Current time: 11-22-2024, 02:31 PM Hello There, Guest! (LoginRegister)


Post Reply 
[Howto] Change ispcp default listening port and add ssl
Author Message
aseques Offline
Member
*****
Dev Team

Posts: 330
Joined: May 2008
Reputation: 4
Post: #1
[Howto] Change ispcp default listening port and add ssl
This if only valid for >= 1.0.3

There's a wiki page explaining howto change the default port for the ispcp admin panel and enablin ssl at the same time.
http://www.isp-control.net/documentation...efaultport

The advantages of this are quite clear (in my case I use https under port 8443)
.- It's easy for people to migrate from plesk for exemple (others apply too..)
.- Doesn't matter the domain, the customer will have a option to enter to the control panel using his own domain (https://example.com:8443) instead of having to remember your server name (wich gives you trouble in case of a server migration)
.- Doesn't interfere with the rest of the services on 443 (for example you can still have webmail under ssl too)

Bugs/enhancement pending on the trunk version (what will be 1.0.8)

Adding port information on ispcp.conf
Adding the port information to ispcp would make easier to mantain a installation with ssl on non-standard port.
Ticket 2438

UPDATES
There was a problem with the links in the main page
Ticket 2093
fixed in rev2501

There was a problem with the default pages created that didn't use the default schema for the admin panel (always httpSmile
Ticket 2091
fixed in rev2516

login.php
Currently login.php breaks when used with a port not standard (80 for http or 443 for https)
There's a patch for this (the same fix there's in the wiki howto)
http://www.isp-control.net/ispcp/ticket/2092
fixed in rev2909

phpmyadmin autologin
The autologin for the php users doesn't work if you are under ssl and/or a different port than 80/443. Until this is fixed the users have to use the link at the left.
http://www.isp-control.net/ispcp/ticket/2228
fixed in rev3126
(This post was last modified: 05-03-2011 01:00 AM by aseques.)
01-05-2010 08:20 PM
Find all posts by this user Quote this message in a reply
aseques Offline
Member
*****
Dev Team

Posts: 330
Joined: May 2008
Reputation: 4
Post: #2
RE: [Howto] Change ispcp default listening port
Updated the main post with the fixed issues that are blocking general usage of ssl + non-default port
02-19-2010 11:47 PM
Find all posts by this user Quote this message in a reply
aseques Offline
Member
*****
Dev Team

Posts: 330
Joined: May 2008
Reputation: 4
Post: #3
RE: [Howto] Change ispcp default listening port
I've just updated the main post with the reference to ticket #2228
02-25-2010 12:50 AM
Find all posts by this user Quote this message in a reply
aseques Offline
Member
*****
Dev Team

Posts: 330
Joined: May 2008
Reputation: 4
Post: #4
RE: [Howto] Change ispcp default listening port and add ssl
The login.php bug is finally fixed, after rev2909 login.php under ssl on port 8443 without problems.
05-03-2010 11:46 PM
Find all posts by this user Quote this message in a reply
mafia Offline
Banned

Posts: 170
Joined: May 2008
Post: #5
RE: [Howto] Change ispcp default listening port and add ssl
hello tuto ispcp 1.0.5 merci
05-08-2010 02:26 AM
Find all posts by this user Quote this message in a reply
Arris Offline
Newbie
*

Posts: 5
Joined: Aug 2010
Reputation: 0
Post: #6
RE: [Howto] Change ispcp default listening port and add ssl
It dont work for me with Debian on VServer i get an rewrite error:

- - [27/Aug/2010:01:10:23 +0200] [FQHN/sid#877f4f8][rid#87e6e28/initial] (2) init rewrite engine with requested uri /admin/index.php
- - [27/Aug/2010:01:10:23 +0200] [FQHN/sid#877f4f8][rid#87e6e28/initial] (3) applying pattern '^/webmail.*' to uri '/admin/index.php'
- - [27/Aug/2010:01:10:23 +0200] [FQHN/sid#877f4f8][rid#87e6e28/initial] (3) applying pattern '^/.*' to uri '/admin/index.php'
- - [27/Aug/2010:01:10:23 +0200] [FQHN/sid#877f4f8][rid#87e6e28/initial] (4) RewriteCond: input='FQHN' pattern='^FQHN.*' [NC] => matched
- - [27/Aug/2010:01:10:23 +0200] [FQHN/sid#877f4f8][rid#87e6e28/initial] (4) RewriteCond: input='/admin/index.php' pattern='!^\/tools\/.*' [NC] => matched
- - [27/Aug/2010:01:10:23 +0200] [FQHN/sid#877f4f8][rid#87e6e28/initial] (2) rewrite '/admin/index.php' -> 'https://FQHN:8443/'
- - [27/Aug/2010:01:10:23 +0200] [FQHN/sid#877f4f8][rid#87e6e28/initial] (2) implicitly forcing redirect (rc=302) with https://FQHN:8443/
- - [27/Aug/2010:01:10:23 +0200] [FQHN/sid#877f4f8][rid#87e6e28/initial] (1) escaping https://FQHN:8443/ for redirect
- - [27/Aug/2010:01:10:23 +0200] [FQHN/sid#877f4f8][rid#87e6e28/initial] (1) redirect to https://FQHN:8443/ [REDIRECT/302]

any idea?

greetz
Arris


Attached File(s) Thumbnail(s)
   
08-27-2010 09:39 AM
Find all posts by this user Quote this message in a reply
aseques Offline
Member
*****
Dev Team

Posts: 330
Joined: May 2008
Reputation: 4
Post: #7
RE: [Howto] Change ispcp default listening port and add ssl
.- Updated the main post with opened/closed ticket to reflect current status.
.- Some changes on the wiki describing the new approach to ssl sites.
08-27-2010 10:02 PM
Find all posts by this user Quote this message in a reply
Arris Offline
Newbie
*

