How to restrict access to the trixbox web page?

Changing default passwords is always good.

If you understand the basics of iptables but have a hard time grasping the syntax, then you should install webmin. The linux firewall module (which controls iptables) included with it is no frills, but gives you a graphical outlay of all the different options you can use in a firewall rule.

As far as password protecting your web interface and changing the port, these are all apache configuration issues. Changing the listening port in webmin for apache is easy. Simply go to Servers>Apache Webserver, click on the Global Configuration tab, click Networking and Addresses, and change port 80 to whatever you need (but you need to keep it out of the range of other services).

To password protect the entire site, you will need to goto your linux console and add a new username to the apache password file. To do this, type the following command, replacing with the actual username you want to use

htpasswd /usr/local/apache/passwd/wwwpasswd <username>

and then go back to webmin, then servers>Apache Webserver and click on default server. Then click Directory /var/www/html, click Access Control, then choose the following options:

1. Authentication Realm Name: Restricted Access Here
2. Restrict Access By Login: Only these users: (whatever username you entered before)
3. User text file: click the radio box next to the text box and type in /usr/local/apache/passwd/wwwpasswd
4. Access checking order: Allow then Deny
5. Authentication type: Basic

Click Save twice, then click apply changes. You should now be prompted for a username and password to access the user portion of the trixbox.

Webmin is your friend.

Great info, thanks!