ISPConfig on port 80

Discussion in 'Installation/Configuration' started by Planea, Feb 19, 2023.

  1. Planea

    Planea New Member

    I have recently installed ISPConfig following the guide: Perfect Server Automated ISPConfig 3 Installation on Debian 10, Debian 11, Ubuntu 20.04 and Ubuntu 22.04
    While the control panel loads correctly on port 8080, if I change the port to 80, I get a certificate error showing the certificate of my first website. Is this the expected behavior?
    How do you do it, do you redirect port 80 to port 8080 or do you block port 80 directly? I would like that at least it does not show a certificate error or load a blank page.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes. Changing port 8080 to 80 is not a good idea because port 80 is always http (without SSL), which makes no sense to use for the UI of a hosting control panel as every traffic and password can be captured easily in such a case.

    If you run the control panel only on this node and no websites, you can close port 80 in the firewall.

    What you can do, though, if you run just the control panel Ui on this system and no websites, is to change the ISPConfig port to 443, add a domain name in the ispconfig vhost and connect to ISPConfig on port 443 and this domain name only.
     
  3. Planea

    Planea New Member

    Si, no me he explicado bien. Cuando me refiero al puerto 80 en realidad de refiero a que no muestre el puerto.

    Lo primero que hacemos para cualquier sitio web es activar https y redirigir todo el tráfico entrante a https.

    En este caso ese servidor si tiene alojados sitios web.

    ¿Podría activar alguna regla en el vhost para si el dominio es ispconfig.domain.tld redirija a ispconfig.domain.tld:8080?
     
  4. pyte

    pyte Well-Known Member HowtoForge Supporter

    You can do whatever you want. Something like this should work.
    Code:
    <VirtualHost *:80>
    
        ServerName ispconfig.domain.tld
        ServerAlias www.ispconfig.domain.tld
    
        ProxyPass / ispconfig.domain.tld:8080/
        ProxyPassReverse / ispconfig.domain.tld:8080/
    </VirtualHost>
    This might be a better idea tho:
    Code:
    <VirtualHost *:443>
            SSLEngine on
    
            SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
            SSLHonorCipherOrder on
            SSLCipherSuite HIGH:!aNULL:!MD5:!3DES:!CBC
            #SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
    
            SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
            SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
    
    
            Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
    
            ServerName ispconfig.domain.tld
            ServerAlias www.ispconfig.domain.tld
    
            SSLProxyEngine on
            ProxyPreserveHost On
            ProxyRequests Off
            ProxyVia Off
            ProxyPass / https://localhost:8080/
            ProxyPassReverse / https://localhost:8080/
    </VirtualHost>
    
    And please, post your questions in english.
     
    till likes this.
  5. Planea

    Planea New Member

    I used:
    Code:
    <VirtualHost *:80>
       ServerName isp01.planea.com.es
       ServerAlias www.isp01.planea.com.es
       Redirect 307 / https://ispconfig.planea.com.es:8080/
    </VirtualHost>
    It works well. I will change 307 redirection for permanent (301)
    Sorry. I was checking my translation in a translator and pasted the wrong text.
     
  6. Planea

    Planea New Member

    I tried another approach. I create a website with name: ispconfig.domain.tld.
    I avoid SSL error and I can create personalized content on the website.
     
  7. 0658

    0658 Member

    if you run command below it will change access from 8080 to 443 ssl port

    sed -i -e '/^\\s*Listen/d' -e '/^\\s*NameVirtualHost/d' -e 's/8080/443/g' -e "/ServerAdmin/a
    ServerName `hostname -f`
    IncludeOptional conf-available/ispconfig-*.conf" /etc/apache2/sites-available/ispconfig.vhost
     

Share This Page