>
SetHandler proxy:unix:/var/www/vhosts/system/site.plesk.page/php-fpm.sock|fcgi://127.0.0.1:9000
</Files>
</IfModule>
SSLRequireSSL
Options -Includes -ExecCGI
</Directory>
<Location /login/>
SSLRequireSSL
ServerSignature On
SSLUserName SSL_CLIENT_S_DN_CN
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLOptions +StdEnvVars +ExportCertData
SSLVerifyClient require
SSLVerifyDepth 1
Options +ExecCGI -Indexes -MultiViews
AddHandler cgi-script .cgi .pl .php
SetHandler login
AllowOverride All
Order allow,deny
Allow from all
</Location>
<Directory "/var/www/vhosts/system/site.plesk.page/statistics">
AuthType Basic
AuthName "Domain statistics"
AuthUserFile "/var/www/vhosts/system/site.plesk.page/pd/d..httpdocs#plesk-stat"
require valid-user
</Directory>
Alias /error_docs /var/www/vhosts/site.plesk.page/error_docs
ErrorDocument 400 /error_docs/bad_request.html
ErrorDocument 401 /error_docs/unauthorized.html
ErrorDocument 403 /error_docs/forbidden.html
ErrorDocument 404 /error_docs/not_found.html
ErrorDocument 500 /error_docs/internal_server_error.html
ErrorDocument 405 /error_docs/method_not_allowed.html
ErrorDocument 406 /error_docs/not_acceptable.html
ErrorDocument 407 /error_docs/proxy_authentication_required.html
ErrorDocument 412 /error_docs/precondition_failed.html
ErrorDocument 414 /error_docs/request_uri_too_long.html
ErrorDocument 415 /error_docs/unsupported_media_type.html
ErrorDocument 501 /error_docs/not_implemented.html
ErrorDocument 502 /error_docs/bad_gateway.html
ErrorDocument 503 /error_docs/maintenance.html
DirectoryIndex "index.html" "index.cgi" "index.pl" "index.php" "index.xhtml" "index.htm" "index.shtml"
Include "/var/www/vhosts/system/site.plesk.page/conf/vhost_ssl.conf"
<Directory /var/www/vhosts/site.plesk.page>
Options -FollowSymLinks
AllowOverride AuthConfig FileInfo Indexes Limit Options=Indexes,SymLinksIfOwnerMatch,MultiViews,ExecCGI,Includes,IncludesNOEXEC
</Directory>
#extension sslit begin
#extension sslit end
#extension letsencrypt begin
Alias /.well-known/acme-challenge "/var/www/vhosts/default/htdocs/.well-known/acme-challenge"
<Location /.well-known/acme-challenge/>
# Require all granted
Order Deny,Allow
Allow from all
Satisfy any
</Location>
<LocationMatch "^/.well-known/acme-challenge/(.*/|)\.">
# Require all denied
Order Allow,Deny
Deny from all
</LocationMatch>
#extension letsencrypt end
</VirtualHost>

