I'm not sure whether it's the firewall that's not allowing the connection or the port is blocked.

Any suggestions around this?

I did a search on the forum and some suggests that we change the port #, that might be hard since he's not sure what ports are blocked.

Can I point the page https://www.domain.com:2222/ to some where else that he can use?

Any suggestions or information is greatly appreciated!

You can change the port to something else, but that would be a server wide change... meaning every client on the server would have to make the adjustment.

I believe it's done in the directadmin.conf and httpd.conf files...

thanks for the help ...

what would be a good port# to use, one that would most likely be opened and one that would also be 'safe' ...

any suggestions

There's no way you're going to be able to tell unless his admin can tell him what's open.

Or unless you do a portscan, which is a great way to get his admin really upset.

It may very well be that only the ports the admin thinks he needs are open and there's not even going to be an available port.

I'd recommend he find out what ports are open.

Jeff

I dunno if he could get a list of the ports that are open ... some security thing.

I know it worked with cpanel before but then he switched over to DAdmin and it does not work.

What port does cpanel use? Also, anyway to re-route to something liek cpanel?

I apologize if those are stupid suggestions, total noob here :)

I think it uses multiple ports.
Take a look at this, it tells what ports you need open if your running behind a firewall which should tell you which ones cpanel uses.

http://faq.cpanel.net/show.cgi?qa=104689180407630

Can DA be run on port 80 or 443 if you only run it securely? Do you see a big problem with this?

Originally posted by rldev
Can DA be run on port 80 or 443 if you only run it securely? Do you see a big problem with this?

Thanks for the suggestion, can anyone chime in on this?

DA runs it's own daemon.

It can't run on either port 80 or port 443, because these ports are bound by apache.

Jeff

That's right I forgot that it runs on it's own daemon. Thanks.

I suppose one might be able to come up with something like cpanel proxy for DA.

One question. Is all this really worth it? Your going to change the port DA uses for this one user and make everybody else change? No matter what port you use other 80 and a select few others your might always have someone unable to connect.

Well for me, my current cp connects over standard ports. I have a lot of customers behind firewalls. So it would certainly be a problem. It would be nice to find a common port open by default on most firewalls to allow access. I'm certain cpanel proxy could be tweaked for DA.

yeah I talked to my server admin and he's pretty much against changing the port on all users to accomadate one person.

As rldev hinted to, is there anyway to tweak the proxy in DA to match that of cpanel?

Hi!
I am in a similar problem to the one you had some time ago.

I downloaded this php script
http://cpanelproxy.net/
tried to tweak it, changing every appearance for a particular port (e.g. 2082 ) to 2222, but didn´t work.

I am getting the following error.
"
Invalid login. Please verify your Username and Password"

I wonder if there is somewhere a similar script that would work...

I just let IPTABLES do the work for me:

They can be defined if you're running iptables for security - just redirect to another port - :8080 is pretty common.

Here's the line:
$IPT -t nat -I PREROUTING -p tcp --dport 8080 -j REDIRECT --to-port 222

I wonder if Direct Admin daemon uses cookies for authentication.

Some proxies have problems handling authentication based on proxies.

I am wondering if the mod_proxy in the apache's reverse proxy function will solve this problem. I tried to configure the proxy, but did not get what I want, I have limited knowledge, can someone shine some light on me?

Originally posted by chris.ru
can someone shine some light on me?

/me aims a spotlight at chris.ru

mod_proxy would work if DA
doesn´t use cookies.

Now the question is, does DA use cookies?

Use something like CGI Proxy:

http://www.jmarshall.com/tools/cgiproxy/

Originally posted by saman
Use something like CGI Proxy:

http://www.jmarshall.com/tools/cgiproxy/

Does is work for you..

It would be really handy to have something like this implemented for DA.

Does is work for you..

It would be really handy to have something like this implemented for DA.

