Resolved how to SSL secure Panel with Cloudflare enabled server ?

[qtwrk]

Hi,
Just got a small problem.
currently I am using https://xxx.xxx.xxx.xxx:8443 to access and manage Plesk.
mydomain has SSL and I setup with Cloudflare.

which means , if i access https://domain:8443 , CF gets in the way.

so what should I do now ?

get a separate (sub)domain and setup with let's encrypt ?

just one more dumb question , if in case I have to use other domain to do it, how can I change hostname (centos 7) to match the SSL cert ?

and better yet , is there anyway to change plesk default port ?

 

[UFHH01]

Hi qtwrk,

I don't recommend to change the ports, but it is possible:

=> /etc/sw-cp-server/conf.d/plesk.conf​

... but pls. be aware, that Plesk may overwrite your modifications in case of updates/upgrades/patches.



It is very easy to create a subdomain for your Plesk Control Panel and follow then:

=> Plesk Blog article : => "About Plesk URL or Telling Customers the Right Address to Go to"​

or use the FORUM SEARCH, where you could find for example => #2 => #10​

and have a look as well at the Plesk Extension:​

=> "Custom Plesk Host"​

 

[mr-wolf]

When I don't want to meddle with configs I use iptables to translate a port.
I don't really understand your question in what you're trying to do, but if you want to access Plesk on port 9443 then you only need to add the line:

iptables -t nat -A PREROUTING -d 10.20.10.20/32 -p tcp -m tcp --dport 9443 -j DNAT --to-destination 10.20.10.20:8443

10.20.10.20 is your WAN IP

Anything foreign going to port 9443 will go to 8443 instead.
You can also use source IP's if you choose to.

I'm using it when running a reverse proxy.
No need to change the port, just fetch the data away before it arrives to the service....

Plesk will not spoil your party when it changes configs

 

[qtwrk]

When I don't want to meddle with configs I use iptables to translate a port.
I don't really understand your question in what you're trying to do, but if you want to access Plesk on port 9443 then you only need to add the line:

iptables -t nat -A PREROUTING -d 10.20.10.20/32 -p tcp -m tcp --dport 9443 -j DNAT --to-destination 10.20.10.20:8443

10.20.10.20 is your WAN IP

Anything foreign going to port 9443 will go to 8443 instead.
You can also use source IP's if you choose to.

I'm using it when running a reverse proxy.
No need to change the port, just fetch the data away before it arrives to the service....

Plesk will not spoil your party when it changes configs

thanks for the tip , my original question was render meanless because i just saw CF allows traffic on port 8443 , but however still another problem. the port 8447 for install/update component is NOT allowed by CF.

can I use that iptables command forward from source IP:8447 to other port that CF allows ?
and please forgive my stupidity , how to find out my WAN IP ?

 

[mr-wolf]

I wrote WAN IP, but I was assuming a server directly connected to the Internet. It's the IP of your machine which can be found with ifconfig.

If you have your server behind a NAT router then you could do this on the router.

You could use some other port (one that Cloudflare supports) and translate that port to 8447.
The problem there is that Plesk will instruct your browser to open a new tab on port 8447
You would need to manually change the port on your browser to that Cloudflare supported port.
As upgrades are done rarely and only by one person normally this could be only a minor nuisance.

I'm not using Cloudflare, so I'm not aware of its specific restrictions. I know it's an off site reverse proxy service.