Hosting web applications + Running Drone CI in one VPS

Operating System & Version
CENTOS 7.9
cPanel & WHM Version
v90.0.16

Alvaro__

Member
Nov 12, 2020
7
1
3
Israel
cPanel Access Level
Root Administrator
Hello everyone,
I'm trying to use my web applications VPS as a drone CI server (with docker) as well.

In order to avoid conflicts with Apache on default ports (80,443), the drone server was published in 8080 (port is open in firewall).
The problem is that I'm forced to use HTTP in this port.
Meaning I can reach drone server on http://VPS_IP:8080, but can't it on https://VPS_IP:8080.
Does anyone have an advice?
Thanks.
 

Alvaro__

Member
Nov 12, 2020
7
1
3
Israel
cPanel Access Level
Root Administrator
Hello,

Https will need to run on a separate port. 8080 for HTTP and 8081 for HTTPS for example. You'll need to look at your configurations and make the necessary changes.
Thanks for the replay.
So, if I understand you correctly, I'll have to open another port, even if I'm interested only in HTTPS?
I can't just change port 8080 to HTTPS and that's it?

Can you please direct me to the relevant configuration files that I'll have to change?
And how?


Thanks again.
 
Last edited:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
715
97
153
cPanel Access Level
Root Administrator
You'll still want to leave the insecure ports open as well, even if you plan to route all traffic to https.

Since this software isn't something that is provided with cPanel I can't tell you exactly what changes would need to be made. If you wanted to change the ports for Apache we have a guide on that here:


but you'd need to check the documentation for your specific software to see how that gets handled.
 

Alvaro__

Member
Nov 12, 2020
7
1
3
Israel
cPanel Access Level
Root Administrator
Hi,
After more investigation, I found that I should use ssl .key and .cert files from server.
Something like :

Code:
-v /path/to/server.crt:/path/to/server.crt \
-v /path/to/server.key:/path/to/server.key
With docker run command.

I was able to find these files in /home/my_user/ssl/certs and /home/my_user/ssl/keys
The problem is that each folder includes a lot of files (.crt and .key files) and I don't know which I should choose.

I've tried a few pairs, but every time I got
“Your connection is not private” “ERR_CERT_COMMON_NAME_INVALID” errors.

Maybe anyone know how to fix this?
Thanks.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
715
97
153
cPanel Access Level
Root Administrator
Inside of the /home/username/ssl/certs and /keys directory, you'd just want to use the most recent .crt file and .key file. With AutoSSL there will be multiple files in there as those SSLs only last for 90 days and then get renewed.

For example, I just checked my personal machine and found there are .crt and .key files both from October 17 that are a match:

Code:
/home/username/ssl/certs

-rw-r--r-- 1 user user 2288 Oct 17 00:49 domain_com_b8769_0db53_1610755199_xxxxxxxxxxx80ae78beb92e9d.crt

/home/username/ssl/keys

-rw-r----- 1 user user 1678 Oct 17 00:49 b8769_0db53_xxxxxxxxxxxae808576c647a6e5f0c82.key
 

Alvaro__

Member
Nov 12, 2020
7
1
3
Israel
cPanel Access Level
Root Administrator
Inside of the /home/username/ssl/certs and /keys directory, you'd just want to use the most recent .crt file and .key file. With AutoSSL there will be multiple files in there as those SSLs only last for 90 days and then get renewed.

For example, I just checked my personal machine and found there are .crt and .key files both from October 17 that are a match:

Code:
/home/username/ssl/certs

-rw-r--r-- 1 user user 2288 Oct 17 00:49 domain_com_b8769_0db53_1610755199_xxxxxxxxxxx80ae78beb92e9d.crt

/home/username/ssl/keys

-rw-r----- 1 user user 1678 Oct 17 00:49 b8769_0db53_xxxxxxxxxxxae808576c647a6e5f0c82.key
Thanks,
The problem was that I used the newest pair, but the newest pair belongs to a different sub-domain.

So I need to change the keys in my docker every 90 days?
 

Alvaro__

Member
Nov 12, 2020
7
1
3
Israel
cPanel Access Level
Root Administrator
If you are using any type of automation that needs those key files to be applied directly to the server, then yes, those would need to be updated every time the AutoSSL is updated on the machine.
Do you know a way to configure AutoSSL so that every new key/cert file will be named exactly as the previous one (overwrite the old one)?
Or Maybe a way to trigger some event when AutoSSL is updated, maybe even call a WebHook?

I guess I can create a Cron job that checks for new AutoSSl files, but I'm looking for a "cleaner" solution.

Thanks.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
715
97
153
cPanel Access Level
Root Administrator
There isn't a way for the system to overwrite the SSL files using the same name. If you'd like a consistent filename that will always have the latest certificate, you may be able to use /var/cpanel/ssl/apache_tls/domain.com/combined as that has the cert, key, and CA Bundle all in one file.