[Tutorial] How to setup and login to OpenLiteSpeed webadmin console

in Cyberpanel, some advanced configuration needs to be done in OLS webadmin console.

how to:

first , run this line in SSH to setup login info for webadmin console

/usr/local/lsws/admin/misc/admpass.sh

and then, login into CyberPanel , and add TCP 7080 port to firewalld in order to access it.

1056×389 87.2 KB

and please don’t forget to reload the firewalld once new rule is added.

after that , you can know access it by https://Server-IP:7080

and with the login info you set in SSH.

657×581 32.9 KB

the console itself currently comes with Chinese, English and Japanese.

of course , anyone who wishes to translate to his/her language is more than welcome

original posted here by myself , and translated by myself

OLS web adm panel looks pretty concise, and this advantage can be integrated into CyberPanel. Why the panel leaves this untouched and hasn’t had it connected? I previously thought the web server section/module inside the panel is ‘outsourced’ to OLS web admin panel.

OLS supports different distros while Cyber cannot. What a pity.

@baoang said:
OLS web adm panel looks pretty concise, and this advantage can be integrated into CyberPanel. Why the panel leaves this untouched and hasn’t had it connected? I previously thought the web server section/module inside the panel is ‘outsourced’ to OLS web admin panel.

OLS supports different distros while Cyber cannot. What a pity.

there is docker image now , you can try on other distros.

This guide works, but SSL/Certificate is invalid on port 7080, How to fix this?
I’m using a hostname for cyberpanel with valid cert.

cert file is under /usr/local/lsws/admin/conf/ , webadmin.crt and webadmin.key

either replace these 2 with your current cert , or change its path in webadmin console.

cert file is under /usr/local/lsws/admin/conf/ , webadmin.crt and webadmin.key

either replace these 2 with your current cert , or change its path in webadmin console.

I’m using the built-in Free LetsEncrypt Cert.

Replacing or moving it will fail auto renew I think.

cert file is under /usr/local/lsws/admin/conf/ , webadmin.crt and webadmin.key

either replace these 2 with your current cert , or change its path in webadmin console.

I’m using the built-in Free LetsEncrypt Cert.

Replacing or moving it will fail auto renew I think.

I mean change this to /usr/local/lsws/conf/vhosts/SSL-domain/fullchain.pem and private key

846×398 92 KB

Solved, thanks!
Please include this on future update.

Hello

I can´t make the SSL work in :7080 ;(

in the webadmin settings i have:
PRIVATE KEY : /etc/letsencrypt/live/MYDOMAIN.com/privkey.pem
CERTIFICATE FILE: /etc/letsencrypt/live/MYDOMAIN.com/fullchain.pem

both are the correct SSL for the domain.
But when i go to https://MYDOMAIN.com:7080 i get “invalid SSL”

always appears the certificate of webadmin…

Thanks for any help.

Fabian

;( i found it …

was in another section… i put the paths:
PRIVATE KEY : /etc/letsencrypt/live/MYDOMAIN.com/privkey.pem
CERTIFICATE FILE: /etc/letsencrypt/live/MYDOMAIN.com/fullchain.pem

and now… i can´t logn anymore in the webadmin ;(

F.

well apparenty i broke something ;(

cyberpanel is ON and i can login to :8090
BUt litespeed is DOwn

I can´t restart it in any way

“Could not fetch details, either LiteSpeed is not running or some error occurred, please see CyberPanel Main log file.”

when i press in “LIcence Status” i got:

Operation Failed!
Command ‘[‘sudo’, ‘cat’, ‘/usr/local/lsws/conf/serial.no’]’ returned non-zero exit status 1

All was working perfect! ;( not nothing works…

I would appreciate any help

Thanks
Fabian

was my mistake !!! after 2 hours… I FIXED !!!
was a very stupid mistake…

i write here as example: “/etc/letsencrypt/live/MYDOMAIN.com/privkey.pem”
and i put exactly that in the webadmin… and “MYDOMAIN.com” was the problem

i fixed it from ssh, restarted LS and all is working like a charme now… including the webadmin at :7080 with SSL

Regards and sorry for the previous posts

Thanks
Fabian

https://my.domain-or-ip:7080

But in the browser it remains “Connecting…” Any idea?

It never connects me. Something like how much the web server is stopped that does not release error but stays connected. But in this case the web server is working normally.