Posts: 5
Joined: Aug 2010
Reputation: 0
Post: #8
RE: [Howto] Change ispcp default listening port and add ssl
SOLVED
I missanderstud the Line "Fix login.php (only in versions before r2909 or ispcp 1.0.6"
I use 1.0.6 and think the login.php must only fix in versions BEFOR 1.0.6

mod_rewrite redirect from Port 80 to 443 and then to 8443, the login.php redirect to port 80 and the dog bites itself into the tail Smile

Now it works as aspected, thanks

Arris
09-05-2010 11:58 PM
Find all posts by this user Quote this message in a reply
tek Offline


Posts: 4
Joined: Nov 2007
Reputation: 0
Post: #9
RE: [Howto] Change ispcp default listening port and add ssl
Not sure if I was having some kind of other issue but this would not work for me doing it exactly as you have documented and I am wondering if this just slipped out or if its actually required and missing from the documentation.

Easy to miss actually so I am betting that is the case but for anyone else's benefit who might try this and end up with the same thing I was getting I'll add a bit more detail and explain my setup a bit.

What was happening to me was in trying to hit https://admin.example.com or https://admin.example.com:8443 or https://admin.www.example.com:8443 in chrome I would get an error message saying:

This webpage has a redirect loop
The webpage at https://admin.www.example.com:8443/ has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.

don't recall the firefox error message.

I would also frequently get a url that looked like https://admin.www.example.com:8443/admin...x.phpadmin or something like that and in my apache error logs I would get this:

192.168.1.145 - - [15/May/2011:22:24:53 -0700] "GET /admin/index.phpadmin/index.phpadmin/index.phpadmin/index.phpadmin/index.phpadmin/index.phpadmin/index.phpadmin/index.phpadmin/index.phpadmin/index.phpadmin/index.phpadmin/index.phptools/webmail HTTP/1.1" 301 322 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110422 Ubuntu/10.04 (lucid) Firefox/3.6.17"

What resolved it was modifying the basedir restrictions in the 00_master.conf so they read as follows:
<Directory /var/www/ispcp/gui>
php_admin_value open_basedir "/var/www/ispcp/gui/:/etc/ispcp/:/var/run/ispcp.lock:/proc/:/bin/df:/bin/mount:/var/log/rkhunter.log:/var/log/chkrootkit
.log:/usr/share/php/"
php_admin_value session.save_path "/var/www/ispcp/gui/phptmp/"
php_admin_value upload_tmp_dir "/var/www/ispcp/gui/phptmp/"
</Directory>


What is different than what you have in the documentation is the inclusion of /var/www/ispcp/gui: in the first stanza. It was in the original and yes you are calling it out in the <directory line BUT I believe you are also basically excluding it by not having it in there in the actually open_basedir directive.

Adding that for me resolved it and got all my control panel pages accessible again.

Perhaps cause I am using mod_gnutls and mod_ssl but at least for me it wasn't working.
I was tested this out on a dev system before I make the changes to my other systems.
Here is the system config if it might help someone else.

lsb_release -cd
Description: Ubuntu 10.04.2 LTS
Codename: lucid
PHP 5.3.2-1ubuntu4.9 with Suhosin-Patch (cli)

apache2 2.2.14-5ubuntu8.4
apache2-mpm-worker 2.2.14-5ubuntu8.4
apache2-suexec 2.2.14-5ubuntu8.4
apache2-utils 2.2.14-5ubuntu8.4
apache2.2-bin 2.2.14-5ubuntu8.4
apache2.2-common 2.2.14-5ubuntu8.4
libapache2-mod-fastcgi 2.4.6-1
libapache2-mod-fcgid 1:2.3.4-2ubuntu0.2
libapache2-mod-gnutls 0.5.5-1

openssl 0.9.8k-7ubuntu8.6

ispCP:
BuildDate = 20101124
Version = 1.0.7 OMEGA
CodeName = Priamos
DistName = Ubuntu

Reading my error logs and the rewrite logs was not as helpful as just comparing line by line to a working non-modified 00_master.conf file. I even reworked the structure of the file a bit so it was more readable to me, that was when I notice the one line missing.

Hopefully this helps someone else out.
05-18-2011 11:24 AM
Visit this user's website Find all posts by this user Quote this message in a reply
aseques Offline
Member
*****
Dev Team

Posts: 330
Joined: May 2008
Reputation: 4
Post: #10
RE: [Howto] Change ispcp default listening port and add ssl
(05-18-2011 11:24 AM)tek Wrote:  What resolved it was modifying the basedir restrictions in the 00_master.conf so they read as follows:
<Directory /var/www/ispcp/gui>
php_admin_value open_basedir "/var/www/ispcp/gui/:/etc/ispcp/:/var/run/ispcp.lock:/proc/:/bin/df:/bin/mount:/var/log/rkhunter.log:/var/log/chkrootkit
.log:/usr/share/php/"
php_admin_value session.save_path "/var/www/ispcp/gui/phptmp/"
php_admin_value upload_tmp_dir "/var/www/ispcp/gui/phptmp/"
</Directory>


What is different than what you have in the documentation is the inclusion of /var/www/ispcp/gui: in the first stanza. It was in the original and yes you are calling it out in the <directory line BUT I believe you are also basically excluding it by not having it in there in the actually open_basedir directive.

Adding that for me resolved it and got all my control panel pages accessible again.
Hello, I don't see exactly what did you change. Can you send/post the 00_master.conf here or in a PM?
Feel free to update the wiki if you find some wrong information.
05-23-2011 08:46 PM
Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 3 Guest(s)