How To: Install Ajenti (behind Nginx) on Ubuntu
Ajenti is web-based system administration application similar to Webmin and cPanel.
In this post, we'll install Ajenti and update our Nginx (engine-x) configuration to ensure that all requests to Ajenti's admin panel are only available over HTTPS.
Install Ajenti
To install Ajenti, we'll use "apt" (Debian/Ubuntu's advanced packaging tool).
First, we need to add the Ajenti repository to /etc/apt/sources.list
:
sudo apt-add-repository "deb http://repo.ajenti.org/ng/debian main main ubuntu"
Note: If your missing 'apt-add-repository':
sudo apt-get install python-software-properties
Next, we need to add the Ajenti repository key:
wget http://repo.ajenti.org/debian/key -O- | sudo apt-key add -
Now, we can install the package:
sudo apt-get update && sudo apt-get install ajenti
Open the Ajenti configuration file with a text editor. I used nano:
sudo nano /etc/ajenti/config.json
And, disable Ajenti's SSL support:
"ssl": {
"enable": false,
"certificate_path": "/etc/ajenti/ajenti.pem"
},
Update your Nginx configuration
The next step is to update your Nginx configuration file:
server {
listen 443 ssl;
server_name robferguson.org;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
ssl_certificate /etc/nginx/ssl/robferguson_org.crt;
ssl_certificate_key /etc/nginx/ssl/robferguson_org.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
location /ajenti {
rewrite (/ajenti)$ / break;
rewrite /ajenti/(.*) /$1 break;
proxy_pass http://127.0.0.1:8000;
proxy_redirect / /ajenti/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header Origin http://$host;
}
location /ghost {
proxy_pass http://127.0.0.1:2368;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
return 301 http://$host$request_uri;
}
}
Now, restart Nginx:
sudo service nginx restart
Then, restart Ajenti:
sudo service ajenti restart
And, navigate to Ajenti's admin panel:
Which will only be accessable via HTTPS from now on.