Still, want DirectAdmin can run two instances.
One is for SSL, and One is for NON-SSL.

That means DA can be run BOTH in SSL and non-SSL.

Is it difficult to be implemented? I remember John have added it to the version system, just want to follow up!

:D

Hello,

It's .. simple in theory, but .. would take a bit of work and a lot of testing (dont want to break anything at a low level).

On a related note, we added a feature that lets people access an SSL enabled DA through http:// ... DA will notice the ssl connection failed and will send a redirect to https:// throuh plain http even though ssl is enabled in DA. One of the perks of writing your whole daemon from the ground up ;)

John

Can you clarify this, John?

When I try http: with my testbed system instead of https:, I get a "contains no data" error.

Jeff

How about if I have enabled the SSL, but people want to access it through http:// ?

Currently it will be redirected to https://IP:2222, however, it will get a popup..

Can it be made to compatible with https://anydomain.com and http://anydomain.com

where anydomain.com is anydomain resolved as the same IP ?

:)

Jeff: hmmm... it is sending data.. this is what it sends:

HTTP/1.1 302 Found\r\nLocation: https://", ip, ":", port, "\r\nContent-type: text/html\r\n\r\nuse https\r\n (with programming quotes) .. so "use https" *is* the data... hmmm :)

jeffery: It goes to the system IP becaue the "host" value isn't passed yet (done after connection is made) (chicken or the egg :)) .. I could change it to send the system hostname.. but to set a domain in particular would require it to be set somewhere.

John

Could we have an admin option to forward it to a certain hostname please? If a hostname wasn't set, it could just use the IP instead... so everyone's happy :)

Thanks,
Matt

Originally posted by thoroughfare
Could we have an admin option to forward it to a certain hostname please? If a hostname wasn't set, it could just use the IP instead... so everyone's happy :)

Thanks,
Matt

why not just enter your hostname:2222 rather than ip:2222 if thats what you want to use?

Chris

Currently, if I type http://myhostname.com:2222 (and SSL is turned on in DA), it redirects to https://ip:2222

I'd rather I could set it to redirect to my hostname... it could easily confuse new users.

Thanks,
Matt :)

Hey,

Replying to jeffery and DA Support (John)...

To me it will confuse customers to re-direct them using the IP instead of the hostname.

As Jeffery mentioned... It causes a popup and that in itself would confuse some customers.

I'd think customers would WANT the SSL... Is there a reason they wouldn't?

I hate to ask but, is there a way to stop the re-direct to the IP?

Just my 2...

Thanks, David

The redirect is only intented as a backup for users who have no clue whats going on. Without it, they'd see abosultely nothing; they'd get a server not responding page. Their welcome email should tell them how to access it correctly with https, so they should never really see it. I'll start thinking about how to get 2 ports open for http and https at the same time over the next few months. (no way to disable http->https redirect at the moment)

John

Thanks John.

Matt :)

Thanks!

for me, why I want 2 instance of DirectAdmin is just for my resellers.

If I opened SSL, each reseller having his domain will need separated cerificate and dedicated IP address. They may not want to add so much cost for their "small business".

So, SSL and non-SSL is both accessible is a great news for both of us!
right? :D

Anyone who logs into DA using http instead of https is passing their password in the clear; we do not allow our resellers or end-users to log in insecurely as we don't want our systems compromised, even if it is only our resellers' and end-users' accounts.

We get a cert in a generic domain name, for example:

https://hostname.example.com:2222/

which everyone who access the server should use.

Jeff

Hey,

I see by the posts why some want the http logins instead of or with the https... resellers... Makes sense.

I also understand the redirect... blank page and all.

I just didn't want the IP used in the redirect as it gives the popup and that's going to confuse customers as we want to use https...

No biggie... I appreciate the response.

Thanks, David

What do we need to do to get DA to redirect to https://server:2222/ instead of https://ip:2222/ (Not the client's domain name, but the server name.)

Please let me know. Thanks!

So could I create a apache directive that forwards:

http://anydomain.com/cpanel

to

https://hostname:2222

???

Yes, you could put a redirect like that in the httpd.conf

As we thought before, it's would be easy to imlement two instances of DirectAdmin by ourselves. Just run non-ssl DA on 2222 and setup tunelling from secured 2223 port (with stunnel).

But we are failed, because after entering login info at https://our.server.com:2223/ DirectAdmin uses absolute url-adress for redirection. (With http-header like that: Location: http://our.server.com:2222/)

Maybe developers just will fix that small issue and we will able to use SSL and non-SSL DA interfaces on same server? :)

I'm personnaly doesn't like SSL'ed DA because i need fast and comfortable access to it. And with SSL - pages loaded much slower (on dialup ;) and I'm unable to cut those nasty 'Pragma: no-cache' headers with my filter. ;)

I can't use SSL DirectAdmin at this point. We've gotten so many complaints from clients that it's ridiculous. The complaints all center around the security popup becuase our certificate is issued for ourserver.ourdomain.com instead of an IP address.

SSL DirectAdmin is unusable at this point until this is fixed (either redirect to https://ourservername.ourdomain.com, or redirect to https://clientswebsite.com.)

I'm turning this off on our servers for now.

I only have experience with CPanel, but decided to try DirectAdmin out also.

