Disable direct ip access to port 8083

Hi, i run a vps on digitalocean ubuntu 20.04 and decided to try hestia, after struggling to find vesta alternatives :slightly_smiling_face:

it run smoothly but one problem i cant solved, how to hide direct ip access to cp?
now i can do mydomain.com:8083, but also can do myserverip:8083

i want to block this: myserverip:8083

thanks in advance.

1 Like

well,
I don’t think thats possible to do. I believe that for iptables its the same if you put domain.com or just an IP.

Maybe /usr/local/hestia/nginx/conf/nginx.conf

And change server_name _; to server_name hostname;

Will get overwritten if we update hestia-nginx package.

you could create a template or custom conf that uses the regular nginx or apache as proxy to hestias nginx on port 8083. when you have set this up, you can limit port 8083 to localhost via firewall/ip settings.

the only drawback here is, that if you do actions that trigger a restart of nginx/apache you might see an error on the webpage some times.
however, nothing that a reload won’t fix. works good enough for me that way since vesta already :joy:

After some trial and error i ended up using 2 server block for my nginx server.

# block direct ip access
server {
        listen 8083     ssl;
        server_name     _;
        ssl_certificate      /usr/local/hestia/ssl/certificate.crt;
        ssl_certificate_key  /usr/local/hestia/ssl/certificate.key;
        return 444;
}

# allow only MyDomain to connect to port 8083
server {
        listen          8083 ssl;
        server_name     MyDomain www.MyDomain;
        root            /usr/local/hestia/web;
        .
        .
        etc...
}

and it works… :innocent:

I never really touch firewall/iptables/fail2ban, as long as standar nginx conf works, it would be great.

but, as @ScIT said, i did edit /usr/local/hestia/nginx/conf/nginx.conf and getting wory about being overwritten in future update.

is there any other way i could possibly do this, e.g directly via cp interface?