[SOLVED]
Solution: Open port 7080 in CyberPanel Firewall

Followed the instructions above, but now litespeed won’t start.
The error log reads as follows:
2019-09-04 17:21:21.690291 [INFO] [Module: modcompress 1.1] has been initialized successfully
2019-09-04 17:21:21.690397 [INFO] [Module: moddecompress 1.1] has been initialized successfully
2019-09-04 17:21:21.690470 [INFO] [Module: cache 1.61] has been initialized successfully
2019-09-04 17:21:21.690535 [INFO] [Module: mod_security Mod_Security 1.1] has been initialized successfully
2019-09-04 17:21:21.690590 [ERROR] [SSL] Config SSL Context with Certificate File: /usr/local/lsws/usr/local/lsws/admin/conf/webadmin.crt and Key File:/usr/local/lsws/usr/local/lsws/admin/conf/webadmin.key get SSL error:
2019-09-04 17:21:21.690597 [ERROR] [config:admin:listener:adminListener:ssl] failed to create new SSLContext for *:7080
2019-09-04 17:21:21.690602 [ERROR] [config:admin:listener] No listener is available for admin virtual host!
2019-09-04 17:21:21.690614 [ERROR] Fatal error in configuration, exit!

The error seems to be in the line where it’s looking for the cert and key file in /usr/local/lsws/usr/local/lsws/admin/conf

I can SSH into the server. Any suggestions on where to find the config file to edit, and what the correct values should be?

I was able to undo the damage. In case anyone else shares the same fate, the solution is that the config file is located at /usr/local/lsws/admin/conf/admin_config.conf

This should be setup by default going forward for both OLS and LS admin after this commit is merged into the installer. When issuing hostname SSL it should also cover either OLS/LS admin area SSL now with the same certificate via symlink.

If you want to do this manually until then without having to do it via the webadmin settings it can easily be done via the below commands.

LSWebadmin
mv /usr/local/lsws/admin/conf/cert/admin.crt /usr/local/lsws/admin/conf/cert/admin.crt-bak
mv /usr/local/lsws/admin/conf/cert/admin.key /usr/local/lsws/admin/conf/cert/admin.key-bk

ln -s /usr/local/lscp/conf/cert.pem /usr/local/lsws/admin/conf/cert/admin.crt
ln -s /usr/local/lscp/conf/key.pem /usr/local/lsws/admin/conf/cert/admin.key

OLS webadmin
mv /usr/local/lsws/admin/conf/webadmin.crt /usr/local/lsws/admin/conf/webadmin.crt-bak
mv /usr/local/lsws/admin/conf/webadmin.key /usr/local/lsws/admin/conf/webadmin.key-bk

ln -s /usr/local/lscp/conf/cert.pem /usr/local/lsws/admin/conf/webadmin.crt
ln -s /usr/local/lscp/conf/key.pem /usr/local/lsws/admin/conf/webadmin.key

restart lsws/ols
service lsws restart

The webadmin functions do not work:

1913×621 31.3 KB

if your accessing the LSW web admin over port 8090 behind CF its going to fail to load stuff. You need to use the IP:8090 vs the hostname or domain if its behind CF as port 8090 is NOT supported by CF.

You misunderstood. If I have unblocked port 8090 to login in: https://ip:8090, websites that are supported by cloudflare will stop working. They will show error 522.
For them to work, I need to block port 8090 but then I can’t use the cyberpanel because without the port unblocked I won’t be able to access it.

i am curious about this, i am using cloudflare with no issues. I gray cloud my cyberpanel address https://ip:8090 and the rest is running with orange cloud no issues.

https://support.cloudflare.com/hc/en-us/articles/200169156-Identifying-network-ports-compatible-with-Cloudflare-s-proxy

CF only allows certain ports to be reverse-proxyed

I read about ports what you provided in the links.
And I don’t know why port 8090 causes conflict and error 522.
That’s why I wrote this topic. I have default ports in the firewall after a new installation + 7080.
I did the installation twice and the problem repeated.
For some reason, a new CyberPanel installation causes such a conflict.

I read about ports what you provided in the links. And I don't know why port 8090 causes conflict and error 522. That's why I wrote this topic. I have default ports in the firewall after a new installation + 7080. I did the installation twice and the problem repeated. For some reason, a new CyberPanel installation causes such a conflict.

may I know how did you set it up ?

you mean like you were accessing something like https://panel.domain.com:8090 and you got 522 ?

what if you access it directly https://YOUR_SERVER_IP:8090 ?

I use login via ip:
https://YOUR_SERVER_IP:8090
I also checked through the domain:
https://panel.domain.com:8090
In both cases, when domains are supported by cloudflare and port 8090 is unblocked, there is error 522.
Domains that have their own dns work OK.

I don’t think you can possibly unblock 8090 through Cloudflare ?

I don't think you can possibly unblock 8090 through Cloudflare ?

