Page 1 of 1
Only acces vesta trough a SSL subdomain [SOLVED]
Posted: Tue Jan 16, 2018 1:23 pm
by creulcat
Is it possible to move the login-page and complete vesta system to
https://sub.domain.tld
On a standard installation it's available on
all sites hosted on the system trough port 8083
My goal is to complete remove and block off port 8083 and
only make it available on one subdomain trough SSL.
I did manage to only make the panel available on the subdomain, but vesta failed to login after that. (changed the root location to the vesta location)
I've also managed to make it available on only the subdomain, but other sites hosted on the system return a
SSL_ERROR_RX_RECORD_TOO_LONG when trying to reach them on port 8083
Re: Only acces vesta trough a SSL subdomain
Posted: Tue Jan 16, 2018 8:40 pm
by ScIT
Re: Only acces vesta trough a SSL subdomain [SOLVED]
Posted: Wed Jan 17, 2018 11:16 am
by creulcat
It gave me the right pointers indeed.
With this topic I've made a new template based on the force-https template.
After this I assigned this template to the subdomain and blocked port 8083 in the firewall.
Code: Select all
vestacp-reroute.tpl
server {
listen %ip%:%proxy_port%;
server_name %domain_idn% %alias_idn%;
location / {
rewrite ^(.*) https://%domain_idn%$1 permanent;
}
include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
}
Code: Select all
vestacp-reroute.stpl
server {
listen %ip%:%proxy_ssl_port%;
server_name %domain_idn% %alias_idn%;
ssl on;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
error_log /var/log/%web_system%/domains/%domain%.error.log error;
location / {
proxy_pass https://%ip%:8083;
}
location /error/ {
alias %home%/%user%/web/%domain%/document_errors/;
}
location @fallback {
proxy_pass https://%ip%:8083;
}
location ~ /\.ht {return 404;}
location ~ /\.svn/ {return 404;}
location ~ /\.git/ {return 404;}
location ~ /\.hg/ {return 404;}
location ~ /\.bzr/ {return 404;}
include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*;
}
Re: Only acces vesta trough a SSL subdomain [SOLVED]
Posted: Wed Jan 17, 2018 11:18 am
by ScIT
creulcat wrote:It gave me the right pointers indeed.
With this topic I've made a new template based on the force-https template.
After this I assigned this template to the subdomain and blocked port 8083 in the firewall.
well done, pleace mark the topic as solved (choose "correct answer").
Re: Only acces vesta trough a SSL subdomain [SOLVED]
Posted: Sun Jan 21, 2018 9:15 pm
by Peter92
creulcat wrote:and blocked port 8083 in the firewall.
The script you make works great (thanks), although as a heads up for anyone else trying this, blocking 8083 in the firewall causes nginx to crash if you enable SSL or delete a site.
Re: Only acces vesta trough a SSL subdomain [SOLVED]
Posted: Mon Jan 22, 2018 6:29 am
by ScIT
Peter92 wrote:creulcat wrote:and blocked port 8083 in the firewall.
The script you make works great (thanks), although as a heads up for anyone else trying this, blocking 8083 in the firewall causes nginx to crash if you enable SSL or delete a site.
don't fully block 8083, you still need access from localhost based on the rewrite template.