1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

How to Change Admin port 8443 to something more firewall friendly

Discussion in 'Plesk for Windows - 8.x and Older' started by eugenevdm, Oct 2, 2005.

  1. eugenevdm

    eugenevdm Silver Pleskian

    30
    68%
    Joined:
    Nov 11, 2003
    Messages:
    611
    Likes Received:
    0
    This question is directed to Plesk for Windows 7.5.4, however, I have a similar problem with Plesk for Linux 7.5.4.

    I want to know 'a simple way' to change port 8443 to something else that will work behind a corporate firewall. Just so that you know why some of my customers have strict firewall policies which only allows port 80 and port 443 traffic. There is no way in hell that there administrators are going to allow port 8443 in.

    The irony is that I asked this question over a year ago when I was evaluating Plesk. This seemed to be a shortcoming of the product, and no-one could really give me a strait answer. Now this problem has come back to haunt me because some of my busiest and most important customers are behind corporate firewalls and they are demanding a lot of support that could have been handled by strait access to the admin control panel.

    Interessting it appears that Plesk for Linux has a FAQ entry about this on their site, which simply states:

    "Plesk control panel port can be changed in /usr/local/psa/admin/conf/httpsd.conf with "Listen" directive. For example:
    Listen 8445
    Restart Plesk after change will have been made."

    However, does this mean I can just change it to 443? Is this also applicable to Plesk for Windows? Strait answers please!
     
  2. jbuts

    jbuts Guest

    0
     
    You can change Plesk's admin port 8443 to your port. You should correct the "%plesk_dir%\admin\conf\httpd.conf" file and restart Plesk.
     
  3. eugenevdm

    eugenevdm Silver Pleskian

    30
    68%
    Joined:
    Nov 11, 2003
    Messages:
    611
    Likes Received:
    0
    I tried what you suggested. That would have been the obvious choice. However, changing that value causes Plesk to fail with the following message:

    "An attempt was made to access a socket in a way forbidden by its access permissions. : make_sock: could not bind to address 10.x.x.x:443"

    I tried both port 80 and port 443. Is there something else I have to do, in order to get Plesk for Windows running on port 443 or port 80?
     
  4. jbuts

    jbuts Guest

    0
     
    The IIS uses 80 and 443 ports. Actually, you can use other ports which are not used by system.
     
  5. eugenevdm

    eugenevdm Silver Pleskian

    30
    68%
    Joined:
    Nov 11, 2003
    Messages:
    611
    Likes Received:
    0
    Well that's exactly my point. A corporate firewall typically only allows port 80 and port 443. What about host headers? Turning off that binding in IIS?

    I need to change it to something useable, like port 80 or port 443.
     
  6. vekna

    vekna Guest

    0
     
    Hmmm.... check ssl on all domains in your Plesk and disable it. ALso check 443 port in other domains IIS manager or run "netstat.exe -a -o -n" to investigate who it use. Disable it and try to run Plesk again.
     
  7. softpac2000

    softpac2000 Guest

    0
     
    Options:
    * Install another adapter on the current machine with a different IP address also using the default port (80)(443) Use those for your Control Panel
    * Use the same adapter with multiple IP address, One for the control panel (Apache Web Server) and one for the web server (IIS Web Server) both using the default port (80)(443)
    * Try port (8080)

    Hope this helps!
    Ricardo...:cool:
     
  8. eugenevdm

    eugenevdm Silver Pleskian

    30
    68%
    Joined:
    Nov 11, 2003
    Messages:
    611
    Likes Received:
    0
    I can't use port 8080. Customers can only use port 80 or port 443. Corporate firewall remember.

    I tried multiple IP addresses, but I got an error. What do I have to do to disable the IIS binding which appears to exist by default and what do I have to do in httpd.conf to get it working?

    I can't add another network card, the network topology doesn't allow for that.

    Looks like the bottom line is there is not easy way to do it and nobody has really gotten it right (port 443 or 80 I mean). This is exactly what I meant by strait answers. Thanks everyone for trying but it look like I'll have to accept that Plesk was designed to run on port 8443.
     
