myVesta

Please if you could explain how it works.
The secret URL protects and hides administrator access to the MyVesta dashboard, but is it normal for you to block dashboard access to all end users?

Example:

It works very well
https://domain_server:8083/?MY-SECRET-URL

But end users with their own domains don't work
https://domain_users:8083/

How to prevent the end user from seeing and knowing the secret URL?
To correctly enter the dashboard, they are entering like this:
https://domain_users:8083/?MY-SECRET-URL

And they must use my secret URL which is no longer secret

Idea of secret-url is to protect you from (hypothetical) zero-day security vulnerabilities.
For example, someone discover security vulnerability in Vesta php script, makes bot that will scan all IP rangs, find all Vesta servers, and makes massive hack of all servers.
With secret url, hackers will not find your myVesta server.

If someone find security vulnerability we will fix it immediately, so there is no time for your users to hack you, even if they have high hacker skills

It is absolutely safe to give someone your secret URL, it's just a link that will open login form of myVestaCP.
He can not hack you with that URL.
With secret url, he will just be able to load login form of myVesta.

dpeca wrote: ↑Thu Jul 23, 2020 10:42 am Idea of secret-url is to protect you from (hypothetical) zero-day security vulnerabilities.
For example, someone discover security vulnerability in Vesta php script, makes bot that will scan all IP rangs, find all Vesta servers, and makes massive hack of all servers.
With secret url, hackers will not find your myVesta server.

If someone find security vulnerability we will fix it immediately, so there is no time for your users to hack you, even if they have high hacker skills

Thanks, master!
I thought there was some risk in having to share the MY-SECRET-URL with other people.

There is no risk, just panel will works