Implementing a reverse proxy to WHM
I'd like to restrict WHM access to a specific IP address so I figured I'd set up a reverse proxy. I can get to the WHM login page fine but after I authenticate, I get returned to the login page with no errors. (If I submit bogus credentials, I get a login error from WHM as expected so I know the form is being submitted fine.)
Here's the Apache config I'm using on my external server:
[CODE=apacheconf]
ServerName mywhm.example.com
SSLProxyEngine On
SSLProxyCheckPeerCN On
SSLProxyCheckPeerExpire On
SSLProxyCheckPeerName On
SSLInsecureRenegotiation Off
SSLProxyVerify none
SSLVerifyClient none
SSLCertificateFile /tmp/example.crt
SSLCertificateKeyFile /tmp/example.key
ProxyRequests Off
ProxyPreserveHost Off
ProxyPass / https://example.com:2087/
ProxyPassReverse / https://example.com:2087/
ProxyPassReverseCookieDomain example.com mywhm.example.com
Require all granted
I don't see WHM's secure login cookies being set after I login which is probably what's causing my login attempt to bounce. Can someone help me fill in the missing blanks here??
I don't see WHM's secure login cookies being set after I login which is probably what's causing my login attempt to bounce. Can someone help me fill in the missing blanks here??
-
Just realized this is working in Chrome and Firefox but not in Safari (macOS Big Sur). Why would that be? 0 -
Hey there! I'm glad you were able to get this mostly working, although I wouldn't have any ideas on why this issue would be present in only one browser as it doesn't seem like this would be related to cPanel but instead is the proxy system in place. 0 -
Hey there! I'm glad you were able to get this mostly working, although I wouldn't have any ideas on why this issue would be present in only one browser as it doesn't seem like this would be related to cPanel but instead is the proxy system in place.
I actually figured it out. When I change the port number of my proxy to the same as WHM's (2087), it works in Safari. I saw some info elsewhere that suggested that some browsers may isolate cookies by port number although with Apache acting as a proxy, I didn't think this would matter. In any event, it's working for me now so hopefully this helps someone in the future!0 -
Great news, and thanks for posting that! 0
Please sign in to leave a comment.
Comments
4 comments