Hi, a few days back I successfully installed CyberPanel on my Hetzner VPS. I am using Cloudflare so I cannot access https://mydomain:8090 as Cloudflare blocks port 8090. So,
Is it safe to change the CyberPanel port to 8443?
I have a Firewall rule setup to block all incoming traffic at port 8090 except my IP to protect my CyberPanel. Is it possible to do the same if I access my CyberPanel at port 8443 (with a domain name)?
Thanks!
Yes totally safe and working fine.
Hi, I changed the port to 8443. Now I can access my cyber panel from http://IP:8443 but not through https://my domain:8443 ( Getting this error 525 SSL handshake failed).
I also realized that I have never pointed my domain to my CyberPanel (My domain was already added to Cloudflare all I did was to change the A records)
What do I have to do to use login to my cyber panel with my domain?
Follow this guide, replacing 8090 with 8443:
Regarding SSL issue, use the full option at cloudflare and re-add your SSL (the one provided by cloudflare) at Websites->List Website-> Your domain → Add ssl
Hi @tmoore
I don’t mind having to add 8443 at the end of my domain name. But why can’t I access Cyber Panel from https://mydomain:8443?
Also, a question from a security standpoint is it okay to access the cyber panel with just the Server IP:8090, or is it always recommended to use a domain name?
@tmoore
Tried to upload the SSL manually, did not help either
Create sub domain for cyberpanel like panel.domain.com and issue hostname SSL for that.
@Dreamer I did and I was able to access panel.my.domain as a webpage (the CyberPanel welcome Page) but not at port 8443.
The hostname SSL was also applied but it said “now you can access cyberPanel at https://yourdomain:8090”
Steps, in order:
1 - Create a subdomain that you want to use for the cyberpanel
2 - Go to cyberpanel ->Server status-> Change port->8443 or any of the ones that support HTTPS here:
3 - Do this step to remove the port, replacing “https://switch.cyberpanel.net:8090” with your subdomain and port, for example:
“https://sub.domain.com:8443”
4- Go to cyberpanel (using your IP:8443 or the port you changed to)->SSL->Hostname SSL->Select your subdomain->Issue SSL
5 - Go to Websites → List domains → Select your subdomain->Manage->Rewrite rules
Delete the error about “cat /…” and paste:
REWRITERULE ^(.*)$ HTTP://cyberpanel/$1 [P]
Exactly like that, don’t change anything
6 - Copy your cloudflare issued origin certificate from your main domain to your subdomain:
Your domain:
/etc/letsencrypt/live/domain.com/fullchain.pem
/etc/letsencrypt/live/domain.com/privkey.pem
Copy into your subdomain:
/etc/letsencrypt/live/sub.domain.com/fullchain.pem
/etc/letsencrypt/live/sub.domain.com/privkey.pem
7 - Go to your vps, reboot with the command:
reboot
P.S: Issuing hostname SSL will always say to enter using port 8090 because it’s a hardcoded string, just ignore, it will use your new port.
Hi, @tmoore. Thank you so much for guiding me through.
However, I decided that I am just going to leave everything at default as I am not confident enough to make the changes and troubleshoot if anything goes wrong.
That said are there any security issues using IP addresses (instead of a domain) to access CyberPanel?
Thank you so much again for your time.
That’s a very good decision, actually if you want a pro tip from someone that’s very confident but just wouldn’t bother, I just shutdown cyberpanel when I don’t need it, because that’s the ultimate security. I never have to worry who’s trying to brute force my panel or why /usr/local/lscp/logs/error.log is getting written each minutes with pure nonsense. Actually I have a php file that all it does is ask for a password and then start cyberpanel and shut it down 30 minutes later, I guess you could do the same but it just open port 8090 when you need it. No modification to the original control panel. Like what’s the point of running a control panel 24/7?
@entoutcas How do you shut down CyberPanel?
systemctl stop lscpd
Doesn’t impact certificate renewal or even backups, since those are cron jobs. You can use start to start it when needed.
It’s important to remember that while we do have the source code of cyberpanel the django app, and that openlitespeed is a very nice, fast and modern webserver, cyberpanel itself is served from a binary file ( I’m guessing a version of litespeed ) that you’ll find in the root of the git repo ( cyberpanel/lscpd-0.3.1 at 4ce83cb4b0fe59a375f7ed13475c49e572dc457e · usmannasir/cyberpanel · GitHub ) I don’t know that thing, I can’t config it, I can’t understand it’s weird log ( and why oh why it keep logging all the time ) and it did have vulnerability issues. If you want real security, just changing port ain’t gonna cut it, but shutting it down certainly will. Btw I think the cyberpanel watchdog restart it? I didn’t install that so no idea.
This topic was automatically closed 3 hours after the last reply. New replies are no longer allowed.