I want SSL for every hosted-domain[.]tld:8083

Hello, I have been playing around with this paltform and I love it, but I have one problem.
I want my clients to acces their cpanel trough hosted-domain[.]tld:8083, with SSL certificate.
I did a lot of trial and error to find out why it loads the certificate of hostname[.]domain[.]tld when the usser acces his hosted-domain[.]tld:8083.

It looks like the SSL path for port 8083 on every domain is made to be loaded static in /usr/local/hestia/nginx/conf/nginx.conf with the ssl found in /usr/local/hestia/ssl/certificate.key – and that totally makes sense, because there is stored hostname’s SSL.

For achieving my goal of getting a valid cert for every hosted-domain[.]tld[:]8083 I changed the ssl key and cert path in /usr/local/hestia/nginx/conf/nginx.conf like so :

server {
        listen          8083 ssl;
        server_name     _;
        root            /usr/local/hestia/web;

        # Fix error "The plain HTTP request was sent to HTTPS port"
        error_page 497 https://$host:$server_port$request_uri;
        error_page 403 /error/404.html;
        error_page 404 /error/404.html;
        error_page 410 /error/410.html;
        error_page 500 501 502 503 504 505 /error/50x.html;

        ssl_certificate      ***/usr/local/hestia/ssl/mail/mail[.]hosted-domain[.]tld.crt;***
        ssl_certificate_key   **/usr/local/hestia/ssl/mail/mail[.]hosted-domain[.]tld.key;**

And it worked! I did not longet had SSL on hostname[.]domain[.]tld, and when i tried mail[.]hosted-domain[.]tld[:]8083 it loaded with SSL and I was able to login in HestiaCP without any error.

So I went even further, trying to set that paths dinamic, so my clients could login via hosted-domain[.]tld[:]8083, without that ugly INVALID CERT.

But here is where I got stuck. Couldnt find the place where the cert are stored for every domain.
On /usr/local/hestia/data/teamplates/web/nginx/default.stpl I saw the SSL files paths are loaded like this
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;

I tried this in /usr/local/hestia/nginx/conf/nginx.conf but got no luck, the port 8083 died until i reverted the changes.

Can someone help me finding where are SSL stored for every domain?

If you’re experimenting look in

This seems to be where ports are set on a global level. I have no idea if altering these will break your server, so … at your own risk. I wouldn’t try this on a production server.

After editing this file, you’d probably need to v-rebuild-web-domains

Not possible port 8083 is currently tied to 1 domain

SSL certs are stored in /usr/local/hestia/data/users/$user/ssl
and also in /home/$user/conf/web/$domain/ssl

Well, thank you for info. It’s not a production server. I host for free websites for my university classmates, so they can help me learn how to administrate a server ( more users with more traffic= more debugging .

Anyway, I allways do a backup copy before changing everyting important.

Ok, do you think it’s possible, then, to redirrect all :8083 request from hosted-domain[.]tld to hostname[.]domain[.]tld:8083 ?

Thank you, trying to born some new functionality, if i get something to work i’l post it here. But with the new info i guess it will be harder then I imagined.

for hosted-domain.tld:8083 you would have to copy all certs to a new folder which does not depend on you knowing the $user, also restrict permissions and then secondly use the new nginx feature that dinamically selects ssl cert using the $sni-servername (or something like that, dont know the var name exactly)

What about just proxying each domain. For example panel.DOMAIN.TLD to IP:8083 with a LE Cert for each domain, similar to what is done with mail and webmail.DOMAIN.TLD.

It doesn’t have to be panel but it could be admin.DOMAIN.TLD

This way we don’t even need to specify a port.

If it does what I want, the client to acces HestiaCP with his domain without SSL warning, it’s perfect.
But I am very new to this, I have about a week of experience in servers, but I’m used to work in backednd, console etc, not scared of it. Just a lot of new terms for me and i need clarifications.

Can you guide me? I would be grateful.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.