How To: Install Ajenti (behind Nginx) on Ubuntu

Ajenti is web-based system administration application similar to Webmin and cPanel.

In this post, we'll install Ajenti and update our Nginx (engine-x) configuration to ensure that all requests to Ajenti's admin panel are only available over HTTPS.

Install Ajenti

To install Ajenti, we'll use "apt" (Debian/Ubuntu's advanced packaging tool).

First, we need to add the Ajenti repository to /etc/apt/sources.list:

sudo apt-add-repository "deb http://repo.ajenti.org/ng/debian main main ubuntu"

Note: If your missing 'apt-add-repository': sudo apt-get install python-software-properties

Next, we need to add the Ajenti repository key:

wget http://repo.ajenti.org/debian/key -O- | sudo apt-key add -

Now, we can install the package:

sudo apt-get update && sudo apt-get install ajenti

Open the Ajenti configuration file with a text editor. I used nano:

sudo nano /etc/ajenti/config.json

And, disable Ajenti's SSL support:

"ssl": {
    "enable": false,
    "certificate_path": "/etc/ajenti/ajenti.pem"
},

Update your Nginx configuration

The next step is to update your Nginx configuration file:

server {
    listen                      443 ssl;
    server_name                 robferguson.org;
    access_log                  /var/log/nginx/access.log;
    error_log                   /var/log/nginx/error.log;

    ssl_certificate             /etc/nginx/ssl/robferguson_org.crt;
    ssl_certificate_key         /etc/nginx/ssl/robferguson_org.key;
    ssl_session_timeout         5m;
    ssl_protocols               SSLv3 TLSv1;
    ssl_ciphers                 ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
    ssl_prefer_server_ciphers   on;

    location /ajenti {
        rewrite (/ajenti)$ / break;
        rewrite /ajenti/(.*) /$1 break;

        proxy_pass              http://127.0.0.1:8000;
        proxy_redirect /        /ajenti/;
        proxy_set_header        Host             $host;
        proxy_set_header        X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_http_version      1.1;
        proxy_set_header        Upgrade          $http_upgrade;
        proxy_set_header        Connection       $http_connection;
        proxy_set_header        Origin           http://$host;
    }

    location /ghost {
        proxy_pass              http://127.0.0.1:2368;
        proxy_redirect          off;
        proxy_set_header        Host             $host;
        proxy_set_header        X-Real-IP        $remote_addr;
        proxy_set_header        X-Forwarded-For  $proxy_add_x_forwarded_for;
    }

    location / { 
        return                  301 http://$host$request_uri;
    }
}

Now, restart Nginx:

sudo service nginx restart

Then, restart Ajenti:

sudo service ajenti restart

And, navigate to Ajenti's admin panel:

Which will only be accessable via HTTPS from now on.