Well, most people don't use them since it can be a possible security problem, although I password protect it and only allow it through HTTPS.

I haven't tested it under DA, buth I use it on my personal server and it works. It might have some premission problems under DA, but that could easily be fixed - it doesn't harm to try.

Also, look at PHP Proxy:

http://sourceforge.net/projects/php-proxy/

I have just installed this script (cgiproxy),
and works! but not with DA...

I get this error
-----------------------------
CGIProxy Error


Error by target server: no WWW-Authenticate header.
-------------------------------

This thing really sucks! :confused:


Originally posted by dec
Does is work for you..

It would be really handy to have something like this implemented for DA.

BTW I found this thread in sourceforge regarding php web proxy...according to it
it doesn't with work wih HTTP Basic Authentication.
http://sourceforge.net/forum/forum.php?thread_id=1169602&forum_id=173954


I wish DA had a solution for this, just like Cpanel has... this sort of things and others make me regret my move to DA... but there is still a point in favor of DA, they are still in version 1.2x they still have a long road ahead... Cpanel is in version 9.x

I get this error
-----------------------------
CGIProxy Error


Error by target server: no WWW-Authenticate header.
-------------------------------


Well, what web-site are you trying to visit?

This is because I though DA doesn't use HTTP Basic Authentication but rather gets username/password through a form?

The error I stated was from cgi-proxy, and the URL I was trying to run was http://mydomain.com:2222



Originally posted by saman
Well, what web-site are you trying to visit?

This is because I though DA doesn't use HTTP Basic Authentication but rather gets username/password through a form?

Some time ago, I also tried to tweak the php proxy that is available for cpanel users, but althought it loaded the DA's login page without problems, it couldn't authenticate my user/password.
And always returned an invalid user/pass error.

Well,

Why don't you use the firewall (on the DA server) to just forward packets from a port like 2082 (used by CPanel) to 2222?

The client wouldn't know the difference.

Originally posted by saman
Well,

Why don't you use the firewall (on the DA server) to just forward packets from a port like 2082 (used by CPanel) to 2222?

The client wouldn't know the difference.

Has anybody tried this?

Any other way to get around this?

Dec

Webmin works arround this problem by making it a folder under apache.

www.myhost.com/webmin
[free stuff ownz!]

I wish DA has an option like that.

Why can't you change the port DA is runing on?

Here is an IPTables line that I have successfully used to redirect ports:

$IPTABLES -t nat -A PREROUTING -m tcp -p tcp --dport 8080 -j REDIRECT --to-port 2222

I have changed the port numbers to something you might want to try.

(Note: I have not tried this with DirectAdmin. This was for an internet filtering server)

Louie

Originally posted by rldev
Why can't you change the port DA is runing on?

I think this is the only solution for those of us that may have problems with the current port assigned to DA.

The questions i have for those of you that have tried this or know about the consequenses:

I’ve heard that if anybody uses a different port, that server will not be able to have automatic updates installed.. How can I manually do this updates?

What about the plug-in. Will I still be able to use the plug-in feature from DA?

Any other important possible issue with this modification?

Thanks

Dec

Perhaps,
DA Support can step in here and set the record straight on this matter :)

Originally posted by rldev
Perhaps,
DA Support can step in here and set the record straight on this matter :)

I personally sent an email for support on this matter.

Dec

Originally posted by dec

I?ve heard that if anybody uses a different port, that server will not be able to have automatic updates installed.. How can I manually do this updates?

What about the plug-in. Will I still be able to use the plug-in feature from DA?


Hello,

You'd go to the Admin Panel -> License / Updates -> and click "Update" ;) We havn't forced an update in a while anyway, so you're not missing out on anything.

Anything that uses the API will have to change ports. As for plugins.. it depends on what they're doing, if they use the api, they'll need to change ports.

