Accessing DirectAdmin Panel

By default DirectAdmin is listening only on port 2222, so, the access URL would be:

http://12.34.56.78:2222/

or

http://hostname.yourdomain.com:2222/

Running DA service through apache on port 80

Several people are unable to connect to DirectAdmin on port 2222 due to firewalls or proxies. It is possible to setup Apache to allow DirectAdmin to run through Apache using its proxy options.

In this example, we'll setup DirectAdmin to run through with server IP . Type your server's .

APACHE

With the custom template system, we can add sufficient overrides to not need to make any changes to the templates themselves.

  1. First, create the cp.example.com domain under a User level, as a full domain somewhere. This will allow you to setup SSL with LetsEncrypt very easily.
  2. Next, go to Admin Level -> Custom HTTPD Configuration -> cp.example.com and in the top |CUSTOM| token textarea, insert:
|*if SSL_TEMPLATE="1"|
|?HAVE_PHP1_FCGI=0|
|?HAVE_PHP2_FCGI=0|
|?HAVE_PHP1_FPM=0|
|?HAVE_PHP2_FPM=0|
|?CLI=0|
|?HAVE_PHP1_CLI=0|
|?HAVE_PHP2_CLI=0|
|?SUPHP=0|
|?HAVE_PHP1_SUPHP=0|
|?HAVE_PHP2_SUPHP=0|
       ProxyRequests off
       SSLProxyEngine on

       ProxyPass /phpmyadmin !
       ProxyPass /phpMyAdmin !
       ProxyPass /webmail !
       ProxyPass /roundcube !

       ProxyPass / "https://server.example.com:2222/"
       ProxyPassReverse / "https://server.example.com:2222/"
       #ProxyPreserveHost On
|*else|
       RewriteEngine On
       RewriteCond %{HTTPS} off
       RewriteCond %{REQUEST_URI} !^/.well-known
       RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
|*endif|
  1. Set a proper client IP logging:
cd /usr/local/directadmin
./directadmin set x_forwarded_from_ip "12.34.56.78"
service directadmin restart

NOTE: The above assumes that you've setup SSL for your hostname with this guide , so that the actual :2222 access matches, in the Proxy settings above. Because cp.example.com is a User Level domain, it cannot be your server.example.com , so they'll probably be different.

LITESPEED

LiteSpeed is slightly different in terms of using the ProxyPass option. For new method A, step 2, use the following instead:

|*if SSL_TEMPLATE="1"|
|?HAVE_PHP1_FCGI=0|
|?HAVE_PHP2_FCGI=0|
|?HAVE_PHP1_FPM=0|
|?HAVE_PHP2_FPM=0|
|?CLI=0|
|?HAVE_PHP1_CLI=0|
|?HAVE_PHP2_CLI=0|
|?SUPHP=0|
|?HAVE_PHP1_SUPHP=0|
|?HAVE_PHP2_SUPHP=0|
      RewriteEngine On
      #RewriteCond %{REQUEST_URI} !^/?(phpmyadmin|phpMyAdmin|webmail|roundcube|)/
      RewriteRule ^(.*)$ https://cp.|DOMAIN|:2222/$1 [P,L]
|*else|
      RewriteEngine On
      RewriteCond %{HTTPS} off
      RewriteCond %{REQUEST_URI} !^/.well-known
      RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
|*endif|

Note, LiteSpeed dose not allow proxying to just any value. You if you get this in the error.log:

[REWRITE] Proxy target is not defined on external application list, please add a 'web server' with name "https://cp.example.com:2222"

then you'll need to add an approved proxy web server in your LSWS panel Admin > Configuration -> Server -> External App -> Add for each host that will connect to DA. Should we find some way to override the "Host" value sent to LSWS from the redirect, then the value in the template could be unified, saving the need to load up everyone's cp.|DOMAIN| in the LSWS admin area. You'll also need to hit the "graceful reload" option after changing things.

NGINX

Edit the /etc/nginx/nginx-includes.conf file and add:

server {
   listen "12.34.56.78:80";
   server_name "cp.example.com";

   include /etc/nginx/webapps.conf;

   location / {
       proxy_pass       "http://server.example.com:2222/";
       proxy_set_header Host $host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_redirect "http://cp.example.com:2222/" "http://cp.example.com/";
   }
}

Restart nginx:

service nginx restart

Troubleshooting

If you're still unable to login run DA in debug mode, level 2000.

    Checking referer "https://server.example.com/" to "server.example.com:2222"
    Referer port (443) does not match DA's (2222): "https://server.example.com/"
In which case, you'd need to disable the port during the referer checks: https://www.directadmin.com/features.php?id=2194

Actively testing a DirectAdmin connection

By default, the dataskq will make sure that the "directadmin" process is running. You can take it a step further if you'd like to confirm that DA is responding and a user/pass is working correctly.

  1. First, create a login key for a sample DirectAdmin account. Set: Key Name: curltest Key Value: Random Expires On: Never Uses: 0 Commands: Allow: CMD_API_LOGIN_TEST Allowed IPs: 127.0.0.1 and enter your current password to create the key. The long string on the next page will be the password you'll use below.

  2. Type in your:
    Username:
    Login Key:

  3. Edit the script /home/username/da_test.sh and paste in the code:

#!/bin/sh
#DEBUG=0 normal running after settings confirmed
#DEBUG=1 basic output during testing to confirm settings
#DEBUG=2 raw output to see what's going on

DEBUG=0

USER="username"
PASSWORD="loginkey"

CONFIG=curl_config.txt
echo -n '' > ${CONFIG}
echo "user = \"${USER}:${PASSWORD}\"" >> ${CONFIG}

RUN="curl --config ${CONFIG} --silent --show-error http://127.0.0.1:2222/CMD_API_LOGIN_TEST"

if [ "${DEBUG}" -ge 2 ]; then
       eval $RUN
else
       #stderr to cron output
       RESULT=`eval $RUN 2>&1`
       RET=$?
       COUNT=`echo "$RESULT" | grep -c 'error=0'`
       if [ "${COUNT}" -gt 0 ]; then
               if [ "${DEBUG}" -ge 1 ]; then
                       echo "all is well";
               fi
               exit 0;
       else
               if [ "${RET}" -eq 0 ]; then
                       echo "Unable to verify login. Try DEBUG=2";
                       echo "curl returned code 0, so is likely a user/pass issue";
                       exit 1;
               else
                       echo "$RESULT";
                       echo "curl returned code ${RET}";
                       exit ${RET}
               fi
       fi
fi

Make it executable:

chmod 700 "/home/username/da_test.sh"

NOTE: If you're running DA with https, change http to https in the RUN variable. Same applies if you're not using port 2222, adjust the port there.

  1. Manually run the script to see if it work:
"/home/username/da_test.sh"; echo $?

If you see '0' as the output, that's a good thing. Set DEBUG to 1 or 2 to help sort out any issues.

  1. Once you confirm it is working, create a cronjob under the username account DA panel > User Level > CronJobs Leave all time values as *, but set the command to be:
"/home/username/da_test.sh"

and do not press the "Prevent E-Mail", or else you won't get any notices.

  1. On the same Cronjobs page, type in your E-Mail in the "Send all Cron output to E-Mail" section. Check that account for any emails containing output if DA is not running.
Last Updated: