• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved how to SSL secure Panel with Cloudflare enabled server ?

Q

qtwrk

Basic Pleskian
Hi,
Just got a small problem.
currently I am using https://xxx.xxx.xxx.xxx:8443 to access and manage Plesk.
mydomain has SSL and I setup with Cloudflare.

which means , if i access https://domain:8443 , CF gets in the way.

so what should I do now ?

get a separate (sub)domain and setup with let's encrypt ?

just one more dumb question , if in case I have to use other domain to do it, how can I change hostname (centos 7) to match the SSL cert ?

and better yet , is there anyway to change plesk default port ?
 
Hi qtwrk,

I don't recommend to change the ports, but it is possible:

=> /etc/sw-cp-server/conf.d/plesk.conf

... but pls. be aware, that Plesk may overwrite your modifications in case of updates/upgrades/patches. ;)



It is very easy to create a subdomain for your Plesk Control Panel and follow then:


or use the FORUM SEARCH, where you could find for example => #2 => #10

and have a look as well at the Plesk Extension:​

 
When I don't want to meddle with configs I use iptables to translate a port.
I don't really understand your question in what you're trying to do, but if you want to access Plesk on port 9443 then you only need to add the line:

Code: 
iptables -t nat -A PREROUTING -d 10.20.10.20/32 -p tcp -m tcp --dport 9443 -j DNAT --to-destination 10.20.10.20:8443

10.20.10.20 is your WAN IP

Anything foreign going to port 9443 will go to 8443 instead.
You can also use source IP's if you choose to.

I'm using it when running a reverse proxy.
No need to change the port, just fetch the data away before it arrives to the service....

Plesk will not spoil your party when it changes configs
 
Last edited:
mr-wolf said:
When I don't want to meddle with configs I use iptables to translate a port.
I don't really understand your question in what you're trying to do, but if you want to access Plesk on port 9443 then you only need to add the line:

Code: 
iptables -t nat -A PREROUTING -d 10.20.10.20/32 -p tcp -m tcp --dport 9443 -j DNAT --to-destination 10.20.10.20:8443

10.20.10.20 is your WAN IP

Anything foreign going to port 9443 will go to 8443 instead.
You can also use source IP's if you choose to.

I'm using it when running a reverse proxy.
No need to change the port, just fetch the data away before it arrives to the service....

Plesk will not spoil your party when it changes configs
Click to expand...

thanks for the tip , my original question was render meanless because i just saw CF allows traffic on port 8443 , but however still another problem. the port 8447 for install/update component is NOT allowed by CF.

can I use that iptables command forward from source IP:8447 to other port that CF allows ?
and please forgive my stupidity , how to find out my WAN IP ?
 
I wrote WAN IP, but I was assuming a server directly connected to the Internet. It's the IP of your machine which can be found with ifconfig.

If you have your server behind a NAT router then you could do this on the router.

You could use some other port (one that Cloudflare supports) and translate that port to 8447.
The problem there is that Plesk will instruct your browser to open a new tab on port 8447
You would need to manually change the port on your browser to that Cloudflare supported port.
As upgrades are done rarely and only by one person normally this could be only a minor nuisance.

I'm not using Cloudflare, so I'm not aware of its specific restrictions. I know it's an off site reverse proxy service.
 
Last edited:
You must log in or register to reply here.

Similar threads

C
Question How can I secure my Mail with Letsencrypt next to Cloudflares Origin Certificate in Plesk?
Replies
4
Views
1K
cpulove
C
C
Question Plesk with Cloudflare Proxy DNS Records and Letsencrypt..
Replies
0
Views
1K
cpulove
C
Daveo
Question Cloudflare/Plesk with home server
Replies
2
Views
261
Daveo
Daveo
majdi draouil
Question How to Block Direct IP Access and Ensure All Traffic Routes Through Cloudflare
Replies
1
Views
649
Raul A.
R
C
Issue Cloudflare Origin SSL Zertifikate does work and protect
Replies
1
Views
1K
cpulove
C
Back
Top