Proxy and accessing https://<domain>:10000

10 posts / 0 new
Last post
#1 Sun, 02/28/2010 - 19:24
Daworm

Proxy and accessing https://<domain>:10000

Due to work configuration on the proxy. I cannot access my domains control panel on https://

How would I go about setting up a proxy on my server that will let me load it still? I plan to lock down the proxy with .htaccess etc.

Sun, 02/28/2010 - 19:26
Daworm

Actually thinking on this, there was a cPanel script to allow this for cPanel servers. You'd just go to cpanel. and it would do it all automatically.

How can I do this with virtualmin?

Mon, 03/01/2010 - 20:54
Daworm

bump

anyone?

Mon, 03/01/2010 - 21:20
Daworm

Actually. Using my meager understanding thought I might look at how to do this. I have a subdomain setup I'm not using atm so just ninja'd the pre-existing subdomain.

As a result here's the (slightly) modified code.

<div class="codeblock"><pre><code><span style="color: #000000"><span style="color: #0000BB"><?php<br /></span><span style="color: #007700">&</span><span style="color: #FF8000">#10;/* cPanel Proxy 0.4.1&#10; * http://cpanelproxy.net/&#10; *&#10; * See README.txt&#10; *&#10; */&#10;&#10;//// Config&#10;&#10;$version = &#039;0.4.1&#039;; // Please don&#039;t change this one. :)&#10;&#10;// Last part of hostnames (see install instructions)&#10;// Autodetect by removing first element of current hostname&#10;$hostpostfix = preg_replace(&#039;/^.*?\./&#039;, &#039;&#039;, $_SERVER[&#039;HTTP_HOST&#039;]);&#10;&#10;// First parts of hostnames&#10;$webmailhost = &#039;webmail.&#039;.$hostpostfix;&#10;$cpanelhost = &#039;cpanel.&#039;.$hostpostfix;&#10;$whmhost = &#039;whm.&#039;.$hostpostfix;&#10;&#10;// If server is running in CGI-mode HTTP Authentification won&#039;t work. If &#10;// $cgimode is &quot;true&quot;, cPanel Proxy will hide HTTP Authentification, forcing &#10;// cPanel to fall back on Cookie Authentification.&#10;// This means that cPanel Proxy is no longer transparent to the user, as the &#10;// login-screen will look different than usual.&#10;// Defaults to &quot;true&quot; as it will always works, autodetection may be added &#10;// later.&#10;$cgimode = true;&#10;&#10;// The host where cPanel is running. I strongly suggest having this script on &#10;// the same server as cPanel, and leaving this setting at default &quot;localhost&quot;.&#10;$host = &#039;localhost&#039;;&#10;&#10;// I&#039;m honestly not sure if \r\n or \n is most correct, but in this case it &#10;// just needs to work.&#10;$nl = &quot;\r\n&quot;;&#10;&#10;//// End of config&#10;&#10;if ($_SERVER[&quot;QUERY_STRING&quot;]==&#039;cPanelProxyVersion&#039;) {&#10;  echo &#039;&lt;p&gt;&lt;a href=&quot;http://cpanelproxy.net/&quot;&gt;cPanel Proxy&lt;/a&gt; &#039;&#10;    .$version.&#039;&lt;/p&gt;&#039;;&#10;  exit;&#10;}&#10;&#10;function error($header, $string) {&#10;  echo &#039;&lt;!DOCTYPE html PUBLIC &quot;-//W3C//DTD XHTML 1.0 Strict//EN&quot;&#10;        &quot;http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd&quot;&gt;&#10;&lt;html&gt;&#10;&lt;head&gt;&#10;&lt;title&gt;Error&lt;/title&gt;&#10;&lt;/head&gt;&#10;&lt;body&gt;&#10;&lt;h1&gt;Error: &#039;.$header.&#039;&lt;/h1&gt;&#10;&#039;.$string.&#039;&#10;&lt;hr /&gt;&#10;&lt;div style=&quot;font-size: 0.8em;&quot;&gt;&lt;a href=&quot;http://cpanelproxy.net/&quot;&gt;&#039;&#10;.&#039;cPanel Proxy &#039;.$version.&#039;&lt;/a&gt;&lt;/div&gt;&#10;&lt;/body&gt;&#10;&lt;/html&gt;&#10;&#039;;&#10;}&#10;&#10;switch($_SERVER[&#039;HTTP_HOST&#039;]) {&#10; case $webmailhost:&#10;   $port = 20000;&#10;   break;&#10; case $cpanelhost:&#10;   $port = 10000;&#10;   break;&#10; case $whmhost:&#10;   $port = 2086;&#10;   break;&#10; default:&#10;   error(&#10;     &#039;Hostname not recognized&#039;,&#039;&lt;p&gt;Server is misconfigured or you have &#039;&#10;.&#039;entered a wrong address. You can try these in stead:&lt;/p&gt;&#10;&#10;&lt;table&gt;&#10;&lt;tr&gt;&lt;td&gt;Webmail: &lt;/td&gt;&lt;td&gt;&lt;a href=&quot;http://&#039;.