This article is assuming you have already created an SSL certificate for your Virtualizor panel using the built in Letsencrypt module. If you haven't you you can generate one using the Virtualizor admin area. Refer to this article. I am going to be changing the ports on my master which contains no Virtual Machines.
There are four different ports which Virtualizor can be accessed on by default. These are:
Only the client area ports can be changed easily to standard web ports - so that is what we are going to be doing. We are also going to add a re-write rule inside of nginx to force https when a http url is accessed for both client area and admin area.
Only ports for the standard user interface can be changed easily (not the admin interface). First you need to create two files with contents with the following:
echo "listen 80;" > /usr/local/emps/etc/nginx/port-80.conf
echo "listen 443;" > /usr/local/emps/etc/nginx/port-443.conf
The files are now created you can restart Virtualizor and the new ports will be operational:
service virtualizor restart
or
systemctl restart virtualizor
Try load your client login interface with the following:
This should load with the Standard Web Ports we have configured, If it doesn't you may need to allow the ports access through iptables (see below).
The admin area will still load but on the default ports:
There are two nginx config files for Virtualizor:
/usr/local/emps/etc/nginx/nginx.conf
/usr/local/virtualizor/conf/emps/nginx.conf
Backup both them with the following:
cp -a /usr/local/emps/etc/nginx/nginx.conf /usr/local/emps/etc/nginx/nginx.conf.bak
cp -a /usr/local/virtualizor/conf/emps/nginx.conf /usr/local/virtualizor/conf/emps/nginx.conf.bak
/usr/local/emps/etc/nginx/nginx.conf is a symlink to /usr/local/virtualizor/conf/emps/nginx.conf so it doesn't matter which one we edit.
First we need to find the following lines inside of /usr/local/emps/etc/nginx/nginx.conf:
Config before change:
server {
listen 4084;
server_name localhost;
add_header X-Frame-Options SAMEORIGIN;
# The Document Root
root /usr/local/virtualizor/enduser;
4084 is the admin area insecure port, so this redirect will be for the admin area. Add the following code to below add_header X-Frame-Options SAMEORIGIN; and this will force all traffic to 4084 to 4085:
Admin area redirect code:
#Force HTTPS through 302 perm redirect
return 302 https://$host:4085$request_uri?;
Your config should now look as follows:
server {
listen 4084;
server_name localhost;
add_header X-Frame-Options SAMEORIGIN;
#Force HTTPS through 302 perm redirect
return 302 https://$host:4085$request_uri?;
# The Document Root
root /usr/local/virtualizor/enduser;
Locate the following lines inside of /usr/local/emps/etc/nginx/nginx.conf:
Config before change:
server {
include port-80*.conf;
listen 4082;
server_name localhost;
add_header X-Frame-Options SAMEORIGIN;
# The Document Root
root /usr/local/virtualizor/enduser;
Add the following code to below add_header X-Frame-Options SAMEORIGIN; and this will force all traffic for port 80 to 443:
Client area redirect code:
#Force HTTPS through 302 perm redirect
return 302 https://$host$request_uri?;
Your config should now look as follows:
server {
include port-80*.conf;
listen 4082;
server_name localhost;
add_header X-Frame-Options SAMEORIGIN;
#Force HTTPS through 302 perm redirect
return 302 https://$host$request_uri?;
# The Document Root
root /usr/local/virtualizor/enduser;
Now restart Virtualizor for the changes to take effect:
service virtualizor restart
or
systemctl restart virtualizor
Try load the client area using an insecure URL this should redirect to secure port 443.
Try load the admin area through insecure URL and this should redirect to secure port 4085.
I wanted to create a redirect for my admin so that when I visit http(s)://vps.mydomain.com/admin I am redirected to the panels secure port.
To do this locate the following under Enduser HTTPS Connection:
# The Document Root
root /usr/local/virtualizor/enduser;
rewrite "/sess([0-9a-zA-Z]{16})/(.*)" /$2;
Now add the following to the bottom:
rewrite ^(/admin)(.*)$ https://$host:4085/ permanent;
Your config should now look as follows:
# The Document Root
root /usr/local/virtualizor/enduser;
rewrite "/sess([0-9a-zA-Z]{16})/(.*)" /$2;
rewrite ^(/admin)(.*)$ https://$host:4085/ permanent;
Save the changes and restart Virtualizor:
service virtualizor restart
or
systemctl restart virtualizor
Now when you load http(s)://vps.mydomain.com/admin it should redirect to https://vps.YOURDOMAIN.com:4085
If your Virtualizor panel does not load after the change you my need to either revert to the old config that we backed up or allow traffic through iptables if you are using it.
iptables -I INPUT 1 -p tcp -m tcp --dport 80 -j ACCEPT
rm -rf /usr/local/emps/etc/nginx/port-80.conf /usr/local/emps/etc/nginx/port-443.conf
mv /usr/local/emps/etc/nginx/nginx.conf /usr/local/emps/etc/nginx/nginx.conf.broken
mv /usr/local/emps/etc/nginx/nginx.conf.bak /usr/local/emps/etc/nginx/nginx.conf
mv /usr/local/virtualizor/conf/emps/nginx.conf /usr/local/virtualizor/conf/emps/nginx.conf.broken
mv /usr/local/virtualizor/conf/emps/nginx.conf.bak /usr/local/virtualizor/conf/emps/nginx.conf
service virtualizor restart