26th Sep2016
Author: Gyro

Load ISPConfig on subdomain using website’s ssl certificate

I've spent the last few days installing and configuring ISPConfig 3.1 on a new server, and one thing I really don't like about ISPConfig is the custom port it is running on.

So, I thought it would be really cool to use a subdomain instead and forget about the port all together.

It took me quite a while to figure out how to make ISPConfig load on a subdomain and have the subdomain configured for each website automatically. Of course I googled it, but information on how to accomplish this is quite rare (non-existent?), and I had to take stuff from a few different sources to come up with the (in my opinion) perfect solution.

The result: ISPConfig loads on an automatically configured subdomain and even works with each website's ssl certificate!

EDIT: This approach currently does not work with letsencrypt, because letsencrypt does not create a SSL certificate including the subdomain used for ISPConfig, so your browser willl warn you about an invalid SSL certicate being used. I am working on a solution. If you have a wildcard SSL certificate from a different vendor, this will work though.

Prerequisite

1. Make sure the following mods are enabled
~$ sudo a2enmod proxy_http
~$ sudo a2enmod proxy

2. You have to activate SSL for each website
A self-signed SSL certificate is sufficient, but I recommend getting a free one from StartSSL or LetsEncrypt.
ISPConfig 3.1+ can automatically setup a valid LetsEncrypt SSL certificate for each website.

Modify Vhost Master Template

~$ sudo nano /usr/local/ispconfig/server/conf/vhost.conf.master

Add the following code directly under </VirtualHost>, near the bottom of the file.

This will only work with https, and it will redirect http to https


#--------------------------------------------
# START: Add ISPConfig subdomain to all accounts
#--------------------------------------------
<tmpl_if name='ssl_enabled'>
<VirtualHost {tmpl_var name='ip_address'}:{tmpl_var name='port'}>
ServerName panel.{tmpl_var name='domain'}
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyVia off
ProxyRequests off
ProxyPreserveHost on
ProxyPass / https://localhost:1155/
ProxyPassReverse / https://localhost:1155/
</VirtualHost>
<tmpl_else>
# Redirect unsecure to secure connection
<VirtualHost {tmpl_var name='ip_address'}:{tmpl_var name='port'}>
ServerName panel.{tmpl_var name='domain'}
Redirect 301 / https://panel.{tmpl_var name='domain'}/
</VirtualHost>
</tmpl_if>
#--------------------------------------------
# END: Add ISPConfig subdomain to all accounts
#--------------------------------------------

This will work with both -- http and https conections


#--------------------------------------------
# START: Add ISPConfig subdomain to all accounts
#--------------------------------------------
<tmpl_if name='ssl_enabled'>
<VirtualHost {tmpl_var name='ip_address'}:{tmpl_var name='port'}>
ServerName panel.{tmpl_var name='domain'}
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyVia off
ProxyRequests off
ProxyPreserveHost on
ProxyPass / https://localhost:1155/
ProxyPassReverse / https://localhost:1155/
</VirtualHost>
<tmpl_else>
<VirtualHost {tmpl_var name='ip_address'}:{tmpl_var name='port'}>
ServerName panel.{tmpl_var name='domain'}
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyVia off
ProxyRequests off
ProxyPreserveHost on
ProxyPass / https://localhost:1155/
ProxyPassReverse / https://localhost:1155/
</VirtualHost>
</tmpl_if>
#--------------------------------------------
# END: Add ISPConfig subdomain to all accounts
#--------------------------------------------

Notes

1. You have to change the port (1155) to match the port that your ISConfig installation runs on (default is 8080).
2. You may want to replace "panel" with a different word for the subdomain.

Enjoy! :)

1800

Keep Me Going
Your Name / Website:
Did you like my post? Buy me a Bitcoffee! 14JX52Li7zTKbyQv2omw4tvu6Bi1KzfHNW



Leave a Reply

Your email address will not be published. Required fields are marked *

What is 8 + 2 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)