In your firewall configuration, find

#  Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL).
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT

And add in a new rule

# Allow ISPConfig
-A INPUT -p tcp --dport 8080 -j ACCEPT

Then restart the firewall.

Unless you're hosting multiple sites that OTHER people need to admin, then a Control Panel is a waste of resources AND it bastardizes the config setup.

Take 15 minutes and learn the command line. Then you can run all of the apps and services natively without worrying what the control panel is doing to their config's.

As to phpmyadmin, search the forum. There are way better (and way way way more secure) GUI options for managing MYSQL.

@Nibbler:

In your firewall configuration, find

#  Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL).
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT

And add in a new rule

# Allow ISPConfig
-A INPUT -p tcp --dport 8080 -j ACCEPT

Then restart the firewall.

Hi Nibbler,

Thanks a lot!!! It's working now. BUT the httpS is showing the SSL is expired. Can't remember even if I told ispconfig to use SSL.

But anyway - at least it is accessible now.

Hi vonskippy,

Thanks for your input. Now I am considering to get rid of ispconfig and phpmyadmin.

But few questions -

@vonskippy:

Unless you're hosting multiple sites that OTHER people need to admin, then a Control Panel is a waste of resources AND it bastardizes the config setup.

Isn't it easy to maintain/monitor the server using ispconfig as it has an interface? Also isn't it offer easy to do small tasks? i.e. creating a subdomain.

> Take 15 minutes and learn the command line. Then you can run all of the apps and services natively without worrying what the control panel is doing to their config's.

Yeh got to learn the command line just for the sake of the self maintained VPS. Any good places to start?*

> As to phpmyadmin, search the forum. There are way better (and way way way more secure) GUI options for managing MYSQL.

Tried searching this forum but not much luck. But in various forums I came across to SQL Buddy, MySQL GUI Tools and Navicat for MySQL.

Which one do you use or which one do you think better than phpmyadmin?

Do you think I should simply uninstall the phpmyadmin and ispconfig now or shall I do the rebuild the linode and do it from the scratch?

Thanks

*Google mainly brings garbage these days

@minerva:

Isn't it easy to maintain/monitor the server using ispconfig as it has an interface? Also isn't it offer easy to do small tasks? i.e. creating a subdomain.

Not really, using apache adding a subdomain can be as simple as adding ServerAlias subdomain.domain.com to your config file or adding a new config file which you can copy from an existing site, it depends on the situation, after you've done it a few times you'll be able to do it in a few minutes.

> Yeh got to learn the command line just for the sake of the self maintained VPS. Any good places to start?*
The linode library is a good place to start http://library.linode.com/

> Tried searching this forum but not much luck. But in various forums I came across to SQL Buddy, MySQL GUI Tools and Navicat for MySQL.
MySQL Workbench http://www.mysql.com/products/workbench/ - cross platform

Sequel pro http://www.sequelpro.com/ - mac

Heidi SQL http://www.heidisql.com/ - windows

All of those support SSH tunnels which you should use.

> Do you think I should simply uninstall the phpmyadmin and ispconfig now or shall I do the rebuild the linode and do it from the scratch?

Rebuilding is probably easier since you can follow the Linode library guides as you go along.

Hi obs,

Cheers for the reply.

> Not really, using apache adding a subdomain can be as simple as adding ServerAlias subdomain.domain.com to your config file or adding a new config file which you can copy from an existing site, it depends on the situation, after you've done it a few times you'll be able to do it in a few minutes.

I already tried to make a sub-domain but it seems I broke the server again, do you think it is because my domain (on godaddy) isn't pointing to the linode ip address?

(Not intending to thread hijack; this may be useful educationally for the OP and me.)

For PHPMyadmin, how secure would following type of configuration be:

-restrict access to PHPMyadmin to only your IP

-require SSL login

-use a free Cloudflare account to manage DNS, which does not allow people to connect via https

–>therefore, the main way to connect would be to do so from your IP, and by modifying the local HOSTS file to bypass Cloudflare and be able to log in with a secure connection

Can more experienced folks can shoot holes in this plan, or would this considered to be reasonably secure? If so, please share!

@minerva:

I already tried to make a sub-domain but it seems I broke the server again, do you think it is because my domain (on godaddy) isn't pointing to the linode ip address?

Define broke, i.e. error messages, without the details I can't comment.

> Can more experienced folks can shoot holes in this plan, or would this considered to be reasonably secure? If so, please share! that's a fair setup, if you've restricted access via iptables then it's fine, if not then I'd suggest doing so just in case there's some login bypass bug that creeps into phpmyadmin. Other good ways of locking down services such as this are ssh tunnels, client web certificates and vpns.

The cloud flare bit is a bit..meh IMHO I wouldn't bother with it, depending on how your server is setup it's possible someone could put https:// into their browser and it'd bypass cloud flare.

> Define broke, i.e. error messages, without the details I can't comment.

I think I found the answer. I was trying to create a sub-domain BEFORE pointing my domain to the ip address. But technically something like http://subdomain.176.58.122.148/ not possible, right?

Thanks for your help!

@minerva:

something like http://subdomain.176.58.122.148/ not possible, right?
Right.

But you can use a local host file on the local computer you're testing from to see that the subdomains and vhosts are working before you commit the changes to your public dns server.

@obs:

> Can more experienced folks can shoot holes in this plan, or would this considered to be reasonably secure? If so, please share! that's a fair setup, if you've restricted access via iptables then it's fine, if not then I'd suggest doing so just in case there's some login bypass bug that creeps into phpmyadmin. Other good ways of locking down services such as this are ssh tunnels, client web certificates and vpns.

The cloud flare bit is a bit..meh IMHO I wouldn't bother with it, depending on how your server is setup it's possible someone could put https:// into their browser and it'd bypass cloud flare. Thanks for your input; I considered that workaround too. I already have https://domain.com/phpmyadmin IP restricted via virtualhosts/Apache. Is that as good? I may eventually get an SSL certificate for the site, so I'd prefer not to lay down a foundation where everything on port 443 only always restricted to only 1 IP.

@yaz:

@obs:

[Thanks for your input; I considered that workaround too. I already have https://domain.com/phpmyadmin IP restricted via virtualhosts/Apache. Is that as good? I may eventually get an SSL certificate for the site, so I'd prefer not to lay down a foundation where everything on port 443 only always restricted to only 1 IP.[/quote]

The simplest solution to secure PHPMyAdmin is to have it only accessible on localhost and then use a SSH tunnel to access it, that way no one that doesn't have SSH access can see it's even installed, you also don't need to add a SSL cert since SSH does the encryption for you.

@obs:

@yaz:

@obs:

[Thanks for your input; I considered that workaround too. I already have https://domain.com/phpmyadmin IP restricted via virtualhosts/Apache. Is that as good? I may eventually get an SSL certificate for the site, so I'd prefer not to lay down a foundation where everything on port 443 only always restricted to only 1 IP.[/quote]

The simplest solution to secure PHPMyAdmin is to have it only accessible on localhost and then use a SSH tunnel to access it, that way no one that doesn't have SSH access can see it's even installed, you also don't need to add a SSL cert since SSH does the encryption for you. I think that's a great idea–thanks.