The idea of having 2 ports, one for http and one for https, has been on my mind for a while now. All it would really take is a fork early on in the startup, each one taking a different port. If I added that, it may help with the current perdicament you're having. I'll add it to the versions system and we'll if it works or not (if I run into any major issues, I might have to remove it from the list, I hope not ;))

John

I have the same problem with some customer. They are behind a firewall (company or university netword) or on such countries where IPSs arn't aware about panels usage.

One of my customers in this situation suggets the following:

<VirtualHost 1.2.3.4:80>
# Server configuration
##################################################################

ServerName xxx
ServerAlias xxx xxx.here.com
ServerAdmin webmaster@here.com
DocumentRoot /WWW/
ErrorLog /WWW/logs/error_log
CustomLog /WWW/logs/access_log combined
ScriptAlias /cgi-bin/ "/opt/mon/cgi-bin/"

# Modules configuration
##################################################################

RewriteEngine On
RewriteRule ^/(.*)$ http://1.2.3.4:2222/$1 [P,L]
ProxyPassReverse / http://1.2.3.4:2222/
</VirtualHost>

So I can run DA on dedicated IP but all information from port 2222 are redirected on port 80 for this specific IP.

What to do you think about?

Ok..

I changed the directadmin.conf file to use port=xxxx.

I changed /var/www/html/redirect.php to use port=xxxx

I enabled port=xxxx on my firewall

I restarted directadmin, httpd and my firewall..

When i try and access:

http://domainname.com/config

I get:

connection refused when attempting to contact domainname.com:xxxx

Any ideas? am I missing something?

Dec

$IPTABLES -t nat -A PREROUTING -m tcp -p tcp --dport 8080 -j REDIRECT --to-port 2222
hostpc.com, louie55, max2000, unfortunately,
your solutions would'n work.

albatroz, there is no problems with cookies, AFAIK.

I have described this problem many monthes ago - here (http://www.directadmin.com/forum/showthread.php?s=&postid=26014#post26014).

I also submitted detailed feature request in January 2005 to support@directadmin.com:
===
After submitting login form, DA sends redirect header to browser:

Location: <protocol>://<hosname>:<port>/

Because of that we can't run DA on 2 or more ports simultaneously - it will always redirect browser to port and protocol defined in DA config file.

Maybe it's possible to change url in that header from absolute to
relative? Like this:

Location: /

If you do that, i beleive nothing changes in current way of DA
functionality.
But with that we will become able to map DA on any port and on any number of ports
...
===

(Of course, I didn't received any comments or reply ;)

Now, John intending to implement new "2-ports feature". Great, but I'm affraid they will too much hardcode again - and we still wouldn't able to map DA to 80 port on dedicated IP, for example.

Such a simple thing - replacing absolute urls with relative urls - may give DA so great flexibility - we'll even become able to implement "<any_number>-ports feature" by own hands completely ;)

Hi, I got it to work by creating a subdomain, then going to the cirtual host in httpd.conf for that subdomain, and adding ProxyPasses and ProxyReverse.

All works wonderfully, check out https://cp.veloxsystems.net

Very nice solution.

Can you post more detailled "how to" please?

Thank you

Originally posted by max2000
Very nice solution.

Can you post more detailled "how to" please?

Thank you

Yeah no worries I plan too its just I'm at work at the mo so can't SSH into the httpd.conf files to get exact details.

Cheers

Is there any more information about this available at this moment? Example .conf files or stuff like that?

http://help.directadmin.com/item.php?id=84

Excellent tip. I've had a look but the tip doesn't seem to be quite right for Apache2.

Does anyone have the right settings for Apache2?

update: here's how for Apache2 on DA, as I did it with my Centos 4.2 x64 setup.

Unpack httpd sources, and go to the modules/proxy directory and build the proxy module.

apxs -ciA mod_proxy.c proxy_utils.c
apxs -ciA proxy_http.c

(you should now have 2 new files in /usr/lib/apache: mod_proxy.so and proxy_http.so)

Go to the httpd.conf file and make sure you have 2 new LoadModule entries:

LoadModule proxy_module /usr/lib/apache/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache/proxy_http.so

Fill in the VirtualHost entries as the 1.3 setup.

