make it so you can only access directadmin via https:// vs. http://

Jeff

Verified User
Joined
Aug 25, 2003
Messages
9
I just got a new server with DirectAdmin, and the first thing I noticed is that my host sent me a link to access DirectAdmin via http://ip:port

This concerns me as the password is not encrypted and is the same as the server's admin password.

How do I set DirectAdmin to be accessed via https:// (and only https:// encrypted, not http://)
 
I tried the following but it's not working???

pico -w /usr/local/directadmin/data/templates/directadmin.conf

shance SSL=0 to SSL=1

save changes

service directadmin restart

Then I tried to load the control panel via
https://ip:2222 and nothing happens

control panel is still accessible via http://ip:2222 but not via https

What did I do wrong?
 
Hello,

Did you create the certificates that go along with the SSL connection?

http://www.directadmin.com/installguide.html

Not sure what happend there... if SSL=1 and DirectAdmin did in fact restart, then there is no way that that it would still be accessible by http.... if the the certificates arn't there, it probably won't even start....

If you need extra help, send [email protected] an email.

John
 
Here is what I did:

Code:
[admin@backup admin]$ su -
Password: 
[root@backup root]# openssl req -new -x509 -keyout /usr/local/directadmin/conf/cakey.pem.tmp \
>       -out /usr/local/directadmin/conf/cacert.pem
Generating a 1024 bit RSA private key
........................................................++++++
..........................++++++
writing new private key to '/usr/local/directadmin/conf/cakey.pem.tmp'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:<Removed>
State or Province Name (full name) [Berkshire]:<Removed>
Locality Name (eg, city) [Newbury]:<Removed>
Organization Name (eg, company) [My Company Ltd]:<Removed>
'Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:<Removed>
Email Address []:<Removed>
[root@backup root]# openssl rsa -in /usr/local/directadmin/conf/cakey.pem.tmp \
>       -out /usr/local/directadmin/conf/cakey.pem
Enter pass phrase for /usr/local/directadmin/conf/cakey.pem.tmp:
writing RSA key
[root@backup root]# rm /usr/local/directadmin/conf/cakey.pem.tmp
rm: remove regular file `/usr/local/directadmin/conf/cakey.pem.tmp'? y
[root@backup root]# chown diradmin:diradmin /usr/local/directadmin/conf/cakey.pem
[root@backup root]# chmod 400 /usr/local/directadmin/conf/cakey.pem 
[root@backup root]# service directadmin restart
Stopping DirectAdmin: [  OK  ]
Starting DirectAdmin: [  OK  ]
[root@backup root]# service apf stop
Stopping APF:[  OK  ]

SSL=1 in the conf file.

http://domain:2222 works fine to display the "username" and "password" blanks. Haven't tried to login since I don't want to send my admin password unencrypted where it could be sniffed.
https://domain:2222 sits there and does nothing - nothing loads at all.

This is on a RH9 server. My local system is Windows 2000 and I've tired with both IE 6 and Mozilla browsers.
 
Hello,

If SSL=1 then you won't get *anything* via http .... double check that there is a newline at the end of the conf file (if SSL=1 is at the end) .. add a few blank spaces and restart DirectAdmin again.

John
 
Thanks for all your help. Works!

Now to give my new contorl panel a try :)
 
Enter PEM pass phrase

My understanding has always been that if you enter a passphrase you can't do a remote reboot.

Yet I can't get by this prompt without entering a passphrase.

Is my memory faulty? Can you in fact reboot remotely if you enter a passphrase?

Thanks.

Jeff
 
No, you are correct... IF there is a passphrase in the key. The 2nd openssl command creates a key without the passphrase.

John
 
pico -w /usr/local/directadmin/data/templates/directadmin.conf
shance SSL=0 to SSL=1
save changes
service directadmin restart

when i type the pico command it said pico command not found.
y?
 
[root@bit root]# nano -w /usr/local/directadmin/data/templates/directadmin.conf
-bash: nano: command not found
[root@bit root]#
 
On your server, logged in as the user you intend to issue the pico/nano command as, try these commands, which should tell you the full path to pico or nano:

$ whereis pico

$ whereis nano

What do you get?

Jeff
 
[root@bit root]# $ whereis pico
-bash: $: command not found
[root@bit root]# $ whereis nano
-bash: $: command not found
[root@bit root]#
 
It depends on what text editor was installed on your server. Pico is usually with Red Hat

Did you try vi which is usually on FreeBSD?
 
Back
Top