I have recently installed ISPConfig following the guide: Perfect Server Automated ISPConfig 3 Installation on Debian 10, Debian 11, Ubuntu 20.04 and Ubuntu 22.04 While the control panel loads correctly on port 8080, if I change the port to 80, I get a certificate error showing the certificate of my first website. Is this the expected behavior? How do you do it, do you redirect port 80 to port 8080 or do you block port 80 directly? I would like that at least it does not show a certificate error or load a blank page.
Yes. Changing port 8080 to 80 is not a good idea because port 80 is always http (without SSL), which makes no sense to use for the UI of a hosting control panel as every traffic and password can be captured easily in such a case. If you run the control panel only on this node and no websites, you can close port 80 in the firewall. What you can do, though, if you run just the control panel Ui on this system and no websites, is to change the ISPConfig port to 443, add a domain name in the ispconfig vhost and connect to ISPConfig on port 443 and this domain name only.
Si, no me he explicado bien. Cuando me refiero al puerto 80 en realidad de refiero a que no muestre el puerto. Lo primero que hacemos para cualquier sitio web es activar https y redirigir todo el tráfico entrante a https. En este caso ese servidor si tiene alojados sitios web. ¿Podría activar alguna regla en el vhost para si el dominio es ispconfig.domain.tld redirija a ispconfig.domain.tld:8080?
You can do whatever you want. Something like this should work. Code: <VirtualHost *:80> ServerName ispconfig.domain.tld ServerAlias www.ispconfig.domain.tld ProxyPass / ispconfig.domain.tld:8080/ ProxyPassReverse / ispconfig.domain.tld:8080/ </VirtualHost> This might be a better idea tho: Code: <VirtualHost *:443> SSLEngine on SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLHonorCipherOrder on SSLCipherSuite HIGH:!aNULL:!MD5:!3DES:!CBC #SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4" SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" ServerName ispconfig.domain.tld ServerAlias www.ispconfig.domain.tld SSLProxyEngine on ProxyPreserveHost On ProxyRequests Off ProxyVia Off ProxyPass / https://localhost:8080/ ProxyPassReverse / https://localhost:8080/ </VirtualHost> And please, post your questions in english.
I used: Code: <VirtualHost *:80> ServerName isp01.planea.com.es ServerAlias www.isp01.planea.com.es Redirect 307 / https://ispconfig.planea.com.es:8080/ </VirtualHost> It works well. I will change 307 redirection for permanent (301) Sorry. I was checking my translation in a translator and pasted the wrong text.
I tried another approach. I create a website with name: ispconfig.domain.tld. I avoid SSL error and I can create personalized content on the website.
if you run command below it will change access from 8080 to 443 ssl port sed -i -e '/^\\s*Listen/d' -e '/^\\s*NameVirtualHost/d' -e 's/8080/443/g' -e "/ServerAdmin/a ServerName `hostname -f` IncludeOptional conf-available/ispconfig-*.conf" /etc/apache2/sites-available/ispconfig.vhost
