Still : SSL and non-SSL DirectAdmin

jeffery

jeffery

Verified User
Joined
Jan 13, 2004
Messages
177
Still, want DirectAdmin can run two instances.
One is for SSL, and One is for NON-SSL.

That means DA can be run BOTH in SSL and non-SSL.

Is it difficult to be implemented? I remember John have added it to the version system, just want to follow up!

:D
 
Hello,

It's .. simple in theory, but .. would take a bit of work and a lot of testing (dont want to break anything at a low level).

On a related note, we added a feature that lets people access an SSL enabled DA through http:// ... DA will notice the ssl connection failed and will send a redirect to https:// throuh plain http even though ssl is enabled in DA. One of the perks of writing your whole daemon from the ground up ;)

John
 
Can you clarify this, John?

When I try http: with my testbed system instead of https:, I get a "contains no data" error.

Jeff
 
Jeff: hmmm... it is sending data.. this is what it sends:
Code: 
HTTP/1.1 302 Found\r\nLocation: [url]https://[/url]", ip, ":", port, "\r\nContent-type: text/html\r\n\r\nuse https\r\n
(with programming quotes) .. so "use https" *is* the data... hmmm :)

jeffery: It goes to the system IP becaue the "host" value isn't passed yet (done after connection is made) (chicken or the egg :)) .. I could change it to send the system hostname.. but to set a domain in particular would require it to be set somewhere.

John
 
Could we have an admin option to forward it to a certain hostname please? If a hostname wasn't set, it could just use the IP instead... so everyone's happy :)

Thanks,
Matt
 
thoroughfare said:
Could we have an admin option to forward it to a certain hostname please? If a hostname wasn't set, it could just use the IP instead... so everyone's happy :)

Thanks,
Matt
Click to expand...

why not just enter your hostname:2222 rather than ip:2222 if thats what you want to use?

Chris
 
Hey,

Replying to jeffery and DA Support (John)...

To me it will confuse customers to re-direct them using the IP instead of the hostname.

As Jeffery mentioned... It causes a popup and that in itself would confuse some customers.

I'd think customers would WANT the SSL... Is there a reason they wouldn't?

I hate to ask but, is there a way to stop the re-direct to the IP?

Just my 2...

Thanks, David
 
The redirect is only intented as a backup for users who have no clue whats going on. Without it, they'd see abosultely nothing; they'd get a server not responding page. Their welcome email should tell them how to access it correctly with https, so they should never really see it. I'll start thinking about how to get 2 ports open for http and https at the same time over the next few months. (no way to disable http->https redirect at the moment)

John
 
Thanks!

for me, why I want 2 instance of DirectAdmin is just for my resellers.

If I opened SSL, each reseller having his domain will need separated cerificate and dedicated IP address. They may not want to add so much cost for their "small business".

So, SSL and non-SSL is both accessible is a great news for both of us!
right? :D
 
Anyone who logs into DA using http instead of https is passing their password in the clear; we do not allow our resellers or end-users to log in insecurely as we don't want our systems compromised, even if it is only our resellers' and end-users' accounts.

We get a cert in a generic domain name, for example:

https://hostname.example.com:2222/

which everyone who access the server should use.

Jeff
 
Hey,

I see by the posts why some want the http logins instead of or with the https... resellers... Makes sense.

I also understand the redirect... blank page and all.

I just didn't want the IP used in the redirect as it gives the popup and that's going to confuse customers as we want to use https...

No biggie... I appreciate the response.

Thanks, David
 
As we thought before, it's would be easy to imlement two instances of DirectAdmin by ourselves. Just run non-ssl DA on 2222 and setup tunelling from secured 2223 port (with stunnel).

But we are failed, because after entering login info at https://our.server.com:2223/ DirectAdmin uses absolute url-adress for redirection. (With http-header like that: Location: http://our.server.com:2222/)

Maybe developers just will fix that small issue and we will able to use SSL and non-SSL DA interfaces on same server? :)

I'm personnaly doesn't like SSL'ed DA because i need fast and comfortable access to it. And with SSL - pages loaded much slower (on dialup ;) and I'm unable to cut those nasty 'Pragma: no-cache' headers with my filter. ;)
 
Last edited:
I can't use SSL DirectAdmin at this point. We've gotten so many complaints from clients that it's ridiculous. The complaints all center around the security popup becuase our certificate is issued for ourserver.ourdomain.com instead of an IP address.

SSL DirectAdmin is unusable at this point until this is fixed (either redirect to https://ourservername.ourdomain.com, or redirect to https://clientswebsite.com.)

I'm turning this off on our servers for now.
 
security

I only have experience with CPanel, but decided to try DirectAdmin out also.

I can't believe how most server owners allow resellers/customers to log on insecurely. I assume they even log on as server owner insecurely, displaying their passwords in clear text?

I have a reseller account only for now, and I want to be able to log on through https, and that's not even possible. You should at least have the choice in my opinion.

Aside from this very important issue, DirectAdmin works really nicely :)
 
You must log in or register to reply here.
Back
Top