BTW. If you're running DA in SSL mode (and I think you should, security is good :) ) then you will need to put

SSLProxyEngine On
in the VirtualHost with the ProxyPass entries. I have also modified my VirtualHost entry to redirect to the domain name, so the certificate name doesn't get rejected.


<VirtualHost |IP|:443>
ServerName cp.|DOMAIN|

SSLEngine on
SSLCertificateFile |CERT|
SSLCertificateKeyFile |KEY|
|CAROOT|

SSLProxyEngine On
ProxyRequests Off
ProxyPass / https://|DOMAIN|:2222/
ProxyPassReverse / https://|DOMAIN|:2222/
</VirtualHost>

I'm using Apache2 but this should be fine with the old Apache. Update: forgot to add the certificate. the above works fine.

Can you have both access method enable?

can you have cp.domain.com and domain.com:2222 on the same server?

Yes, of course you can!


Originally posted by smbsystem
Can you have both access method enable?

can you have cp.domain.com and domain.com:2222 on the same server?

hello, after trying to setup cp.domain.com by following the kb but no luck and now apache won't start. the process will stop and i can't access any websites on it. Can someone tell me what to check and how to reverse back?

my server is freebsd 5.3

ok, i got it reverse back and now httpd is working.

where do you add

<VirtualHost |IP|:80>
ServerName cp.|DOMAIN|
ProxyRequests Off
ProxyPass / http://localhost:2222/
ProxyPassReverse / http://localhost:2222/
</VirtualHost>

Can someone show me your entire virtual host conf? i don't get where to add

<VirtualHost |IP|:80>
ServerName cp.|DOMAIN|
ProxyRequests Off
ProxyPass / http://localhost:2222/
ProxyPassReverse / http://localhost:2222/
</VirtualHost>

thank

you put the new VirtualHost entries in the virtual_host.conf file at the same level as the existing ones. Do not embed them.

ie.

in virtual_host.conf you should have:

|?CGI=....
|?DOCROOT=...
<VirtualHost |IP|:80>
...
</VirtualHost>
<VirtualHost |IP|:80>
ServerName cp.|DOMAIN|
Proxy stuff
</VirtualHost>
like that - just add your new VirtualHost entry at the bottom.

This is how I do it on Linux, BSD may be different. You'd best ask google if it still doesn't work (and you've checked and re-checked your spelling)

Originally posted by gbjbaanb
you put the new VirtualHost entries in the virtual_host.conf file at the same level as the existing ones. Do not embed them.

ie.

in virtual_host.conf you should have:

|?CGI=....
|?DOCROOT=...
<VirtualHost |IP|:80>
...
</VirtualHost>
<VirtualHost |IP|:80>
ServerName cp.|DOMAIN|
Proxy stuff
</VirtualHost>
like that - just add your new VirtualHost entry at the bottom.

This is how I do it on Linux, BSD may be different. You'd best ask google if it still doesn't work (and you've checked and re-checked your spelling)

ah no wonder. i put it at the very end outside the virtualhost tag

I run DA in SSL, using the proxy on port 443 as described above, and I've noticed a problem.

when I log in, I immediately get redirected to the main page in http mode. I've checked DA is configured to use SSL, and the proxies are set up correctly. I can also keep working if I change http to https in the browser.

Does anyone have an ideas why this secure->non secure transition happens? I have a feeling its the DA daemon as sometimes I get redirected to the IP address, which I know DA does to fallback from SSL mode.

Sorry, forget the above - I forgot the certificate lines. I've modified my previous post with the full, correct virtualhost setting

Thanks for the information about the reverse proxy. Works very well. A note for Apache 1.3 users: remove "SSLProxyEngine On", even when doing https requests.

Brian