When you add a domain to Cloudflare you have a choice of either enabling proxied (orange-cloud icon) or non-proxied (grey-cloud icon) DNS traffic through Cloudflare. When traffic is proxied through Cloudflare it will utilise the various security and performance features available.
When you use Cloudflare’s proxy service (orange-cloud icon) with DirectAdmin you will find you are unable to connect to your DirectAdmin control panel on port 2222. This is because Cloudflare automatically strips port numbers from requests as it does not allow proxying to arbitrary ports.
One way around this is to disable proxied traffic through Cloudflare by clicking the orange-cloud and reverting to the DNS only option (grey-cloud) within your Cloudflare dashboard. This will mean that Cloudflare will only be providing DNS services and your domain will not benefit from Cloudflare’s security and performance features. Alternatively, you can utilise Cloudflare Spectrum which is available on all their paid plans (Pro, Business and Enterprise).
However, if you don’t want to disable proxied traffic nor do you access to Cloudflare Spectrum, you can still keep Cloudflare proxied traffic settings and maintain access to the DirectAdmin dashboard by changing the default port from 2222. Cloudflare provides a range of network ports that are accessible through its proxy by default. At this current time the options are:
In this guide, we will show you how to change your default port to access DirectAdmin from 2222 to an alternative port. We will also show you how to update ConfigServer Firewall (CSF) settings to remove the old port, enable the new alternative port and change the DirectAdmin port monitored by CSF.
How to Change DirectAdmin Default Port to Work with Cloudflare Proxy
Add New Port to ConfigServer Firewall (CSF)
For the purposes of this guide we have chosen our alternative port as 2083. However, if you want to use chose a different alternative port you can select from list below:
Cloudflare Ports | ||
---|---|---|
HTTP Port | HTTPS Port | |
80 | 443 | |
8080 | 8443 | |
2052 | 2053 | |
2082 | 2083 | |
2086 | 2087 | |
2095 | 2096 |
IMPORTANT
We highly recommend you do not select either ports 80, 8080, 443 or 8443 as an alternative port because these are used as default by Apache, Nginx and Openlitespeed web servers.
Before changing the port number in the DirectAdmin settings you will need to make sure you have added the alternative port number to ConfigServer Firewall (CSF) otherwise you will lose access to your DirectAdmin dashboard.
Although you can add the new port to the IPv4 and IPv6 Port Settings within ConfigServer Firewall (CSF) GUI from the dashboard you will not be able to amend the OS Specific Settings within ConfigServer Firewall (CSF) to change the DirectAdmin port as this option is restricted within the GUI.
Firstly, log into your server using SSH. Once you have logged in, we will need to edit the ConfigServer Firewall (CSF) configuration file using the following command.
nano /etc/csf/csf.conf
Now scroll down to the section entitled # SECTION:IPv4 Port Settings
and under the # Allow incoming TCP ports
and # Allow outgoing TCP ports
add the new alternative port 2083 at the end of the TCP_IN =
and TCP_OUT =
lines.
# SECTION:IPv4 Port Settings # Allow incoming TCP ports TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2222,2083" # Allow outgoing TCP ports TCP_OUT = "20,21,22,25,53,80,110,113,443,2222,2083"
Now scroll down to the section entitled # SECTION:IPv6 Port Settings
and under the # Allow incoming IPv6 TCP ports
and # Allow outgoing IPv6 TCP ports
add the new alternative port 2083 at the end of the TCP6_IN =
and TCP6_OUT =
lines.
# SECTION:IPv6 Port Settings # Allow incoming IPv6 TCP ports TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2222,2083" # Allow outgoing IPv6 TCP ports TCP6_OUT = "20,21,22,25,53,80,110,113,443,2222,2083"
NOTE
At this point in the guide you can safely remove the default DirectAdmin port 2222 within the incoming and outgoing TCP and TCP6 ports from the ConfigServer Firewall (CSF) configuration file.
Now scroll down to the bottom of the file until you reach the section entitled # SECTION:OS Specific Settings
. Under the option PORTS_directadmin =
change the port from 2222 to the new new alternative port 2083.
# SECTION:OS Specific Settings PORTS_directadmin = "2083"
Now save and exit the ConfigServer Firewall (CSF) configuration file and reload the configuration file with the new settings using the following command.
csf -ra
That’s it. You have now successfully added the new alternative port 2083 to the ConfigServer Firewall (CSF) configuration file and amended the DirectAdmin port within the OS settings section. Now we will need to edit DirectAdmin configuration file to change the settings from the default 2222 port to the new alternative 2083 port.
Change Port in DirectAdmin Settings
You can check the existing settings in the DirectAdmin configuration file using the following command.
/usr/local/directadmin/directadmin c | grep port
As you can see from the output the current port is 2222.
[root@vpsbasics] # /usr/local/directadmin/directadmin c | grep port port=2222 ssl_port=0 check_referer_port=1 port_80=80 port_443=443 port_8080=8080 port_8081=8081
To change the port from the default 2222 port to the new alternative 2083 port, simply use the following commands.
cd /usr/local/directadmin ./directadmin set port 2083
Now the port has been changed in the DirectAdmin configuration file, we will need to stop the DirectAdmin service and restart it using the following commands.
killall -9 directadmin service directadmin start && service directadmin status
Now check the DirectAdmin configuration file to ensure the alternative port has been updated using the following command.
/usr/local/directadmin/directadmin c | grep port
[root@vpsbasics] # /usr/local/directadmin/directadmin c | grep port port=2083 ssl_port=0 check_referer_port=1 port_80=80 port_443=443 port_8080=8080 port_8081=8081
When using Cloudflare proxy (orange-cloud) you will find other services such as FTP will not work when trying to connect using the domain name (ftp.domain.com). This is because Cloudflare only proxies HTTP(S) traffic acting as a gateway to your website and is not hosting it directly. The website is still hosted on your server. In order to connect to your website using FTP you will need to use the server’s IP address (192.0.1.168) and the FTP port (21).
That’s it. You have now successfully added the new alternative port 2083 to the ConfigServer Firewall (CSF) configuration file, amended the DirectAdmin port within the OS settings section and edited the DirectAdmin configuration file to change the settings from the default 2222 port to the new alternative 2083 port.