Securing the DirectAdmin server on port 2222?

A

Atari

Verified User
Joined
Jan 18, 2006
Messages
31
What options are there for securing this?

Can you point me to instructions that cover it?
 
use SSL.

edit /usr/local/directadmin/data/templates/directadmin.conf

add
SSL=1

restart directadmin.
 
I created the certificates, switched the conf file to SSL=1 & restarted directadmin....

when I go to http://IP:222 it just hangs.

When I go to http://www.domain.com:2222 same thing... just hangs.

My browser reports a popup with "Error Code -12281"
 
Last edited:
I also followed the instructions for making the cersts here:

http://www.directadmin.com/installguide.html



In my error log when trying to log in to:

https://THEIP:2222

I get the following errors:


2006:01:21-16:51:16: Didn't find two eols on the header from MY.HOME.IP.NUMBER

2006:01:21-16:51:16: Error reading from MY.HOME.IP.NUMBER:


if I don't use https, it loads the DA Login.

If I do use https but I don't use port 2222, it shows the apache "it worked!" screen.
 
More information:


center# ls -l /usr/local/directadmin/conf
total 12
-rw-r--r-- 1 root diradmin 1350 Jan 21 16:57 cacert.pem
-r-------- 1 diradmin diradmin 887 Jan 21 16:58 cakey.pem
-rw------- 1 diradmin diradmin 1550 Nov 21 02:14 directadmin.conf
-rw------- 1 diradmin diradmin 1298 Jan 18 04:01 license.key
-rw------- 1 diradmin diradmin 1298 Dec 18 04:01 license.old
-r-------- 1 diradmin diradmin 30 Nov 21 01:49 mysql.conf


In the /usr/localdirectadmin/data/templates/directadmin.conf file:

SSL=1
cacert=/usr/local/directadmin/conf/cacert.pem
cakey=/usr/local/directadmin/conf/cakey.pem
 
On freebsd I can not run:

service directadmin restart
Click to expand...

But I have ran the "restart" command from within directadmin, and I have also ran:

/usr/local/etc/rc.d/directadmin restart
 
Did you follow the exact instructions here?

If you did and DA won't run securely, then you should contact DA support.

Jeff
 
The system admin for our hosting company "installed" DA.


I followed the instuctions for building the cert & enabled SSL=1.
 
If your hosting company owns the license, then they should be able to give you support.

Jeff
 
jlasman said:
If your hosting company owns the license, then they should be able to give you support.

Jeff
Click to expand...


Jeff,

The hosting company owns the license, but I guess we installed it (using the install page mentioned several times in this thread).

Our host can't help. The hosting company is a one-man-show and he is unfamiliar with the software beyond everything working as expected.

I am the admin who is working on it now, and it looks like I am following all of the directions to get SSL working.

Is there anything else I do to debug this?

DA without SSL is really pointless for us.

We have no desire to broadcast system level login information over the net in plain text :(



Err..btw, are you a representative of the company that makes DirectAdmin? Or are you just a nice guy that answers most questions on the forum?


Thanks :)
 
Err..btw, are you a representative of the company that makes DirectAdmin? Or are you just a nice guy that answers most questions on the forum?
Click to expand...

he is the nice guy :)

you may want to contact directadmin, tell them all including your host incompetent to manage DA and see whether possible to get them login to your account and create it for you.
 
I'm a nice guy ;) .

In the interest of full disclosure, I'm also one of the forum administrators; possibly the most active one.

And I take the forum administrator job very seriously.

While we do some webhosting (and continue to expand our client base by referral, websearch, and acquisition), our main business is offering services, dedicated systems, reseller accounts, etc., to companies who do webhosting.

We're very happy to help you on the forum as time and resources permit, and to offer you commercial services if you're interested. But we cannot log in and work on your server as a favor; that is our commercial business and that's where we get our income.

We started web hosting in 1995, and began offering services under the name NoBaloney.Net in 1999. In 2005 we changed our name to NoBaloney Internet Services and moved from my home office in Riverside, California, to an office in San Bernardino, California.

We started with Cobalt RaQ appliances, and later were Plesk Gold Partners, before we settled on DirectAdmin.

I urge you to contact DirectAdmin support; you'll find that they'll be very helpful.

Jeff
 
Yes, everyone is nice, back to the problem ;)

We also have a guide here:
http://help.directadmin.com/item.php?id=15

You can check to make sure that DA knows SSL=1 is set by running:
Code: 
[root@server]# ./directadmin c | grep ssl
ssl_port=2223
[b]ssl=1[/b]
apachecert=/etc/httpd/conf/ssl.crt/server.crt
apachekey=/etc/httpd/conf/ssl.key/server.key
Note ssl=1 should actually be SSL=1 in your directadmin.conf file (which you've stated is already set).

After restarting DA with "/usr/local/etc/rc.d/directadmin restart" what is the status of DA? is it running or dead?

If not running at all, then check /var/log/directadmin/error.log for any errors relating to the certificate/key.

You can also try running DA by hand to get output to the terminal:
Code: 
cd /usr/local/directadmin/
./directadmin
Check for any errors on the output, and let us know what they are.

John
 
Umm.... how bizarre.

After doing:

# ./directadmin c | grep ssl
ssl_port=0
ssl=0



(note ssl=0)


I checked the conf file again and it was in fact ssl=0

I *KNOW* I changed this to SSL=1. (and triple checked & confirmed)

I wonder if there is another conf file around here somewhere....



Anyway, it works perfectly now. :)
 
Hello,

The one that is used is:
/usr/local/directadmin/conf/directadmin.conf

The template that is drawn from for the install (only once) is:
/usr/local/directadmin/data/templates/directadmin.conf
(not the one to edit)

Good to hear it works.

John
 
You must log in or register to reply here.
Back
Top