VPS Nginx/ Apache | multi website doesn't work

I've moved 2 domains on the VPS and they work fine, just one at a time.
If I disable one, then the other one works - not both.
dom1.com , dom2.com
have the same DNS records, except the A records with their domain-name pointing to the same IP on the VPS, their DNS records are both on CloudFlare, and they're both configured the same way on the VPS (with aaPanel).
The only difference is their site directory.
Do you know what could trigger this issue?
CentOS 8
aaPanel 6.8.21
Apache 2.4 (same issue on Nginx 1.19)
DNS manager: CloudFlare
Many Thanks
dom1.com | config
DocumentRoot "/www/wwwroot/dom1.com"
ServerName 745e5c8e.dom1.com
ServerAlias dom1.com mail.dom1.com
#errorDocument 404 /404.html
ErrorLog "/www/wwwlogs/dom1.com-error_log"
CustomLog "/www/wwwlogs/dom1.com-access_log" combined
#HTTP_TO_HTTPS_START
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://%{SERVER_NAME}$1 [L,R=301]
</IfModule>
#HTTP_TO_HTTPS_END
#referenced redirect rule, if commented, the configured redirect rule will be invalid
IncludeOptional /www/server/panel/vhost/apache/redirect/dom1.com/*.conf
#DENY FILES
<Files ~ (\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)$>
Order allow,deny
Deny from all
</Files>
#PHP
<FilesMatch \.php$>
SetHandler "proxy:unix:/tmp/php-cgi-73.sock|fcgi://localhost"
</FilesMatch>
#PATH
<Directory "/www/wwwroot/dom1.com">
SetOutputFilter DEFLATE
Options FollowSymLinks
AllowOverride All
Require all granted
DirectoryIndex index.php index.html index.htm default.php default.html default.htm
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster#example.com
DocumentRoot "/www/wwwroot/dom1.com/"
ServerName SSL.dom1.com
ServerAlias dom1.com mail.dom1.com
#errorDocument 404 /404.html
ErrorLog "/www/wwwlogs/dom1.com-error_log"
CustomLog "/www/wwwlogs/dom1.com-access_log" combined
#SSL
SSLEngine On
SSLCertificateFile /www/server/panel/vhost/cert/dom1.com/fullchain.pem
SSLCertificateKeyFile /www/server/panel/vhost/cert/dom1.com/privkey.pem
SSLCipherSuite EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5
SSLProtocol All -SSLv2 -SSLv3 -TLSv1
SSLHonorCipherOrder On
#PHP
<FilesMatch \.php$>
SetHandler "proxy:unix:/tmp/php-cgi-73.sock|fcgi://localhost"
</FilesMatch>
#DENY FILES
<Files ~ (\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)$>
Order allow,deny
Deny from all
</Files>
#PATH
<Directory "/www/wwwroot/dom1.com/">
SetOutputFilter DEFLATE
Options FollowSymLinks
AllowOverride All
Require all granted
DirectoryIndex index.php index.html index.htm default.php default.html default.htm
</Directory>
</VirtualHost>
dom2.com | config
ServerAdmin webmaster#example.com
DocumentRoot "/www/wwwroot/dom2.com"
ServerName 218ac146.dom2.com
ServerAlias dom2.com mail.dom2.com
#errorDocument 404 /404.html
ErrorLog "/www/wwwlogs/dom2.com-error_log"
CustomLog "/www/wwwlogs/dom2.com-access_log" combined
#DENY FILES
<Files ~ (\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)$>
Order allow,deny
Deny from all
</Files>
#PHP
<FilesMatch \.php$>
SetHandler "proxy:unix:/tmp/php-cgi-73.sock|fcgi://localhost"
</FilesMatch>
#PATH
<Directory "/www/wwwroot/dom2.com">
SetOutputFilter DEFLATE
Options FollowSymLinks
AllowOverride All
Require all granted
DirectoryIndex index.php index.html index.htm default.php default.html default.htm
</Directory>
</VirtualHost>

I found the problem.
aaPanel added a wrong sub-domain in their config file.
So fixing that resolved the issue.

Prestashop configuration multishop

i have to migrate from prestashop 1.6 to prestashop 1.7, in the new version i have made a multishop site.
how should I set the httpd.conf and the conf file of the related site for it to work?
now my conf site file is:
<VirtualHost *:80>
ServerAdmin name#example.com
ServerName www.example.it
ServerAlias example.it
DocumentRoot /home/sites/www.example.it/web/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /home/sites/www.example.it/web/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
Require all granted
</Directory>
AddType application/x-httpd-php .php5
AddType application/x-httpd-php .php4
AddType application/x-httpd-php .php
RewriteEngine on
#RewriteCond %{HTTPS} off
#RewriteCond %{REQUEST_URI} !^/.well-known/ [NC]
#RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [NC,R=301,L]
#RewriteOptions inherit
</VirtualHost>
<VirtualHost *:443>
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateKeyFile /etc/letsencrypt/live/www.example.it/privkey.pem
SSLCertificateFile /etc/letsencrypt/live/www.example.it/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/www.example.it/chain.pem
ServerAdmin name#example.com
ServerName www.example.it
ServerAlias example.it
DocumentRoot /home/sites/www.example.it/web
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /home/sites/www.example.it/web>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
Require all granted
</Directory>
AddType application/x-httpd-php .php5
AddType application/x-httpd-php .php4
AddType application/x-httpd-php .php
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
php_admin_value open_basedir "/home/sites/www.example.it:/home/sites/www.example.it/private:/home/sites/www.example.it/tmp:/tmp"
php_admin_value session.save_path "/home/sites/www.example.it/tmp"
php_admin_value upload_tmp_dir "/var/www/clients/client1/web1/tmp"
php_admin_value sendmail_path] "/usr/sbin/sendmail -t -i -f webmaster#example.it"
php_admin_value max_input_vars 10500
php_admin_value memory_limit 512M
php_admin_value max_execution_time 44000
php_admin_value upload_max_filesize 512M
RewriteEngine on
RewriteOptions inherit
<Directory /home/sites/*/web>
AllowOverride All
</Directory>
</VirtualHost>
What should I add or change in this file?
is there any other file I need to change?
thanks

