Still : SSL and non-SSL DirectAdmin

[skruf]

Hey,

As you probably already know, the choice is really up to the hosting company.

We, as well as others, do require https logins as we want to provide as much security and protection as possible.

As you can see by the thread, DA is working on a solution to keep as many happy as possible but, ultimately, secure login is up to the hosting provider...

David

 

[mirdin]

Hey,

As you probably already know, the choice is really up to the hosting company.

Yes I know, and because of the current DirectAdmin set up most hosts don't allow https log ins, mainly to avoid customers complain about ssl certificate warnings.

With other control panels the users have the choice to log on through http:// or https://

 

[nobaloney]

I can't use SSL DirectAdmin at this point. We've gotten so many complaints from clients that it's ridiculous. The complaints all center around the security popup becuase our certificate is issued for ourserver.ourdomain.com instead of an IP address.

While I don't disagree with you that your clients are complaining, at least some of our clients are using self-installed certs, and none of them have reported any problems with their clients complaining about the popup they get every time they log in.

Have you tried asking your cert provider if you can get a cert for an IP#? I'd doubt it, but perhaps you can try.

Two options which work for our clients are:

1) When your clients complain, tell them they can resolve the problem by logging into the secure site as "https" instead of "http". That works properly.

2) Create a login on your own website to log them directly into DA, bypassing the login screen, and using https. That's relatively easy to implement, and it's been explained on these forums.

SSL DirectAdmin is unusable at this point until this is fixed (either redirect to https://ourservername.ourdomain.com, or redirect to https://clientswebsite.com.)

I'm turning this off on our servers for now.

I'm sorry it doesn't work for you; it's working for lots of our clients, and we use exclusively.

Jeff

 

[rldev]

You can log in via https. Just setup a ssl cert for:

https://servernmae:2222

This is about redirecting insecure login to secure login.

DA Support you should chime in hear because there seems to be some confusion. Hey maybe I am confused

 

[mirdin]

Yes ofcourse, but what if a host has https disabled, and you're a reseller or customer trying to log on through https?

Still I think the best solution is to give resellers and customers a choice between http:// and https:// and not give hosts the power to force everyone to log on insecurely.

Ofcourse I will ask my host to change their settings from http:// to https:// , I just hope they are wise enough to listen to me
Otherwise I'll just get a dedicated server instead ( I got a reseller account to try DirectAdmin first )

 

[rldev]

I think you do have a choice. If the redirect is not enabled, you should be able to log in any way you want.

 

[mirdin]

hmm...that's not the impression I have.

This works :
https://serverhostname
https://mainserverip

This doesn't:
https://serverhostname:2222
https://mainserverip:2222

Then again, I'm just new to DirectAdmin, so what do I know

 

[skruf]

Hey,

What you describe suggests you host has SSL on the server, but doesn't have SSL enabled for DirectAdmin... Like you're wanting.

If the server has a cert (like it apparently does) then they can turn on SSL for DA as well...

Basically, in the directadmin.conf file they need to set SSL=1 and put the paths to the cert that is on the server.

hope they are wise enough to listen to me

They should listen, you're simply asking for better security, which appears to be there if they just configure it.

David

 

[Naughty Sheep]

hmm...that's not the impression I have.

This works :
https://serverhostname
https://mainserverip

This doesn't:
https://serverhostname:2222
https://mainserverip:2222

Then again, I'm just new to DirectAdmin, so what do I know

same problem here

and i preffer to use ssl to login on DA

 

[rldev]

Telll your host to enable it. Since DA runs on a odd port number, what is the problem with solely using DA over SSL?
Slower access for dialup users is the only issue I can see here. If the host sets up a simple redirect as follows:

http://anydomain/cpanel

to

https://servername:2222

nobody will ever get a popup, if the host has a regular ssl certificate.

 

[rushost]

We have another problem
We have jail on 1.1.1.2
servers's ip 1.1.1.1

http://1.1.1.2:2222/ redirect to

https://1.1.1.1:2222/

 

[zefie]

I can't use SSL DirectAdmin at this point. We've gotten so many complaints from clients that it's ridiculous. The complaints all center around the security popup becuase our certificate is issued for ourserver.ourdomain.com instead of an IP address.

SSL DirectAdmin is unusable at this point until this is fixed (either redirect to https://ourservername.ourdomain.com, or redirect to https://clientswebsite.com.)

I'm turning this off on our servers for now.

It is a hackaround but try this...

in httpd.conf:

..
Listen 0.0.0.0:2222
<VirtualHost *:2222>
        ServerAdmin admin@domain
        DocumentRoot /var/www/daredirect
        ServerName server.name
</VirtualHost>

<Directory "/var/www/daredirect">
    AllowOverride All
    Order allow,deny
    Allow from all
</Directory>
..

in directadmin.conf:

..
SSL=1
port=5128
..

in /var/www/daredirect/.htaccess

Options +FollowSymLinks +ExecCGI
RewriteEngine On
RewriteRule ^(.*)$ [url]https://server.name:5128/[/url] [R=301]

then restart DA, then apache (in that order). then attempt to access http://server.name:2222/

It will now do a clean redirect to the proper hostname.