How do i change Plesk admin from 8443 to 443 ?

[compare]

Hi,

I saw that there was a treath earlier about changing Plesk port number, but ik have a few problems to get it really right.

What do i want:
Ik want that i can use Plesk on https://www.mypleskdomain.nl so, on port 443, but only with this domain.
And i want that everyone can still use somedomain:8443

Ik added:
"LISTEN 8001" in the
/usr/local/psa/admin/conf/httpsd.conf
and restarted Plesk, and now ik can use Plesk on port 8443 and 8001. This works fine, so i have Plesk running on 2 ports.

Than i added:
"LISTEN 443"
This is for all domains on the https port and cannot get Plesk running anymore.
If i check with /etc/init.d/psa status i see that Plesk is not running.

Than i tried:
"LISTEN 443" followed by "BindAddress <ipadress of mypleskdomain.nl>"
But than i cannot start Plesk also....
Of course i didn't created any SSL site for this domain, so there is no collision with httpsdocs.

Can anyone help me with this?

Regards,
Maurice

 

[Xtreme-IT]

Searching the forums gives several options: http://forum.sw-soft.com/search.php...d=915011&sortby=lastpost&sortorder=descending

Make sure you
- edit the admin conf file, not the normal webserver conf. (These 2 are separated).
- bind to an IP adress you did not use for normal hostingaccounts
- reload the correct admin webserver (the apache reload in the GUI reloads the hosting instance of apache, not the admin)

Giving the fact your Plesk does not start anymore sounds like a port conflict, so make sure you use a separate IPadress for your admin webserver, do not use it for hosting.

 

[jamesyeeoc]

When you tried to make Plesk's apache listen to port 443, you put it into conflict with the 'hosting' copy of apache which is already listening on that port....

 

[compare]

Originally posted by jamesyeeoc
When you tried to make Plesk's apache listen to port 443, you put it into conflict with the 'hosting' copy of apache which is already listening on that port....

That was what i expected...
I found on http://httpd.apache.org/docs-2.0/bind.html a way to bind 1 port on 1 ip-address:

LISTEN 8443
LISTEN 10.11.12.13:443

I only need to find a way to unbind this port for only this ip-address with this specific portnumber....

Regards,
Maurice

 

[jamesyeeoc]

The only problem I see with that is Plesk will overwrite (on certain times) the httpd.conf and httpd.include files for the hosting side.

The hosting conf files are in /etc/httpd/conf directory.

You could make changes there, but then any normal browsing to hosted domains using port 443 would not work. And the manual changes would only stay until you use Plesk to add/delete/change anything domain related, at which time these files will be overwritten.

It would be better to use some other port number (not 443) which would not conflict with any ports already in use.

 

[compare]

I also looked to use a symbolic link...
link the httpsdocs for the domain i want to use to the webroot dir. of the Plesk Adminpages, but the Plesk Apache runs as another user... Good of course, becaurse the Plesk pages runs high-risk scripts on Linux, so you absolutly don't want that an normal user can do that too.

An other thing i want to try is server-side redirect. So to redirect within Apache to another Apache.
If that works, i shall try to find the "template" files who creates the conf files.
Then i create a virtual website outsite of Plesk.

Regards,
Maurice

 

[compare]

Originally posted by jamesyeeoc
It would be better to use some other port number (not 443) which would not conflict with any ports already in use.

The reason i want to run Plesk on port 443 is firewall's.
Most (real) firewalls don't accept port 8443, but almost every firewall accept https pages on 443.

That's the main reason i want Plesk on the default portnumber 443.

Dedicated IP address and an extra domainname just for Plesk is no problem. I already have that.

Regards en thanks for the thinking with me
Maurice

 

[jamesyeeoc]

Yes I figured it was due to client side firewall issues, I was thinking more on the lines of other well known ports which many/most firewalls also allow, such as 21. It is usually quite easy to reconfigure ftp to use a different port on the server, then there would not be a conflict between 2 apaches on port 443.

This is just one example port.

 

[compare]

That was on my mind too, because most companies have the ports 21, 80 and 443 open.

