Accessing the panel by domain
Configuring ihttpd
This method is suitable if the server is not planned to host websites and run web applications (Roundcube, phpMyAdmin, phpPgAdmin, Softaculous).
- Issue an SSL certificate for the panel. Specify the domain that will be used to access the panel.
- In the configuration file
/usr/local/mgr5/etc/ihttpd.conf, change the web server ports to 80 and 443:
listen {
ip 10.10.10.10
port 443
}
listen {
ip 10.10.10.10
port 80
redirect
}
sni {
domain_cert etc/manager.crt
domain_key etc/manager.key
domains domain
}3. Connect to the server with the panel via SSH and restart the server:
systemctl restart ihttpdConfigure reverse proxy
If you plan to host sites on a server using Nginx, Apache, or OpenLiteSpeed web servers, ports 80 and 443 will already be in use. In this case, you will need to configure ihttpd to proxy requests from one of the sites.
1. Set ForwardedSecret parameter.
Specify the ForwardedSecret parameter in the panel configuration file (/usr/local/mgr5/etc/ispmgr.conf).
Example:
ForwardedSecret qwerty12345
- ForwardedSecret - A key that ensures ihttpd trusts requests from the proxy server and records the client's real IP address in the logs. This key is required to protect against client IP address spoofing.
2. Restart the control panel
After making configuration changes, restart the panel.
/usr/local/mgr5/sbin/mgrctl -m ispmgr exit
3. Open the Sites section of the control panel, select the site to change, go to Configuration files and edit the configuration according to the examples below, replacing the domain (mydomain.com), IP Address (10.10.10.10.10) and ForwardedSecret (qwerty12345) values with your own values.
Nginx configuration file
server {
server_name mydomain.com;
listen 10.10.10.10:80;
return 301 https://$host:443$request_uri;
}
server {
server_name mydomain.com;
listen 10.10.10.10:443 ssl;
ssl_certificate "/usr/local/mgr5/etc/manager.crt";
ssl_certificate_key "/usr/local/mgr5/etc/manager.key";
location ^~ /manimg/ {
alias /usr/local/mgr5/skins/;
}
location / {
proxy_pass https://10.10.10.10:1500;
proxy_redirect https://10.10.10.10:1500 /;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Secret qwerty12345;
chunked_transfer_encoding off;
}
}
Apache configuration file
<VirtualHost 10.10.10.10:80>
ServerName mydomain.com
RewriteEngine on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
</VirtualHost>
<VirtualHost 10.10.10.10:443>
ServerName mydomain.com
SSLEngine on
SSLCertificateFile "/usr/local/mgr5/etc/manager.crt"
SSLCertificateKeyFile "/usr/local/mgr5/etc/manager.key"
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
ProxyRequests Off
ProxyPreserveHost On
ProxyVia full
RequestHeader set X-Forwarded-Secret qwerty12345
<proxy *>
Order deny,allow
Allow from all
</proxy>
ProxyPass / https://10.10.10.10:1500/
ProxyPassReverse / https://10.10.10.10:1500/
</VirtualHost>
OpenLiteSpeed configuration file
virtualHost mydomain.com {
vhDomain mydomain.com
vhRoot /var/www/www-root/data
docRoot /var/www/www-root/data/www/mydomain.com
rewrite {
enable 1
rules <<<END_rules
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
END_rules
}
}
virtualHost mydomain.com-ssl {
vhDomain mydomain.com
vhRoot /var/www/www-root/data
docRoot /var/www/www-root/data/www/mydomain.com
vhssl {
keyFile /usr/local/mgr5/etc/manager.key
certFile /usr/local/mgr5/etc/manager.crt
}
extprocessor ispmgr {
type proxy
address 10.10.10.10:1500
}
context / {
type proxy
handler ispmgr
extraHeaders <<<END_extraHeaders
RequestHeader set X-Forwarded-Secret qwerty12345
END_extraHeaders
}
}
To avoid cyclic redirection, remove the line with the value "redirect" in the ihttpd configuration file /usr/local/mgr5/etc/ihttpd.conf and restart the server.
systemctl restart ihttpd