I can't believe how most server owners allow resellers/customers to log on insecurely. I assume they even log on as server owner insecurely, displaying their passwords in clear text?

I have a reseller account only for now, and I want to be able to log on through https, and that's not even possible. You should at least have the choice in my opinion.

Aside from this very important issue, DirectAdmin works really nicely :)

Hey,

As you probably already know, the choice is really up to the hosting company.

We, as well as others, do require https logins as we want to provide as much security and protection as possible.

As you can see by the thread, DA is working on a solution to keep as many happy as possible but, ultimately, secure login is up to the hosting provider...

David

Originally posted by skruf
Hey,

As you probably already know, the choice is really up to the hosting company.


Yes I know, and because of the current DirectAdmin set up most hosts don't allow https log ins, mainly to avoid customers complain about ssl certificate warnings.

With other control panels the users have the choice to log on through http:// or https://

Originally posted by SlashChick
I can't use SSL DirectAdmin at this point. We've gotten so many complaints from clients that it's ridiculous. The complaints all center around the security popup becuase our certificate is issued for ourserver.ourdomain.com instead of an IP address.
While I don't disagree with you that your clients are complaining, at least some of our clients are using self-installed certs, and none of them have reported any problems with their clients complaining about the popup they get every time they log in.

Have you tried asking your cert provider if you can get a cert for an IP#? I'd doubt it, but perhaps you can try.

Two options which work for our clients are:

1) When your clients complain, tell them they can resolve the problem by logging into the secure site as "https" instead of "http". That works properly.

2) Create a login on your own website to log them directly into DA, bypassing the login screen, and using https. That's relatively easy to implement, and it's been explained on these forums.

SSL DirectAdmin is unusable at this point until this is fixed (either redirect to https://ourservername.ourdomain.com, or redirect to https://clientswebsite.com.)

I'm turning this off on our servers for now.
I'm sorry it doesn't work for you; it's working for lots of our clients, and we use exclusively.

Jeff

You can log in via https. Just setup a ssl cert for:

https://servernmae:2222

This is about redirecting insecure login to secure login.

DA Support you should chime in hear because there seems to be some confusion. Hey maybe I am confused:)

Yes ofcourse, but what if a host has https disabled, and you're a reseller or customer trying to log on through https?

Still I think the best solution is to give resellers and customers a choice between http:// and https:// and not give hosts the power to force everyone to log on insecurely.

Ofcourse I will ask my host to change their settings from http:// to https:// , I just hope they are wise enough to listen to me :)
Otherwise I'll just get a dedicated server instead ( I got a reseller account to try DirectAdmin first )

I think you do have a choice. If the redirect is not enabled, you should be able to log in any way you want.

hmm...that's not the impression I have.

This works :
https://serverhostname
https://mainserverip

This doesn't:
https://serverhostname:2222
https://mainserverip:2222

Then again, I'm just new to DirectAdmin, so what do I know :)

Hey,

What you describe suggests you host has SSL on the server, but doesn't have SSL enabled for DirectAdmin... Like you're wanting.

If the server has a cert (like it apparently does) then they can turn on SSL for DA as well...

Basically, in the directadmin.conf file they need to set SSL=1 and put the paths to the cert that is on the server.


hope they are wise enough to listen to me

They should listen, you're simply asking for better security, which appears to be there if they just configure it.

David

Originally posted by mirdin
hmm...that's not the impression I have.

This works :
https://serverhostname
https://mainserverip

This doesn't:
https://serverhostname:2222
https://mainserverip:2222

Then again, I'm just new to DirectAdmin, so what do I know :)

same problem here ;)

and i preffer to use ssl to login on DA

Telll your host to enable it. Since DA runs on a odd port number, what is the problem with solely using DA over SSL?
Slower access for dialup users is the only issue I can see here. If the host sets up a simple redirect as follows:

http://anydomain/cpanel

to

https://servername:2222

nobody will ever get a popup, if the host has a regular ssl certificate.

We have another problem
We have jail on 1.1.1.2
servers's ip 1.1.1.1

http://1.1.1.2:2222/ redirect to

https://1.1.1.1:2222/

:(

Originally posted by SlashChick
I can't use SSL DirectAdmin at this point. We've gotten so many complaints from clients that it's ridiculous. The complaints all center around the security popup becuase our certificate is issued for ourserver.ourdomain.com instead of an IP address.

SSL DirectAdmin is unusable at this point until this is fixed (either redirect to https://ourservername.ourdomain.com, or redirect to https://clientswebsite.com.)

I'm turning this off on our servers for now.

It is a hackaround but try this...

in httpd.conf:


..
Listen 0.0.0.0:2222
<VirtualHost *:2222>
ServerAdmin admin@domain
DocumentRoot /var/www/daredirect
ServerName server.name
</VirtualHost>

<Directory "/var/www/daredirect">
AllowOverride All
Order allow,deny
Allow from all
</Directory>
..


in directadmin.conf:


..
SSL=1
port=5128
..


in /var/www/daredirect/.htaccess


Options +FollowSymLinks +ExecCGI
RewriteEngine On
RewriteRule ^(.*)$ https://server.name:5128/ [R=301]


then restart DA, then apache (in that order). then attempt to access http://server.name:2222/

It will now do a clean redirect to the proper hostname.