Getting the Admin Panel to only respond to ONE host, not ALL

[patrik.alienus]

I'm trying to get my Parallels Plesk Admin Panel to only respond to one host, not every host that points to the machine. Can this be done?

I assumed that I'd be able to configure this through the Apache http config files, but I haven't been able to locate where that might be.

So to be clear, I want the admin panel accessible on i.e. admin.domain.com, whilst unavailable on www.clientdomain.com, even though they're both on the same server and the same IP.

 

[Faris Raouf]

Is there a particular reason you want to do this? I'm just curious.

Note that Plesk does not use Apache for the admin panel - there is a separate webserver for 8443 with a separate configuration.
I expect you might be able to edit the config, but since this is probably not a supported thing to do, your changes may be overwritten when the panel is updated.

But you may be lucky -- there may be an easy way to do what you want to do. If so, maybe someone who has done it will post to let us know.

 

[patrik.alienus]

The main reason is that I don't want it to be easy to find the admin panel. I'd prefer to have it on some obscure sub domain on a domain not used for anything else.

I only discovered that this was even possible by accident, through Google. It had indexed the admin panel login - on one of my clients URLs! I have since created a robots.txt that denies all and issued a removal request with Google, but still.

 

[patrik.alienus]

Oh, and I did find that it wasn't in Apache, but in nginx.
After some searching around, I found the file /etc/sw-cp-server/conf.d/plesk.conf. It contained two lines that looked promising:
listen 8443 ssl;
listen 8880;

So I went ahead and changed the first one to:
listen sub.domain.com:8443 ssl;
Then I restarted sw-cp-server (and nginx just to make sure).

Unfortunately, it didn't work. However if I comment the line out completely, the admin panel stops existing, so I must be in the right place, I guess.

Someone who knows more about this than me are welcomed to give some ideas on what to do

 

[abdi]

You can't "bind" domain names to ports. You have one of a few options:

1. Change the default plesk port 8443 to something else ...
2. Create a proxy of http://admin.yourdomain.com that resolves to http://yourserver:some-rare-port (Your clients only see and use http://admin.yourdomain.com without any ports to access the control panel)
3. Have 2 IPs on your server (one resolves your admin domain while the other is your clients domains), then with a firewall CLOSE all connections to port 8443 on your clients IP address but allow only such a connection to your admin domain's IP address.

BTW:
SELinux will allow you to restrict processes very tightly, including port access. It even comes with a sandbox command that can run a process in a very restricted sandbox domain, to which you can then replace with a customized domain in order to provide access to files and ports as appropriate.