For domains to work via cloudflare, port 8090 must be blocked.
If the port is unblocked then domains served by cloudflare do not work because I have a 522 error.

I don't think you can possibly unblock 8090 through Cloudflare ?

For domains to work via cloudflare, port 8090 must be blocked.
If the port is unblocked then domains served by cloudflare do not work because I have a 522 error.

I’m sorry I’m bit of confused here, May I know what exactly is your issue here with CF?

I'm sorry I'm bit of confused here, May I know what exactly is your issue here with CF?

Unlocked port 8090 on which you login in to CyberPanel causes error 522 on all domains that I have supported via cloudflare. These domains do not work.

when you mean unlocked port 8090 , what exactly does that mean ? and what was your URL to access it ? https://domain.com , or https://domain.com:8090?

when you mean unlocked port 8090 , what exactly does that mean ? and what was your URL to access it ? https://domain.com , or https://domain.com:8090?

If port 8090 is unlocked for logging into CyberPanel:
https://IP:8090
Domains that are supported by cloudflare do not work. They show error 522.

What was the link you were using to access it ? With domain

What was the link you were using to access it ? With domain

If CyberPanel is on port 8090 and it’s open, nothing on cloudflare dns is working and showing error 522.
If I block port 8090 with a firewall, everything starts working OK. All domains are starting to work.
I write the same yuk several times in this topic.
An open port 8090 prevents you from using cloudflare services.
There is a bug in the cyberpanel.

actually I am still not getting what is your issue here.

please join the discord and contact me @qtwrk there , I will ask for some details.

Best regards,

If I have access to CyberPanel
https://ip:8090

1099×513 21.4 KB

1281×594 35.9 KB

ok , so if you access https://ip:8090 , it works , right ?

and in this image https://i.imgur.com/lBLYUOS.png

what was your access ? https://domain.com , or https://domain.com:8090 ?

Whether through https:// ip:8090 or https://domain.com:8090 is:
https://i.imgur.com/lBLYUOS.png
This guide is out of date and does not work on the current version 1.9.1:
How to remove port 8090 from CyberPanel - #2 by lmilani - Blog Posts - CyberPanel Community

@Nencio said:
Whether through https:// ip:8090 or https://domain.com:8090 is:
https://i.imgur.com/lBLYUOS.png
This guide is out of date and does not work on the current version 1.9.1:
https://blog.cyberpanel.net/2018/12/25/how-to-remove-port-8090-from-cyberpanel/

And if you use domain without CF, it works?

Yes. Without CF, domains work OK.

Yes. Without CF, domains work OK.

when you say domains work , as https://domain.com it leads you to cyberpanel page, right ?

and actually I just did that tutorial on my test server and it works with CF enabled.

[root@cpanel ~]# curl -I -XGET https://xxxx.me
HTTP/1.1 200 OK
Date: Tue, 05 Nov 2019 22:29:06 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d53b0fec021f1df12090596c39417413c1572992946; expires=Wed, 04-Nov-20 22:29:06 GMT; path=/; domain=.xxxx.me; HttpOnly; Secure
Cf-Railgun: direct (starting new WAN connection)
Content-Language: en
Set-Cookie: csrftoken=qDspwoxOsGBdGqW9aHOZxobghbmQKXciOHK4PadqwgTDH1Mr6B6Xx01RvhXCBtZp; expires=Tue, 03-Nov-2020 22:29:06 GMT; Max-Age=31449600; Path=/; secure
Vary: Cookie, Accept-Language,Accept-Encoding
X-Frame-Options: DENY
X-Turbo-Charged-By: LiteSpeed
X-Xss-Protection: 1; mode=block
CF-Cache-Status: DYNAMIC
Strict-Transport-Security: max-age=15552000
X-Content-Type-Options: nosniff
Expect-CT: max-age=604800, report-uri=“https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct”
Server: cloudflare
CF-RAY: 531243b99a6c97c0-FRA

as you can see , status 200 OK , and server: cloudflare

please check the screenshot , reverse proxy to panel with CF enabled , works.

1170×698 58.7 KB

you can see, CF extension indicates my connection is via their Amsterdam node with IP 104.27.149.241

so in your case, I think you may have some misconfiguration , in particular , I suspect something to do with options inside “SSL/TLS” tab

It does not lead to the cyberpanel page.
Leads to domain index.html.
This guide does not work on a new 1.9.1 installation:

Port 8090 conflicts with CF. Either you use CF with domains or CyberPanel admin login panel. At the same time, you can not use. CF has set up new hubs in Europe and may now be using CF 8090 proxy port for CF.
I have installed CyberPanel 2 times and each installation has the same error.