You don't have to change your server's virtual host when turning on multishop option. Do you have some problems with the configuration ?

<VirtualHost> cannot occur within <VirtualHost> section

after I try to use my own vhost.confic instead of using the generated one from Plesk, I just copy the last_httpd.include file and made some modifications - change the document root. But the /usr/local/psa/admin/sbin/httpdmng --reconfigure-domain redmine.newslab.cz get some error
2013-11-28T10:52:28+01:00 ERR (3): Apache config (13856323480.31924600) generation failed: Syntax error on line 1 of /var/www/vhosts/redmine.newslab.cz/conf/vhost.conf:
<VirtualHost> cannot occur within <VirtualHost> section
Syntax error on line 1 of /var/www/vhosts/redmine.newslab.cz/conf/vhost.conf:
<VirtualHost> cannot occur within <VirtualHost> section
vhost.conf file
<VirtualHost *:80 >
ServerName "redmine.newslab.cz"
ServerAlias "www.redmine.newslab.cz"
ServerAlias "ipv4.redmine.newslab.cz"
UseCanonicalName Off
<IfModule mod_suexec.c>
SuexecUserGroup "redmine.newslab" "psacln"
</IfModule>
ServerAdmin "admin#newslab.cz"
DocumentRoot "/var/www/vhosts/redmine.newslab.cz/httpdocs/redmine/public"
CustomLog /var/www/vhosts/redmine.newslab.cz/statistics/logs/access_log plesklog
ErrorLog "/var/www/vhosts/redmine.newslab.cz/statistics/logs/error_log"
<IfModule mod_userdir.c>
UserDir "/var/www/vhosts/redmine.newslab.cz/web_users"
</IfModule>
ScriptAlias "/cgi-bin/" "/var/www/vhosts/redmine.newslab.cz/cgi-bin/"
Redirect permanent /plesk-stat https://redmine.newslab.cz/plesk-stat
Redirect permanent /webstat https://redmine.newslab.cz/webstat
Redirect permanent /webstat-ssl https://redmine.newslab.cz/webstat-ssl
Redirect permanent /ftpstat https://redmine.newslab.cz/ftpstat
Redirect permanent /anon_ftpstat https://redmine.newslab.cz/anon_ftpstat
Redirect permanent /awstats-icon https://redmine.newslab.cz/awstats-icon
<IfModule mod_ssl.c>
SSLEngine off
</IfModule>
SetEnv PP_CUSTOM_PHP_INI /var/www/vhosts/redmine.newslab.cz/etc/php.ini
<IfModule mod_fcgid.c>
FcgidInitialEnv PP_CUSTOM_PHP_INI /var/www/vhosts/redmine.newslab.cz/etc/php.ini
FcgidMaxRequestLen 16777216
</IfModule>
<Directory /var/www/vhosts/redmine.newslab.cz/httpdocs/redmine/public>
<IfModule mod_perl.c>
<Files ~ (\.pl$)>
SetHandler perl-script
PerlHandler ModPerl::Registry
Options ExecCGI
allow from all
PerlSendHeader On
</Files>
</IfModule>
<IfModule mod_python.c>
<Files ~ (\.py$)>
SetHandler python-program
PythonHandler mod_python.cgihandler
</Files>
</IfModule>
<IfModule mod_fcgid.c>
<Files ~ (\.fcgi)>
SetHandler fcgid-script
Options +FollowSymLinks +ExecCGI
</Files>
</IfModule>
<IfModule mod_fcgid.c>
<Files ~ (\.php)>
SetHandler fcgid-script
FCGIWrapper /var/www/cgi-bin/cgi_wrapper/cgi_wrapper .php
Options +ExecCGI
allow from all
</Files>
</IfModule>
Options -Includes +ExecCGI
</Directory>
<Directory "/var/www/vhosts/redmine.newslab.cz/statistics">
AuthType Basic
AuthName "Domain statistics"
AuthUserFile "/var/www/vhosts/redmine.newslab.cz/pd/d..httpdocs#plesk-stat"
require valid-user
</Directory>
Alias /error_docs /var/www/vhosts/redmine.newslab.cz/error_docs
ErrorDocument 400 /error_docs/bad_request.html
ErrorDocument 401 /error_docs/unauthorized.html
ErrorDocument 403 /error_docs/forbidden.html
ErrorDocument 404 /error_docs/not_found.html
ErrorDocument 500 /error_docs/internal_server_error.html
ErrorDocument 405 /error_docs/method_not_allowed.html
ErrorDocument 406 /error_docs/not_acceptable.html
ErrorDocument 407 /error_docs/proxy_authentication_required.html
ErrorDocument 412 /error_docs/precondition_failed.html
ErrorDocument 414 /error_docs/request_uri_too_long.html
ErrorDocument 415 /error_docs/unsupported_media_type.html
ErrorDocument 501 /error_docs/not_implemented.html
ErrorDocument 502 /error_docs/bad_gateway.html
ErrorDocument 503 /error_docs/maintenance.html
</VirtualHost>
Do have anybody idea what is wrong. Thx

