Setup an automatic reverse proxy in external server

Santiago Rodriguez

• October 24, 2022 12:39

Hello, Its my first post in that formum. I want to create a web hosting service with cPanel, but I want to hide the real server IP, I think that I can use a reverse proxy, but I see that I need to add manually each domain to the reverse proxy, and I don't know how to point the domains to the reverse proxy and keep working the cPanel DNS I want to create a reverse proxy in another server that I don't need to add each domain manually to the proxy and the domains be automatically pointed to the reverse proxy keeping working the cPanel DNS tool.

• 

  cPRex Jurassic Moderator

  • October 24, 2022 18:24

  Hey there - welcome to the Forum! We don't have any ready-made tools that would exactly handle this configuration. cPanel does support Nginx (NGINX with Reverse Proxy | cPanel & WHM Documentation) so you may be able to configure that for your needs and still have it work with all the default cPanel tools.

  0
• 

  Santiago Rodriguez

  • October 24, 2022 20:20

  OK will to see that, thanks, anything I will to reply

  0
• 

  rbairwell

  • October 25, 2022 03:04

  I want to create a web hosting service with cPanel, but I want to hide the real server IP,

  
  The easiest way to do this would be to use a service such as Cloudflare or Fastly which will act as the proxy server - along with offering DoS protection and a whole host of other things. [QUOTE] I want to create a reverse proxy in another server that I don't need to add each domain manually to the proxy and the domains be automatically pointed to the reverse proxy keeping working the cPanel DNS tool.
  The best way I can think of of achieving this is by having your proxy server (whose IP address will still be known to the general internet) forward the port requests to your web server - CloudNS then the name requests won't hit your main server and it'll remain relatively hidden. Personally, I think that cPanel is the wrong tool for what you are trying to achieve and I do feel you have underestimated the complexities of running a "hidden web service": whilst using a CDN or IP forwarding and 3rd party name servers will keep things reasonably hidden, there will be ways of finding out the IP address of the server (if you let customers sign up and upload files, it'll be easy enough for them to make a script which will reveal the real IP address, hostname etc).

