Subdomain installation & Fake HSTS (301/302 Redirects) [Highly Experimental!]



  • I do not condone using this for a professional instance because I have no intention of making sure it works safely not flawlessly - I also wrote this at 02:30 in the morning so I can guarantee I said / spelled / explained something in a horrible manner

    Make sure you take backups of whatever I tell you to edit before you edit them, because I usually only get lucky with the things I configure and have a tendency to break them.

    I'm not even going to bother explaining why I wanted to do this. Before you do this, make sure you understand the difference between a 301 or 302 redirect (No they are not the same).

    This is confirmed working on Ubuntu 15.10. Here is my pufferpanel.conf without personal info like my domain name. (/etc/nginx/sites-enabled/pufferpanel.conf)

    I just have to note that the way this pasted is horrible and probably should only be used for reference and not as a direct copy sort of thing simply because of the lack of formatted whitespace in the paste. Practically the way this works is I set a default server to the panel installation domain and then set fake HSTS on it so it worked with the legitimate 443 listener. I have not discovered any breakages in the system yet, but I'm sure I will find one.

    server {
    	listen 80 default_server;
    	server_name panel.domain.com; #set the server name
    	if ($host != "panel.domain.com") { #make sure we're actually referencing the right server name
    		return 403; #forbid anything but the proper server name
    	}
    	return 301 https://$host$request_uri; #permanent redirect to https
    	proxy_cache_valid 301 20m; #only keep the cache for 20 minutes
    }
    server {
            listen 80;
            server_name pma.domain.com; #another subdomain, this doesn't even have to be a subdomain. You can use your top level if you'd like, I just have phpmyadmin here
            if ($host != "pma.domain.com") {
                    return 403;
            }
            return 301 https://$host$request_uri;
            proxy_cache_valid 301 20m;
    }
        server {
            listen 443;
            root /var/www/pma; #where my phpmyadmin root is (its a symlink)
            index index.php;
    
    	server_name pma.domain.com;
            
    	if ($host != "pma.domain.com"){
    		return 403;
    	}    
            ssl on;
            ssl_certificate     /etc/nginx/ssl/pnmc.pem; #I use the same keys as I am on the CloudFlare origin SSL certificate
            ssl_certificate_key /etc/nginx/ssl/pnmc.key;
        
            location / {
                fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include /etc/nginx/fastcgi_params;
            }
        }
        server {
            listen 443;
            root /srv/pufferpanel; #The actual panel installation, not much was changed here, as this is the legitimate block from the installation script 
            index index.php;
    
    	server_name panel.domain.com;
            
    	if ($host != "panel.domain.com"){
    		return 403;
    	}    
            ssl on;
            ssl_certificate     /etc/nginx/ssl/pnmc.pem;
            ssl_certificate_key /etc/nginx/ssl/pnmc.key;
        
            location / {
                try_files /public/router.php =404;
                fastcgi_split_path_info ^(.+?\.php)(/.*)$;
                fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index router.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include /etc/nginx/fastcgi_params;
            }
        
            location /assets {
                try_files /app/$uri =404;
            }
        }
    

    This might cause problems in future versions of Pufferpanel, but the devs can feel free to comment in the replies to this thread if this is an unsafe thing to do.



  • can you make one for apache2 please?



  • Sorry, Voigon, it would not be wise to ask me for a safe way to do this on Apache2 because I am always horrible at scripting; for instance, this specific NGINX code will cache everything on the server for 20 minutes, so your production users won't be able to see changes until the cache expires.



  • This post is deleted!


  • This post is deleted!

Log in to reply
 

Looks like your connection to PufferPanel Community was lost, please wait while we try to reconnect.