Guide:

Need to update.
How do I change the default CyberPanel login port from 8090 to another?
For me, the IP CF is different 104.27.174.39.

With the port 8090 operational:
curl -I -XGET https://xxxx.me
HTTP/2 522
date: Wed, 06 Nov 2019 02:40:21 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d279c7619aa7699fd58bb1ff1c256d2ef1573008015; expires=Thu, 05-Nov-20 02:40:15 GMT; path=/; domain=.xxxx.me; HttpOnly
cache-control: no-store, no-cache
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri=“https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct”
set-cookie: cf_ob_info=522:5313b3a19a96d45b:HAM; path=/; expires=Wed, 06-Nov-19 02:40:51 GMT
set-cookie: cf_use_ob=443; path=/; expires=Wed, 06-Nov-19 02:40:51 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
server: cloudflare
cf-ray: 5313b3a19a96d45b-HAM

With port 8090 blocked:
curl -I -XGET https://xxxx.me
HTTP/2 200
date: Wed, 06 Nov 2019 02:41:36 GMT
content-type: text/html
set-cookie: __cfduid=d047202eea0c9cd626ffe177fca90b27c1573008096; expires=Thu, 05-Nov-20 02:41:36 GMT; path=/; domain=.xxxx.me; HttpOnly
last-modified: Sat, 19 Oct 2019 06:18:22 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri=“https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct”
server: cloudflare
cf-ray: 5313b599188bd46b-HAM

what do you mean by “With port 8090 blocked:” ? how did you block it ?

what do you mean by "With port 8090 blocked:" ? how did you block it ?

There is an error in this guide:
https://blog.cyberpanel.net/2018/12/25/how-to-remove-port-8090-from-cyberpanel/
You need to replace:
extprocessor cyberpanel { type proxy address https://switch.cyberpanel.net:8090 maxConns 100 pcKeepAliveTimeout 60 initTimeout 60 retryTimeout 0 respBuffer 0 }

On:
extprocessor cyberpanel { type proxy address https://127.0.0.1:8090 maxConns 100 pcKeepAliveTimeout 60 initTimeout 60 retryTimeout 0 respBuffer 0 }

It will only work OK.

yes , if you use domain on backend addr , it will go through external network , where you use 127.0.0.1 , it doesn’t

yes , if you use domain on backend addr , it will go through external network , where you use 127.0.0.1 , it doesn't

I had such an entry with the blocked port 8090.
Can you change this 8090 port to another one, e.g. 1234 in CyberPanel?

yes , if you use domain on backend addr , it will go through external network , where you use 127.0.0.1 , it doesn't

I had such an entry with the blocked port 8090.
Can you change this 8090 port to another one, e.g. 1234 in CyberPanel?

I’m sorry to say not at this moment , 8090 was hard coded in LSCPD

please try block 8090 to outside world, but allow access by 127.0.0.1 and your server’s public IP

Please i need help, the open lite speed webadmin giving me error, was able to find the error log here.

/usr/local/lsws/conf/vhosts/*.zaddish.com/vhost.conf
/usr/local/lsws/conf/vhosts/wildcard.zaddish.com/vhost.conf: line 1: docRoot: command not found
/usr/local/lsws/conf/vhosts/wildcard.zaddish.com/vhost.conf: line 2: vhDomain: command not found
/usr/local/lsws/conf/vhosts/wildcard.zaddish.com/vhost.conf: line 3: vhAliases: command not found
/usr/local/lsws/conf/vhosts/wildcard.zaddish.com/vhost.conf: line 4: adminEmails: command not found
/usr/local/lsws/conf/vhosts/wildcard.zaddish.com/vhost.conf: line 5: enableGzip: command not found
/usr/local/lsws/conf/vhosts/wildcard.zaddish.com/vhost.conf: line 6: enableIpGeo: command not found
/usr/local/lsws/conf/vhosts/wildcard.zaddish.com/vhost.conf: line 8: index: command not found
/usr/local/lsws/conf/vhosts/wildcard.zaddish.com/vhost.conf: line 9: useServer: command not found
/usr/local/lsws/conf/vhosts/wildcard.zaddish.com/vhost.conf: line 10: indexFiles: command not found
/usr/local/lsws/conf/vhosts/wildcard.zaddish.com/vhost.conf: line 11: syntax error near unexpected token }' /usr/local/lsws/conf/vhosts/wildcard.zaddish.com/vhost.conf: line 11: }’

Help here please? i changed the domain name to a wildcard after creating a sub domain

thanks God bless you !