+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Contributions Area (/forum-40.html)
+--- Forum: Howtos (/forum-41.html)
+--- Thread: [Howto] Change ispcp default listening port and add ssl (/thread-9094.html)
Pages: 1 2
[Howto] Change ispcp default listening port and add ssl - aseques - 01-05-2010 08:20 PM
This if only valid for >= 1.0.3
There's a wiki page explaining howto change the default port for the ispcp admin panel and enablin ssl at the same time.
http://www.isp-control.net/documentation/doku.php?id=howto:defaultport
The advantages of this are quite clear (in my case I use https under port 8443)
.- It's easy for people to migrate from plesk for exemple (others apply too..)
.- Doesn't matter the domain, the customer will have a option to enter to the control panel using his own domain (https://example.com:8443) instead of having to remember your server name (wich gives you trouble in case of a server migration)
.- Doesn't interfere with the rest of the services on 443 (for example you can still have webmail under ssl too)
Bugs/enhancement pending on the trunk version (what will be 1.0.8)
Adding port information on ispcp.conf
Adding the port information to ispcp would make easier to mantain a installation with ssl on non-standard port.
Ticket 2438
UPDATES
There was a problem with the links in the main page
Ticket 2093
fixed in rev2501
There was a problem with the default pages created that didn't use the default schema for the admin panel (always http
Ticket 2091
fixed in rev2516
login.php
Currently login.php breaks when used with a port not standard (80 for http or 443 for https)
There's a patch for this (the same fix there's in the wiki howto)
http://www.isp-control.net/ispcp/ticket/2092
fixed in rev2909
phpmyadmin autologin
The autologin for the php users doesn't work if you are under ssl and/or a different port than 80/443. Until this is fixed the users have to use the link at the left.
http://www.isp-control.net/ispcp/ticket/2228
fixed in rev3126
RE: [Howto] Change ispcp default listening port - aseques - 02-19-2010 11:47 PM
Updated the main post with the fixed issues that are blocking general usage of ssl + non-default port
RE: [Howto] Change ispcp default listening port - aseques - 02-25-2010 12:50 AM
I've just updated the main post with the reference to ticket #2228
RE: [Howto] Change ispcp default listening port and add ssl - aseques - 05-03-2010 11:46 PM
The login.php bug is finally fixed, after rev2909 login.php under ssl on port 8443 without problems.
RE: [Howto] Change ispcp default listening port and add ssl - mafia - 05-08-2010 02:26 AM
hello tuto ispcp 1.0.5 merci
RE: [Howto] Change ispcp default listening port and add ssl - Arris - 08-27-2010 09:39 AM
It dont work for me with Debian on VServer i get an rewrite error:
- - [27/Aug/2010:01:10:23 +0200] [FQHN/sid#877f4f8][rid#87e6e28/initial] (2) init rewrite engine with requested uri /admin/index.php
- - [27/Aug/2010:01:10:23 +0200] [FQHN/sid#877f4f8][rid#87e6e28/initial] (3) applying pattern '^/webmail.*' to uri '/admin/index.php'
- - [27/Aug/2010:01:10:23 +0200] [FQHN/sid#877f4f8][rid#87e6e28/initial] (3) applying pattern '^/.*' to uri '/admin/index.php'
- - [27/Aug/2010:01:10:23 +0200] [FQHN/sid#877f4f8][rid#87e6e28/initial] (4) RewriteCond: input='FQHN' pattern='^FQHN.*' [NC] => matched
- - [27/Aug/2010:01:10:23 +0200] [FQHN/sid#877f4f8][rid#87e6e28/initial] (4) RewriteCond: input='/admin/index.php' pattern='!^\/tools\/.*' [NC] => matched
- - [27/Aug/2010:01:10:23 +0200] [FQHN/sid#877f4f8][rid#87e6e28/initial] (2) rewrite '/admin/index.php' -> 'https://FQHN:8443/'
- - [27/Aug/2010:01:10:23 +0200] [FQHN/sid#877f4f8][rid#87e6e28/initial] (2) implicitly forcing redirect (rc=302) with https://FQHN:8443/
- - [27/Aug/2010:01:10:23 +0200] [FQHN/sid#877f4f8][rid#87e6e28/initial] (1) escaping https://FQHN:8443/ for redirect
- - [27/Aug/2010:01:10:23 +0200] [FQHN/sid#877f4f8][rid#87e6e28/initial] (1) redirect to https://FQHN:8443/ [REDIRECT/302]
any idea?
greetz
Arris
RE: [Howto] Change ispcp default listening port and add ssl - aseques - 08-27-2010 10:02 PM
.- Updated the main post with opened/closed ticket to reflect current status.
.- Some changes on the wiki describing the new approach to ssl sites.