  0
• 

  Santiago Rodriguez

  • October 25, 2022 17:48

  Thanks @rbairwell I have that iptables rules, I'm right?: -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination cpanel-ip:80 -A PREROUTING -p tcp -m tcp --dport 443 -j DNAT --to-destination cpanel-ip:443 -A PREROUTING -p tcp -m tcp --dport 2083 -j DNAT --to-destination cpanel-ip:2083 -A PREROUTING -p tcp -m tcp --dport 2087 -j DNAT --to-destination cpanel-ip:2087 -A PREROUTING -p tcp -m tcp --dport 3306 -j DNAT --to-destination cpanel-ip:3306 -A PREROUTING -p tcp -m tcp --dport 20 -j DNAT --to-destination cpanel-ip:20 -A PREROUTING -p tcp -m tcp --dport 21 -j DNAT --to-destination cpanel-ip:21 -A PREROUTING -p tcp -m tcp --dport 25 -j DNAT --to-destination cpanel-ip:25 -A PREROUTING -p tcp -m tcp --dport 26 -j DNAT --to-destination cpanel-ip:26 -A PREROUTING -p tcp -m tcp --dport 53 -j DNAT --to-destination cpanel-ip:53 -A PREROUTING -p tcp -m tcp --dport 110 -j DNAT --to-destination cpanel-ip:110 -A PREROUTING -p tcp -m tcp --dport 143 -j DNAT --to-destination cpanel-ip:143 -A PREROUTING -p tcp -m tcp --dport 465 -j DNAT --to-destination cpanel-ip:465 -A PREROUTING -p tcp -m tcp --dport 587 -j DNAT --to-destination cpanel-ip:587 -A PREROUTING -p tcp -m tcp --dport 873 -j DNAT --to-destination cpanel-ip:873 -A PREROUTING -p tcp -m tcp --dport 993 -j DNAT --to-destination cpanel-ip:993 -A PREROUTING -p tcp -m tcp --dport 995 -j DNAT --to-destination cpanel-ip:995 -A PREROUTING -p tcp -m tcp --dport 2077 -j DNAT --to-destination cpanel-ip:2077 -A PREROUTING -p tcp -m tcp --dport 2078 -j DNAT --to-destination cpanel-ip:2078 -A PREROUTING -p tcp -m tcp --dport 2082 -j DNAT --to-destination cpanel-ip:2082 -A PREROUTING -p tcp -m tcp --dport 2086 -j DNAT --to-destination cpanel-ip:2086 -A PREROUTING -p tcp -m tcp --dport 2089 -j DNAT --to-destination cpanel-ip:2089 -A PREROUTING -p tcp -m tcp --dport 2091 -j DNAT --to-destination cpanel-ip:2091 -A PREROUTING -p tcp -m tcp --dport 2095 -j DNAT --to-destination cpanel-ip:2095 -A PREROUTING -p tcp -m tcp --dport 2096 -j DNAT --to-destination cpanel-ip:2096 -A PREROUTING -p tcp -m tcp --dport 2195 -j DNAT --to-destination cpanel-ip:2195 -A PREROUTING -p tcp -m tcp --dport 2703 -j DNAT --to-destination cpanel-ip:2703 -A PREROUTING -p tcp -m tcp --dport 6277 -j DNAT --to-destination cpanel-ip:6277 -A PREROUTING -p tcp -m tcp --dport 24441 -j DNAT --to-destination cpanel-ip:24441 -A PREROUTING -p tcp -m tcp --dport 2079 -j DNAT --to-destination cpanel-ip:2079 -A PREROUTING -p tcp -m tcp --dport 2080 -j DNAT --to-destination cpanel-ip:2080 -A PREROUTING -p tcp -m tcp --dport 1 -j DNAT --to-destination cpanel-ip:1 -A PREROUTING -p tcp -m tcp --dport 7 -j DNAT --to-destination cpanel-ip:7 -A PREROUTING -p tcp -m tcp --dport 37 -j DNAT --to-destination cpanel-ip:37 -A PREROUTING -p tcp -m tcp --dport 43 -j DNAT --to-destination cpanel-ip:43 -A PREROUTING -p tcp -m tcp --dport 113 -j DNAT --to-destination cpanel-ip:113 -A POSTROUTING -j MASQUERADE If I'm right I have ready the IP fowarding, now I need to change the cPanel DNS Zone templates and setup the name servers. I'm new in cPanel and now my question is what I need to change in Zone Templates and how? And how I setup the nameservers?, Only add two A records ns1 and ns2 with the ip of the proxy server?

  0
• 

  rbairwell

  • October 26, 2022 08:54

  Those forwarding rules look correct at first glance - but, to be totally honest, it's been getting on to nearly 20 years since I last had to do it (and that was with a cPanel server). You do seem to be missing port 53 UDP though and HTTP/3 uses UDP on port 80 (but that doesn't seem support by cPanel at the moment). I would change in "Basic WebHost Manager Setup" at the bottom to set your nameservers to your remote nameservers: I'd then and the IP addresses of those nameservers to IP Functions->Configure Remote Service IPs->Remote Name Server IPs so cPanel is aware of them. You might be able to get away by modifying "Basic WebHost Manager Setup->Basic Config->The IPv4 address to setup" to your proxy server's IP address: but this isn't something I've tried myself so I've got no idea how/if it'll work how/if it'll affect licencing checks etc etc (and, thinking about it, it might break Apache's virtual host configuration if you have multiple IPs setup)> If that doesn't work, under DNS Functions->Edit Zone Templates (Secondary DNS with cPanel Primary Server and then setup

  0
• 

  Santiago Rodriguez

  • October 26, 2022 12:02

  Thanks again @rbairwell, let me do this and see how goes all.

  0

Please sign in to leave a comment.