Author Topic: Secure CWP Admin Panel Port 2031  (Read 38057 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Secure CWP Admin Panel Port 2031
« on: August 02, 2017, 04:04:19 PM »
Operating System : CentOS 7.3
CWP version: 0.9.8.346

I followed the tutorial http://wiki.centos-webpanel.com/hostname-ssl-with-letsencrypt
but it doesn't secure the 2031 port

The hostname domain got secured but it doesn't automatically secure the 2031 port and then redirect the 2030 port to 2031
How can I automatically secure my hostname:2031 port  with the auto ssl feature automatically?

Also how can I redirect the port 2030 to 2031

Offline
*
Re: Secure CWP Admin Panel Port 2031
« Reply #1 on: August 03, 2017, 05:05:59 AM »
I was able to secure the Panel with /usr/local/cwpsrv/conf/cwpsrv.conf
and then replacing the contents of

ssl_certificate     /etc/pki/tls/certs/hostname.crt;
ssl_certificate_key /etc/pki/tls/private/hostname.key;

With the SSL , CA and Key

But how do I redirect from port 2030 too port 2031 and to https

Thank you

Offline
*
Re: Secure CWP Admin Panel Port 2031
« Reply #2 on: August 03, 2017, 01:24:28 PM »
But how do I redirect from port 2030 too port 2031 and to https

You would need to add nginx redirect rules in file /usr/local/cwpsrv/conf/cwpsrv.conf
google that, it should be simple.
VPS & Dedicated server provider with included FREE Managed support for CWP.
http://www.studio4host.com/

*** Don't allow that your server or website is down, choose hosting provider with included expert managed support for your CWP.

Offline
*
Re: Secure CWP Admin Panel Port 2031
« Reply #3 on: October 04, 2017, 06:31:14 AM »
I was able to secure the Panel with /usr/local/cwpsrv/conf/cwpsrv.conf
and then replacing the contents of

ssl_certificate     /etc/pki/tls/certs/hostname.crt;
ssl_certificate_key /etc/pki/tls/private/hostname.key;

With the SSL , CA and Key

But how do I redirect from port 2030 too port 2031 and to https

Thank you
I already Try It But it doesn't secure the 2031 port...
Anyone Help ME?

Offline
***
Re: Secure CWP Admin Panel Port 2031
« Reply #4 on: October 09, 2017, 05:39:38 AM »
If you have a domain.com which is assigned to your IP(DNS: A Record) you can use:
For CentOS 6:
http://forum.centos-webpanel.com/ssl/certbot-installation-and-requesting-certificate-(centos-6)/
For CentOS 7:
http://forum.centos-webpanel.com/ssl/certbot-installation-and-requesting-certificate-(centos-7)/
Create SSL Certificate and Key with one of this manuals and replace in /usr/local/cwpsrv/conf/cwpsrv.conf:
Code: [Select]
ssl_certificate     /etc/pki/tls/certs/hostname.crt;
ssl_certificate_key /etc/pki/tls/private/hostname.key;
with this:
Code: [Select]
ssl_certificate     /etc/letsencrypt/live/YOUR-DOMAIN.COM/fullchain.pem;;
ssl_certificate_key /etc/letsencrypt/live/YOUR-DOMAIN.COM/privkey.pem;
Once done, don`t forget to restart cwpsrv with:
Code: [Select]
service cwpsrv restart
You are done. Now navigate to https://YOUR-DOMAIN.COM:2031 and you are supposed to have a GREEN bar and secured site.
Something like this:

Have fun. Hope it helps.
UNIX is a very simple OS, but you have to be a GENIUS to understand it ...

Offline
***
Re: Secure CWP Admin Panel Port 2031
« Reply #5 on: November 21, 2017, 06:43:49 PM »
Can I use any of my domains or does it have to be an unused domain?

Offline
*
Re: Secure CWP Admin Panel Port 2031
« Reply #6 on: January 17, 2018, 11:41:36 PM »
I was able to secure the Panel with /usr/local/cwpsrv/conf/cwpsrv.conf
and then replacing the contents of

ssl_certificate     /etc/pki/tls/certs/hostname.crt;
ssl_certificate_key /etc/pki/tls/private/hostname.key;

With the SSL , CA and Key

But how do I redirect from port 2030 too port 2031 and to https

Thank you


Hi there,

server {
        listen       2030;
        listen       2086;
        server_name  localhost;
#add this line
return 301 https://$host:2031$request_uri;
in  /usr/local/cwpsrv/conf/cwpsrv.conf file and reboot nginx

Re: Secure CWP Admin Panel Port 2031
« Reply #7 on: January 25, 2018, 03:11:09 PM »
Why not having adding the option to utilize (point to) the user certificate in the CWP Settings. And perhaps the option to redirect the ports accordingly? Perhaps a feature suggestion
« Last Edit: January 25, 2018, 03:15:44 PM by n8v8r »

Re: Secure CWP Admin Panel Port 2031
« Reply #8 on: January 25, 2018, 10:10:08 PM »
So the panel for the admin(root) gets secured on the 2031/2087 ports with the root certificate but the user panel on port 2083 falls back to CWP certificate... not good. The certificate should be applicable globally to all users/ports on the CWpanel. How to sort this?
« Last Edit: January 25, 2018, 10:11:47 PM by n8v8r »

Re: Secure CWP Admin Panel Port 2031
« Reply #9 on: January 25, 2018, 10:17:25 PM »
It be rather logic that once an own certificate is deployed on a domain that the certificate also automatically applies to all users/ports since CWP is part of the domain.

Re: Secure CWP Admin Panel Port 2031
« Reply #10 on: January 27, 2018, 12:45:34 PM »
related to switching the certificates or an unrelated bug?

/admin/index.php?module=php_info

Quote
Warning: file_get_contents(): Peer certificate CN=`www.foo.bar' did not match expected CN=`x.x.x.x.x' in /usr/local/cwpsrv/htdocs/resources/admin/modules/php_info.php on line 0

Warning: file_get_contents(): Failed to enable crypto in /usr/local/cwpsrv/htdocs/resources/admin/modules/php_info.php on line 0

Warning: file_get_contents(http://x.x.x.x.x/phpinfo.php): failed to open stream: operation failed in /usr/local/cwpsrv/htdocs/resources/admin/modules/php_info.php on line 0




Offline
*
Re: Secure CWP Admin Panel Port 2031
« Reply #11 on: March 12, 2018, 08:19:14 PM »
Hello i got the same probleme with some port. 


 openssl s_client -connect hostname:2031 -servername hostname

I got notice



Offline
*
Re: Secure CWP Admin Panel Port 2031
« Reply #12 on: September 09, 2018, 05:25:30 PM »
If you have a domain.com which is assigned to your IP(DNS: A Record) you can use:
For CentOS 6:
http://forum.centos-webpanel.com/ssl/certbot-installation-and-requesting-certificate-(centos-6)/
For CentOS 7:
http://forum.centos-webpanel.com/ssl/certbot-installation-and-requesting-certificate-(centos-7)/
Create SSL Certificate and Key with one of this manuals and replace in /usr/local/cwpsrv/conf/cwpsrv.conf:
Code: [Select]
ssl_certificate     /etc/pki/tls/certs/hostname.crt;
ssl_certificate_key /etc/pki/tls/private/hostname.key;
with this:
Code: [Select]
ssl_certificate     /etc/letsencrypt/live/YOUR-DOMAIN.COM/fullchain.pem;;
ssl_certificate_key /etc/letsencrypt/live/YOUR-DOMAIN.COM/privkey.pem;
Once done, don`t forget to restart cwpsrv with:
Code: [Select]
service cwpsrv restart
You are done. Now navigate to https://YOUR-DOMAIN.COM:2031 and you are supposed to have a GREEN bar and secured site.
Something like this:

Have fun. Hope it helps.

This solved the problem, thanks.

Offline
*
Re: Secure CWP Admin Panel Port 2031
« Reply #13 on: November 17, 2020, 05:10:19 AM »
What worked for me. My hostname is server.yourdomain.com.my

Create a subdomain - server.yourdomain.com.my
Make Sure sub-domain points to correct IP.

Get AutoSSL for this subdomain using CWP panel. Now go to the command prompt.


[root@server]# cd /etc/pki/tls/certs/
[root@server certs]# ll
-rw-r--r--  1 root root 3596 Nov 17 04:51 server.yourdomain.com.my.bundle
-rw-r--r--  1 root root 1948 Nov 17 04:51 server.yourdomain.com.my.cert
lrwxrwxrwx. 1 root root   31 Nov 15 15:15 server.yourdomain.com.my.crt -> /etc/pki/tls/certs/hostname.crt
[root@server certs]#rm server.yourdomain.com.my.crt
[root@server certs]#ln -s server.yourdomain.com.my.cert /etc/pki/tls/certs/hostname.crt

[root@server certs]# ls -l
total 72
-rw-r--r--  1 root root 3620 Nov 16 15:40 dwishaventures.com.my.bundle
-rw-r--r--  1 root root 1972 Nov 16 15:40 dwishaventures.com.my.cert
-rw-r--r--. 1 root root 1395 Nov 15 15:15 hostname.bundle
lrwxrwxrwx  1 root root   33 Nov 17 04:59 hostname.crt -> server.yourdomain.com.my.cert
-rw-r--r--  1 root root 3596 Nov 17 04:51 server.yourdomain.com.my.bundle
-rw-r--r--  1 root root 1948 Nov 17 04:51 server.yourdomain.com.my.cert
[root@server certs]#

Offline
*
Re: Secure CWP Admin Panel Port 2031
« Reply #14 on: November 17, 2020, 07:10:57 AM »
What worked for me. My hostname is server.yourdomain.com.my

Create a subdomain - server.yourdomain.com.my
Make Sure sub-domain points to correct IP.

Get AutoSSL for this subdomain using CWP panel. Now go to the command prompt.


[root@server]# cd /etc/pki/tls/certs/
[root@server certs]# ll
-rw-r--r--  1 root root 3596 Nov 17 04:51 server.yourdomain.com.my.bundle
-rw-r--r--  1 root root 1948 Nov 17 04:51 server.yourdomain.com.my.cert
lrwxrwxrwx. 1 root root   31 Nov 15 15:15 server.yourdomain.com.my.crt -> /etc/pki/tls/certs/hostname.crt
[root@server certs]#rm server.yourdomain.com.my.crt
[root@server certs]#ln -s server.yourdomain.com.my.cert /etc/pki/tls/certs/hostname.crt

[root@server certs]# ls -l
total 72
-rw-r--r--  1 root root 3620 Nov 16 15:40 dwishaventures.com.my.bundle
-rw-r--r--  1 root root 1972 Nov 16 15:40 dwishaventures.com.my.cert
-rw-r--r--. 1 root root 1395 Nov 15 15:15 hostname.bundle
lrwxrwxrwx  1 root root   33 Nov 17 04:59 hostname.crt -> server.yourdomain.com.my.cert
-rw-r--r--  1 root root 3596 Nov 17 04:51 server.yourdomain.com.my.bundle
-rw-r--r--  1 root root 1948 Nov 17 04:51 server.yourdomain.com.my.cert
[root@server certs]#

I notice an issue with this

vi /etc/dovecot/dovecot.conf - update the cert file path there.