It is simple. Your vhost.conf is included inside the one generated by Plesk, it doesn't replace the Plesk config. That means you need to strip your vhost.conf from VirtualHost directive and other duplicated content. Keep there only directives which you need and which Plesk doesn't add itself.

Can't get .htaccess mod_rewrite rules to work - 404 Not Found

I'm trying to get a simple .htaccess rewrite rule to work, but I can't seem to work it out.
My .htaccess looks like:
RewriteEngine On
RewriteRule ^api$ phpinfo.php
ErrorDocument 404 /error.php
php_flag display_errors on
php_flag display_startup_errors on
php_flag file_uploads on
php_value error_reporting 2047
php_value max_input_time 60
php_value post_max_size 8M
php_value upload_max_filesize 2M
When I access /api, I get a 404 error saying that /api can't be found.
My apache conf file looks like:
<IfModule mod_ssl.c>
NameVirtualHost 10.104.17.3:443
<VirtualHost 10.104.17.3:443>
ServerName orddev.foo.com.au
DocumentRoot /var/www/orddev.foo.com.au___443/html
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory "/var/www/orddev.foo.com.au___443/html">
Options FollowSymLinks MultiViews IncludesNOEXEC
AllowOverride All
Order allow,deny
Allow from all
</Directory>
<IfModule mod_php5.c>
php_admin_value upload_tmp_dir "/var/www/orders.foo.com.au___443/resources/_tmp/upload/"
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
</IfModule>
ErrorLog logs/orddev.foo.com.au___443/ssl_error.log
CustomLog logs/orddev.foo.com.au___443/ssl_access.log combinedio
CustomLog logs/orddev.foo.com.au___443/ssl_request.log ssl
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:!SSLv2
SSLCertificateFile /etc/pki/tls/certs/orddev.foo.com.au.crt
SSLCertificateKeyFile /etc/pki/tls/private/orddev.foo.com.au.key
<Files ~ "\.(cgi|shtml|phtml|php|php3?)$">
SSLOptions +StdEnvVars
</Files>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
</IfModule>
Any idea what I'm doing wrong?
I know the .htaccess is being read as if I change the 404 document, I get an error about the 404 document not being setup properly.

I had a working .htaccess file that I switched over to another server. It was working fine before and stopped working after the switch. I solved the problem by configuring the httpd.conf file.
SSH onto your server and open the httpd.conf file for editing:
cd /etc/httpd/conf
sudo nano httpd.conf
find the "Directory" tag. Should look like this->
<Directory "/var/www/html">
Replace AllowOverride None with
AllowOverride All
Restart
sudo service httpd restart

It sounds like your apache isn't loading mod_rewrite.
Locate your httpd.conf and search for "rewrite_module".
If that line begins with a # (making it a comment), remove the # and restart apache.
In mine, the line is:
LoadModule rewrite_module libexec/apache2/mod_rewrite.so
...but YMMV.