How to Change DirectAdmin Default Port to Work with Cloudflare Proxy

When you add a domain to Cloudflare you have a choice of either enabling proxied (orange-cloud icon) or non-proxied (grey-cloud icon) DNS traffic through Cloudflare. When traffic is proxied through Cloudflare it will utilise the various security and performance features available.

When you use Cloudflare’s proxy service (orange-cloud icon) with DirectAdmin you will find you are unable to connect to your DirectAdmin control panel on port 2222. This is because Cloudflare automatically strips port numbers from requests as it does not allow proxying to arbitrary ports.

One way around this is to disable proxied traffic through Cloudflare by clicking the orange-cloud and reverting to the DNS only option (grey-cloud) within your Cloudflare dashboard. This will mean that Cloudflare will only be providing DNS services and your domain will not benefit from Cloudflare’s security and performance features. Alternatively, you can utilise Cloudflare Spectrum which is available on all their paid plans (Pro, Business and Enterprise).

However, if you don’t want to disable proxied traffic nor do you access to Cloudflare Spectrum, you can still keep Cloudflare proxied traffic settings and maintain access to the DirectAdmin dashboard by changing the default port from 2222. Cloudflare provides a range of network ports that are accessible through its proxy by default. At this current time the options are:

In this guide, we will show you how to change your default port to access DirectAdmin from 2222 to an alternative port. We will also show you how to update ConfigServer Firewall (CSF) settings to remove the old port, enable the new alternative port and change the DirectAdmin port monitored by CSF.

How to Change DirectAdmin Default Port to Work with Cloudflare Proxy

Add New Port to ConfigServer Firewall (CSF)

For the purposes of this guide we have chosen our alternative port as 2083. However, if you want to use chose a different alternative port you can select from list below:

Cloudflare Ports
HTTP PortHTTPS Port
80443
80808443
20522053
20822083
20862087
20952096

IMPORTANT

We highly recommend you do not select either ports 80, 8080, 443 or 8443 as an alternative port because these are used as default by Apache, Nginx and Openlitespeed web servers.

Before changing the port number in the DirectAdmin settings you will need to make sure you have added the alternative port number to ConfigServer Firewall (CSF) otherwise you will lose access to your DirectAdmin dashboard.

Although you can add the new port to the IPv4 and IPv6 Port Settings within ConfigServer Firewall (CSF) GUI from the dashboard you will not be able to amend the OS Specific Settings within ConfigServer Firewall (CSF) to change the DirectAdmin port as this option is restricted within the GUI.

Firstly, log into your server using SSH. Once you have logged in, we will need to edit the ConfigServer Firewall (CSF) configuration file using the following command.

nano /etc/csf/csf.conf

Now scroll down to the section entitled # SECTION:IPv4 Port Settings and under the # Allow incoming TCP ports and # Allow outgoing TCP ports add the new alternative port 2083 at the end of the TCP_IN = and TCP_OUT = lines.

 # SECTION:IPv4 Port Settings
# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2222,2083"

# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,53,80,110,113,443,2222,2083"

Now scroll down to the section entitled # SECTION:IPv6 Port Settings and under the # Allow incoming IPv6 TCP ports and # Allow outgoing IPv6 TCP ports add the new alternative port 2083 at the end of the TCP6_IN = and TCP6_OUT = lines.

# SECTION:IPv6 Port Settings
# Allow incoming IPv6 TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2222,2083"

# Allow outgoing IPv6 TCP ports
TCP6_OUT = "20,21,22,25,53,80,110,113,443,2222,2083"

NOTE

At this point in the guide you can safely remove the default DirectAdmin port 2222 within the incoming and outgoing TCP and TCP6 ports from the ConfigServer Firewall (CSF) configuration file.

Now scroll down to the bottom of the file until you reach the section entitled # SECTION:OS Specific Settings. Under the option PORTS_directadmin = change the port from 2222 to the new new alternative port 2083.

 # SECTION:OS Specific Settings
PORTS_directadmin = "2083"

Now save and exit the ConfigServer Firewall (CSF) configuration file and reload the configuration file with the new settings using the following command.

csf -ra

That’s it. You have now successfully added the new alternative port 2083 to the ConfigServer Firewall (CSF) configuration file and amended the DirectAdmin port within the OS settings section. Now we will need to edit DirectAdmin configuration file to change the settings from the default 2222 port to the new alternative 2083 port.

Change Port in DirectAdmin Settings

You can check the existing settings in the DirectAdmin configuration file using the following command.

/usr/local/directadmin/directadmin c | grep port

As you can see from the output the current port is 2222.

[root@vpsbasics] # /usr/local/directadmin/directadmin c | grep port
port=2222
ssl_port=0
check_referer_port=1
port_80=80
port_443=443
port_8080=8080
port_8081=8081

To change the port from the default 2222 port to the new alternative 2083 port, simply use the following commands.

cd /usr/local/directadmin 
./directadmin set port 2083

Now the port has been changed in the DirectAdmin configuration file, we will need to stop the DirectAdmin service and restart it using the following commands.

killall -9 directadmin
service directadmin start && service directadmin status

Now check the DirectAdmin configuration file to ensure the alternative port has been updated using the following command.

/usr/local/directadmin/directadmin c | grep port
[root@vpsbasics] # /usr/local/directadmin/directadmin c | grep port
port=2083
ssl_port=0
check_referer_port=1
port_80=80
port_443=443
port_8080=8080
port_8081=8081

When using Cloudflare proxy (orange-cloud) you will find other services such as FTP will not work when trying to connect using the domain name (ftp.domain.com). This is because Cloudflare only proxies HTTP(S) traffic acting as a gateway to your website and is not hosting it directly. The website is still hosted on your server. In order to connect to your website using FTP you will need to use the server’s IP address (192.0.1.168) and the FTP port (21).

That’s it. You have now successfully added the new alternative port 2083 to the ConfigServer Firewall (CSF) configuration file, amended the DirectAdmin port within the OS settings section and edited the DirectAdmin configuration file to change the settings from the default 2222 port to the new alternative 2083 port.

How useful was this guide?

Click on a star to rate it!

Average rating / 5. Vote count:

Be the first to rate this guide.

We are sorry that this guide was not useful for you!

Help us to improve this guide!

Tell us how we can improve this guide?

By VPSBasics

This guide was written by the VPS Basics editorial team, led by Gilberto Van Roosen. They are a unique blend of people, dedicated to providing highly detailed, comprehensive and importantly easy to follow tutorials, written in plain English. They specialise in tutorials for managing Linux servers and its software.

Join the Conversation

Note: Your email address will not be published when posting a comment.

Note: All comments are held for moderation and are reviewed by our editorial team prior to approval.

VPSBasics uses Akismet anti-spam filters to reduce spam across our website. Our website is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. Learn how your data is processed.