The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Problem with non SSL login to WHM, CPANEL and WEBMAIL

Discussion in 'E-mail Discussions' started by mailo, Oct 14, 2008.

  1. mailo

    mailo Member

    Joined:
    Sep 29, 2008
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Folks, I have this issue.

    I followed FAQ to disable non SSL login to whm / cpanel and webmail:

    "Under 'Tweak Settings' in WHM, make sure the following option is selected:
    Always redirect users to the ssl/tls ports when visiting /cpanel, /webmail, etc"


    But I can login on default http connection without SSL, yet.

    There is another tweak that overrides this option?

    I`m using a wildcard SSL cert and is configured to all services in SSL Host like *.domain.com
     
  2. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    How are you logging on non-securely?

    Using that option in tweak setting won't prevent someone from accessing the cPanel apps directly on the insecure ports (2082, 2085, 2095).

    So if someone is visiting their control panel by specifically going to:

    http://theirdomain.com:2082

    Then this will work.

    If you don't want the insecure ports to work, your best option is to use a firewall and block those ports. Then reminding customers that they need to use http://theirdomain.com/cpanel for accessing their control panel.
     
  3. mailo

    mailo Member

    Joined:
    Sep 29, 2008
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
  4. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    This is using the cPanel proxy setup.

    I don't recommend setting this up for each individual account on a server. Instead I recommend setting up a single cpanel subdomain account on the server and installing a certificate for that account. Then telling all of your users to access their control panel through this subdomain account. Its a bit easier to manage in my opinion.

    For more information on this see my post:

    http://forums.cpanel.net/showpost.php?p=429953&postcount=94

    Otherwise, you would need to discuss this with the cPanel developers. Perhaps log some type of enhancement request.
     
  5. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    I just realized that the post I referenced was for webmail. This can still work for cpanel you just need to use a cpanel subdomain account and instead of:

    Code:
    http://127.0.0.1:2095/$1
    use:

    Code:
    http://127.0.0.1:2082/$1
    Port 2095 is for Webmail.

    Port 2082 is for cpanel.

    Port 2085 is for Webhost Manager.
     
  6. mailo

    mailo Member

    Joined:
    Sep 29, 2008
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Thanks a lot, but the problem continues, I was reading httpd.conf configuration and put these changes:

    # CPANEL/WHM/WEBMAIL/WEBDISK PROXY SUBDOMAINS
    <VirtualHost 70.38.37.200:80 70.38.37.200:443 *>
    ServerName pi.fribits.com
    ServerAlias cpanel.* whm.* webmail.* webdisk.*
    DocumentRoot /usr/local/apache/htdocs
    ServerAdmin soporte@fribits.com
    RewriteEngine On
    RewriteCond %{HTTP_HOST} ^cpanel\. [NC]
    RewriteRule ^/(.*) https://cpanel.fribits.com/$1


    But enters in a loop, I need that all cpanel.domain have to go to cpanel.fribits.com, but with these sentences are being looped.

    UseCanonicalName Off
    </VirtualHost>
     
  7. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Your entering an infinite loop because you are telling the server to redirect https://cpanel.fribits.com to https://cpanel.fribits.com

    I don't know how you have this wildcard SSL set up. I have very limited experience with wildcard SSLs.

    For one thing, you don't need to edit the httpd.conf file manually. Changes will get overwritten.

    How I have done this in the past with a wildcard SSL was to create separate accounts.

    cpanel.fribits.com
    whm.fribits.com
    webmail.fribits.com

    Each with their own IP address. Each set up just like they were separate accounts.

    Then install the certificate for cpanel.fribits.com using the wildcard SSL certificate.

    Then install the certificate for whm.fribits.com using the wildcard SSL certficate.

    etc.

    Then follow the instructions as laid out in the thread I referenced above.

    In order for you to do this, it looks like you will have to unpark cpanel.fribits.com, whm.fribits.com, webmail.fribits.com, and webdisk.fribits.com for this to work (or however the line ServerAlias cpanel.* whm.* webmail.* webdisk.* came to be in your config file -- again, limited experience working with wildcard certificates)
     
Loading...

Share This Page