BUT !! FTP is not a TCP/IP protocol, it's UDP, so a good firewall'er don't accept TCP on port 21. And a really good firewall'er checks the protocol on the port, because otherwise you can also make a tunnel thue that port to your own PC at home and do everything you want. (That way i used USENET thrue a firewall once )

Regards,
Maurice

PS. I had a tip to use ProxyPass in the httpd.include of the domain to use server-side redirect... Have to try it yet...

 

[jamesyeeoc]

That's what I get for posting when I'm asleep. Just like now , I retract what I said about the ftp port (was using it as an example) obviously not a good one.....

 

[compare]

No problem of course But i have a little update about server-site redirect:

I tried several things with ProxyPass, but it still does not work as i want it.

Right now i have in the /home/httpd/vhosts/plesk-administrator.nl/conf/httpd.include:

<VirtualHost 83.172.133.76:443>
        ServerAdmin  postmaster@*changed*.nl
        SSLEngine on
        SSLVerifyClient none
        SSLCertificateFile /usr/local/psa/var/certificates/certXGls68V
        ProxyPass / https://localhost:8443/
        ProxyPassReverse / https://localhost:8443/
</VirtualHost>

No error's anymore, but still no Plesk page:
https://www.plesk-administrator.nl/
https://www.plesk-administrator.nl:8443/

But with some help on the usenet, i get furter and furter

Regards,
Maurice

 

[jamesyeeoc]

Looks like the <VirtualDirectory xx.xx.xx.xx:443> in the /etc/httpd/conf/httpd.include is still taking priority over your domain specific include file. That would explain why it is still bringing up the default plesk page instead of the login page. And apparently you may not have set the 'Default Domain' for the IP address yet.

The 'Hosting' apache is still taking the 443 request before the 'Plesk admin' Apache.

Also, more related proxy directives for Apache:

Protocol Adjustments

For circumstances where you have a application server which doesn't implement keepalives or HTTP/1.1 properly, there are 2 environment variables which when set send a HTTP/1.0 with no keepalive. These are set via the SetEnv directive.

These are the force-proxy-request-1.0 and proxy-nokeepalive notes.

<Location /buggyappserver/>
ProxyPass http://buggyappserver:7001/foo/
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
</Location>

Not sure if it will help, but this is in the Apache docs:
http://66.102.7.104/search?q=cache:...2.0"+-"List-Post"+site:httpd.apache.org&hl=en

There are also ProxyConnect, AllowConnect, etc. Check it out, there may just be other directives you need.

 

[Cranky]

I'm too tired to read all the above, so I'll just explain the solution in full:

• Edit /etc/httpd/conf.d/ssl.conf to comment out the Listen line as follows:
  
  

  #Listen 0.0.0.0:443

  
  Add listen to all IP address used by standard Apache just below the comment above:
  
  

  Listen x.x.x.1:443
  Listen x.x.x.2:443
  Listen x.x.x.3:443

  
  Where x.x.x.* are *ALL* the IP's on your server except the one you want to use for Plesk.
  
  You can output listen lines for all IP's with the following via the shell:
  
  

  /sbin/ifconfig |grep 'inet addr:'|awk '{print $2}'|awk -F: '{print "Listen "$2":443"}'

• Add to /usr/local/psa/admin/conf/httpsd.conf listen directive for unused IP address:
  
  

  Listen 127.0.0.1:443

• Restart both apache and Plesk:
  
  

  service httpd restart
  service psa restart

You will need to add any new IP's you add to the apache config file as above, and Plesk updates will overwrite /usr/local/psa/admin/conf/httpsd.conf so this isn't an optimal solution, but it's probably the most suitable at the moment.

Alternative solutions would probably include using iptables or setting up a proxy server, but until you have time to play with this I'd suggest doing the above.

 

[compare]

@Cranky

Although it's maybe not yet the optimal solution, it IS working, so this is a very big step forward.
Thanks for that.

I'll use this for a wail to see IF and WHEN the files be changed. Si i can try to find the files used who creates this files to find a permenent solution (till upgrade )

Thanks,
Maurice

 

[Cranky]

No problem.

The files won't be overwritten until you upgrade Plesk, don't worry about that.

 

[dsoundmn]

a working solution

a solution that works