Panel HTTPS redirect no longer supported

Discussion in 'Installation/Configuration' started by Jeremy007, Jun 10, 2021.

  1. Jeremy007

    Jeremy007 Member

    Hello HTF Friends,

    Setup : Multi-server
    OS : Ubuntu 18.0.4
    Server type : Nginx
    Databse : mySql
    Services : postfix, dovecot

    I had a redirect setup for my control panel server to redirect HTTP connections to HTTPS but it is no longer supported due to the acme-999.vhost using the control panel's FDQN name on port 80.
    Has anyone managed to find a workaround or anyone have any alternative methods on keeping a redirect?

    Cheers,
    Jeremy
     
  2. ahrasis

    ahrasis Well-Known Member

    Please describe how you did the redirect of your ISPConfig panel from http to https as it is still working fine on mine.
     
  3. Jeremy007

    Jeremy007 Member

    I use a 301 redirect on port 80
    Code:
    server{
            listen 80;
            listen [::]:80;
            server_name panel.mysite.com  www.panel.mysite.com;
            return 301 https://panel.mysite.com.com$request_uri;
    }
     
  4. ahrasis

    ahrasis Well-Known Member

    Add ":8080" before $request_uri, test nginx and restart it if everything is ok.

    NB: Use other port that you are using for your ISPConfig panel if you use other than default port 8080.
     
    Last edited: Jun 11, 2021
  5. Jeremy007

    Jeremy007 Member

    My panel is configured to run on port 443 so unfortunately ":8080" is not possible.
     
  6. ahrasis

    ahrasis Well-Known Member

    Then yours should work in theory. However looking back at your code, try remove the secondary .com in there and try changing to *:80 instead.
     
  7. Jeremy007

    Jeremy007 Member

    Tried it but doesn't work. Once i remove the 999-acme, it works.
     
  8. ahrasis

    ahrasis Well-Known Member

    Though mine works, I noted yours doesn't, but I am not sure that removal of 999-acme.vhost will let your server LE certs automatic renewal works in the future.

    For now, I think the best is to modify it instead and keep a copy of your modification in conf-custom (and conf-custom/install) so that in won't be overwritten in the future ISPConfig update.

    On how to modify, I think it should be the same as any other vhost for websites and since you have created its website, may be a copy of the same would suffice.
     
  9. Jeremy007

    Jeremy007 Member

    Exactly, if i disable the 999-acme, LE will no longer work properly. Strange that yours work, kind of defies NGINX. Are you on NGINX? Does your file include the FDQN of the server?
     
  10. ahrasis

    ahrasis Well-Known Member

    Of course mine is nginx web server but in mine I redirected all non-existing website fqdn on my server (error 403) to its hostname fqdn at port 443 via default.vhost (or 000-000 in sites-enabled). I did not touch 999-acme.vhost.

    And I used dns-challenge to obtain LE certs for my server hostname fqdn in advance and I modified its renewal conf to add ISPConfig default script for automatic creation and renewal of ispserver.pem and its extension to other services.

    Thus, I think my nginx web server config is not really a good sample for you to follow.
     
    Last edited: Jun 15, 2021
    Jeremy007 likes this.
  11. Jeremy007

    Jeremy007 Member

    Ok, got ya. Thanx for the info.
     

Share This Page