We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Only acces vesta trough a SSL subdomain [SOLVED]
Only acces vesta trough a SSL subdomain [SOLVED]
Is it possible to move the login-page and complete vesta system to https://sub.domain.tld
On a standard installation it's available on all sites hosted on the system trough port 8083
My goal is to complete remove and block off port 8083 and only make it available on one subdomain trough SSL.
I did manage to only make the panel available on the subdomain, but vesta failed to login after that. (changed the root location to the vesta location)
I've also managed to make it available on only the subdomain, but other sites hosted on the system return a SSL_ERROR_RX_RECORD_TOO_LONG when trying to reach them on port 8083
On a standard installation it's available on all sites hosted on the system trough port 8083
My goal is to complete remove and block off port 8083 and only make it available on one subdomain trough SSL.
I did manage to only make the panel available on the subdomain, but vesta failed to login after that. (changed the root location to the vesta location)
I've also managed to make it available on only the subdomain, but other sites hosted on the system return a SSL_ERROR_RX_RECORD_TOO_LONG when trying to reach them on port 8083
Last edited by creulcat on Wed Jan 17, 2018 11:34 am, edited 1 time in total.
Re: Only acces vesta trough a SSL subdomain
already answered, check here: viewtopic.php?f=13&t=15754&p=65011#p65011
Re: Only acces vesta trough a SSL subdomain [SOLVED]
It gave me the right pointers indeed.
With this topic I've made a new template based on the force-https template.
After this I assigned this template to the subdomain and blocked port 8083 in the firewall.
With this topic I've made a new template based on the force-https template.
After this I assigned this template to the subdomain and blocked port 8083 in the firewall.
Code: Select all
vestacp-reroute.tpl
server {
listen %ip%:%proxy_port%;
server_name %domain_idn% %alias_idn%;
location / {
rewrite ^(.*) https://%domain_idn%$1 permanent;
}
include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
}
Code: Select all
vestacp-reroute.stpl
server {
listen %ip%:%proxy_ssl_port%;
server_name %domain_idn% %alias_idn%;
ssl on;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
error_log /var/log/%web_system%/domains/%domain%.error.log error;
location / {
proxy_pass https://%ip%:8083;
}
location /error/ {
alias %home%/%user%/web/%domain%/document_errors/;
}
location @fallback {
proxy_pass https://%ip%:8083;
}
location ~ /\.ht {return 404;}
location ~ /\.svn/ {return 404;}
location ~ /\.git/ {return 404;}
location ~ /\.hg/ {return 404;}
location ~ /\.bzr/ {return 404;}
include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt;
include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*;
}
Re: Only acces vesta trough a SSL subdomain [SOLVED]
well done, pleace mark the topic as solved (choose "correct answer").creulcat wrote:It gave me the right pointers indeed.
With this topic I've made a new template based on the force-https template.
After this I assigned this template to the subdomain and blocked port 8083 in the firewall.
Re: Only acces vesta trough a SSL subdomain [SOLVED]
The script you make works great (thanks), although as a heads up for anyone else trying this, blocking 8083 in the firewall causes nginx to crash if you enable SSL or delete a site.creulcat wrote:and blocked port 8083 in the firewall.
Re: Only acces vesta trough a SSL subdomain [SOLVED]
don't fully block 8083, you still need access from localhost based on the rewrite template.Peter92 wrote:The script you make works great (thanks), although as a heads up for anyone else trying this, blocking 8083 in the firewall causes nginx to crash if you enable SSL or delete a site.creulcat wrote:and blocked port 8083 in the firewall.