Skip to content

Setup Proxy Domain

Jump to bottom
Marcel Hofer edited this page Mar 11, 2022 · 2 revisions

Proxy Domain

Setting up your complete ISPConfig panel behind a reverse proxy can be insecure in shared hosting environments.

For this reason, the DDNS module supports a secure mode using a proxy secret for administrators that do not want to change the ISPConfig port to 80 or 443 for some reason.

Use the following instructions to create a secure proxy just for DDNS.

1. Preparing your webserver

If you want to host the proxy domain in ISPConfig, you need to enable the apache2 mod_proxy module.

Run the following commands on your webserver:

sudo a2enmod proxy_http
systemctl reload apache2

2. Configuring the proxy domain

You can either use an existing website, or create a new website with PHP/CGI and other options disabled. Make sure to enable SSL.

Open the website settings in ISPConfig and change to the Options tab.

Under Apache Directives, add the following snipped:

# ddns proxy key header is only required if ispconfig does not trust the x-forwarded-for headers
RequestHeader set X-DDNS-Proxy-Key ""
ProxyRequests Off
ProxyErrorOverride Off
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
ProxyPass /ddns/update.php https://127.0.0.1:8080/ddns/update.php
ProxyPass /nic/ https://127.0.0.1:8080/nic/
ProxyPassReverse / https://127.0.0.1:8080/

On the second line, you must set a long, randomly generated string between ""

If your proxy is not running on the same host as ISPConfig, change the IP in ProxyPass and ProxyPassReverse accordingly.

3. Configuring the DDNS module to trust the proxy

You will need to create a local configuration inside the ddns module directory:

cd /var/www/ispconfig/ddns
cp update.config.local-example.php update.config.local.php

Now you should modify update.config.local.php and set the following options:

  • PROXY_HOST: the domain of your proxy website from step 2
  • TRUSTED_PROXY_KEY: the same key you set in the Apache Directives on the second line as the X-DDNS-Proxy-Key header

If your proxy is on a different server, you also need to add the TRUSTED_PROXY_IP config entry.

4. Verify

  • Create an test dns record and token
  • open the update URL popup in the token list
  • The URLs should now show your proxy domain
  • If you open an update url in your browser, you should receive a success message.
  • Verify that your real IP was set in the domain record.
  • Delete the test token and dns records again

If the proxy was misconfigured, it should show an error when accessing the URL via proxy domain.

Clone this wiki locally