RE: [Howto] Change ispcp default listening port and add ssl - Arris - 09-05-2010 11:58 PM
SOLVED
I missanderstud the Line "Fix login.php (only in versions before r2909 or ispcp 1.0.6"
I use 1.0.6 and think the login.php must only fix in versions BEFOR 1.0.6
mod_rewrite redirect from Port 80 to 443 and then to 8443, the login.php redirect to port 80 and the dog bites itself into the tail
Now it works as aspected, thanks
Arris
RE: [Howto] Change ispcp default listening port and add ssl - tek - 05-18-2011 11:24 AM
Not sure if I was having some kind of other issue but this would not work for me doing it exactly as you have documented and I am wondering if this just slipped out or if its actually required and missing from the documentation.
Easy to miss actually so I am betting that is the case but for anyone else's benefit who might try this and end up with the same thing I was getting I'll add a bit more detail and explain my setup a bit.
What was happening to me was in trying to hit https://admin.example.com or https://admin.example.com:8443 or https://admin.www.example.com:8443 in chrome I would get an error message saying:
This webpage has a redirect loop
The webpage at https://admin.www.example.com:8443/ has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.
don't recall the firefox error message.
I would also frequently get a url that looked like https://admin.www.example.com:8443/admin/index.phpadmin/index.phpadmin/index.phpadmin or something like that and in my apache error logs I would get this:
192.168.1.145 - - [15/May/2011:22:24:53 -0700] "GET /admin/index.phpadmin/index.phpadmin/index.phpadmin/index.phpadmin/index.phpadmin/index.phpadmin/index.phpadmin/index.phpadmin/index.phpadmin/index.phpadmin/index.phpadmin/index.phptools/webmail HTTP/1.1" 301 322 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110422 Ubuntu/10.04 (lucid) Firefox/3.6.17"
What resolved it was modifying the basedir restrictions in the 00_master.conf so they read as follows:
<Directory /var/www/ispcp/gui>
php_admin_value open_basedir "/var/www/ispcp/gui/:/etc/ispcp/:/var/run/ispcp.lock:/proc/:/bin/df:/bin/mount:/var/log/rkhunter.log:/var/log/chkrootkit
.log:/usr/share/php/"
php_admin_value session.save_path "/var/www/ispcp/gui/phptmp/"
php_admin_value upload_tmp_dir "/var/www/ispcp/gui/phptmp/"
</Directory>
What is different than what you have in the documentation is the inclusion of /var/www/ispcp/gui: in the first stanza. It was in the original and yes you are calling it out in the <directory line BUT I believe you are also basically excluding it by not having it in there in the actually open_basedir directive.
Adding that for me resolved it and got all my control panel pages accessible again.
Perhaps cause I am using mod_gnutls and mod_ssl but at least for me it wasn't working.
I was tested this out on a dev system before I make the changes to my other systems.
Here is the system config if it might help someone else.
lsb_release -cd
Description: Ubuntu 10.04.2 LTS
Codename: lucid
PHP 5.3.2-1ubuntu4.9 with Suhosin-Patch (cli)
apache2 2.2.14-5ubuntu8.4
apache2-mpm-worker 2.2.14-5ubuntu8.4
apache2-suexec 2.2.14-5ubuntu8.4
apache2-utils 2.2.14-5ubuntu8.4
apache2.2-bin 2.2.14-5ubuntu8.4
apache2.2-common 2.2.14-5ubuntu8.4
libapache2-mod-fastcgi 2.4.6-1
libapache2-mod-fcgid 1:2.3.4-2ubuntu0.2
libapache2-mod-gnutls 0.5.5-1
openssl 0.9.8k-7ubuntu8.6
ispCP:
BuildDate = 20101124
Version = 1.0.7 OMEGA
CodeName = Priamos
DistName = Ubuntu
Reading my error logs and the rewrite logs was not as helpful as just comparing line by line to a working non-modified 00_master.conf file. I even reworked the structure of the file a bit so it was more readable to me, that was when I notice the one line missing.
Hopefully this helps someone else out.
RE: [Howto] Change ispcp default listening port and add ssl - aseques - 05-23-2011 08:46 PM
(05-18-2011 11:24 AM)tek Wrote: What resolved it was modifying the basedir restrictions in the 00_master.conf so they read as follows:Hello, I don't see exactly what did you change. Can you send/post the 00_master.conf here or in a PM?
<Directory /var/www/ispcp/gui>
php_admin_value open_basedir "/var/www/ispcp/gui/:/etc/ispcp/:/var/run/ispcp.lock:/proc/:/bin/df:/bin/mount:/var/log/rkhunter.log:/var/log/chkrootkit
.log:/usr/share/php/"
php_admin_value session.save_path "/var/www/ispcp/gui/phptmp/"
php_admin_value upload_tmp_dir "/var/www/ispcp/gui/phptmp/"
</Directory>
What is different than what you have in the documentation is the inclusion of /var/www/ispcp/gui: in the first stanza. It was in the original and yes you are calling it out in the <directory line BUT I believe you are also basically excluding it by not having it in there in the actually open_basedir directive.
Adding that for me resolved it and got all my control panel pages accessible again.
Feel free to update the wiki if you find some wrong information.