How to disable 2222 port on all clients websites in hosting?

hockolicious

Verified User
Joined
Jun 20, 2019
Messages
40
Location
Poland
Hey,

How to disable the ability to launch a panel from any domain added to the panel? If they will be my clients and they will have their domain added, they can enter any of the 2222 port at this time and will be able to use such a panel.

What is the answer? Use 2 IP addresses where one is intended for the server and the other for hosting customers?
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,854
Location
GMT +7.00
Hello,

By default using a firewall on a server you can do the following:

- allow connections to 2222 from all IPs
- disallow connections to 2222 from all IPs
- allow connections to 2222 from only a limited number of IPs.

You can not limit the access on per-domain bases. If you want a limit on per a domain bases you might need to check this: https://help.directadmin.com/item.php?id=84 and then use Apache or Nginx to control a list of allowed domains.
 

hockolicious

Verified User
Joined
Jun 20, 2019
Messages
40
Location
Poland
Hello,

By default using a firewall on a server you can do the following:

- allow connections to 2222 from all IPs
- disallow connections to 2222 from all IPs
- allow connections to 2222 from only a limited number of IPs.

You can not limit the access on per-domain bases. If you want a limit on per a domain bases you might need to check this: https://help.directadmin.com/item.php?id=84 and then use Apache or Nginx to control a list of allowed domains.
Hello,

Currently, he wants to create a panel that can be connected without the need to use the port, but everyone can connect to it only from one domain, and not from any available in the panel because it creates threats even with SSL certificates and a look at the hosting company.

My another topic about run DA without port on OpenLiteSpeed or LiteSpeed, https://forum.directadmin.com/showthread.php?t=58022

If I could set DA so that it would not need port 2222, I could block port 2222 on the firewall - how can I do it? How to run DA without a port on the OpenLiteSpeed ​​engine :confused::confused::confused:
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,854
Location
GMT +7.00
Use mod rewrite in a proxy mode with LiteSpeed for this.

https://www.litespeedtech.com/support/wiki/doku.php/litespeed_wiki:proxy:lsws-as-a-proxy-rewrite
 

hockolicious

Verified User
Joined
Jun 20, 2019
Messages
40
Location
Poland
Use mod rewrite in a proxy mode with LiteSpeed for this.

https://www.litespeedtech.com/support/wiki/doku.php/litespeed_wiki:proxy:lsws-as-a-proxy-rewrite
Okay, I know this way from another CyberPanel panel. However, I have a problem with getting to the OpenLiteSpeed ​​panel.

The panel does not answer under port 7080, it is exactly connection refused, as if it was blocking firewall. The port is added to the firewall.

On the server with DA I use CSF and there is also port 7080 added.

Any ideas?

I used your OpenLiteSpeed ​​guide https://help.poralix.com/articles/how-to-install-openlitespeed-on-directadmin-server
 

hockolicious

Verified User
Joined
Jun 20, 2019
Messages
40
Location
Poland
Use mod rewrite in a proxy mode with LiteSpeed for this.

https://www.litespeedtech.com/support/wiki/doku.php/litespeed_wiki:proxy:lsws-as-a-proxy-rewrite
I check also netstat, and no app with 7080 port. **** is my machine IP.

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 978/dovecot
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 978/dovecot
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 ****:80 0.0.0.0:* LISTEN 36125/openlitespeed
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 975/exim
tcp 0 0 ****7:53 0.0.0.0:* LISTEN 8830/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 8830/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3829/sshd
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 8830/named
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 975/exim
tcp 0 0 ****:443 0.0.0.0:* LISTEN 36125/openlitespeed
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 978/dovecot
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 978/dovecot
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 975/exim
tcp6 0 0 :::2222 :::* LISTEN 1078/directadmin
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 :::22 :::* LISTEN 3829/sshd
tcp6 0 0 ::1:953 :::* LISTEN 8830/named
tcp6 0 0 :::3306 :::* LISTEN 1161/mysqld
 

hockolicious

Verified User
Joined
Jun 20, 2019
Messages
40
Location
Poland
Use mod rewrite in a proxy mode with LiteSpeed for this.

https://www.litespeedtech.com/support/wiki/doku.php/litespeed_wiki:proxy:lsws-as-a-proxy-rewrite
I'm also tested with payed LiteSpeed, and also not working. Redirect working good for domain without port, but after login stuck on login page. Any solutions for this?

Rewrite rule - REWRITERULE ^(.*)$ HTTP://directadmin/$1 [P]

Settings in Webadmin LiteSpeed External App- https://prnt.sc/o5kl03
 
Top