Hello, I just learned from the AzuraCast webapp support team (on Github) that on app installing, if “Let’s Encrypt“ is not set on default ports (80 for http and 443 for http), connection, even from secure HTTPS URL , e.g. “https://webradio.mydomain.com“ may result in security risk alert page. This explains why web browser (Firefoxefox) effectively returned such security alert page that error code is : MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT When I installed the AzuraCast webapp, I effectively set “Let’s Encrypt“ to have it listening on non-default http port 442 and https port 8092, in a way to avoid conflict with apache2 server already listening on http port 80 and https port 443, due to default ISP Config firewall configuration. How then can I modify ports that apache2 server is listening on, so that AzuraCast webapp can keep on listening on its default http port 80 and https port 443, and so that to have a proper secure HTTPS connection to its interface (with no security alert page) ? Regards
Moved the post to installation forum from dev forum as your question is not related to ISPConfig development.
Change /etc/apache2/ports.conf to whatever you need and ensure it does not contain the strings "Listen 443", "NameVirtualHost *:80" or "NameVirtualHost *:443" in it (or set it immutable via. 'chattr +i /etc/apache2/ports.conf') so the installer doesn't change it in the future. Then copy /usr/local/ispconfig/server/conf/vhost.conf.master to the conf-custom directory and change it to not use the 'port' variable, but instead hard-code the port numbers you want to be used. After this you will need to check future ISPConfig updates to see if any changes were made to the vhost.conf.master template and apply those to your custom version.
hello, When you say “so the installer doesn't change it in the future“, do you think of an update of ISP Config, or an update of the Ubuntu OS, that could overwrite such the changes ? For this part, I have to confess that I am a newbie to what hard-coding is and how to do it ! After a short googling, I only have a fuzzy idea of what it means. Also, in such this specific case, I do need a step by step instruction if it is not too much to ask ! And finallly, what if on the same server, another website was previously recorded under the “Sites“ tab; would I have to make changes to ports settings in its vhost file ? Regards,
ISPConfig It just means writing the specific value you want, rather than using the variable. Code: cp /usr/local/ispconfig/server/conf/vhost.conf.master /usr/local/ispconfig/server/conf-custom/ Then edit /usr/local/ispconfig/server/conf-custom/vhost.conf.master and change {tmpl_var name='port'} to a numeric value, say 123 (whatever port number you decided to use). No, just change the template then resync websites (under Tools menu).
I searched to read up on VHost templates, and found a past discussion on Gitlab forum : https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/2552 Based on my understanding of what I read, changing the template (customizing ports values) will affect the apache configuation of my server, so that after a websites resync, all websites will be listening to same customized ports, except the website that would have different ports being hard-coded. Is this right ? Now I just need to locate the template file where to customize ports for apache. Can you please indicate the path to access this file ?
Hello, After I did this and restarted my server, these are pages that I am accessing when trying to access the Azuracast webradio setup page : http://streaming.mydomain.com:8092 ……… / Apache2 Ubuntu default page https://streaming.mydomain.comt:8092 …….. SSL_ERROR_RX_RECORD_TOO_LONG http://streaming.mydomain.com:442/ ………. / Apache2 Ubuntu default page https://streaming.mydomain.com:442……… SSL_ERROR_RX_RECORD_TOO_LONG https://otherwbsite.mydomain.com/………… 502 Bad Getaway This list of actions describes how I have proceeded as to follow your advices : I allowed ports 8092 and 442 from under the ISPCongig firewall tab I changed to http 8092 and https 442 apache2 ports settings in file /etc/apache2/ports.conf I copied file “vhost.conf.master“ to conf-custom directory I edited file /usr/local/ispconfig/server/conf-custom/vhost.conf.master I changed the port template value to 8092 in string {tmpl_var name='8092'} I did resync websites from under the “tools“ tab I successfully installed AzuraCast webapp with default http port 80 and https port 443 Maybe that point 5 is not matching with what you wanted to mean saying “just change the template…“ Unttil now, whatever the default webapp, or Apache2 ports (this case) being changed to, I can't get a proper HTTPS connection to the webapp setup page The best I can get is accessing the setup page from a HTTP connection with a padlock strikeout in red in the URL field.
If I remember correctly, LE is defaulted to install / update its SSL certs using port 80 of which, if you made changes to it in the vhost, it will stop working. Those who customize that port for their web server normally run a reverse proxy that pass it to the relevant sites accordingly. In short, simply customizing the template won't do without it. By the way, I think Jesse meant to change the whole strings he wrote.
New thread, same purpose, new questions... ! https://www.howtoforge.com/community/threads/how-to-set-site-s-listening-on-customized-ports.85912/
