1

I'm running a Virtual Private server with three specific domains. Let's say example1.com, example2.com, example3.com.

I installed webmin on this VPS to peform some easy tasks and just to manage some actions in a friendly GUI (Bootstrap 3 Webmin Theme).

I already bind webmin to a non-default port to make it compatible with Flexible SSL of CloudFlare. CloudFlare supports it's free Flexible SSL on the port 8443 so i decided to run Webmin on port 8443 instead of default port 10000.

Now that webmin port is reachable on all vhosts. So i can reach webmin over SSL on the domains.

  • example1.com:8443
  • example2.com:8443
  • example3.com:8443

I actually want it just to be reached by one specific domain. So i just want webmin only to work on for example:

  • example4.com:8443

Or even on port 443 on a different domain like:

  • example4.com

And not be reachable on that port on the domains 1, 2 and 3. Does anyone know how to make this happen?

All domains are behind CloudFlare and the CloudFlare DNS servers are pointing to my VPS which has only one IPv4 and one IPv6 address. The used software for managing my vhosts is Apache.

Bob Ortiz
  • 444
  • 4
  • 21
  • Do each of those domains point to different IP addresses? – jordanm Jun 10 '15 at 14:13
  • No, there is only one IPv4 and one IPv6 address involved. But that's the situation behind CloudFlare. I will put this information in my question too. – Bob Ortiz Jun 10 '15 at 14:14

1 Answers1

2

Normaly I would check apache2 / httpd / nginx, or whatever your webServer is to configure virtual domain. By doing so, you can ask your web server to route HTTP request to specific location depending on the hostname entered by the end user.

For apache2 configuration should look like that (specific for webmin). With example1.com your domain name, 10000 the port for webmin and /var/www/html the main webmin directory.

/etc/apache2/sites-available/000-default.conf:

<VirtualHost example1.com:10000>    
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName     
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this    
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com

ServerAdmin webmaster@localhost
DocumentRoot /var/www/html

 # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,     # error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn

ErrorLog ${APACHE_LOG_DIR}/error.log    
CustomLog ${APACHE_LOG_DIR}/access.log combined

# For most configuration files from conf-available/, which are  
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the  
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf 
</VirtualHost>
Bob Ortiz
  • 444
  • 4
  • 21
Xarouma
  • 53
  • 7
  • I'm using Apache. I will edit my question. Do you have any ideas if and how to apply this using ports? Instead of vhosts only. – Bob Ortiz Jun 10 '15 at 15:23
  • so with one hostname, redirect multiple port to different web application ? – Xarouma Jun 10 '15 at 15:24
  • Now webmin is accessible on all vhosts/domains on the port 8443. I want it just to be accessible from one domain. So other domains should not show webmin when connecting to that port. – Bob Ortiz Jun 10 '15 at 15:28
  • I am not sure this is possible with apache2. Why do you need other vhost/domain not to show webmin ? – Xarouma Jun 10 '15 at 15:31
  • Because some vhosts are behind CloudFlare. Showing webmin on all vhosts will reveal different domainnames of the server and can potentially leak the real server IP addresses and also open a wider attack scope for attackers. To attack other vhosts in order to break into the VPS from the back because the "normal way" is already protected by CloudFlare. Also for the simple reason that webmin it's just not needed to be on all vhosts. One URL/domain/vhost to access it would be more than enough and decrease a lot of different security risks. Any thoughts? – Bob Ortiz Jun 10 '15 at 15:36
  • id say that changing the port of webmin would be enough, changing its domain would not be any protection as they would point to the same ip. So its important to change the port, but the domain doesn't change much. – Xarouma Jun 10 '15 at 15:44
  • Yea but the thing is. They are not pointing to the same ip. They are but just i know. Users will notice the CloudFlare ip's. And this is crucial. If i'd give you that domain you'll only see CloudFlare ip's and not my real used ip's. But webmin will leak this real ip. Which is a security risk. Also when i try to prevent webmin from leaking the real ip. It still shows webmin on different domains included the ones that are not behind cloudflare and for that reason you can still find out the real ip. Long story short. I need to enable webmin just on one domain only. – Bob Ortiz Jun 10 '15 at 15:48
  • Well in that case, I guess I would try to use a reverse proxy (Such as nginx) to redirect port to random insignificant port for the wrong domain. – Xarouma Jun 10 '15 at 15:54
  • Mmm do you think there can be other (simpler) solutions? – Bob Ortiz Jun 10 '15 at 19:30
  • Let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/24705/discussion-between-xarouma-and-dwarf015). – Xarouma Jun 11 '15 at 09:30
  • Any conclusions or solution without Apache came from this discussion? I've assigned webmin config to one domain, however it's still accessible from all domains!? – 3c71 Jul 06 '23 at 05:37