HowtoForge

Running ISPConfig 2 On Port 80 Using Apache's Reverse Proxy Feature (Debian Etch)

Running ISPConfig 2 On Port 80 Using Apache's Reverse Proxy Feature (Debian Etch)

Version 1.0
Author: Falko Timme

This article shows how you can configure a Debian Etch system that has the webhosting control panel ISPConfig 2 installed so that ISPConfig can be accessed on port 80. By default ISPConfig uses port 81 which is a non-standard port and is blocked by some firewalls and ISPs. By using Apache's mod_proxy module, we can avoid this problem. It lets us create a reverse proxy that can fetch the pages from ISPConfig on port 81.

Please note: This tutorial is about ISPConfig 2 only, it is not compatible with ISPConfig 3. For ISPConfig 3 there is an Nginx reverse plugin available at github.

I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

I have tested this on a Debian Etch system. While some commands in this tutorial are Debian-specific, most of it can be applied to any other Linux distribution (especially the Apache configuration).

I'm using the hostname ispconfig.example.com in this tutorial. The goal of this tutorial is to access ISPConfig under the URL http://ispconfig.example.com. I'm going to show how to do this in two separate chapters: one chapter if ISPConfig is installed under http://ispconfig.example.com:81 (http), and one chapter if ISPConfig is installed under https://ispconfig.example.com:81 (https).

 

2 ISPConfig Using http (http://ispconfig.example.com:81)

In order to create a reverse proxy for http requests, we need the Apache modules mod_proxy and mod_proxy_http. These are already installed in a standard Debian Etch Apache 2.2 installation, so all we have to do is enable them:

a2enmod proxy
a2enmod proxy_http

Afterwards, we have to reload Apache:

/etc/init.d/apache2 force-reload

Next, we must configure Apache. Open /etc/apache2/apache2.conf and search for this section:

vi /etc/apache2/apache2.conf
[...]
# Include the virtual host configurations:
Include /etc/apache2/sites-enabled/

<Directory /var/www/sharedip>
    Options +Includes -Indexes
    AllowOverride None
    AllowOverride Indexes AuthConfig Limit FileInfo
    Order allow,deny
    Allow from all
    <Files ~ "^\.ht">
    Deny from all
    </Files>
</Directory>
[...]

Right before this section, we add the following lines:

NameVirtualHost *
<VirtualHost *>
        ServerName ispconfig.example.com
        DocumentRoot /var/www/
        ProxyRequests Off

        <Proxy *>
          Order deny,allow
          Allow from all
        </Proxy>

        ProxyPass / http://ispconfig.example.com:81/
        ProxyPassReverse / http://ispconfig.example.com:81/
</VirtualHost>

so that it looks like this:

[...]
NameVirtualHost *
<VirtualHost *>
        ServerName ispconfig.example.com
        DocumentRoot /var/www/
        ProxyRequests Off

        <Proxy *>
          Order deny,allow
          Allow from all
        </Proxy>

        ProxyPass / http://ispconfig.example.com:81/
        ProxyPassReverse / http://ispconfig.example.com:81/
</VirtualHost>

# Include the virtual host configurations:
Include /etc/apache2/sites-enabled/

<Directory /var/www/sharedip>
    Options +Includes -Indexes
    AllowOverride None
    AllowOverride Indexes AuthConfig Limit FileInfo
    Order allow,deny
    Allow from all
    <Files ~ "^\.ht">
    Deny from all
    </Files>
</Directory>
[...]

Then restart Apache:

/etc/init.d/apache2 restart

If you get warning like this one:

server1:~/ispconfig/httpd/conf# /etc/init.d/apache2 restart
Forcing reload of web server (apache2)...[Tue May 22 23:23:12 2007] [warn] NameVirtualHost *:0 has no VirtualHosts
[Tue May 22 23:23:22 2007] [warn] NameVirtualHost *:0 has no VirtualHosts

then you can either comment out the line Include /etc/apache2/sites-enabled/ in /etc/apache2/apache2.conf:

vi /etc/apache2/apache2.conf
[...]
# Include the virtual host configurations:
#Include /etc/apache2/sites-enabled/
[...]

or you comment out the line NameVirtualHost * at the beginning of /etc/apache2/sites-available/default:

vi /etc/apache2/sites-available/default
#NameVirtualHost *
[...]

Restart Apache:

/etc/init.d/apache2 restart

The warnings should be gone now.

Finally we have to modify the ISPConfig configuration file /home/admispconfig/ispconfig/lib/config.inc.php. You should find something like this in it:

vi /home/admispconfig/ispconfig/lib/config.inc.php
[...]
if(isset($_SERVER['HTTP_HOST'])){
  $go_info["server"]["server_url"] = 'http://'.$_SERVER['HTTP_HOST'];
} else {
  $go_info["server"]["server_url"] = "http://ispconfig.example.com:81";
}
[...]

