1 Topic by paladine

  • paladine
  • Member
  • Offline
  • Registered: 2016-10-11
  • Posts: 2

Topic: Force iRedAdmin to ONLY listen on specified IP address (Nginx)

==== Required information ====
- iRedMail version (check /etc/iredmail-release):  0.9.5-1
- Linux/BSD distribution name and version: Debian Jessie
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue:
====

How do I force iRedAdmin to not listen on the public IP address?

I have tried editing the nginx configuration in /etc/nginx/conf.d/00-default.conf and have changed server_name to 10.123.0.22 default_server

I restarted nginx and it is now listening on https://10.123.0.22/iredadmin/

BUT it is still listening on https://fqdn/iredadmin/

I do not want (under any circumstances) iredadmin to listen on the public IP address/fqdn - from what I have read the changes I made to the nginx configuration should have been enough but it doesn't seem to work.

Thanks in advance for any help.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Force iRedAdmin to ONLY listen on specified IP address (Nginx)

Do it with Nginx ACL. You can find sample settings in our template file (/etc/nginx/templates/):
https://bitbucket.org/zhb/iredmail/src/ … admin.tmpl

3 Reply by paladine (edited by paladine 2016-10-12 17:27:55)

  • paladine
  • Member
  • Offline
  • Registered: 2016-10-11
  • Posts: 2

Re: Force iRedAdmin to ONLY listen on specified IP address (Nginx)

ZhangHuangbin wrote:

Do it with Nginx ACL. You can find sample settings in our template file (/etc/nginx/templates/):
https://bitbucket.org/zhb/iredmail/src/ … admin.tmpl

OK I fixed it.

For anyone who actually want to stop iRedAdmin listening on a public IP address you need to edit:

/etc/nginx/conf.d/00-default.conf (Debian, may be a different location in different distros)

Change 

listen 443

to 

listen ip.you.wa.nt:443

Make sure you are editing the correct directive (the second one in the file towards the bottom) because the top one is for http and by default iredadmin is installed on https.

Obviously change ip.you.wa.nt to the IP address you want it to listen on, then restart Nginx.

And a quick word of advice to you Zhang - if someone asks how to do a specific thing please actually tell them how to do it instead of suggesting something completely different to what they want.

There are -very- good reasons for not having your mail admin exposed to a public IP address and as a matter of best practices as a data protection expert, I would never recommend anyone to have the admin panel exposed to a public IP - it is a huge risk.

But the problem here is - when you give a completely different answer to the requested one - every single other person in the future who searches Google for the same answer, will instead find your incorrect answer - which is incredibly frustrating.