Login CWP Cloudflare

Hi all,

Not sure if i am in the right section, but i have a problem.

If i place my server domain under cloudflare i can't login anymore on: https://server.mydomain.com:2031/login/index.php  Then i get no connection.

Is there a solution for this?

Thanks in advance!

Peter

I am using CWP and Cloudflare for my DNS infrastructure. Do you have Cloudflare configured as Flexible or Full for SSL? Do you have it set to always redirect plain HTTP connections to HTTPS?

Hi,

It's set on flexible and always redirect http to https.

Try turning off the redirect and manage it yourself on the CWP level (with the CSF firewall). I switched my CWP to run an alternate port and only have the HTTPS custom port exposed on the firewall. It will help you avoid getting profiled by someone doing a Shodan search for ports 2030 and 2031, indicators of running CWP and possibly identifying unpatched weaknesses. And since I do the management on my servers solo, I definitely turned off the cPanel wannabe ports 2086,2087. I have left 2083 enabled due to customer familiarity with that port for the customer panel.

I turned off the redirect, that makes no difference.

Must say i am not really a server nerd, so i don't understand how to set another port in the cfs firewall. Is it this rule that i have to change  in csf.conf?  PORTS_cwp = "2030,2031"

And how do i get the new port trough Cloudflare?

Try turning off the redirect and manage it yourself on the CWP level (with the CSF firewall). I switched my CWP to run an alternate port and only have the HTTPS custom port exposed on the firewall. It will help you avoid getting profiled by someone doing a Shodan search for ports 2030 and 2031, indicators of running CWP and possibly identifying unpatched weaknesses. And since I do the management on my servers solo, I definitely turned off the cPanel wannabe ports 2086,2087. I have left 2083 enabled due to customer familiarity with that port for the customer panel.

FYI  cloudflare has the option require authentication to get to your admin login page.  FWIW

Hi,

Make sure the A record server.mydomain.com isn't using the Cloudflare DNS PROXY option.

Thnx for the suggestions all,

It's now working, had to disable Cloudflare proxy  A record Cpanel. I had to notice that myself...

Is it wise to change the ports in csf.conf  PORTS_cwp = "2030,2031" to another number?

Thnx for the suggestions all,

It's now working, had to disable Cloudflare proxy  A record Cpanel. I had to notice that myself...

Is it wise to change the ports in csf.conf  PORTS_cwp = "2030,2031" to another number?

EDIT: now, 5 hours later not working anymore...

what do you mean ?

what do you mean ?

I have a dedicated server with CWP, and the nameservers are on the main domain.

Al my sites on the server are under Cloudflare and running fine, only my main domain not. When i set it under Cloudflare i can't reach the CWP any more on https://server.mydomain.com:2031.

The last time i tried i had the Cpanel record in the Cloudflare DNS set on DNS only - local IP. The nameservers of the main domain where propagated and i could login to the CWP again, but after around 5 hours it was again not working.

I would like to have the main domain on Cloudflare and that it is possible to go to the CWP trough https://server.mydomain.com:2031.

Thanks!

It should work -- did you try Cloudflare's dev mode? Did you test via a VPN from outside your LAN? Sometimes loopback/hairpin NAT requires further setup to work with your router, if that's what you are doing.

If you want to change your CWP login port, there are many guides:
https://azdigi.com/blog/en/webserver-panel-en/centos-web-panel-en/how-to-change-the-port-on-centos-web-panel-cwp/

I personally don't run under CWP's default port assignments, nor the cPanel/WHM port-alike assignments. I chose my own custom ports. But if anyone does a port scan on my server, obviously I have typical LAMP/LEMP ports open, with mail service ports open as well. It just makes it that much harder for script kiddies to pound my server and doesn't leave me susceptible to FritzFrog for SSH hack attacks.

It should work -- did you try Cloudflare's dev mode? Did you test via a VPN from outside your LAN? Sometimes loopback/hairpin NAT requires further setup to work with your router, if that's what you are doing.

If you want to change your CWP login port, there are many guides:
https://azdigi.com/blog/en/webserver-panel-en/centos-web-panel-en/how-to-change-the-port-on-centos-web-panel-cwp/

I personally don't run under CWP's default port assignments, nor the cPanel/WHM port-alike assignments. I chose my own custom ports. But if anyone does a port scan on my server, obviously I have typical LAMP/LEMP ports open, with mail service ports open as well. It just makes it that much harder for script kiddies to pound my server and doesn't leave me susceptible to FritzFrog for SSH hack attacks.

Thank you!

Going to take a look at this