Running ISPConfig 2 On Port 80 Using Apache's Reverse Proxy Feature (Debian Etch)
Version 1.0
Author: Falko Timme
This article shows how you can configure a Debian Etch system that has the webhosting control panel ISPConfig 2 installed so that ISPConfig can be accessed on port 80. By default ISPConfig uses port 81 which is a non-standard port and is blocked by some firewalls and ISPs. By using Apache's mod_proxy module, we can avoid this problem. It lets us create a reverse proxy that can fetch the pages from ISPConfig on port 81.
Please note: This tutorial is about ISPConfig 2 only, it is not compatible with ISPConfig 3. For ISPConfig 3 there is an Nginx reverse plugin available at github.
I do not issue any guarantee that this will work for you!
1 Preliminary Note
I have tested this on a Debian Etch system. While some commands in this tutorial are Debian-specific, most of it can be applied to any other Linux distribution (especially the Apache configuration).
I'm using the hostname ispconfig.example.com in this tutorial. The goal of this tutorial is to access ISPConfig under the URL http://ispconfig.example.com. I'm going to show how to do this in two separate chapters: one chapter if ISPConfig is installed under http://ispconfig.example.com:81 (http), and one chapter if ISPConfig is installed under https://ispconfig.example.com:81 (https).
2 ISPConfig Using http (http://ispconfig.example.com:81)
In order to create a reverse proxy for http requests, we need the Apache modules mod_proxy and mod_proxy_http. These are already installed in a standard Debian Etch Apache 2.2 installation, so all we have to do is enable them:
a2enmod proxy
a2enmod proxy_http
Afterwards, we have to reload Apache:
/etc/init.d/apache2 force-reload
Next, we must configure Apache. Open /etc/apache2/apache2.conf and search for this section:
vi /etc/apache2/apache2.conf
[...] # Include the virtual host configurations: Include /etc/apache2/sites-enabled/ <Directory /var/www/sharedip> Options +Includes -Indexes AllowOverride None AllowOverride Indexes AuthConfig Limit FileInfo Order allow,deny Allow from all <Files ~ "^\.ht"> Deny from all </Files> </Directory> [...] |
Right before this section, we add the following lines:
NameVirtualHost * <VirtualHost *> ServerName ispconfig.example.com DocumentRoot /var/www/ ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass / http://ispconfig.example.com:81/ ProxyPassReverse / http://ispconfig.example.com:81/ </VirtualHost> |
so that it looks like this:
[...] NameVirtualHost * <VirtualHost *> ServerName ispconfig.example.com DocumentRoot /var/www/ ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass / http://ispconfig.example.com:81/ ProxyPassReverse / http://ispconfig.example.com:81/ </VirtualHost> # Include the virtual host configurations: Include /etc/apache2/sites-enabled/ <Directory /var/www/sharedip> Options +Includes -Indexes AllowOverride None AllowOverride Indexes AuthConfig Limit FileInfo Order allow,deny Allow from all <Files ~ "^\.ht"> Deny from all </Files> </Directory> [...] |
Then restart Apache:
/etc/init.d/apache2 restart
If you get warning like this one:
server1:~/ispconfig/httpd/conf# /etc/init.d/apache2 restart
Forcing reload of web server (apache2)...[Tue May 22 23:23:12 2007] [warn] NameVirtualHost *:0 has no VirtualHosts
[Tue May 22 23:23:22 2007] [warn] NameVirtualHost *:0 has no VirtualHosts
then you can either comment out the line Include /etc/apache2/sites-enabled/ in /etc/apache2/apache2.conf:
vi /etc/apache2/apache2.conf
[...] # Include the virtual host configurations: #Include /etc/apache2/sites-enabled/ [...] |
or you comment out the line NameVirtualHost * at the beginning of /etc/apache2/sites-available/default:
vi /etc/apache2/sites-available/default
#NameVirtualHost * [...] |
Restart Apache:
/etc/init.d/apache2 restart
The warnings should be gone now.
Finally we have to modify the ISPConfig configuration file /home/admispconfig/ispconfig/lib/config.inc.php. You should find something like this in it:
vi /home/admispconfig/ispconfig/lib/config.inc.php
[...] if(isset($_SERVER['HTTP_HOST'])){ $go_info["server"]["server_url"] = 'http://'.$_SERVER['HTTP_HOST']; } else { $go_info["server"]["server_url"] = "http://ispconfig.example.com:81"; } [...] |
Modify it so that it looks like this:
[...] //if(isset($_SERVER['HTTP_HOST'])){ // $go_info["server"]["server_url"] = 'http://'.$_SERVER['HTTP_HOST']; //} else { $go_info["server"]["server_url"] = "http://ispconfig.example.com"; //} [...] |
That's it. Open a browser and type in http://ispconfig.example.com, and you should see the ISPConfig login prompt.