$webmailhost.&#039;/&quot;&gt;http://&#039;&#10;.$webmailhost.&#039;/&lt;/a&gt;&lt;/td&gt;&lt;/tr&gt;&#10;&lt;tr&gt;&lt;td&gt;cPanel: &lt;/td&gt;&lt;td&gt;&lt;a href=&quot;http://&#039;.$cpanelhost.&#039;/&quot;&gt;http://&#039;&#10;.$cpanelhost.&#039;/&lt;/a&gt;&lt;/td&gt;&lt;/tr&gt;&#10;&lt;tr&gt;&lt;td&gt;WHM: &lt;/td&gt;&lt;td&gt;&lt;a href=&quot;http://&#039;.$whmhost.&#039;/&quot;&gt;http://&#039;.$whmhost&#10;.&#039;/&lt;/a&gt;&lt;/td&gt;&lt;/tr&gt;&#10;&lt;/table&gt;&#10;&#039;);&#10;   exit;&#10;}&#10;&#10;&#10;//// Get headers from browser&#10;&#10;// &quot;/webmail&quot; is replaced with &quot;/webmail_&quot; in the url, so the server won&#039;t&#10;// redirect browsers using this proxy for webmail.&#10;// The protocol is hardcoded to HTTP 1.0. Then we don&#039;t have to worry about&#10;// chunked transfers, as 1.1 forces you to.&#10;$frombrowser = $_SERVER[&#039;REQUEST_METHOD&#039;].&quot; &quot;&#10;.str_replace(&#039;/webmail_&#039;, &#039;/webmail&#039;,$_SERVER[&#039;REQUEST_URI&#039;]).&quot; &quot;&#10;.&#039;HTTP/1.0&#039;.$nl;&#10;&#10;&#10;foreach($_SERVER as $a=&gt;$b) {&#10;  if ($a == &#039;HTTP_HOST&#039;) $b = &quot;$host:$port&quot;;&#10;  if ($a == &#039;HTTP_CONNECTION&#039;) $b = &quot;Close&quot;; // FIXME: Maybe a persitent socket could be good for performance. Do we need to make sure only the same browser reuses a socket, or is persistent sockets as stateless as usual?&#10;  if (substr($a,0,5)==&#039;HTTP_&#039;) {&#10;    $frombrowser .= substr($a,5)&#10;      .&#039;: &#039;. $b.$nl;&#10;  }&#10;}&#10;&#10;// That was the regular headers. Now we need to re-generate the headers that &#10;// was parsed and thrown away before this script gets a chance to see them.&#10;&#10;// First authentication.&#10;if (isset($_SERVER[&#039;PHP_AUTH_USER&#039;]) &#10;    &amp;&amp; !isset($_SERVER[&#039;HTTP_AUTHORIZATION&#039;])) {&#10;  $frombrowser .= &quot;Authorization: Basic &quot;&#10;.base64_encode($_SERVER[&#039;PHP_AUTH_USER&#039;].&#039;:&#039;.$_SERVER[&#039;PHP_AUTH_PW&#039;]).$nl;&#10;}&#10;&#10;if (strlen(@$_SERVER[&#039;CONTENT_TYPE&#039;])) {&#10;  $frombrowser .= &quot;Content-Type: &quot;.$_SERVER[&#039;CONTENT_TYPE&#039;].$nl;&#10;}&#10; &#10;// End of browsers headers (for now).&#10;&#10;switch($_SERVER[&#039;REQUEST_METHOD&#039;]) {&#10;&#10; case &#039;HEAD&#039;:&#10; case &#039;GET&#039;:&#10;   // We&#039;re done, signalling this with an extra newline.&#10;   $frombrowser .= $nl;&#10;   break;&#10;&#10; case &#039;POST&#039;:&#10;   // We probably have a body, we need to include this.&#10;   &#10;   $input = fopen(&#039;php://input&#039;,&#039;r&#039;);&#10;   $frombrowser_body = &#039;&#039;;&#10;&#10;   if (strpos(@$_SERVER[&#039;CONTENT_TYPE&#039;], &#039;multipart/form-data&#039;)===false) {&#10;&#10;     // Not multipart/form-data, sending body directly from browser&#10;     &#10;     // First we get the entire post body.&#10;     while (true) {&#10;       $data = fread($input, 10240); // FIXME: Can we optimize here with another buffer-size?&#10;       if (strlen($data)===0) break;&#10;       $frombrowser_body .= $data;&#10;     }&#10;   } else {&#10;&#10;     // multipart/form-data&#10;     &#10;     $boundary = &#039;--------&#039;.md5(time()); // FIXME: Do we need a better algorithm to generate boundary string?&#10;     $frombrowser .= &quot;Content-Type: multipart/form-data; boundary=&quot;&#10;       .$boundary.$nl;&#10;     foreach($_POST as $name=&gt;$data) {&#10;       $frombrowser_body .= &#039;--&#039;.$boundary.$nl&#10;     .&#039;Content-Disposition: form-data; name=&quot;&#039;.$name.&#039;&quot;&#039;.$nl&#10;     .$nl.$data.$nl; // FIXME: If $data is an array, handle that correctly.&#10;     }&#10;&#10;     foreach($_FILES as $name=&gt;$data) {&#10;       if (!is_uploaded_file($data[&#039;tmp_name&#039;])) continue;&#10;&#10;       $frombrowser_body .= &#039;--&#039;.$boundary.$nl&#10;     .