cPanel SSL Proxy Subdomain - 500 Error

Discussion in 'General' started by tina, Mar 5, 2013.

  1. tina

    tina New Member

    Hello,

    Please try the following recipe on your CentOS (no CloudLinux!) cPanel test server:

    1. Login to WHM

    2. Go to 'Tweak Settings' and make sure the following are enabled:

    - Proxy subdomains
    - Proxy subdomain creation

    3. Go to 'LiteSpeed Web Server' and switch to 'Apache'

    4. Create a cPanel account on the *shared IP* with a real domain that resolves to the server. We will call it test-domain.com in this example.

    5. Go to 'Generate an SSL Certificate and Signing Request', and create a new certificate

    6. Go to 'Install an SSL Certificate and Setup the Domain', and paste the new certificate, and also the new key. Change the user to 'nobody', then click 'Submit'

    7. Visit https://cpanel.test-domain.com/ (use the actual domain, take note of the 'https' and the 'cpanel.', and also do not enter any port number).

    8. A certificate message should appear, allow it, and you will be able to log into cPanel.

    9. Now log into WHM again and go to 'LiteSpeed Web Server' and switch to 'LiteSpeed'

    10. Once again, visit https://cpanel.test-domain.com/ (use the actual domain, take note of the 'https' and the 'cpanel.', and also do not enter any port number).

    11. You will now see a 500 error message instead!

    Please advise - is this a LiteSpeed setting issue, or something that you can fix ASAP for the next version?
  2. webizen

    webizen New Member

    in my lab testing, i am getting 500 error in Apache with the following message in step 8 after certificate message appear.

    Last edited: Mar 5, 2013
  3. tina

    tina New Member

    From the error message it looks like the cPanel proxy subdomain is not working, because Apache is trying to load the website instead (that's why the '/home/user' path is involved).

    Try and see if you can get the cPanel proxy subdomain to work correctly, which might resolve the error with Apache.
  4. tina

    tina New Member

    Okay, we just tried the same steps with another cPanel CentOS machine, and Apache is loading the domain's website (instead of loading cPanel), but there are no errors.

    We have no idea why the SSL proxy on the shared IP is working on one machine (with Apache), but not another.

    So it seems there may be some missing steps, and we will need to spend some more time to find out all the steps for making Apache load cPanel on the shared IP.
  5. stormy

    stormy Member

    Funny, I just googled "cpanel proxy subdomains 500 error" and this is the first result. And I'm using Litespeed!

    I have a 500 error on any proxy subdomain:
    https://cpanel . domain . com

    They were working with Apache, so there must be something with Litespeed.

    Any ideas on what to try?

    I checked the error log /usr/local/apache/logs/error_log and this is what happens:

    2013-12-20 10:07:15.975 [ERROR] [REWRITE] Absolute URL with leading 'http://' is required for proxy, URL: https://127.0.0.1:2083/
    2013-12-20 10:07:15.975 [ERROR] [REWRITE] Absolute URL with leading 'http://' is required for proxy, URL: https://127.0.0.1:2083/500.shtml
    Last edited: Dec 20, 2013
  6. mistwang

    mistwang LiteSpeed Staff

    LSWS wont proxy a backend via https, so have to use HTTP backend, what you need to do is:
    You need to update cpanel templates
    under /var/cpanel/templates/apache.../main.default

    comment out
    RewriteCond %{HTTP_HOST} ^cpanel\.
    RewriteCond %{HTTPS} on
    RewriteRule ^/(.*) https://127.0.0.1:2083/$1 [P]
    RewriteCond %{HTTP_HOST} ^webmail\.
    RewriteCond %{HTTPS} on
    RewriteRule ^/(.*) https://127.0.0.1:2096/$1 [P]
    RewriteCond %{HTTP_HOST} ^whm\.
    RewriteCond %{HTTPS} on
    RewriteRule ^/(.*) https://127.0.0.1:2087/$1 [P]
    RewriteCond %{HTTP_HOST} ^webdisk\.
    RewriteCond %{HTTPS} on
    RewriteRule ^/(.*) https://127.0.0.1:2078/$1 [P]

    read more about customizing templates at
    http://docs.cpanel.net/twiki/bin/view/EasyApache/EasyApacheCustomDirectivesOutsideVirtualHost#Custom Templates

    disable the option force redirect to https for cpanel access.

    If you want to disable access to cpanel http port directly,
    add iptables rule to block direct access to port 2082 other than 127.0.0.1 .
  7. stormy

    stormy Member

    The whole point of this is to allow https access only.

    Does this mean this won't ever work in Litespeed?
  8. mistwang

    mistwang LiteSpeed Staff

    no plan to support HTTPS proxy backend anytime soon.

    The solution I suggested still only allow https access from outside if you configure iptables.
  9. stormy

    stormy Member

    Would it be possible to consider changing this behaviour in a future update? Litespeed is breaking a standard cPanel feature that we rely on, and the fix is very involved.

Share This Page