force webpanel:2087 to server hostname

I've been attempting to force the user web panel access on port 2087 to redirect or only respond to the server hostname - ie not <virtualhost>:2087

All the standard nginx ssl module redirect/rewrite tricks have failed me.  Has anyone achieved this?


Thanks,
Klaus

Admin panel is 2087; user panel is 2083 (to match cPanel port assignments). Do you mean the admin or user panel?

If the user's domain name is pointed to the server and there is no service like CouldFlare then there is no way to make the admin/user control panel become accessible via:
https://hostname.com:2087/
only.

You just can redirect the user to hostname.com if the user accesses the panel over the own domain name. To do this you need to add the rewerite rule into the files located in:
/usr/local/cwpsrv/conf.d/

Admin panel is 2087; user panel is 2083 (to match cPanel port assignments). Do you mean the admin or user panel?

Yes, the admin panel.
The 'issue' is this:  the server, correctly, responds on that port to any call via IP or virtual host DNS name;
It returns the usual 'not secured' SSL response in browsers;
click through and the header maintains the 'virtualhostname:2087';
They obviously don't have credentials to go further.

I've had enquiries relating around that from organisations who are taking out cyber insurance!  Their insurance companies seemingly scan all ports of their web site address and have come back with seeing 2086 and 2087 not secured on the vhost name and identify that as a threat to the insured's assets! 
We've had to explain realities of IP and DNS a few times now and I would just like to circumvent having to do that.

You just can redirect the user to hostname.com if the user accesses the panel over the own domain name. To do this you need to add the rewerite rule into the files located in:
/usr/local/cwpsrv/conf.d/

I've tried all the versions of the rewrite rules to achieve that in there without success.  Will go back to it and try again.  Thanks

I wouldn't run the non-SSL version of the admin port (be it 2030 or 2086). Another unsolicited bit of advice: change to a non-standard port for the SSL admin port instead of 2031 or 2087. Here's a guide to do that:
https://azdigi.com/blog/en/webserver-panel-en/centos-web-panel-en/how-to-change-the-port-on-centos-web-panel-cwp/

As Cyberspace mentioned, if you use Cloudflare, you could use their infrastructure to create access rules to the admin port.

Alternately, you could firewall your connection to limit incoming access with CSF. Do you connect to it via static IP so you could lock it down to allow only a handful of chosen access IPs?