How to restrict vestacp admin login page to localhost only?

BlueTurtle · Post by **BlueTurtle** » Mon Jan 29, 2018 11:57 am

I want to make server-ip:8083 to be accessible only from localhost (so i can make a ssh tunnel to it)
That way I restrict log-in to vestacp only to people that have ssh user on the server making it as secure as ssh itself

I'm on Ubuntu 16.04 VPS
I setup UFW to allow all ongoing and deny all incoming by default
then I allowed https and ssh

However I can still access server-ip:8083

am I missing something obvious here?

if not by desabling the 8083 port for all incoming (what i thought i did with those UFW rules)
what would be the next best way to make vestacp admin login page accessible only to localhost?

iamkdenok · Post by **iamkdenok** » Mon Jan 29, 2018 1:03 pm

I do know how to do this but I can't test it.

Is VestaCP blocking SSH reverse proxy?

Thanks.

ChrisKnez · Post by **ChrisKnez** » Mon Jan 29, 2018 8:40 pm

To restrict VestaCP access to localhost you only need to follow these steps.

1. Open "/usr/local/vesta/nginx/conf/nginx.conf" in your preferred text editing software.
2. Find the line which says "listen 8083;", replace it with "listen 127.0.0.1:8083;" and save the file.
3. reload VestaCP using "service vesta restart"

After doing this, once you SSH tunnel into your server you should be able to access VestaCP using https://127.0.0.1:8083/

If you have any problems or questions feel free to ask.

Vesta Control Panel - Forum