SOLVED Implementing a reverse proxy to WHM

fonginator

Member
Oct 19, 2016
7
0
76
Montreal, Canada
cPanel Access Level
Root Administrator
I'd like to restrict WHM access to a specific IP address so I figured I'd set up a reverse proxy. I can get to the WHM login page fine but after I authenticate, I get returned to the login page with no errors. (If I submit bogus credentials, I get a login error from WHM as expected so I know the form is being submitted fine.)

Here's the Apache config I'm using on my external server:

Apache config:
<VirtualHost *:443>
    ServerName mywhm.example.com

    SSLProxyEngine On
    SSLProxyCheckPeerCN On
    SSLProxyCheckPeerExpire On
    SSLProxyCheckPeerName On
    SSLInsecureRenegotiation Off
    SSLProxyVerify none
    SSLVerifyClient none
    SSLCertificateFile /tmp/example.crt
    SSLCertificateKeyFile /tmp/example.key

    ProxyRequests Off
    ProxyPreserveHost Off
    ProxyPass / https://example.com:2087/
    ProxyPassReverse / https://example.com:2087/
    ProxyPassReverseCookieDomain example.com mywhm.example.com

    <Location />
        Require all granted
    </Location>
</VirtualHost>
I don't see WHM's secure login cookies being set after I login which is probably what's causing my login attempt to bounce.

Can someone help me fill in the missing blanks here??
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
6,810
895
313
cPanel Access Level
Root Administrator
Hey there! I'm glad you were able to get this mostly working, although I wouldn't have any ideas on why this issue would be present in only one browser as it doesn't seem like this would be related to cPanel but instead is the proxy system in place.
 

fonginator

Member
Oct 19, 2016
7
0
76
Montreal, Canada
cPanel Access Level
Root Administrator
Hey there! I'm glad you were able to get this mostly working, although I wouldn't have any ideas on why this issue would be present in only one browser as it doesn't seem like this would be related to cPanel but instead is the proxy system in place.
I actually figured it out. When I change the port number of my proxy to the same as WHM's (2087), it works in Safari. I saw some info elsewhere that suggested that some browsers may isolate cookies by port number although with Apache acting as a proxy, I didn't think this would matter. In any event, it's working for me now so hopefully this helps someone in the future!