ip of login page to directadmin, and also about ssl

S

sgala

Verified User
Joined
Jul 10, 2017
Messages
26
Hello,
two questions
1)
I have main IP of server: let's name it IP_1
I have created user account (lets call it newuser) with IP_1, but later change it to IP_2 (I guess changed it for whole account, at least it show IP_2 on user info page).
Directadmin login access works good for both users (admin and newuser) on IP_1:2222.
It also show login page to directadmin on IP_2:2222, but none of logins (nor admin, nor newuser) do not work on that page.
How to fix it? Basically, I want newuser to login to DA from IP_2 (his own) and leave IP_1 for admin purposes.
2)
How to setup SSL to access IP_1:2222 admin panel?
a) I have tried to user https://help.directadmin.com/item.php?id=15 instruction - but this have no effect at all - page is not accessable with error "Secure Connection Failed"
b) I also have tried to use https://help.directadmin.com/item.php?id=629 this instruction, but it return error "
2020/11/02 14:27:31 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/ *** number ***
2020/11/02 14:27:31 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/*** number ***
2020/11/02 14:27:31 Could not obtain certificates:
error: one or more domains had a problem:"
Also, not sure - if it's possible to use certificate with IP_1:2222 or I should use domain:2222 instead?
 
jamgames2 said:
should use domain instead of IP.
Click to expand...
Then question is even harder, because every ssl for domain require dedicated IP, but user account has login from same IP as main account, although all domains are separated.
 
@sgala
community.letsencrypt.org

SSL on a IP instead of domain

Hi @anyaitsystems, welcome to the community forum 🙂 Unfortunately Let's Encrypt doesn't issue certificates for bare IP addresses, only domain names. You'll need to register a domain name in order to get a Let's Encrypt certificate. I think there are some "Dynamic DNS" providers that may...
community.letsencrypt.org community.letsencrypt.org

Let see why you should use domain,
Or you can find other 3rd party cert that support IP,

Thanks
 
sgala said:
because every ssl for domain require dedicated IP,
Click to expand...
No it doesn't with Letsencrypt, unless you have a reason that you want to give out dedicated ip's to users. Still, also in that case the user should be able to use his domain (for example with purchased certificates).
 
Back to the main question, it's basically more important than SSL.
I don't want my users know about main directadmin IP (IP_1), so I gave them another IP to use for their sites (IP_2).
If they enter IP_2:2222 - they see login panel of directadmin, but login just does not work.
Login works only from IP_1:2222, for any users, for admin, for everyone.
How to fix it?
 
sgala said:
If they enter IP_2:2222 - they see login panel of directadmin, but login just does not work.
Click to expand...
Test it yourself and tell us -why- it does not work. Which error notice do you see or what exactly happens?
Also check /var/log/directadmin/error.log for instance to see if something comes up in there.

As far as I can see from your first post, you are trying to login with SSL and it gives error, so you ask:
sgala said:
Also, not sure - if it's possible to use certificate with IP_1:2222 or I should use domain:2222 instead?
Click to expand...
Which was directly answered by: use the domain, you don't have a certificate on an ip. So use the domain op ip2 and either be sure SSL is installed for that domain, or disable SSL for directadmin by putting ssl=0 in directadm.conf and remove or empty the line:
ssl_redirect_host=
This way you should be able to login to either ip or domain name.

sgala said:
I don't want my users know about main directadmin IP (IP_1)
Click to expand...
Just out of curiosity, why? Because if your main site and/or mailserver is on that ip, it's easy to find out anyway.
 
Richard G said:
Test it yourself and tell us -why- it does not work. Which error notice do you see or what exactly happens?
Click to expand...
Wrong login or password. I have no idea why:( That the problem. And it also now shown in logs as "login attempt".

Richard G said:
Which was directly answered by: use the domain, you don't have a certificate on an ip. So use the domain op ip2 and either be sure SSL is installed for that domain, or disable SSL for directadmin by putting ssl=0 in directadm.conf and remove or empty the line:
ssl_redirect_host=
This way you should be able to login to either ip or domain name.
Click to expand...
But it doesn't allow login on IP_2:2222. It's same server, I checked four times:)

Richard G said:
Just out of curiosity, why? Because if your main site and/or mailserver is on that ip, it's easy to find out anyway.
Click to expand...
I use external mail server, so there are no problem. Main IP also is not part of traceroute IP to client's IP, so it's also not a problem.
The reason - I am some kind of hosting provider, I trade "user" accounts and "reseller" accounts as well. My resellers don't like my site to be discovered by their clients. So I need to separate it as strong as possible.
 
sgala said:
But it doesn't allow login on IP_2:2222. It's same server, I checked four times:)
Click to expand...
Oke so if I understand correctly, you get the login screen on IP_2:2222 but the login will fail stating wrong login or password.
But with the same login and same password on IP1:2222 it will login without issues?

If that is the case, I have no clue how this can happen. But please let us know if you find the cause/solution (maybe consider sending in a ticket).
 
try run directadmin in debug mode and login again to findout why wrong password,

something like you login from page domain2.com
but ajax pass url with domain1.com ### that force redirect from DA.

because DA has security about cross-domain origin.
 
Richard G said:
Oke so if I understand correctly, you get the login screen on IP_2:2222 but the login will fail stating wrong login or password.
But with the same login and same password on IP1:2222 it will login without issues?
Click to expand...
Yeap, but I found that directadmin have nothing to do with it.
It was routing problem, all ports except standart (80,21, 22 and so on) were sent to other server (moved recently, so these settings haunted me from past).
But since login page on directadmin looks the same for all servers, I were not able to notice it.
 
Ah we didn't know there were routings in place to other servers, so I went out from a default DA installation without routing.
Good you found it.
 
You must log in or register to reply here.
Back
Top