[Guide] How to Proxy DirectAdmin Hostname to Port 443 using LiteSpeed (LSWS)

S

souzadavi

Verified User
Joined
May 26, 2022
Messages
22
To document my DA configurations, I'm writing a new guide using AI to help draft the text below. Any feedback or advice is welcome.

Many users struggle to access DirectAdmin on port :2222 due to corporate firewalls. While DirectAdmin suggests creating a sub-domain (like cp.domain.com), many administrators prefer using the main server hostname (e.g., https://server.example.com) directly on port 443 without the port number.

If you are running LiteSpeed Web Server, you cannot simply use ProxyPass in Apache templates without additional configuration. LSWS requires a defined "External App" to authorize the proxy, otherwise, you will receive a 403 Forbidden error.

Here is the working method to proxy your hostname to DirectAdmin securely.

Prerequisites​

  • DirectAdmin with LiteSpeed Web Server installed.
  • A valid SSL certificate on your hostname (server.example.com).
  • Access to the LiteSpeed WebAdmin Console (usually port 7080).

Step 1: Create the External App in LiteSpeed​

This is the most critical step. LiteSpeed strictly verifies proxy targets.
  1. Log in to your LSWS WebAdmin Console (e.g., https://server.example.com:7080).
  2. Navigate to ServerExternal App.
  3. Click Add and select Web Server as the type.
  4. Fill in the configuration exactly as follows:
    • Name: https://server.example.com:2222
      • Note: Replace server.example.com with your actual hostname.
      • Important: The name MUST include the protocol (https://) and the port (:2222). It must match the RewriteRule destination we will create later.
    • Address: https://127.0.0.1:2222
    • Max Connections: 10 (or higher if needed)
    • Initial Request Timeout (secs): 60
    • Retry Timeout (secs): 0
  5. Click Save.

Step 2: Configure the Redirect Rule (.htaccess)​

Since the hostname usually serves content from /var/www/html, we can use an .htaccess file to handle the redirection.

  1. SSH into your server.
  2. Edit or create the .htaccess file in the default document root:

Bash: 
nano /var/www/html/.htaccess


3. Add the following rules:

Apache config: 
Options +FollowSymLinks
RewriteEngine On

# 1. Force HTTPS
RewriteCond %{HTTPS} off
# E se NÃO for um envio de dados (POST)...
RewriteCond %{REQUEST_METHOD} !=POST
# Então redireciona para HTTPS. Isso protege o login de quebrar.
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# FIX FOR MOBILE ISSUE LOGIN
RewriteRule ^CMD_LOGIN$ https://server.example.com:2222/CMD_LOGIN [P,L]

# 2. Proxy Reverse to DirectAdmin
# IMPORTANT: The target URL below must match the "Name" you created in Step 1 exactly.
RewriteCond %{HTTP_HOST} ^server\.example\.com(:.*)?$ [NC]
RewriteRule ^(.*)$ https://server.example.com:2222/$1 [P,L]

Replace server.example.com with your actual hostname.

Step 3: Apply Changes​

  1. Go back to the LSWS WebAdmin Console.
  2. Perform a Graceful Restart of LiteSpeed.

Step 4: DirectAdmin Configuration Check​

Ensure you do not have a forced redirect loop configured in DirectAdmin.Check your directadmin.conf:


Bash: 
/usr/local/directadmin/directadmin c | grep ssl_redirect_host
If this returns a value, you should disable it, as the .htaccess is now handling the SSL forcing.

Step 5: WHMCS template (otional)​

File: clientareaproductdetails.tpl

Find:
HTML: 
{$moduleclientarea}

Replace:
HTML: 
{$moduleclientarea|replace:':443':''}

Complete Code:
HTML: 
{if $moduleclientarea}
    <div class="text-center module-client-area">
        {* Remove :443 da URL para evitar erro 404 no proxy *}
        {$moduleclientarea|replace:':443':''}
    </div>
{/if}

Troubleshooting​

I get a 403 Forbidden Error:This happens if the RewriteRule destination in .htaccess does not strictly match the Name of the External App in LiteSpeed.

"Not Secure" Warning:If you see a certificate warning, ensure your hostname has a valid SSL certificate generated via Let's Encrypt in the DirectAdmin dashboard.
 
Last edited:
You must log in or register to reply here.
Back
Top