Modify it so that it looks like this:

[...]
//if(isset($_SERVER['HTTP_HOST'])){
//  $go_info["server"]["server_url"] = 'http://'.$_SERVER['HTTP_HOST'];
//} else {
  $go_info["server"]["server_url"] = "http://ispconfig.example.com";
//}
[...]

That's it. Open a browser and type in http://ispconfig.example.com, and you should see the ISPConfig login prompt.

 

3 ISPConfig Using https (https://ispconfig.example.com:81)

In order to create a reverse proxy for http requests, we need the Apache modules mod_proxy and mod_proxy_http. These are already installed in a standard Debian Etch Apache 2.2 installation, so all we have to do is enable them:

a2enmod proxy
a2enmod proxy_http

Because our Apache reverse proxy must be able to "talk" to an https site (https://ispconfig.example.com:81), we also need the modules mod_proxy_connect and mod_ssl:

a2enmod proxy_connect
a2enmod ssl

Afterwards, we have to reload Apache:

/etc/init.d/apache2 force-reload

Next, we must configure Apache. Open /etc/apache2/apache2.conf and search for this section:

vi /etc/apache2/apache2.conf
[...]
# Include the virtual host configurations:
Include /etc/apache2/sites-enabled/

<Directory /var/www/sharedip>
    Options +Includes -Indexes
    AllowOverride None
    AllowOverride Indexes AuthConfig Limit FileInfo
    Order allow,deny
    Allow from all
    <Files ~ "^\.ht">
    Deny from all
    </Files>
</Directory>
[...]

Right before this section, add the following lines:

NameVirtualHost *
<VirtualHost *>
        ServerName ispconfig.example.com
        DocumentRoot /var/www/
        ProxyRequests Off

        <Proxy *>
          Order deny,allow
          Allow from all
        </Proxy>

        ProxyPass / https://ispconfig.example.com:81/
        ProxyPassReverse / https://ispconfig.example.com:81/

        SSLProxyEngine on
        AllowCONNECT 81
</VirtualHost>

so that it looks like this:

[...]
NameVirtualHost *
<VirtualHost *>
        ServerName ispconfig.example.com
        DocumentRoot /var/www/
        ProxyRequests Off

        <Proxy *>
          Order deny,allow
          Allow from all
        </Proxy>

        ProxyPass / https://ispconfig.example.com:81/
        ProxyPassReverse / https://ispconfig.example.com:81/

        SSLProxyEngine on
        AllowCONNECT 81
</VirtualHost>

# Include the virtual host configurations:
Include /etc/apache2/sites-enabled/

<Directory /var/www/sharedip>
    Options +Includes -Indexes
    AllowOverride None
    AllowOverride Indexes AuthConfig Limit FileInfo
    Order allow,deny
    Allow from all
    <Files ~ "^\.ht">
    Deny from all
    </Files>
</Directory>
[...]

Then restart Apache:

/etc/init.d/apache2 restart

If you get warning like this one:

server1:~/ispconfig/httpd/conf# /etc/init.d/apache2 restart
Forcing reload of web server (apache2)...[Tue May 22 23:23:12 2007] [warn] NameVirtualHost *:0 has no VirtualHosts
[Tue May 22 23:23:22 2007] [warn] NameVirtualHost *:0 has no VirtualHosts

then you can either comment out the line Include /etc/apache2/sites-enabled/ in /etc/apache2/apache2.conf:

vi /etc/apache2/apache2.conf
[...]
# Include the virtual host configurations:
#Include /etc/apache2/sites-enabled/
[...]

or you comment out the line NameVirtualHost * at the beginning of /etc/apache2/sites-available/default:

vi /etc/apache2/sites-available/default
#NameVirtualHost *
[...]

Restart Apache:

/etc/init.d/apache2 restart

The warnings should be gone now.

Finally we have to modify the ISPConfig configuration file /home/admispconfig/ispconfig/lib/config.inc.php. You should find something like this in it:

vi /home/admispconfig/ispconfig/lib/config.inc.php
[...]
if(isset($_SERVER['HTTP_HOST'])){
  $go_info["server"]["server_url"] = 'https://'.$_SERVER['HTTP_HOST'];
} else {
  $go_info["server"]["server_url"] = "https://ispconfig.example.com:81";
}
[...]

Modify it so that it looks like this:

[...]
//if(isset($_SERVER['HTTP_HOST'])){
//  $go_info["server"]["server_url"] = 'https://'.$_SERVER['HTTP_HOST'];
//} else {
  $go_info["server"]["server_url"] = "http://ispconfig.example.com";
//}
[...]

Please make sure that it reads http://ispconfig.example.com, not https://ispconfig.example.com!

That's it. Open a browser and type in http://ispconfig.example.com, and you should see the ISPConfig login prompt.

 

Running ISPConfig 2 On Port 80 Using Apache's Reverse Proxy Feature (Debian Etch)