1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

A word of advice to those that run their own VPS/Server

Discussion in 'Off Topic' started by Tracy Perry, Jan 3, 2015.

  1. Tracy Perry

    Tracy Perry Well-Known Member

    If you run a site that is SSL secured, and you use CSF for your firewall.....
    DON'T remove port 443 from the TCP_IN setting.

    Don't ask me how I know... don't really know WHY I removed it - other than it was a late night edit. BUT it WILL bring your site down. :whistle:
    Andrej, rafass, Gazhyde and 4 others like this.
  2. Liam W

    Liam W Well-Known Member

    I was going to say well dur, but that wouldn't have been very nice ;)

    Don't worry, I've done my fair share of stupid things late at night (I think I locked down all ports completely once...)

  3. MattW

    MattW Well-Known Member

    I spent several hours one night trying to figure why only I could view one of the sites on my server. Turned out, I'd blocked 443 and because my own dedicated IP was in the allowed firewall rules, only I could view it. I'd had it running for almost a month wondering why no one was posting!
    RobinHood, Fred., JVCode and 5 others like this.
  4. Sheratan

    Sheratan Well-Known Member

    443? I use 8080 for SSL so I block 443 #YOLO #SWAG

    FYI if you block 443 to then you cant do yum
    Last edited: Jan 4, 2015
  5. Tracy Perry

    Tracy Perry Well-Known Member

    Exactly what happened here. I have my home IP excluded... it was driving me totally bat poop crazy that I could see it... but go get on my phone and I couldn't via LTE nor could a couple of other folks I asked to check it. Was messing around at the CLI and that's when I had the "derp" moment of remembrance.
    Main reason I noticed it was I had been keeping an eye on my Adsense... and for today it was almost nothing. For the last several days it's been around $1 a day.
  6. Tracy Perry

    Tracy Perry Well-Known Member

    Why exactly do you do something that backwards? 8080 is normally used as a standard secondary http port. Why not just use 6969 or 6868?
  7. =MGN=RedEagle

    =MGN=RedEagle Well-Known Member

    Hahahaha man that is funny... lol WHERE DID THEY ALL GO???
  8. AdamD

    AdamD Well-Known Member

    What a newbie. :p
    SneakyDave likes this.
  9. SneakyDave

    SneakyDave Well-Known Member

    If your site is entirely SSL on 443, can you block port 80, or is that still used for some httpd functions?
  10. Tracy Perry

    Tracy Perry Well-Known Member

    You need to keep the Port 80 open. Folks still will attempt to hit your site frequently via http:// and it needs to be answering to force the rewrite to SSL.
    rafass and SneakyDave like this.
  11. rafass

    rafass Well-Known Member

    Thanks for the advice Tracy.
    appreciate it.
  12. Stallyon

    Stallyon Active Member

    Never access your shell when drunk. I was trying to find a particular directory, and instead of typing

    $ ls -lr | egrep `^d'
    I actually typed the wrong command before the pipe

    $ rm -fr | egrep `^d'
    Whoops! Talk about a cockup of a command. I always use the find command now.
  13. EQnoble

    EQnoble Well-Known Member


Share This Page