  9. softpac2000

    softpac2000 Guest

    0
     
    Eugene,

    Here is how to do it:

    1. Open IIS and click on the "Websites" folder
    2. Write down the name of the website using port 443
    3. Open Plesk and click on "Server" link in the left panel
    4. Click on the "Shared SSL" link
    5. Unselect "Enable Shared SSL" and click Ok
    6. Click on "Domains" in the left panel
    7. Click on the domain you wrote down on step 2
    8. Click on the "Setup" link
    9. Unselect "SSL Support" and click Ok
    10. Refresh the IIS screen and port 443 should no longer be assigned to any of the websites
    11. Open this file: C:\Program Files\SWsoft\Plesk\admin\conf\httpd.conf
    12. Go to the line that reads "Listen 8443" don't remove that line
    13. Add another line right below it that reads "Listen 443"
    14. Save and close the file
    15. Using the Plesk Services Monitor click on "Clear All"
    16. Select "Plesk Control Panel" all the way at the top
    17. Click "Restart" - this restarts the Apache Server

    ***Done!...
    https://yourwebsite.com/ should now work for you from within your firewall and should display your control panel.

    **Please keep in mind that if you do this you will no longer be able to use (shared SSL).

    Hope this Helps!
    Ricardo...:cool:
     
  10. nasal tuft

    nasal tuft Guest

    0
     
    What if there is sites that require shared SSL ?

    Is it possible to bind additional IP address to the same nic and dedicate one on port 443 to the control panel ?
     
  11. softpac2000

    softpac2000 Guest

    0
     
    Yes it is possible to bind more than one IP address to the same NIC.

    Unfortunately I haven't done it yet, so if someone else can give us the pros & cons and tips on doing it, it would be nice!...

    Ricardo...:cool:
     
  12. nasal tuft

    nasal tuft Guest

    0
     
    Would "Listen specificip:443" work ?

    If we bound another IP address to our nic and used that as our dedicated plesk IP is it possible to get plesk to listen to a port on that IP address only ? as we still want to use 443 on other IP addresses.

    Thanks.
     
  13. JackL

    JackL Guest

    0
     
    Can we try something different:
    1. Port redirection - (Almost all hardware and software firewalls allow port redirection)
    2. As for sites need SSL - Two or more IP on Plesk Server - and server pulishing wizard (The best and easy to use software ISA 2004 ) (Create Web Server Publish rule, create Web Listener and move on) :)
    More about ISA 2004 see:
    http://www.microsoft.com/isaserver/default.mspx

    John S.G.
     
  14. brainus_tech

    brainus_tech Guest

    0
     
    You can tell IIS which IPs it will listen up on, and free a specific IP address to use with Plesk and it's internal Apache (then you can bind it on the port 80 and 440 of this IP).

    This can be achieved by using the Disable Socket Pooling procedures (different for Windows 2000 and 2003) and if it is 2003, it will require the Windows Support Tools installed (\SUPPORT\TOOLS\SUPTOOLS.MSI on the Windows CD, it is NOT inside the i386 dir but rather in the same level of it).

    I just don' t know how the Control Panel itself will react (if it will break in any point, on SSL generation, etc), as you can set the main IP for both the Shared SSL and non-ssl in IIS, and just have a third IP for the CP.
    Same with Merak Mail server and it's webmail (dont know if Plesk will redirect the webmail. to the correct address). Have to do my tests yet.
     
  15. circlec

    circlec Guest

    0
     
    is it also possible to take PLESK access off https and just put it on normal http (non-ssl) ? port shaping in south africa is just so bad that using both https and 8443 makes the response from plesk so bad and slow!
     
  16. ThomasSampson

    ThomasSampson Guest

    0
     
    This is the solution which I used

    Don't know if you have figured it out but this is what I did to get Plesk CP to load when I point my browser to cp.domain.com.

    Firstly You need a spare IP Address which you have told plesk to be exclusive (eg. 101.11.22.33). Then once that is done:

    1. Start > Admin Tools > IIS Manager

    2. On the left hand side in where it says Internet Information Services Click the + next to your server name.

    3. Now Click Websites

    4. Right-Click PleskControlPanel and select properties.

    5. Where it says (All Unassigned) select the spare exclusive IP address in the drop down box (eg. 101.11.22.33).

    6. Set TCP Port to 80 and SSL Port to 443

    7. Now Press OK and close IIS Manager

    Now Plesk will load the control panel to the selected IP address (eg. 101.11.22.33).

    8. Now log into the Plesk Control Panel and Click on Domains and click the Create Domian icon.

    9. Now Create a new domain (eg. cp.domain.com) making sure www is not selected. Select the ip address you assigned (eg. 101.11.22.33) Select No Hosting and Make sure DNS is Checked. Once this is done click Finish.

    10. Now point your browser to your new control panel URL (eg. cp.domain.com) and it will load plesk. Point it to https:// it will load the secured access.

    Hopefully this has answered your questioned and will work for you, pleased don't ask me how to do this on linux because I have no idea. Any windows based queries just send me a private message or post a reply.

    Thanks
    Thomas
     
Loading...