Problems with "remove port 8090" reverse proxy

I followed the following tutorial:

I could login without 8090. But whenever I try to click some details (e.g. list of Websites) it reverts to login page.

What can be the reason? Where should I look?

Go to :8090/users/modifyUsers

Set security level of user to LOW.

Wow, I could never guess ! Now I understand what that setting really does :slight_smile:

Thank you !

If your IP changes frequently, you will be logged out if it is set to HIGH.

In that case it cannot be related. I’m on static IP - this is one of the important aspect of servers’ security.

Actually I said: “one of the important aspects” not “the most”.

There are several ports you open for server functionality and management.

  1. SSH access on (default) port 22. You harden it by disabling password login and introducing public key access. Which is standart and I did it.

  2. Second security hole can come from panels, say it is cPanel, WHM, CyberPanel or OLS. If you let them open to any IP on the Internet, you welcome many scripts. To prevent them:
    a) Use use hardened passwords
    b) You make use of csf/lfd and ban any IP that has N (I use 3) failed login attempts.
    c) But the best is to allow access to these ports only from specific static IP’s. Any other IP should directly be rejected before accessing the login form with 403.

(On 2b) I don’t know if csf/lfd does scan the CP & OLS logins (and ban them) on CyberPanel systems.

(On 2c) csf cannot control (afaik) IP-PORT pairs. It only whitelists IP’s from getting “banned”.

WHM/cPanel systems solve this via their Host Access Control page in WHM.
allow whm from IP1
allow whm from IP2
disallow others

I couldn’t see similar functionality in CyberPanel.

For a long time I have static IP in my home-office and I’ve been using it to access my servers. The only downside is when I go to my summer home I have to open these restrictions, and you cannot access them outside the office on mobile. Also my Static IP’s change from every couple years due to backbone changes.

Therefore it is also important to have it controlled from a single point. It is not feasible to have IP’s written in every software and/or vHost etc.

If you check your lfd statistics you will see many distributed attacks nowadays mainly from US addresses, second China. I also get a couple of ModSecurity hits every second (which overloads the server and logs I found).

I would love to have a single form/database table to manage global whitelist IP’s in CyberPanel for such functionality.

Please correct me if I’m wrong, I’m only a newbie in CP/OLS.

I’m merely emphasizing a good practice. There may not be a security hole, but the worst practice is being confident on security. A security hole can be introduced with any update on any package and we can all be zero-day’ed.

There is no need to be defensive. I might be new to this part of the world, but as a 57 old computer engineer practicing in very diverse fields for 30 years, I always felt it as my obligation to give positive feedback to opensource projects. I hope you guys did not misunderstand my flood of questions and/or suggestions. I actually moved valuable assets to a server using your software and will work with you for the betterment of it.