Knowledge Base

Browse our knowledge base for free solutions to common problems

Change Virtualizor Ports to 80 & 443 & Force HTTPS Redirect

Created On: 14 September 2022
Written by: Ben

This article is assuming you have already created an SSL certificate for your Virtualizor panel using the built in Letsencrypt module. If you haven't you you can generate one using the Virtualizor admin area. Refer to this article. I am going to be changing the ports on my master which contains no Virtual Machines.

There are four different ports which Virtualizor can be accessed on by default. These are:

  1. Client Area:
    1.    :4082 = Client Area Unsecure (http)
    2.    :4083 = Client Area Secured (https)
  2. Admin Area:
    1.    :4084 = Admin Area Unsecure (http)
    2.    :4085 = Admin Area Secured (https)

Only the client area ports can be changed easily to standard web ports - so that is what we are going to be doing. We are also going to add a re-write rule inside of nginx to force https when a http url is accessed for both client area and admin area.

Change Ports To 80 & 443 For Client Area

Only ports for the standard user interface can be changed easily (not the admin interface). First you need to create two files with contents with the following:

echo "listen 80;" > /usr/local/emps/etc/nginx/port-80.conf 
echo "listen 443;" > /usr/local/emps/etc/nginx/port-443.conf

The files are now created you can restart Virtualizor and the new ports will be operational:

service virtualizor restart 
or 
systemctl restart virtualizor

Try load your client login interface with the following:

  1. http://vps.YOURDOMAIN.com/
  2. https://vps.YOURDOMAIN.com

This should load with the Standard Web Ports we have configured, If it doesn't you may need to allow the ports access through iptables (see below).

The admin area will still load but on the default ports:

  1. http://vps.YOURDOMAIN.com:4084
  2. https://vps.YOURDOMAIN.com:4085

Forcing HTTPS

There are two nginx config files for Virtualizor:

/usr/local/emps/etc/nginx/nginx.conf 
/usr/local/virtualizor/conf/emps/nginx.conf

Backup both them with the following:

cp -a /usr/local/emps/etc/nginx/nginx.conf /usr/local/emps/etc/nginx/nginx.conf.bak 
cp -a /usr/local/virtualizor/conf/emps/nginx.conf /usr/local/virtualizor/conf/emps/nginx.conf.bak

/usr/local/emps/etc/nginx/nginx.conf is a symlink to /usr/local/virtualizor/conf/emps/nginx.conf so it doesn't matter which one we edit.

Force Redirect For Admin Area

First we need to find the following lines inside of /usr/local/emps/etc/nginx/nginx.conf:

Config before change:

server { 
                listen 4084; 
                server_name localhost; 
                add_header X-Frame-Options SAMEORIGIN; 
    
                # The Document Root 
                root    /usr/local/virtualizor/enduser;

4084 is the admin area insecure port, so this redirect will be for the admin area. Add the following code to below add_header X-Frame-Options SAMEORIGIN; and this will force all traffic to 4084 to 4085:

Admin area redirect code:

#Force HTTPS through 302 perm redirect 
return 302 https://$host:4085$request_uri?;

Your config should now look as follows:

server { 
                listen 4084; 
                server_name localhost; 
                add_header X-Frame-Options SAMEORIGIN;

                #Force HTTPS through 302 perm redirect 
                return 302 https://$host:4085$request_uri?;
    
                # The Document Root 
                root    /usr/local/virtualizor/enduser;

Force Redirect For Client Area

Locate the following lines inside of /usr/local/emps/etc/nginx/nginx.conf:

Config before change:

server {
               include port-80*.conf;
               listen     4082;
               server_name  localhost;
               add_header X-Frame-Options SAMEORIGIN;
 
               # The Document Root
               root    /usr/local/virtualizor/enduser;

Add the following code to below add_header X-Frame-Options SAMEORIGIN; and this will force all traffic for port 80 to 443:

Client area redirect code:

#Force HTTPS through 302 perm redirect
return 302 https://$host$request_uri?;

Your config should now look as follows:

server {
                include port-80*.conf;
                listen     4082;
                server_name  localhost;
                add_header X-Frame-Options SAMEORIGIN;
 
                #Force HTTPS through 302 perm redirect
                return 302 https://$host$request_uri?;
 
                # The Document Root
                root    /usr/local/virtualizor/enduser;

Now restart Virtualizor for the changes to take effect:

service virtualizor restart
or
systemctl restart virtualizor

Try load the client area using an insecure URL this should redirect to secure port 443.

Try load the admin area through insecure URL and this should redirect to secure port 4085.

Creating a Redirect For Admin Area

I wanted to create a redirect for my admin so that when I visit http(s)://vps.mydomain.com/admin I am redirected to the panels secure port.

To do this locate the following under Enduser HTTPS Connection:

# The Document Root
root    /usr/local/virtualizor/enduser;
 
rewrite "/sess([0-9a-zA-Z]{16})/(.*)" /$2;

Now add the following to the bottom:

rewrite ^(/admin)(.*)$ https://$host:4085/ permanent;

Your config should now look as follows:

# The Document Root
root    /usr/local/virtualizor/enduser;
 
rewrite "/sess([0-9a-zA-Z]{16})/(.*)" /$2;
 
rewrite ^(/admin)(.*)$  https://$host:4085/ permanent;

Save the changes and restart Virtualizor:

service virtualizor restart
or
systemctl restart virtualizor

Now when you load http(s)://vps.mydomain.com/admin it should redirect to https://vps.YOURDOMAIN.com:4085

Not Working?

If your Virtualizor panel does not load after the change you my need to either revert to the old config that we backed up or allow traffic through iptables if you are using it.

iptables change:

iptables -I INPUT 1 -p tcp -m tcp --dport 80 -j ACCEPT

Reverting to old config:

rm -rf /usr/local/emps/etc/nginx/port-80.conf /usr/local/emps/etc/nginx/port-443.conf
mv /usr/local/emps/etc/nginx/nginx.conf /usr/local/emps/etc/nginx/nginx.conf.broken
mv /usr/local/emps/etc/nginx/nginx.conf.bak /usr/local/emps/etc/nginx/nginx.conf
mv /usr/local/virtualizor/conf/emps/nginx.conf /usr/local/virtualizor/conf/emps/nginx.conf.broken
mv /usr/local/virtualizor/conf/emps/nginx.conf.bak /usr/local/virtualizor/conf/emps/nginx.conf
service virtualizor restart
ICTU LTD is a company registered England and Wales (Company No. 09344913) 15 Queen Square, Leeds, West Yorkshire, England, LS2 8AJ
Copyright © 2024 ICTU LTD, All Rights Reserved.
exit