Cannot Access ISPConfig3 Login Page

Discussion in 'Installation/Configuration' started by aljachimiak, May 30, 2013.

  1. aljachimiak

    aljachimiak New Member

    [SOLVED] Cannot Access ISPConfig3 Login Page

    I've had a server with ISPConfig3 running on it for about a year.

    I just went to go login and I cannot access the login page.

    Firefox says
    The connection was reset
    Chrome says
    The connection was reset.
    I am trying to access
    Other info:
    All of my other hosted sites are available (on port 80).

    Several of the sites are wordpress, so I know that php is functioning.

    Also, one of the sites has url rewrites working, so nginx and php seem to be getting along well together.

    Any help?
    Last edited: May 31, 2013
  2. monkfish

    monkfish New Member


    You've probably tried the usual empty firefox cache etc.

    Have a look on your server, use iptraf to monitor incoming connections, or "tcpdump -n port 8080" and see if any request from your client actually hits the server.

    If not, then something in between is rejecting the connection. Your router? Upstream router? I have seen a few service providers start blocking port 8080 as its (incorrectly) associated with proxy servers.

    Maybe a "netstat -nlp" to double-check your http is definitely listening on port 8080 as well as websites which you have checked are available.

    I have got it into my head that somebody else asked this today, cannot remember where I read it though.
  3. aljachimiak

    aljachimiak New Member


    Thanks for the quick reply (and cleaning up the spam...)

    It seems that my iptables rule for port 443 was gone.

    Here is how I solved my problem:

    (1) Open the port manually with iptables:
    I ssh'd into the server and typed this:
    sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
    (2) Tested for functionality:
    Opened up my browser to https://<ipaddress>:8080 and saw the ispconfig3 login page.


    (3) Make the rule permenent:
    The easiest way I found to do this was to add it to the rc.local script. This script runs at the end of every boot process as root, so commands entered into this script will be executed every time the server boots.

    I navigated to /etc
    cd /etc
    Then opened rc.local with nano
    sudo nano rc.local
    It was empty at the time, so I included the iptables rule just before exit on the script
    iptables -A INPUT -p tcp --dport 443 -j ACCEPT
    note: sudo is not necessary here because the script is executed as root.

    Then I rebooted the server to test that it worked.


    I'm sure there are several other ways to accomplish this. But it did restore the functionality that I needed.

    If there is a better way to open that port, I'm open to suggestion.

    Last edited: May 31, 2013
  4. monkfish

    monkfish New Member


    Is is possible you may be mistaken as to the cause and your actions to resolve...

    If your ispconfig is running on port 8080, and you're connecting to https://youripordomain:8080 then its not going anywhere near 443.

    So opening 443 for that ip address will allow traffic on that port but won't do anything for 8080...

    If it wasnt working yesterday and its working now I'd suspect something in between your client and the sever.

    Unless of course you do mean 8080 all the way along in your notes and firewall ruleset?

    You might want to check out something like firewall builder to build and deploy a comprehensive firewall for your needs - you can set it on boot and your ruleset will therefore be permanent.
  5. aljachimiak

    aljachimiak New Member

    I see - I was assuming port 443 as a possible issue because of the HTTPS.

    I'm at work now and cannot access the login page again.

    My fix occured at home.

    This may be an issue of my workplace blocking port :8080 access. I'll try removing the rule from iptables when I'm home and report back.
  6. monkfish

    monkfish New Member

    Thanks for the update.

    Were you able to previously access it from your workplace on port 8080? Then a few days ago couldn't? Possibly works network/security team recently implemented some blocks?

    If you do need access from your workplace you could try one of:-

    - if you had a spare ip address you could run ispconfig on port 443 instead of port 80. Highly likely it will simply "mix in" with other SSL traffic on 443 and not be affected by any workplace blocks.

    - if your workplace allows outgoing VPN use openvpn or similar to create a tunnel to your server itself or to a machine that CAN access your server on port 8080.

Share This Page