COREmanager Documentation

How to change control panel address

ISPsystem software products of the 5th generation run through ihttpd (a built-in web-server).

Ihttpd passes all requests to the software kernel. Therefore, a control panel will be accessible by any domain name resolved to the IP address that ihttpd listens.

For example, ihttpd listens to 10.10.10.10 and port 1500. If you point domain.com to 10.10.10.10, the control panel will open at https://domain.com:1500/.

Nginx

You can configure the control panel to run via Nginx + ihttpd. Add server into the Nginx configuration file.

server {
 	listen 10.10.10.10:443;
 	server_name 10.10.10.10;
 	ssl on;
 	ssl_certificate /usr/local/mgr5/etc/manager.crt;
 	ssl_certificate_key /usr/local/mgr5/etc/manager.key;
         client_max_body_size 20m;

set $mgr_proxy "https://10.10.10.10:1500";

location ^~ /manimg/ {
 		alias /usr/local/mgr5/skins/;
 	}
 	location / {
 		proxy_pass $mgr_proxy;
 		proxy_redirect $mgr_proxy /;
 		proxy_set_header Host $host:$server_port;
 		proxy_set_header X-Forwarded-For $remote_addr;
 		proxy_set_header X-Forwarded-Proto $scheme;
 		proxy_set_header X-Real-IP $remote_addr;
                 proxy_set_header X-Forwarded-Secret <random symbols>;
  		chunked_transfer_encoding off;
  	}

location ^~ /mancgi/ {
 	        proxy_pass $mgr_proxy;
 	        proxy_redirect $mgr_proxy /;
 	        proxy_set_header Host $host:$server_port;
 	        proxy_set_header X-Forwarded-For $remote_addr;
 	        proxy_set_header X-Forwarded-Proto $scheme;
 	        proxy_set_header X-Real-IP $remote_addr;
 	        proxy_set_header X-Forwarded-Secret <random symbols>;
 	        chunked_transfer_encoding off;
 	}
 }

If you use BILLmanager 6, you need to add the following section:

location ^~ /api2/{
 	        proxy_pass $mgr_proxy;
 	        proxy_redirect $mgr_proxy /;
 	        proxy_set_header Host $host:$server_port;
 	        proxy_set_header X-Forwarded-For $remote_addr; 
                 proxy_set_header X-Forwarded-Proto $scheme;
 	        proxy_set_header X-Real-IP $remote_addr;
 	        proxy_set_header X-Forwarded-Secret <random symbols>;
 	        chunked_transfer_encoding off;
 	}

The client_max_body_size directive defines the file size that Nginx can pass to the control panel (for example, it is required by the "File manager" module in ISPmanager). Enter a required value.

Add the ForwardedSecret directive into the COREmanager configuration file and control panel configuration file

Example:

ForwardedSecret mary123

ForwardedSecret is a key consisting of letters and figures that is used for authentication by specific IP addresses (if Nginx is used). It is used for protection against security attacks.

Please note, a secret phrase that is specified in the Nginx configuration file (the proxy_set_header X-Forwarded-Secret directive) must match the phrase in the control panel's configuration file (the ForwardedSecret directive).

Restart Nginx and the control panel to apply the changes. Execute the command:

killall core

SPDY

If the spdy protocol is used, you should add the following directives:

proxy_set_header User-Agent $http_user_agent;
proxy_set_header Accept $http_accept;
proxy_set_header Accept-Language $http_accept_language;
proxy_set_header ISP-Client $http_isp_client;
proxy_set_header Referer $http_referer;
proxy_set_header Content-Type $http_content_type;
proxy_set_header Cookie $http_cookie;
proxy_set_header Pragma $http_pragma;
proxy_set_header Cache-Control $http_cache_control;
proxy_set_header Accept-Encoding $http_accept_encoding;
RAW Paste Data

Apache

You can configure the control panel to run via Apache with proxying to ihttpd.

Make sure the following modules are enabled in Apache:

  • proxy_module
  • proxy_connect_module
  • proxy_http_module

Add VirtualHost into the Apache configuration file:

<VirtualHost 10.10.10.10:80>
        ServerName domain.com
        ServerAlias www.domain.com
        Redirect / https://domain.com/
</VirtualHost>

<VirtualHost 10.10.10.10:443>
        ServerName domain.com
        ServerAlias www.domain.com

SSLProxyEngine on
        SSLProxyVerify none
        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerName off

SSLEngine On
        SSLCertificateFile /usr/local/mgr5/etc/manager.crt
        SSLCertificateKeyFile /usr/local/mgr5/etc/manager.key

ProxyRequests Off
        ProxyPreserveHost On
        ProxyVia full

RequestHeader set X-Forwarded-Secret <arbitrary character set>
        RequestHeader set X-Forwarded-For $remote_addr

<proxy *>
        Order deny,allow
        Allow from all
        </proxy>

ProxyPass / https://10.10.10.10:1500/
        ProxyPassReverse / https://10.10.10.10:1500/
</VirtualHost>

Apply the Apache configuration:

apachectl graceful

Add the ForwardedSecret directive into the COREmanager configuration file:

Example:

ForwardedSecret mary123

The ForwardedSecret value in the panel configuration file and COREmanager should match the value specified in the RequestHeader set X-Forwarded-Secret directive in the Apache configuration file.

Restart the panel to apply the changes in the COREmanager and panel configuration files:

killall core

To set up an SSL certificate, add the following information into the panel configuration file /usr/local/mgr5/etc/ihttpd.conf:

listen {
        ip 10.10.10.10
        redirect
        sni {
                domain_cert /usr/local/mgr5/etc/manager.crt
                domain_key /usr/local/mgr5/etc/manager.key
                domains domain.com
        }
}