Disable HTTPS webadmin on Outside but keep https for other services than Freepbx


(Gmv) #1

Hi,

I have a freePBX built with 2 NICS, one in DMZ and one in the Inside.
I have some other https stuff on this server.

I need to access the webadmin on the inside but of course this don’t have to be exposed on the outside. (or DMZ)
Then, other services than freepbx has to be accessed from outside in https. (or DMZ)

Inside interface is set as local trusted.
DMZ interface is set as Internet (default firewall)

Web Management (Secure and not) is set to local.
May be I have done something wrong, but configure like this, web admin can’t be access from
the outside (good) but non of the other services either ( :frowning:)

Any idea of what I’m doing wrong or even if what I want to do is possible.

Many thanks by advance for any help.


(Lorne Gaetz) #2

When you have Admin GUI blocked, you are blocking access to the port the Admin GUI is using. Any other services using that port will be similarly affected. You will need to separate your ‘other https stuff’ onto a different port for this to work.

If these other services are not PBX related, I would argue that they belong on another host.


(Gmv) #3

Hi, thank you for your fast answer.
In fact they are related to FreePBX (Jitsi Webinar)

So, if I understand correctly, i have to set up another apache virtual host on another port (444 for instance) and create a custom service for this port in firewall settings. Am I right?


(Lorne Gaetz) #4

That’s a solution, same as is currently done for UCP, it runs on its own port(s) separate from the Admin GUI.


(Gmv) #5

Ok,

Many thanks for your help !!


#6

You could use the same port with a different domain name, but IMO using an obscure port provides a bit of additional security and keeps the log from filling with hacking attempts.

You could lock the admin port down further by requiring a client certificate.


(Lorne Gaetz) #7

I assume this is not a FreePBX Distro install, or is it? I’ve been wondering if anyone has gotten Jitsi meet to work on the Distro yet.


(Gmv) #8

On one side I have an ubuntu 18.04 with Jitsi and on the other side FreePBX distro installed.
So both on 2 separated servers. But I have to host two files useful for audio bridge on the FreePBX server.

But I think that would not be a problem to host Jitsi on FreePBX distro. But first I’m more a debian guy than a centos one and then I first thought that we could host our audio bridge on a 3cx we have in place.

But the 3cx is not as open as FreePBX/Asterisk.