&#039;Content-Disposition: form-data; name=&quot;&#039;.$name.&#039;&quot;;&#039;&#10;     .&#039; filename=&quot;&#039;.$data[&#039;name&#039;].&#039;&quot;&#039;.$nl; // FIXME: Do we need some kind of encoding here? What if the filename (or the name) has characters like double-quote, colon, semicolon, \n or \r?&#10;       // (Uploading a file with double-quote in filename with Mozilla thru this script fails, I have not done any further testing yet.)&#10;       $frombrowser_body .= &#039;Content-Type: &#039;.$data[&#039;type&#039;].$nl&#10;     .$nl&#10;     .file_get_contents($data[&#039;tmp_name&#039;])&#10;     .$nl;&#10;     }&#10;     $frombrowser_body .= &#039;--&#039;.$boundary.$nl;&#10;    }&#10;   &#10;   // Okay, now we can finish the headers and attach the body.&#10;   $frombrowser .= &quot;Content-Length: &quot;.strlen($frombrowser_body).$nl&#10;     .$nl&#10;     .$frombrowser_body;&#10;&#10;   break;&#10;&#10; default:&#10;   error(&#10;     &#039;Method not implemented&#039;,&#10;     &#039;&lt;p&gt;Method &#039;.$_SERVER[&#039;REQUEST_METHOD&#039;].&#039; not supported in cPanel &#039;&#10;.&#039;Proxy, sorry.&lt;/p&gt;&#039;&#10;     );&#10;   exit;&#10;}&#10;&#10;// Time to contact server and send request&#10;$server = fsockopen($host, $port);&#10;fputs($server, $frombrowser);&#10;&#10;&#10;// Get server headers&#10;&#10;if ($cgimode) {&#10;  $firstline = fgets($server, 10240);&#10;  $array = explode(&#039; &#039;, $firstline);&#10;  $status = (int)$array[1];&#10;  if ($status==401) {&#10;    // Authentication needed, but HTTP authentication doesn&#039;t work in CGI-mode.&#10;    header(&#039;Status: 200&#039;);&#10;  } else {&#10;    header($firstline);&#10;  }&#10;&#10;}&#10;&#10;&#10;while (true) {&#10;  $data = fgets($server, 10240); // FIXME: Can we optimize here with another buffer-size?&#10;  if (strlen(trim($data))==0) break;&#10;&#10;  // Fix hostname in redirects, cookies...&#10;  $data = str_replace(&#10;          array(&#039;localhost:20000&#039;, &#039;localhost:10000&#039;, &#039;localhost:2086&#039;),&#10;          array($webmailhost,      $cpanelhost,     $whmhost),&#10;          $data);&#10;  if (substr($data, 0, 11) == &#039;Set-Cookie:&#039;) {&#10;    $data = str_replace(&#10;            &#039;; domain=localhost&#039;, &#10;            &#039;; domain=&#039;.$_SERVER[&#039;HTTP_HOST&#039;], &#10;            $data);&#10;  }&#10;&#10;  header($data, false);&#10;}&#10;&#10;if($_SERVER[&#039;REQUEST_METHOD&#039;]==&#039;HEAD&#039;) {&#10;  exit;&#10;}&#10;&#10;// Get server body&#10;$data = &#039;&#039;;&#10;while (true) {&#10;  $line = fgets($server, 10240); // FIXME: Can we optimize here with another buffer-size?&#10;&#10;  if (strlen($line)===0) break;&#10;  // A line will never be completely empty, as it will end with a &quot;newline&quot;. &#10;  // So if we get a completely empty line, there&#039;s no more data.&#10;&#10;  if ($cgimode) {&#10;    // Let&#039;s hide that ugly message. It&#039;s not the browser that doesn&#039;t support &#10;    // HTTP-Auth, it&#039;s CGI...&#10;    $line = str_replace(&#039;If your browser does not support HTTP &#039;&#10;            .&#039;Authentication, please use this form:&#039;,&#039;&#039;,$line);&#10;  }&#10;&#10;  // Fix hostname &#10;  $line = str_replace(&#10;          array(&#039;localhost:20000&#039;, &#039;localhost:10000&#039;, &#039;localhost:2086&#039;),&#10;          array($webmailhost,      $cpanelhost,     $whmhost),&#10;          $line);&#10;&#10;  $data .= preg_replace(&#039;_(\&#039;|&quot;|=)/webmail_&#039;, &#039;$1/webmail_&#039;, $line);&#10;  // This has heavy influence on chunk-size (for HTTP/1.1 to browser)&#10;  if (strlen($data)&gt;10240) { // FIXME: Can we optimize here with another buffer-size?&#10;    echo $data;&#10;    flush();&#10;    $data = &#039;&#039;;&#10;  }&#10;}&#10;// $data is probably not empty.&#10;echo $data;&#10;<br /></span><span style="color: #0000BB">?></span></span></code></pre></div>

