Update SNI on your Apache server

Update SNI on your Apache Server

Manual – SW Hosting

Introduction

This document provides detailed instructions on how to update the integration of our SW Panel with your Unmanaged Cloud server.

Why is this update necessary?

Our development team is implementing new features for SW Panel. To ensure the proper functioning of these features, it is necessary for you to review your server's internal configuration and make the changes we specify in this document.

Why do I have to make the server-level changes myself?

We are sending you this manual because you have an Unmanaged Cloud server. This means that you have the root password (administrator) and we do not have access to it.

Since this is a server not managed by our engineering team, you, as the administrator, must make the necessary changes.

What will happen if I don't perform the update?

If you do not update the necessary components for SW Panel at the server level, in the near future you may not have access to certain features that we wish to introduce with new versions of SW Panel.

Compatibility or functionality issues in SW Panel may also arise.

Is there an easier alternative?

Yes. We can perform this procedure for you if you give us access to your Unmanaged Cloud server. Please note that, since this is an intervention on an unmanaged server, it requires that you have a support plan and sufficient 'minutes' for engineering interventions.

Summary of manual tasks:

  • Review Apache and OpenSSL versions.
  • Verify that Apache has the SSL module enabled.
  • Ensure correct SNI configuration.
  • Replace IP addresses with * in Virtual Hosts.
  • Edit SW Hosting RPC service configuration and restart it.

Prerequisites

This manual assumes you have the following knowledge. These are common skills for server maintenance tasks that every administrator or owner of an unmanaged server should know.

  • Your server's IP address.
  • SSH port (default 22, with SW Panel 2200).
  • The root user password.
  • Basic use of an SSH client.
  • Basic Linux skills.
  • Use of CLI editors like nano.

If you do not have this knowledge, we recommend seeking help from a specialist who can follow this manual for you. Alternatively, you can also use one of our support plans to request an engineering intervention where our team will perform the necessary steps for you.

Warning about errors and problems during intervention

Following this manual without the necessary knowledge can cause your Cloud server to malfunction and even make your website unavailable.

We recommend that you create a Snapshot from your SW Panel before starting the process described in the following pages. We also recommend making a temporary copy of each file during the process (e.g., "cp file file.bak") so you can undo the changes.

In case of an error or issue you cannot fix, we can help you if you have a support plan and sufficient 'support minutes'. Please note that fixing errors caused by not following this manual correctly or lacking sufficient knowledge may require a much more costly intervention.

Step-by-step Procedure

Below are the steps to perform the update.

1. Log in to your server via SSH

  • If you don't have SW Panel, your connection port is probably 22 (unless you have made changes).

  • If you have SW Panel, your connection port will be 2200.

2. Verify the Apache and OpenSSL versions

Run the following commands to get the version of each package.

dpkg -l openssl | grep openssl
dpkg -l apache2 | grep apache2

Example output:

openssl   1.0.1e-2+deb7u21    amd64
apache2   2.2.22-13+deb7u7    amd64

  • Verify that the openSSL version is higher than 0.9.8j

  • Verify that the apache version is higher than 2.2.12

IMPORTANT.

Do not continue with this manual if you don't have the minimum required versions.

3. Verify if the SSL module is enabled in Apache

apache2ctl -M

If enabled, it will appear as "ssl_module (shared)" in the list.

Example:

root@server:~# apache2ctl -M 
Loaded Modules: 
 core_module (static) 
 log_config_module (static) 
 logio_module (static) 
 version_module (static) 
 mpm_prefork_module (static) 
 http_module (static) 
 so_module (static) 
 alias_module (shared) 
 auth_basic_module (shared) 
 authn_file_module (shared) 
 authz_default_module (shared) 
 authz_groupfile_module (shared) 
 authz_host_module (shared) 
 authz_user_module (shared) 
 autoindex_module (shared) 
 cgi_module (shared) 
 deflate_module (shared) 
 dir_module (shared) 
 env_module (shared) 
 headers_module (shared) 
 mime_module (shared) 
 negotiation_module (shared) 
 php5_module (shared) 
 reqtimeout_module (shared) 
 rewrite_module (shared) 
 setenvif_module (shared) 
 ssl_module (shared)  ← Check that this module appears
 status_module (shared) 
Syntax OK

If the Apache SSL module is not enabled, you can enable it by running the following commands:

Use the following command to enable the module

a2enmod ssl

Then restart Apache with the following command:

service apache2 restart

You can run "apache2ctl -M" again to verify that the module now appears as enabled in the list.

4. Verify the SNI configuration in Apache

Open the following file in a text editor of your choice. For example "nano".

On older versions of Debian or Ubuntu:

nano /etc/apache2/apache2.conf

On recent versions of Debian or Ubuntu:

nano /etc/apache2/mods-enabled/ssl.conf

Look for the "SSLStrictSNIVHostCheck" parameter and enable it if it isn't already. Make sure it says "On" and is not preceded by any hash "#".

SSLStrictSNIVHostCheck On

Remember to save the changes when exiting the editor.

Verify that there are no errors in the configuration file by checking the syntax and restart the server to apply the changes.

Check syntax:

apache2ctl -t

Restart:

service apache2 restart

5. Change the IP to '*' in Virtual Hosts

Access all Virtual Hosts hosted in the following path: "/etc/apache2/serveisweb/vhost/"

Edit each of the available virtual hosts and make the following changes:

• In the <VirtualHost> tag, detect patterns like <VirtualHost IPADDRESS:80> or <VirtualHost IPADDRESS:443>

• Replace IPADDRESS with an asterisk '*' character.

The result should be similar to the following:

Before making the change:

<VirtualHost 81.25.112.128:80> 
<VirtualHost 81.25.112.128:443>

After making the change:

<VirtualHost *:80> 
<VirtualHost *:443>

Make the same changes to the files contained in the "/etc/apache2/sites-available" directory.

Once the changes are made, verify the syntax of the files again and restart Apache.

Check syntax:

apache2ctl -t

Apply changes:

apache2ctl graceful

6. Modify the SW Hosting RPC configuration

Finally, edit the SW Hosting RPC configuration file.

Open the "/etc/swhosting-rpc/swhostingrpc.yml" file with an editor. For example "nano".

nano /etc/swhosting-rpc/swhostingrpc.yml

Find:

server_IP: X.X.X.X

Change it to:

server_IP: *

Restart the service by running:

service swhostingrpcd restart

Conclusion

If you have successfully followed the steps in this manual, you will be able to continue using SW Panel normally, using all its current and future features.

Remember that if you have any questions about the content of this manual, you can contact our engineering team by opening a "Systems Engineering Ticket" from your SW Panel. This support service is available 24x7 and has a response SLA of less than 2 hours.

You can also write a comment on your "Support Wall" completely free of charge.

Background
Legal Notice Cookie Information Data Protection Policy
2025 DeepThink Software SLU. All rights reserved. The prices shown on the website do not include any applicable taxes.
Español Català
USD ($)