Configuring BILLmanager address

From ISPWiki
Jump to: navigation, search

By default BILLmanager is running through a built-in ihttpd web-server and can be accessed at https://ip:1500/billmgr

This article walks you through the steps you need to perform to change BILLmanager address, so that it can be accessed at, let's say, my.domain.com

There are two ways how to change BILLmanager address:

  • Configure ihttpd
  • Configure nginx + ihttpd

Configuring ihttpd

If you are not going to use any web-applications on the server running BILLmanager, change the ihttpd port into 443 and 80.

Edit the ihttpd configuration file:

listen {
       ip 10.10.10.10
       port 443
}       
listen {
       ip 10.10.10.10
       port 80
       redirect
}

This means that ihttpd will receive connections on ports 80 and 443. Connections to port 80 will be redirected to port 443.

Restart the service

service ihttpd restart

COREmanager will be accessible at https://10.10.10.10 by default. If you want to change this address, create the /usr/local/mgr5/bin/index file containing billmgr, so that BILLmanager can be accessed at https://10.10.10.10.

Redirect the A record of the my.domain.com domain to 10.10.10.10. BILLmanager can be accessed at https://my.domain.com

Configuring nginx + ihttpd

Install Nginx on CentOS

yum install nginx

Install Nginx on Debian

 apt-get install nginx  

Configuring Nginx

Add into the Nginx (/etc/nginx/nginx.conf) configuration file:

server {	

       listen 10.10.10.10:443;
       server_name my.domain.com;	
       ssl on;	
       ssl_certificate /usr/local/mgr5/etc/manager.crt;	
       ssl_certificate_key /usr/local/mgr5/etc/manager.key; 	
 
       set $mgr_proxy "http://10.10.10.10:1500";         
         
       location ^~ /manimg/ { 		
              alias /usr/local/mgr5/skins/; 	
       } 	
       
       location / { 		
                proxy_pass $mgr_proxy; 		
                proxy_redirect $mgr_proxy /; 		
                proxy_set_header Host $host:$server_port; 		
                proxy_set_header X-Forwarded-For $remote_addr; 		
                proxy_set_header X-Forwarded-Proto $scheme; 		
                proxy_set_header X-Real-IP $remote_addr;                
                proxy_set_header X-Forwarded-Secret mary123;  		
                chunked_transfer_encoding off; 
 	}

 	location ^~ /mancgi/ {
	        proxy_pass $mgr_proxy;
	        proxy_redirect $mgr_proxy /;
	        proxy_set_header Host $host:$server_port;
	        proxy_set_header X-Forwarded-For $remote_addr; 
                proxy_set_header X-Forwarded-Proto $scheme;
	        proxy_set_header X-Real-IP $remote_addr;
	        proxy_set_header X-Forwarded-Secret mary123;
	        chunked_transfer_encoding off;
	}
}

ForwardedSecret - a combination of letters and digits constituting a key that is used for checking authentication from certain IP addresses, if you are running Nginx. It helps to protect from invalid login attempts.

Make sure a secret phrase from the nginx configuration file (the proxy_set_header X-Forwarded-Secret directive) matches the phrase in BILLmanager configuration file (the ForwardedSecret directive).

Restart the panel after modifying the BILLmanager configuration file

/usr/local/mgr5/sbin/mgrctl -m billmgr exit

If you want BILLmanager to be accessed at http://my.domain.com (not httpS) and redirected to https, add the following information into the Nginx configuration file:

 server {
	listen 10.10.10.10:80;
	server_name my.domain.com;
	rewrite ^(.*)$ https://$server_name$1 permanent;
	}

Restart Nginx

service nginx restart

In the ihttpd configuration file (/usr/local/mgr5/etc/ihttpd.conf) the redirect will be removed to avoid address incrementation. The ihttpd configuration file looks like the following:

listen {
        ip 10.10.10.10
}

Create the /usr/local/mgr5/bin/index index file containing billmgr.

Redirect the A record of the my.domain.com domain to 10.10.10.10. Now BILLmanager can be accessed at https://my.domain.com