Load ISPConfig on subdomain using website’s ssl certificate
I've spent the last few days installing and configuring ISPConfig 3.1 on a new server, and one thing I really don't like about ISPConfig is the custom port it is running on.
So, I thought it would be really cool to use a subdomain instead and forget about the port all together.
It took me quite a while to figure out how to make ISPConfig load on a subdomain and have the subdomain configured for each website automatically. Of course I googled it, but information on how to accomplish this is quite rare (non-existent?), and I had to take stuff from a few different sources to come up with the (in my opinion) perfect solution.
The result: ISPConfig loads on an automatically configured subdomain and even works with each website's ssl certificate!
EDIT: This approach currently does not work with letsencrypt, because letsencrypt does not create a SSL certificate including the subdomain used for ISPConfig, so your browser willl warn you about an invalid SSL certicate being used. I am working on a solution. If you have a wildcard SSL certificate from a different vendor, this will work though.
1. Make sure the following mods are enabled
~$ sudo a2enmod proxy_http
~$ sudo a2enmod proxy
2. You have to activate SSL for each website
A self-signed SSL certificate is sufficient, but I recommend getting a free one from StartSSL or LetsEncrypt.
ISPConfig 3.1+ can automatically setup a valid LetsEncrypt SSL certificate for each website.
Modify Vhost Master Template
~$ sudo nano /usr/local/ispconfig/server/conf/vhost.conf.master
Add the following code directly under </VirtualHost>, near the bottom of the file.
This will only work with https, and it will redirect http to https
# START: Add ISPConfig subdomain to all accounts
<tmpl_if name='ssl_enabled'>
<VirtualHost {tmpl_var name='ip_address'}:{tmpl_var name='port'}>
ServerName panel.{tmpl_var name='domain'}
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyVia off
ProxyRequests off
ProxyPreserveHost on
ProxyPass / https://localhost:1155/
ProxyPassReverse / https://localhost:1155/
# Redirect unsecure to secure connection
<VirtualHost {tmpl_var name='ip_address'}:{tmpl_var name='port'}>
ServerName panel.{tmpl_var name='domain'}
Redirect 301 / https://panel.{tmpl_var name='domain'}/
# END: Add ISPConfig subdomain to all accounts
This will work with both -- http and https conections
# START: Add ISPConfig subdomain to all accounts
<tmpl_if name='ssl_enabled'>
<VirtualHost {tmpl_var name='ip_address'}:{tmpl_var name='port'}>
ServerName panel.{tmpl_var name='domain'}
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyVia off
ProxyRequests off
ProxyPreserveHost on
ProxyPass / https://localhost:1155/
ProxyPassReverse / https://localhost:1155/
<VirtualHost {tmpl_var name='ip_address'}:{tmpl_var name='port'}>
ServerName panel.{tmpl_var name='domain'}
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyVia off
ProxyRequests off
ProxyPreserveHost on
ProxyPass / https://localhost:1155/
ProxyPassReverse / https://localhost:1155/
# END: Add ISPConfig subdomain to all accounts
1. You have to change the port (1155) to match the port that your ISConfig installation runs on (default is 8080).
2. You may want to replace "panel" with a different word for the subdomain.