Problem is it's still calling "http://:10000/" somewhere and I can't quite make sense on how to make it work on https://:10000/

Pointers?

EDIT:

I am aware that the cpanel proxy prob won't even work for this out of the box... but. The fact I get a message saying "server is running in SSL Secure mode" when I access "https://hosting./" means... it is working to a degree.

Mon, 03/01/2010 - 21:37
andreychek

Howdy,

You should also be able to setup a proxy within Virtualmin to do that... if you go into Server Configuration -> Edit Proxy Website, you should be able to proxy that particular Virtual Server to forward to Virtualmin.

That is, if you setup a Virtual Server named vm.example.com, and tell it to proxy connections to https://your_domain.com:10000, that should do what you're after.

-Eric

Mon, 03/01/2010 - 22:22
Daworm

Hurm - that seems more simple... :)

I'll have to do that tonight (can't get into SSL at work >.< )

Mon, 03/01/2010 - 23:45
Daworm

Hurm - just did the change via my mobile and accessed it.

I get this

Error - No cookies
 
Your browser does not support cookies, which are required for this web server to work in session authentication mode

edit: ahh - redid as https:// and it worked.

AWESOME! thanks :)

Tue, 03/02/2010 - 00:43
Daworm

I now get this when i try to go and edit the proxy config settings for another domain.

Security Warning     
Warning! Webmin has detected that the program https://<domain>:10000/virtual-server/proxy_form.cgi?dom=125887368685941& was linked to from the URL https://webmin.<domain>/left.cgi?mode=virtualmin&dom=125887368685941, which appears to be outside the Webmin server. This may be an attempt to trick your server into executing a dangerous command.
 
If this is a legitimate link, you can allow links from this URL as follows :
 
    * Login to Webmin normally.
    * Go to the Webmin Configuration module.
    * Click on the Trusted Referrers icon.
    * Enter the hostname <domain> into the Trusted websites field, and click Save.
 
Alternately, you can configure Webmin to allow this link from the command line by :
 
    * Login as root, and edit the /etc/webmin/config file.
    * Add the line referers=<domain> at the end, or if a referers line already exists add <domain> to it.
    * Save the file.

I have done as above and restarted httpd / webmin and still get the same message...

Tue, 03/02/2010 - 21:12
Daworm

Hurm - I edited the /config file and set referrers=1 and now it works.

Strange.

Mon, 05/08/2017 - 04:26
DarkScrolls

Here's what I did:

  • Created a sub domain webmin.mydomain.com (for example)
  • In Server Configuration -> Edit Proxy Website set Proxying Enabled to Yes and write the Proxy to URL https://mydomain.com:10000
  • Select mydomain.com in Virtualmin and in Server Configuration -> Manage SSL Certificate -> Let's Encrypt -> Request certificate (if you don't have already a certificate for this domain)
  • In Server Configuration -> Manage SSL Certificate click the Copy to Webmin button to use mydomain.com certificate for webmin
  • In Webmin, Webmin -> Webmin Configuration -> Trusted referrers add mydomain.com and webmin.mydomain.com to the Trusted websites list

Now https://webmin.mydomain.com can be accessed even behind the most annoying firewalls!

Topic locked