How Do I Change the Port Used by VestaCP?

April 9, 2018 6.1k views
Control Panels Debian CentOS Ubuntu

To get started, please visit: https://[droplet-ip]:8083/list/firewall/ (where [droplet-ip] is the IPv4 IP of your Droplet).

From the firewall configuration page, please click on the + icon to create a new firewall rule and use the following details to populate form. We're using port 2083 in this example, though you can use any port that isn't already in use.

Action: Accept
Protocol: TCP
Port: 2083
IP Address: 0.0.0.0/0

Click Save to add the rule to the firewall.

Once the firewall rule has been added, we'll need to edit the NGINX configuration for VestaCP. Please login via SSH and navigate to /usr/local/vesta/nginx/conf/ using:

cd /usr/local/vesta/nginx/conf/

We'll need to edit the nginx.conf file and change the port that NGINX listens on from 8083 to 2083 (or the port you chose to use).

nano nginx.conf

Change

listen          8083;

To

listen          2083;

Once the port has been changed, press CTRL+X, followed by y, and then hit enter to save your changes.

Now that we have an active firewall rule allowing us to accept connections on the new port and we've made the changes required to allow NGINX to listen on the new port, we'll restart VestaCP to allow the changes to take effect:

service vesta restart

The final step is removing the firewall entry for the previous port we were using. To do this, we'll visit https://[droplet-ip]:2083/list/firewall/ (notice, we're using the new port in the URL now).

Hover over the firewall entry that shows 8083 and click on Delete, then OK. You're done!

5 Answers

Here is a simple all in one command solution that will do it for you from terminal.

sed -i 's/8083;/2083;/' /usr/local/vesta/nginx/conf/nginx.conf && v-add-firewall-rule ACCEPT 0.0.0.0/0 2083 TCP && v-delete-firewall-rule 2 && service vesta restart

If you have not modified the default firewall rules #2 is for the 8083. If you have you can use this longer command to be more safe

sed -i 's/8083;/2083;/' /usr/local/vesta/nginx/conf/nginx.conf && v-add-firewall-rule ACCEPT 0.0.0.0/0 2083 TCP && sed -i -e '/8083/ s/ACCEPT/DROP/' /usr/local/vesta/data/firewall/rules.conf && v-update-firewall && service vesta restart

Breakdown of the command

The parts of the first example are as follows so that you can see whats getting done and one command at a time.

Changes the port in the nginx file

sed -i 's/8083;/2083;/' /usr/local/vesta/nginx/conf/nginx.conf

Add firewall rule for new port using VestaCP command

v-add-firewall-rule ACCEPT 0.0.0.0/0 2083 TCP

Remove old port firewall rule using VestaCP command

v-delete-firewall-rule 2

Restart VestaCP

service vesta restart

For more information on this vulnerability you can view the VestaCP forum post where this was first reported.

v-add-firewall-rule

command not found :(

Hi, thanks for the information (and really sorry for my ignorance)

But, "IP Address: 0.0.0.0/0" is the real value I should use, or should I change 0.0.0.0 for my real droplet IP?

Thank you!

  • IP Address: 0.0.0.0/0 - As i understand it means that you accept all requests from all ip addresses with port 2083.

    So if you try to change this then you can accept request only from IP that you entered.

Have another answer? Share your knowledge.