• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Plesk access multi-IP

A

Arnaud GUY

New Pleskian
Hello,

I've a centos server with 10 ip adress, and plesk 17.0.17
I would like to restrict access to plesk and ssh server to an ip address for security reasons. Is that possible?

Thanks you so much,
Arnaud
 
Thanks for your reply.
I'hve test this, but if i modify Parallels Admin Admin Plesk Panel Allow incoming from XX.XX.XX.XX

XX.XX.XX.XX.XX Is one of my 10 ip addresses from the plesk server. The connexion with the server are lost and the configuration is not applY.
 
Hi,
I think that is misunderstood. What you say works but with the ip of my box. But what I seek to do is restrict access to plesk to an ip from my server.
Thanks
Arnaud
 
Arnaud GUY said:
Hi,
I think that is misunderstood. What you say works but with the ip of my box. But what I seek to do is restrict access to plesk to an ip from my server.
Thanks
Arnaud
Click to expand...

It is possible.

For plesk, edit /etc/sw-cp-server/conf.d/plesk.conf and remove all server IPs except the ip that you want and 127.0.0.1 ie

Code: 
server {
                listen 1.2.3.4:8443 ssl http2;
                listen 127.0.0.1:8443 ssl http2;
                listen 1.2.3.4:8880;
                listen 127.0.0.1:8880 default_server;
                include conf.d/*ipv6_ports.inc;


                ssl_certificate /usr/local/psa/admin/conf/httpsd.pem;
                ssl_certificate_key /usr/local/psa/admin/conf/httpsd.pem;

                include conf.d/*plesk.inc;
                include conf.d/*wpb.inc;
}

then execute # service sw-cp-server restart

For ssh, edit /etc/ssh/sshd_config and comment/remove all 'ListenAddress' entries and 'AddressFamily any', then add

Code: 
ListenAddress 1.2.3.4

then execute # service sshd restart

Cheers
 
Hi,
Wiz said:
For plesk, edit /etc/sw-cp-server/conf.d/plesk.conf and remove all server IPs except the ip that you want and 127.0.0.1 ie
Click to expand...
It"s no possible to remove ip because i have not ! my file plesk.conf :
Code: 
server_names_hash_bucket_size  64;

server {
                listen 8443 ssl;
                listen 8880;
                listen 127.0.0.1:8880 default_server;
                include conf.d/*ipv6_ports.inc;


                ssl_certificate /usr/local/psa/admin/conf/httpsd.pem;
                ssl_certificate_key /usr/local/psa/admin/conf/httpsd.pem;

                include conf.d/*plesk.inc;
                include conf.d/*wpb.inc;
}

I'have add my ip adress and restart sw-cp-server, but it's not ok.
It's the same with ssh, listen adresse and familyadress are comments !

Thanks
 
Arnaud GUY said:
It"s no possible to remove ip because i have not !
I'have add my ip adress and restart sw-cp-server, but it's not ok.
It's the same with ssh, listen adresse and familyadress are comments !
Click to expand...

Please paste your current plesk.conf config but replace the ip you want to use with x.x.x.x

Also for ssh, you need to have only 1 'ListenAddress x.x.x.x' entry .. if this is the case, please paste the first 50 lines of your sshd_config
 
Sanity check - Are you trying to have plesk accessable on only one of the 10 ips you have or are you trying to restrict access to plesk so that only one of the 10 ips is able to access it?
 
My current plesk.conf
Code: 
server_names_hash_bucket_size  64;

server {
                listen 8443 ssl;
                listen 127.0.0.1:8880 default_server;
                include conf.d/*ipv6_ports.inc;


                ssl_certificate /usr/local/psa/admin/conf/httpsd.pem;
                ssl_certificate_key /usr/local/psa/admin/conf/httpsd.pem;

                include conf.d/*plesk.inc;
                include conf.d/*wpb.inc;
}
and I've add listen XXX.XXX.XXX.XXX 8443 ssl;
 
Wiz said:
Sanity check - Are you trying to have plesk accessable on only one of the 10 ips you have or are you trying to restrict access to plesk so that only one of the 10 ips is able to access it?
Click to expand...
I am trying to have access to plesk only on one of the 10 ip of my server.
 
Arnaud GUY said:
I am trying to have access to plesk only on one of the 10 ip of my server.
Click to expand...

Then I understood you correctly the first time..

Edit plesk.conf with:
Code: 
server_names_hash_bucket_size  64;

server {
                listen x.x.x.x:8443 ssl;
                listen 127.0.0.1:8880 default_server;
                include conf.d/*ipv6_ports.inc;


                ssl_certificate /usr/local/psa/admin/conf/httpsd.pem;
                ssl_certificate_key /usr/local/psa/admin/conf/httpsd.pem;

                include conf.d/*plesk.inc;
                include conf.d/*wpb.inc;
}

Replace x.x.x.x with the ip you want plesk running on.

Then execute the following via shell -
# service sw-cp-server restart && service sw-engine restart

Plesk should now only be accessable/listening on x.x.x.x
 
You must log in or register to reply here.

Similar threads

T
Issue How to seucre a custom plesk login url?
Replies
1
Views
184
Kaspar
K
F
Question How to disable/restrict by IP <server-ip>/login_up.php ?
Replies
4
Views
1K
W4ru
W
P
Issue Certificate problem in Plesk
Replies
5
Views
378
Raul A.
R
D
Issue Migration Manager
Replies
6
Views
380
alapshin
A
P
Resolved Multi-Factor Authentication (MFA) extension does not remember device
Replies
10
Views
1K
pleskuser67553
P
Back
Top