ISPConfig + NPM best practice

Discussion in 'Installation/Configuration' started by KaBy, Nov 22, 2023.

  1. KaBy

    KaBy New Member

    Is there a more detailed guide or best-practice ?

    My setup is looking like this: Router/Firewall <---> Nginx Proxy Manager (NPM) <---> ISPConfig
    The router is port-forwarding TCP/80,443,8081 to NPM. It also port-forward TCP/21, 110, 143, 465, 587, 993 and 995 for FTP, IMAP, POP3 directly to ISPConfig. TCP/25 is forwarded to my SMTP gateway, which then forwards TCP/26 to ISPConfig.

    NPM handles all the certificates.

    The problem I'm facing is that I can only proxy HTTP to ISPConfig. Some web apps requires all HTTPS directed to the web server. Even if I select SSL under web site config, it does not create virtual host in Apache config. And of course I cannot have ISPConfig to handle certificates because it is behind a firewall.
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    You must create an SSL cert on the SSL tab to enable SSL in the vhost for a site. SSL can not work without a certificate. And as you can't use let#s encrypt, you must either create a self-signed SSL cert on the SSL tab or buy a SSL cert. But as its only internal traffic, a self-signed SSL cert should be fine.
    KaBy likes this.
  3. KaBy

    KaBy New Member

    Hi Till and thank you for quick reply :)

    I've figured this out so far... SSL wont create a virtual host on TCP/443 if there's no cert. Is there a guide how to create a self-signed certificate on ISPConfig?

    - UPDATE: I just got to read the manual and found the section about SSL and how to create one ;)

    Last edited: Nov 22, 2023
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    It is described in the ISPConfig manual. But the steps are basically to fill in the upper fields on SSL tab, select create certificate as action and press save button. It then takes about a minute until SSL in the site is online.
    KaBy likes this.

Share This Page