Run HestiaCP ONLY on subdomain without other domains

Exhaust · August 21, 2023, 1:24pm

Hello!

How I can configure HestiaCP only on subdomain, for example cp.domain,com without port?
I have some domains and I can open CP on every domain - domain1,com:8083, domain2,net:8083, etc.
How do I close access to a domain other than the host (cp.domain,com)?

v1.8.5.

el_dibu · August 23, 2023, 11:22pm

First of all, good evening, look in the documentation for how nginx proxy templates work, and create your own specifically for the port that the HestiaCP panel works on, I think that way you won’t get tangled up later with the updates…

I hope it helps you…

m3core · August 24, 2023, 7:40am

copy cp.tpl and stpl to /usr/local/hestia/data/templates/web/nginx and select template in panel

sahsanu · August 24, 2023, 7:54am

Hello @Exhaust,

Regarding this question, as @el_dibu said, you should create your own template to pass the requests to hestia nginx server started in port 8083 and use that template in cp.domain.com web domain options. @m3core already have posted a link to a template that should work for your needs.

As far as I know, there isn’t an easy way to do it in HestiaCP, you should modify nginx.conf used by HestiaCP but the changes could be overriden in next update so, use it at your own risk.

Backup nginx.conf file… just in case:

cp /usr/local/hestia/nginx/conf/nginx.conf /root/hestia-nginx.conf.backup

Edit file /usr/local/hestia/nginx/conf/nginx.conf :

You should search for this part:

   # Vhost
    server {
            listen              8083 ssl;
            server_name         _;
            root                /usr/local/hestia/web;
            # Fix error "The plain HTTP request was sent to HTTPS port"
            [...] here the rests of the options

And modify server_name _; by server_name cp.domain.com;

You should also add a new server block before current server block, like this:

    server {
            listen              8083 ssl;
            server_name         _;
            ssl_certificate     /usr/local/hestia/ssl/certificate.crt;
            ssl_certificate_key /usr/local/hestia/ssl/certificate.key;
            return 403;
    }

So finally you should get something like this:

    # Vhost
    server {
            listen              8083 ssl;
            server_name         _;
            ssl_certificate     /usr/local/hestia/ssl/certificate.crt;
            ssl_certificate_key /usr/local/hestia/ssl/certificate.key;
            return 403;
    }
    server {
            listen              8083 ssl;
            server_name         cp.domain.com;
            root                /usr/local/hestia/web;
            # Fix error "The plain HTTP request was sent to HTTPS port"
            [...] here the rests of the options

Save the file.

Restart nginx server used by HestiaCP.

systemctl restart hestia.service

Now, only cp.domain.com will be able to connect on port 8083 over TLS, the rest of the domains will get an error (403 Forbidden).

Good luck,
sahsanu

eris · August 24, 2023, 8:12am

It will get reverted during next update of hestia-nginx package …

system · September 23, 2023, 8:13am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.