Hi I will guide you to use Ispconfig 3 PANEL in a secure environment.
The first thing we're going to do is disabling the access to ispconfig panel trough all the domains.
Second, I'm going to explain you what you should do to install a valid SSL certificate under ISPCONFIG instalation.
We will Also manage the ERROR 400 BAD REQUEST if you access ispconfig with http://
Main Information :
Operating System - Linux, Debian
Web Server - Apache 2
SSL certs - Enom.com - The most economic SSL panel i found is 11$ years aprox, it only validates a domain or subdomain
IP addresses to make virtual servers in apache with custom SSL.
1. Obtaining necessary files
First of all, download all the files under /etc/apache2/sites-available/
and store them in a folder, make a secure backup.
In a normal ispconfig installation, the .vhosts file of apache2 configuration come with virtualhost *:80 (so that all ip's respond to the domains), that is ok in normal cases, we want a secure environment so we will change all this.
So imagine actually we have 10.10.10.10 as common ip, and we want to use 220.127.116.11 as IP for the ISPCONFIG PANEL to use SSL.
We First should change all the client .vhost files changing
Open ispconfig.vhost file and add Listen 18.104.22.168:ispconfigport on the top, and change the virtual host like this :
ErrorDocument 400 /error.html
In error.html, you must upload that file to /usr/local/ispconfig/interface/web/
That file should contain a window.location = https://panel.yourdomain.com
, to redirect http connections to your panel, instead of showing a 400BAD request error.
Now we are going to ensure that SSL is disabled for the rest of the domains, i had problems with that, so check it.
Open file /etc/apache2/ports.conf and make it look to something like this :
3. DNS RECORD
Now you should add a new A RECORD in your DNS pointing to 22.214.171.124, example.
A panel.domain.com 126.96.36.199
4. SSL certificate
Generate the SSL certificate like explained in this post, Remember the common name must be the subdomain panel.domain.com !!!!
When you generated it, go to Enom.com and add your CSR and generate the Secure Certificate. Enom will send you a certificate.crt, you must copy it to /usr/local/ispconfig/interface/ssl/, also upload intermediate.crt provided by enom.com.
Once you have all the cert files correctly uploaded, open the ispconfig.vhost file again and edit, ssl section as follows :
# SSL Configuration
Restart apache with
You are done, now your clients should access the panel trough your https://panel.domain.com: port
, with the secure SSL cert, also they can access their webmail and phpmyadmin in a secure environment https://panel.domain.com: port/phpmyadmin
, and https://panel.domain.com: port/webmail
if you configured your apache files correctly before
IF apache2 crashes, Check the logs, if necessary I can help.
Thank you for Reading