amuck-landowner

Proxying a port (cPanel/WHM specifically) on another server?

raindog308

vpsBoard Premium Member
Moderator
I was wondering if it's possible to do this:

server1.example.com is a cPanel/WHM server running WHM on port 2087 (this is not configurable per cPanel)

server2.example.com has a proxy of some sort and by connecting to it on port 443, all traffic is magically passed back and forth to server1.example.com:2087

2087 is the HTTPS interface for cPanel/WHM btw if that makes a difference.

If so, how would I do that?
 

TheLinuxBug

New Member
HAProxy, Varnish, Nginx  to setup a web proxy, or if you literally just want to pass all data from X port to a port on another server you can use 'redir' to forward the port to a new address (however all connections using redir will look to come from the server making the redirection or in this case the proxy server). 

If you wish to use HAproxy, Varnish, or Nginx and you need the real ip from the incoming user to make it into the logs, be sure to install mod_rpaf for apache on the cPanel server and make adjustments to logging as needed to show the correct ip.

I hope this helps!

Cheers!
 

Shados

Professional Snake Miner
I was wondering if it's possible to do this:

server1.example.com is a cPanel/WHM server running WHM on port 2087 (this is not configurable per cPanel)

server2.example.com has a proxy of some sort and by connecting to it on port 443, all traffic is magically passed back and forth to server1.example.com:2087

2087 is the HTTPS interface for cPanel/WHM btw if that makes a difference.

If so, how would I do that?
If server1.example.com:2087 is actually serving up HTTPS as server2.example.com with a valid cert for that domain (because that is the one the browser will see / check validity for), couldn't you just NAT the port, forwarding everything going to server2.example.com:443 to server1.example.com:2087?
 

raindog308

vpsBoard Premium Member
Moderator
If server1.example.com:2087 is actually serving up HTTPS as server2.example.com with a valid cert for that domain (because that is the one the browser will see / check validity for), couldn't you just NAT the port, forwarding everything going to server2.example.com:443 to server1.example.com:2087?
They'd actually have to be separate servers (or VPSes).

server1's port 80 and 443 are already in use for normal web serving operations.

My goal is to get around restrictive firewalls that prevent me from accessing server1 on port 2087.  (Translation: it's tedious to have to pull out my aircard at work :)
 

SkylarM

Well-Known Member
Verified Provider
They'd actually have to be separate servers (or VPSes).

server1's port 80 and 443 are already in use for normal web serving operations.

My goal is to get around restrictive firewalls that prevent me from accessing server1 on port 2087.  (Translation: it's tedious to have to pull out my aircard at work :)
What's wrong with the proxy subdomain setting that allows cpanel.yourdomain.com to proxy cpanel over 443/80?

Tweak Settings in WHM: (it says default is on but my newest install was disabled).

RCO.png
 

notFound

Don't take me seriously!
Verified Provider
Oh, interesting, never saw that feature before on cPanel. I've just been using an nginx reverse proxy which is very easy too:


server {
server_name webmail.*******.co.uk;
location /{
proxy_pass https://neptune..*******..com:2096/;
}
sub_filter_once off;
sub_filter '//neptune.*******.com:2096' '//$http_host';
}

p.s. probably not a good idea to use above, it's not over ssl.

You could probably just run a socks proxy that would bypass lots of port restrictions. I do that at college when I'm forced to use their computers and the default OS (not my debian hdd ;-))
 
Last edited by a moderator:

5n1p

New Member
Not sure if this is good solution, but you can do this with socat first install it on your server2 and then:


socat TCP4-LISTEN:443 OPENSSL:server1.example.com:2087,verify=0

after that https://server2.example.com should go to server1. You would need to have ssl cert for server2 also. 
 
Top
amuck-landowner