Error code on webapp secured https connection (ports) !

Discussion in 'Installation/Configuration' started by Keoz, Dec 8, 2020.

  1. Keoz

    Keoz Member


    I just learned from the AzuraCast webapp support team (on Github) that on app installing, if “Let’s Encrypt“ is not set on default ports (80 for http and 443 for http), connection, even from secure HTTPS URL , e.g. ““ may result in security risk alert page. This explains why web browser (Firefoxefox) effectively returned such security alert page that error code is :


    When I installed the AzuraCast webapp, I effectively set “Let’s Encrypt“ to have it listening on non-default http port 442 and https port 8092, in a way to avoid conflict with apache2 server already listening on http port 80 and https port 443, due to default ISP Config firewall configuration.

    How then can I modify ports that apache2 server is listening on, so that AzuraCast webapp can keep on listening on its default http port 80 and https port 443, and so that to have a proper secure HTTPS connection to its interface (with no security alert page) ?

  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Moved the post to installation forum from dev forum as your question is not related to ISPConfig development.
    ahrasis and Keoz like this.
  3. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Change /etc/apache2/ports.conf to whatever you need and ensure it does not contain the strings "Listen 443", "NameVirtualHost *:80" or "NameVirtualHost *:443" in it (or set it immutable via. 'chattr +i /etc/apache2/ports.conf') so the installer doesn't change it in the future.

    Then copy /usr/local/ispconfig/server/conf/vhost.conf.master to the conf-custom directory and change it to not use the 'port' variable, but instead hard-code the port numbers you want to be used. After this you will need to check future ISPConfig updates to see if any changes were made to the vhost.conf.master template and apply those to your custom version.
  4. Keoz

    Keoz Member


    When you say “so the installer doesn't change it in the future“, do you think of an update of ISP Config, or an update of the Ubuntu OS, that could overwrite such the changes ?

    For this part, I have to confess that I am a newbie to what hard-coding is and how to do it !
    After a short googling, I only have a fuzzy idea of what it means. Also, in such this specific case, I do need a step by step instruction if it is not too much to ask !

    And finallly, what if on the same server, another website was previously recorded under the “Sites“ tab; would I have to make changes to ports settings in its vhost file ?

  5. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    It just means writing the specific value you want, rather than using the variable.
    cp /usr/local/ispconfig/server/conf/vhost.conf.master /usr/local/ispconfig/server/conf-custom/
    Then edit /usr/local/ispconfig/server/conf-custom/vhost.conf.master and change {tmpl_var name='port'} to a numeric value, say 123 (whatever port number you decided to use).
    No, just change the template then resync websites (under Tools menu).
  6. Keoz

    Keoz Member

    I searched to read up on VHost templates, and found a past discussion on Gitlab forum :

    Based on my understanding of what I read, changing the template (customizing ports values) will affect the apache configuation of my server, so that after a websites resync, all websites will be listening to same customized ports, except the website that would have different ports being hard-coded.

    Is this right ?

    Now I just need to locate the template file where to customize ports for apache.
    Can you please indicate the path to access this file ?
  7. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    I put both the file location and the exact command to copy it above.
  8. Keoz

    Keoz Member

    After I did this and restarted my server, these are pages that I am accessing when trying to access the Azuracast webradio setup page : ……… / Apache2 Ubuntu default page
    https://streaming.mydomain.comt:8092 …….. SSL_ERROR_RX_RECORD_TOO_LONG ………. / Apache2 Ubuntu default page……… SSL_ERROR_RX_RECORD_TOO_LONG………… 502 Bad Getaway

    This list of actions describes how I have proceeded as to follow your advices :
    1. I allowed ports 8092 and 442 from under the ISPCongig firewall tab
    2. I changed to http 8092 and https 442 apache2 ports settings in file /etc/apache2/ports.conf
    3. I copied file “vhost.conf.master“ to conf-custom directory
    4. I edited file /usr/local/ispconfig/server/conf-custom/vhost.conf.master
    5. I changed the port template value to 8092 in string {tmpl_var name='8092'}
    6. I did resync websites from under the “tools“ tab
    7. I successfully installed AzuraCast webapp with default http port 80 and https port 443

    Maybe that point 5 is not matching with what you wanted to mean saying “just change the template…“

    Unttil now, whatever the default webapp, or Apache2 ports (this case) being changed to, I can't get a proper HTTPS connection to the webapp setup page The best I can get is accessing the setup page from a HTTP connection with a padlock strikeout in red in the URL field.
    Last edited: Dec 12, 2020
  9. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    If I remember correctly, LE is defaulted to install / update its SSL certs using port 80 of which, if you made changes to it in the vhost, it will stop working. Those who customize that port for their web server normally run a reverse proxy that pass it to the relevant sites accordingly. In short, simply customizing the template won't do without it.

    By the way, I think Jesse meant to change the whole strings he wrote.
  10. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    You need to change the entire '{tmpl_var name="port"}' to 8092.
  11. Keoz

    Keoz Member

    New thread, same purpose, new questions... !

Share This Page