How Do I Change the Port Used by VestaCP?

To get started, please visit: https://[droplet-ip]:8083/list/firewall/ (where [droplet-ip] is the IPv4 IP of your Droplet).

From the firewall configuration page, please click on the + icon to create a new firewall rule and use the following details to populate form. We’re using port 2083 in this example, though you can use any port that isn’t already in use.

Action: Accept
Protocol: TCP
Port: 2083
IP Address:

Click Save to add the rule to the firewall.

Once the firewall rule has been added, we’ll need to edit the NGINX configuration for VestaCP. Please login via SSH and navigate to /usr/local/vesta/nginx/conf/ using:

cd /usr/local/vesta/nginx/conf/

We’ll need to edit the nginx.conf file and change the port that NGINX listens on from 8083 to 2083 (or the port you chose to use).

nano nginx.conf


listen          8083;


listen          2083;

Once the port has been changed, press CTRL+X, followed by y, and then hit enter to save your changes.

Now that we have an active firewall rule allowing us to accept connections on the new port and we’ve made the changes required to allow NGINX to listen on the new port, we’ll restart VestaCP to allow the changes to take effect:

service vesta restart

The final step is removing the firewall entry for the previous port we were using. To do this, we’ll visit https://[droplet-ip]:2083/list/firewall/ (notice, we’re using the new port in the URL now).

Hover over the firewall entry that shows 8083 and click on Delete, then OK. You’re done!

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Here is a simple all in one command solution that will do it for you from terminal.

sed -i 's/8083;/2083;/' /usr/local/vesta/nginx/conf/nginx.conf && v-add-firewall-rule ACCEPT 2083 TCP && v-delete-firewall-rule 2 && service vesta restart

If you have not modified the default firewall rules #2 is for the 8083. If you have you can use this longer command to be more safe

sed -i 's/8083;/2083;/' /usr/local/vesta/nginx/conf/nginx.conf && v-add-firewall-rule ACCEPT 2083 TCP && sed -i -e '/8083/ s/ACCEPT/DROP/' /usr/local/vesta/data/firewall/rules.conf && v-update-firewall && service vesta restart

Breakdown of the command

The parts of the first example are as follows so that you can see whats getting done and one command at a time.

Changes the port in the nginx file

sed -i 's/8083;/2083;/' /usr/local/vesta/nginx/conf/nginx.conf

Add firewall rule for new port using VestaCP command

v-add-firewall-rule ACCEPT 2083 TCP

Remove old port firewall rule using VestaCP command

v-delete-firewall-rule 2

Restart VestaCP

service vesta restart

For more information on this vulnerability you can view the VestaCP forum post where this was first reported.

Hi, thanks for the information (and really sorry for my ignorance)

But, “IP Address:” is the real value I should use, or should I change for my real droplet IP?

Thank you!