Built-in ihttpd web server

The built-in ihttpd web server is required for the panel to function. It is not involved in website operation and is configured automatically during panel installation.

Automatic configuration of the ihttpd

The built-in web server automatically listens to port 1500 of the main IP address (both IPv4 and IPv6).

Different ways to configure the ihttpd

You can configure the web server to listen to certain IP addresses and ports either through the command line or the configuration file.

If you specify settings in the configuration file, the configuration parameters that were specified in the command line will be ignored.

Command line

When starting the web server,, you can specify a specific IP address and port to listen. For more information about this function start the web server using the -h key.

Configuration file

Default path: /usr/local/mgr5/etc/ihttpd.conf

In the listen section of that file you can specify IP addresses to listen:

 listen {
   ip <IP address to listen>
   port <port to listen>
   certkey <path to the file key of the SSL-certificate>
   cert <path to the SSL-certificate's file>
 }

• The IP address is a mandatory parameter
• Other parameters are optional
• If the port parameter is not specified, the default port (1500) of the built-in web server will be used
• Both the certkey and cert parameters must be specified. You cannot specify only one parameter
• If the certificates' paths are not specified, the built-in web server will use a self-signed SSL certificate that was created automatically
• If the redirect parameter is specified, users won't be able to access the panel through HTTP. HTTP requests will be sent to the same URL through the HTTPS protocol. If you install the panel from packages, redirect is specified by default
• If the status parameter is present, when accessing the specified URL, the built-in web server will generate the status page (displaying, in particular, the number of active connections). This function is disabled by default
• If the nochunked parameter is present, the built-in web server will add the Connection: close header to all responses:  this will force clients to use a new connection for each new request. This parameter has been added to integrate the built-in web server with nginx
• The parameters allow_ip or deny_ip allow or deny access to certain URLs. URL must not contain domain or port — only the path after the port, for example mancgi/dbadmin. The rules are processed in the order they appear in the list. If there are conflicting rules, the rule higher in the list will be applied first. If there is an allowing rule, then for the specified url, all IPs which do not fall under the rule are considered prohibited
• ssl_cipher — the parameter for configuring SSL encryption. The format of the string corresponds to the priorities parameter of the gnutls_priority_init function. E.g., NORMAL:-AES-128-CBC. Default value: NORMAL:-VERS-SSL3.0
• timeout — maximum time of inactivity of the session. Default value — 600 sec

 listen {
   ip *
 }

 listen {
   ip 5.6.7.8
 }

 listen {
   ip 5.6.7.8
   port 1700
 }

 listen {
   ip 5.6.7.8
   port 1700
   certkey etc/my.key
   cert etc/my.crt
 }

 listen {
   ip ::
 }

 listen {
   ip 2001:db8::ae21:ad12
   port 1800
 }

 listen {
   ip 1.2.3.4
   allow_ip ispmgr 5.6.7.8/24
 }

 listen {
   ip 1.2.3.4
   deny_ip ispmgr 5.6.7.8-5.6.7.88
 }

After you have modified the ihttpd configuration file, restart the service:

For Debian-based systems:

service ihttpd restart

For RHEL-based systems:

systemctl restart ihttpd

Technical details

• The connection remains active for one hour.
• The web server does not support HTTP/2.