# Proxying a port (cPanel/WHM specifically) on another server?



## raindog308 (Mar 5, 2014)

I was wondering if it's possible to do this:

server1.example.com is a cPanel/WHM server running WHM on port 2087 (this is not configurable per cPanel)

server2.example.com has a proxy of some sort and by connecting to it on port 443, all traffic is magically passed back and forth to server1.example.com:2087

2087 is the HTTPS interface for cPanel/WHM btw if that makes a difference.

If so, how would I do that?


----------



## Mun (Mar 5, 2014)

nginx proxy?


----------



## TheLinuxBug (Mar 5, 2014)

HAProxy, Varnish, Nginx  to setup a web proxy, or if you literally just want to pass all data from X port to a port on another server you can use 'redir' to forward the port to a new address (however all connections using redir will look to come from the server making the redirection or in this case the proxy server). 

If you wish to use HAproxy, Varnish, or Nginx and you need the real ip from the incoming user to make it into the logs, be sure to install mod_rpaf for apache on the cPanel server and make adjustments to logging as needed to show the correct ip.

I hope this helps!

Cheers!


----------



## Shados (Mar 5, 2014)

raindog308 said:


> I was wondering if it's possible to do this:
> 
> server1.example.com is a cPanel/WHM server running WHM on port 2087 (this is not configurable per cPanel)
> 
> ...


If server1.example.com:2087 is actually serving up HTTPS as server2.example.com with a valid cert for that domain (because that is the one the browser will see / check validity for), couldn't you just NAT the port, forwarding everything going to server2.example.com:443 to server1.example.com:2087?


----------



## raindog308 (Mar 5, 2014)

Shados said:


> If server1.example.com:2087 is actually serving up HTTPS as server2.example.com with a valid cert for that domain (because that is the one the browser will see / check validity for), couldn't you just NAT the port, forwarding everything going to server2.example.com:443 to server1.example.com:2087?


They'd actually have to be separate servers (or VPSes).

server1's port 80 and 443 are already in use for normal web serving operations.

My goal is to get around restrictive firewalls that prevent me from accessing server1 on port 2087.  (Translation: it's tedious to have to pull out my aircard at work


----------



## SkylarM (Mar 5, 2014)

raindog308 said:


> They'd actually have to be separate servers (or VPSes).
> 
> server1's port 80 and 443 are already in use for normal web serving operations.
> 
> My goal is to get around restrictive firewalls that prevent me from accessing server1 on port 2087.  (Translation: it's tedious to have to pull out my aircard at work


What's wrong with the proxy subdomain setting that allows cpanel.yourdomain.com to proxy cpanel over 443/80?

Tweak Settings in WHM: (it says default is on but my newest install was disabled).


----------



## raindog308 (Mar 5, 2014)

SkylarM said:


> What's wrong with the proxy subdomain setting that allows cpanel.yourdomain.com to proxy cpanel over 443/80?
> 
> Tweak Settings in WHM: (it says default is on but my newest install was disabled).


Ah, I'd discounted that because I assumed it was still http://whm.example.com:2087 - I'll investigate.  Thanks.


----------



## SkylarM (Mar 5, 2014)

raindog308 said:


> Ah, I'd discounted that because I assumed it was still http://whm.example.com:2087 - I'll investigate.  Thanks.


Nope, it's designed with your specific issue in mind. https://cpanel.example.com/ will load cpanel over 443 to get around firewall restrictions. Does it for webmail, cpanel, and whm I believe.


----------



## notFound (Mar 6, 2014)

Oh, interesting, never saw that feature before on cPanel. I've just been using an nginx reverse proxy which is very easy too:


server {
server_name webmail.*******.co.uk;
location /{
proxy_pass https://neptune..*******..com:2096/;
}
sub_filter_once off;
sub_filter '//neptune.*******.com:2096' '//$http_host';
}

p.s. probably not a good idea to use above, it's not over ssl.

You could probably just run a socks proxy that would bypass lots of port restrictions. I do that at college when I'm forced to use their computers and the default OS (not my debian hdd ;-))


----------



## 5n1p (Mar 6, 2014)

Not sure if this is good solution, but you can do this with socat first install it on your server2 and then:


socat TCP4-LISTEN:443 OPENSSL:server1.example.com:2087,verify=0

after that https://server2.example.com should go to server1. You would need to have ssl cert for server2 also.


----------

