Ability to listen to port different than 443 for ssl

  • Hi, currently I've a setup in all my ispcp servers that I'd like to migrate to ispcp. Basically the idea is this:


    .- imscp.myserver.com is the name of my server
    .- example.com is the name of the customer



    imscp.myserver.com:80 -> Redirects to imscp.myserver.com:8443
    imscp.myserver.com:443 -> Redirects to imscp.myserver.com:8443
    imscp.myserver.com:8443 -> This is tha main control panel


    example.com:80 -> It shows the http site
    example.com:443 -> If I configured (manually) the domain to have ssl, it will show the website under ssl re-using the same cert as myserver.com (this is for customers that want a certificat but don't want to pay the extra ip)
    example.com:8443 -> Redirects to imscp.myserver.com:8443


    So the advantages of this setup are basically these:
    .- The customers don't have to remember the server name, and it's easier for me to relocate them on a different server
    .- The ssl certifcate can be reutilized for hostings that want a cert but don't want to pay the extra costs



    The first part I'd need would be to have in imscp.conf a parameter called somethin like this (8443 for my case):
    BASE_SERVER_VHOST_PORT = 8443


    This would allow to use imscp on different port than the standard. After that the changes are mostly on the apache configurations.

  • You should be able to accomplish what you want using simple redirections in the "imscp.myserver.com:80" and "imscp.myserver.com:443" virtualhosts.


    Basically, in these VirtualHosts you only need to add a single redirection (everything else except for the ServerAdmin, DocumentRoot and ServerAlias in there can be safely deleted):

    Code
    1. RedirectMatch permanent /(.*)$ https://imscp.myserver.com:8443/$1


    And that should do it...


  • You should be able to accomplish what you want using simple redirections in the "imscp.myserver.com:80" and "imscp.myserver.com:443" virtualhosts.


    Basically, in these VirtualHosts you only need to add a single redirection (everything else except for the ServerAdmin, DocumentRoot and ServerAlias in there can be safely deleted):

    Code
    1. RedirectMatch permanent /(.*)$ https://imscp.myserver.com:8443/$1


    And that should do it...


    What would be the opinion about integrating this into i-mscp?


    I expected https and http setting to be mutually exclusive (enabling http would make https redirect to http and the other way around) and currently I can enter on both security schemas. Is this a bug or a feature?

  • More like a feature :p. They are not mutually exclusive (imagine a selfsigned certificate and how it is displayed on firefox: nice WARNING message :) ). Some client might be affraid of installing that certificate so ...


  • More like a feature :p. They are not mutually exclusive (imagine a selfsigned certificate and how it is displayed on firefox: nice WARNING message :) ). Some client might be affraid of installing that certificate so ...


    Well, I my opinion for that case the i-mscp administer should install the system only on http.
    It's like on facebook, when you opt-in to use ssl, you always are redirected to ssl. It increases the security because you cannot enter without ssl accidentally.
    Just my 2cents

  • Ok, I am trying to bring this back to the control panel, since I really need it prior moving to i-mscp. There are several aproches I might do, tell me which one do you prefer, and I'll see what can I do.


    My idea would constist on a variable called:
    BASE_SERVER_PORT
    This would be the default port for the control panel, where all the connections would be redirected.


    • BASE_SERVER_PORT =
      By leaving the value empty, i-mscp will act like now, all the virtualhosts/ports are at the same level, there's none redirecting.


    • BASE_SERVER_PORT = 80
      i-mscp would redirect all the connections to port 80 (forcing encrypted connections to unnecrypted)


    • BASE_SERVER_PORT = 443
      Would rewrite the url to use https on port 443 (if we are on http, it will move us to https)


    • BASE_SERVER_PORT = 8443
      This will redirect all the content to port 8443 under SSL, this is the case I need, I will allow to see the control panel (with mismatch in certifcates) for every domain:


    If you've got other ideas I'll be glad to hear, what I really need is what I posted on first post.