Unbind cpanel from port on certain interface

ournixnation

Registered
May 3, 2007
4
0
151
I have an openvpn server running on port 443 on one of my server interfaces. OpenVPN will not start because cpanel/apache is already bound to that port. How can I tell cpanel/apache to not listen on that port (443) on that interface (eth1:7)?

Thanks!
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
33
473
Go on, have a guess
Since 443 is the http ssl port, you would need to modify httpd.conf and add Listen lines for port :80 and :443 for the IP addresses that you do want apache to listen on.
 

ournixnation

Registered
May 3, 2007
4
0
151
I edited the listen area of section two of httpd.conf and it now looks like this:

##
## SSL Support
##
## When we also provide SSL we have to listen to the
## standard HTTP port (see above) and to the HTTPS port
##
<IfDefine SSL>
Listen IP1:80
Listen IP1:443
Listen IP2:80
Listen IP2:443
</IfDefine>

Did I do it right? With IP1 and IP2 being replaced with actual ip addresses.

Thanks!
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
33
473
Go on, have a guess
That should be it, yes. You can confirm it's working with:

netstat -lpn

and check that ports 80 and 443 are only bound to the IP's you have specified.
 

BillSchr

Registered
Jan 29, 2011
1
0
51
I know this is an old thread, but this issue kept me going for a few hours.
The method described above does not work, at least not for very long, as cpanel will overwrite the changes to httpd.conf (even after using distiller.)

BUT, it seems it can be done completely in whm.
1. go to "tweak settings" and set the Apache non-SSL IP/port to your main ip for apache
2. Repeat for ssl, if needed.
3. If you only have 2 ip's, then that's all, you're done.
4. If you have other ip's that apache needs to listen on, go to Main >> Service Configuration >> Apache Configuration >> Include Editor and create (or modify) a Pre VirtualHost Include that contains a "Listen xxx.xxx.xxx.xxx:80" for each ip you need apache to listen on.
5. I didn't need to mess with ssl, but if you do, I assume an ifdef would be needed in the include file for ssl
6. probably a good idea to mark the non-listening ip's as "reserved" from the ip functions menu, as well