Change HTTPS from 81 to 443

Discussion in 'Installation/Configuration' started by RTHREE, Jun 27, 2009.

  1. RTHREE

    RTHREE New Member

    Hello all,

    I want to change the ISPConfig 2 portal from https://server:81 to https://server.

    This because there are firewalls by some customers that block port 81.

    What is the best solution for this problem?

    My O.S. Centos 5.3
     
  2. mccharlet

    mccharlet Member HowtoForge Supporter

    Hi,

    You change port 81 to 443 in the file /root/ispconfig/httpd/conf/httpd.conf

    And restart ispconfig
     
  3. RTHREE

    RTHREE New Member

    Sorry, but i had tried that already. It won't work.
     
  4. falko

    falko Super Moderator ISPConfig Developer

    You must also change the port in /home/admispconfig/ispconfig/lib/config.inc.php.
     
  5. RTHREE

    RTHREE New Member

    I have changed:

    /root/ispconfig/httpd/conf/httpd.conf
    from Port 81 to Port 443
    from Listen 81 to 443
    from <VirtualHost _default_:81> to <VirtualHost _default_:443>

    /home/admispconfig/ispconfig/lib/config.inc.php
    $go_info["server"]["server_url"] = "https://web1.domain.com:81"; to $go_info["server"]["server_url"] = "https://web1.domain.com:443";

    and restart the ispconfig server. nothing worked when i go tp https://web1.domain.com only the default apache page.....
     
  6. falko

    falko Super Moderator ISPConfig Developer

    Is it possible that your main Apache is already listening on port 443? What's the output of
    Code:
    netstat -tap
    ?
     
  7. RTHREE

    RTHREE New Member

    yes is does.
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Then you can not switch ispconfig to port 443 of course as only one server can listen to a specific port. Thats why ISPConfig uses port 81 and not 443.
     
  9. R0yk3

    R0yk3 New Member

    Hello,

    i did the above and when igo to https://[url]www.sieliakus.nl[/url] i get nothing :(

    the netstat tap shows 443 is available??

    what do i do wrong?

    replacing 443 for 8080 does work? standard 443 wil not work??
     
    Last edited: Nov 19, 2009
  10. martinfst

    martinfst ISPConfig Developer ISPConfig Developer

    proxy option

    you can also place ispc behind a proxy website. Create a "normal" site site and add the proxy commands in the configuration.

    You can then access ispc as it it was a normal site. I have done experiments to proxy either the 80 or 443 ports. Both works, although for https there's a small bug preventing some graphics to come through (you will have to accept both the ispc:81 as well as the proxy:443 certs.

    I have opened a bugreport to fix this.
     
  11. R0yk3

    R0yk3 New Member

    Above is a no solution for me :confused:

    The question remains, with or without proxy Why can't i connect through port 443? other ports work except 443?? What do i do wrong??

    Or is that the bug??
     
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    There is no bug. Port 443 is already in use by your main webserver, thats why you cant use it for the ispconfig webserver as only one service cab be bound to a specific port at a time. Thats the reason why ispconfig uses port 81 by default so you can still have other ssl enabled websites on your server.
     
  13. martinfst

    martinfst ISPConfig Developer ISPConfig Developer

    Like Till said, there's no bug in this regard.
    You have to run ispc on port 81 and your normal websites on 443. You can then create a proxy as a normal website (+ DNS entry), which redirects to port 81. This way you can keep ispc running on port 81, and still access ispc via port 443 for locations where port 81 is blocked.
     
  14. R0yk3

    R0yk3 New Member

    Ok, enlighten me.

    create new site
    then proxy trough that ssl site to the ispconfig site.

    via cURL? or is there a standard script for that. There are proxy scripts but have not seen one which works perfect.

    wil a iframe work? you wil keep firewall issues

    reply may in dutch :D

    If it works we can translate it.

    groet
    Roy
     
  15. martinfst

    martinfst ISPConfig Developer ISPConfig Developer

    Simplified rulebook

    It's via the standard apache directives, which you can specify in ispconfig. Short rulebook:


    1. setup ispconfig on port 81 on a dedicated IP address
    2. Create a normal site in ispconfig (site in example below)
    3. Create both dns entries for your your ispc (on port 81) and your normal ssl site
    4. enable ssl and create a certificate. Make sure it works. You will have to use another IP (so you're now using two ip addresses)
    5. Add the below in the Apache Directives box. Mind you have to change the domain names to whatever suits you.
      Code:
      ProxyRequests Off
      SSLProxyEngine on
       
      <Proxy https://site.domain.tld/>
        Order deny,allow
        Allow from all
      </Proxy>
      
      <Location />
            Order deny,allow
            Allow from all
      </Location>
      
      ProxyPass / https://ispc.domain.tld:81/
      ProxyPassReverse / https://ispc.domain.tld:81/
     
  16. R0yk3

    R0yk3 New Member

    Thanks for your reply, i understand it :D

    But i only have one dedicated IP :(
    So i guess it wil not work.

    i am experimenting with cgiproxy, a bit of a workaround.

    again thanks
     

Share This Page