We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
How to restrict vestacp admin login page to localhost only?
-
- Posts: 11
- Joined: Sun Dec 03, 2017 6:47 pm
How to restrict vestacp admin login page to localhost only?
I want to make server-ip:8083 to be accessible only from localhost (so i can make a ssh tunnel to it)
That way I restrict log-in to vestacp only to people that have ssh user on the server making it as secure as ssh itself
I'm on Ubuntu 16.04 VPS
I setup UFW to allow all ongoing and deny all incoming by default
then I allowed https and ssh
However I can still access server-ip:8083
am I missing something obvious here?
if not by desabling the 8083 port for all incoming (what i thought i did with those UFW rules)
what would be the next best way to make vestacp admin login page accessible only to localhost?
That way I restrict log-in to vestacp only to people that have ssh user on the server making it as secure as ssh itself
I'm on Ubuntu 16.04 VPS
I setup UFW to allow all ongoing and deny all incoming by default
then I allowed https and ssh
However I can still access server-ip:8083
am I missing something obvious here?
if not by desabling the 8083 port for all incoming (what i thought i did with those UFW rules)
what would be the next best way to make vestacp admin login page accessible only to localhost?
Re: How to restrict vestacp admin login page to localhost only?
I do know how to do this but I can't test it.
Is VestaCP blocking SSH reverse proxy?
Thanks.
Is VestaCP blocking SSH reverse proxy?
Thanks.
Re: How to restrict vestacp admin login page to localhost only?
To restrict VestaCP access to localhost you only need to follow these steps.
1. Open "/usr/local/vesta/nginx/conf/nginx.conf" in your preferred text editing software.
2. Find the line which says "listen 8083;", replace it with "listen 127.0.0.1:8083;" and save the file.
3. reload VestaCP using "service vesta restart"
After doing this, once you SSH tunnel into your server you should be able to access VestaCP using https://127.0.0.1:8083/
If you have any problems or questions feel free to ask.
1. Open "/usr/local/vesta/nginx/conf/nginx.conf" in your preferred text editing software.
2. Find the line which says "listen 8083;", replace it with "listen 127.0.0.1:8083;" and save the file.
3. reload VestaCP using "service vesta restart"
After doing this, once you SSH tunnel into your server you should be able to access VestaCP using https://127.0.0.1:8083/
If you have any problems or questions feel free to ask.