3 ISPConfig Using https (https://ispconfig.example.com:81)
In order to create a reverse proxy for http requests, we need the Apache modules mod_proxy and mod_proxy_http. These are already installed in a standard Debian Etch Apache 2.2 installation, so all we have to do is enable them:
a2enmod proxy
a2enmod proxy_http
Because our Apache reverse proxy must be able to "talk" to an https site (https://ispconfig.example.com:81), we also need the modules mod_proxy_connect and mod_ssl:
a2enmod proxy_connect
a2enmod ssl
Afterwards, we have to reload Apache:
/etc/init.d/apache2 force-reload
Next, we must configure Apache. Open /etc/apache2/apache2.conf and search for this section:
vi /etc/apache2/apache2.conf
[...] # Include the virtual host configurations: Include /etc/apache2/sites-enabled/ <Directory /var/www/sharedip> Options +Includes -Indexes AllowOverride None AllowOverride Indexes AuthConfig Limit FileInfo Order allow,deny Allow from all <Files ~ "^\.ht"> Deny from all </Files> </Directory> [...] |
Right before this section, add the following lines:
NameVirtualHost * <VirtualHost *> ServerName ispconfig.example.com DocumentRoot /var/www/ ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass / https://ispconfig.example.com:81/ ProxyPassReverse / https://ispconfig.example.com:81/ SSLProxyEngine on AllowCONNECT 81 </VirtualHost> |
so that it looks like this:
[...] NameVirtualHost * <VirtualHost *> ServerName ispconfig.example.com DocumentRoot /var/www/ ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass / https://ispconfig.example.com:81/ ProxyPassReverse / https://ispconfig.example.com:81/ SSLProxyEngine on AllowCONNECT 81 </VirtualHost> # Include the virtual host configurations: Include /etc/apache2/sites-enabled/ <Directory /var/www/sharedip> Options +Includes -Indexes AllowOverride None AllowOverride Indexes AuthConfig Limit FileInfo Order allow,deny Allow from all <Files ~ "^\.ht"> Deny from all </Files> </Directory> [...] |
Then restart Apache:
/etc/init.d/apache2 restart
If you get warning like this one:
server1:~/ispconfig/httpd/conf# /etc/init.d/apache2 restart
Forcing reload of web server (apache2)...[Tue May 22 23:23:12 2007] [warn] NameVirtualHost *:0 has no VirtualHosts
[Tue May 22 23:23:22 2007] [warn] NameVirtualHost *:0 has no VirtualHosts
then you can either comment out the line Include /etc/apache2/sites-enabled/ in /etc/apache2/apache2.conf:
vi /etc/apache2/apache2.conf
[...] # Include the virtual host configurations: #Include /etc/apache2/sites-enabled/ [...] |
or you comment out the line NameVirtualHost * at the beginning of /etc/apache2/sites-available/default:
vi /etc/apache2/sites-available/default
#NameVirtualHost * [...] |
Restart Apache:
/etc/init.d/apache2 restart
The warnings should be gone now.
Finally we have to modify the ISPConfig configuration file /home/admispconfig/ispconfig/lib/config.inc.php. You should find something like this in it:
vi /home/admispconfig/ispconfig/lib/config.inc.php
[...] if(isset($_SERVER['HTTP_HOST'])){ $go_info["server"]["server_url"] = 'https://'.$_SERVER['HTTP_HOST']; } else { $go_info["server"]["server_url"] = "https://ispconfig.example.com:81"; } [...] |
Modify it so that it looks like this:
[...] //if(isset($_SERVER['HTTP_HOST'])){ // $go_info["server"]["server_url"] = 'https://'.$_SERVER['HTTP_HOST']; //} else { $go_info["server"]["server_url"] = "http://ispconfig.example.com"; //} [...] |
Please make sure that it reads http://ispconfig.example.com, not https://ispconfig.example.com!
That's it. Open a browser and type in http://ispconfig.example.com, and you should see the ISPConfig login prompt.
4 Links
- Apache Module mod_proxy: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
- Apache: http://httpd.apache.org
- ISPConfig: http://www.ispconfig.org
- Debian: http://www.debian.org