PLESK 12 over Nginx: problem with IP address

[AlkatraZ]

PRODUCT, VERSION, MICROUPDATE, OPERATING SYSTEM, ARCHITECTURE
OS: Ubuntu 14.04 LTS (x64)
Plesk version: 12.0.18 Update #6

PROBLEM DESCRIPTION
The problem is that if Nginx on, Apache [remote_addr] does not show client IP, instead shows its own (server IP).

STEPS TO REPRODUCE
1) Create any domain
2) Put it in a Domain Document Root simple index.php file:

<?php
echo '<pre>';
print_r($_SERVER);
echo '</pre>';

6) Go from the browser to the address of the domain and see the values of the displayed variables...

ACTUAL RESULT
[REMOTE_ADDR] must show the address of the client, but instead it shows the server address.

EXPECTED RESULT
[REMOTE_ADDR] must show the address of the client
Because of the disturbed many PHP scripts that actively use $_SERVER['REMOTE_ADDR']

ANY ADDITIONAL INFORMATION
The same problem was on previous versions, but then the developers have corrected.
http://forum.parallels.com/showthread.php?287804-PLESK-11-5-Nginx-IP-problem

 

[AurélienJ]

Same problem on my server :/

 

[regisg]

The same on CentOS 6.5 (and also Plesk version: 12.0.18 Update #6)

Moreover, since Plesk 12.x, many usual ports are closed by default (ex. port mysql 3306, port 9000...)

So, much loss of time :-(

 

[regisg]

Sorry, for my part, i can see :

> netstat -tulpn | less
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:9000 0.0.0.0:* LISTEN 3526/php-fpm
tcp 0 0 aa.bbb.c.dd:80 0.0.0.0:* LISTEN 4701/nginx
where aa.bbb.c.dd is the IP adress of my server.

It seems there is a problem with regards to the first line (we got a 502 error http://www.nginxtips.com/502-bad-gateway-using-nginx/ when connecting with a php framework ie. code igniter)

 

[dako1312]

You already know how to fix the problem? If yes please tell other users please. thanks

 

[AlkatraZ]

The problem has not corrected, Nginx use impossible
At least tell me how to fix itself?

 

[IgorG]

Yes, we have corresponding old bug PPP-1249 that was fixed in Plesk 11.5
We will check this issue for Plesk 12.

 

[RuslanT]

Hello,
1. mod_rpaf support was missed for new OSes in Plesk 12 (SuSE 13.1, Ubuntu-14.04, CentOS-7) - it will be fixed soon (internal ID is PPPM-2033). As workaround you can download/build and install mod_rpaf apache module (for Ubuntu it's simple: # apt-get install libapache2-mod-rpaf).

2. If your server is affected by this issue on another OSes check that rpaf module is loaded:
# apachectl -M | grep rpaf
rpaf_module (shared)
Syntax OK
and server IPs are listed in RPAFproxy_ips directive:
[root@a10-52-36-63 ~]# grep -A1 rpaf /etc/httpd/conf/plesk.conf.d/server.conf
<IfModule mod_rpaf.c>
RPAFproxy_ips 10.52.36.63 [2002:5bcc:18fd:c::1:836]
--
<IfModule mod_rpaf-2.0.c>
RPAFproxy_ips 10.52.36.63 [2002:5bcc:18fd:c::1:836]

 

[AlkatraZ]

Unfortunately, the recommendations described above did not solve the problem.
However, it was possible to find a solution to the problem...
---
Now apache 2.4 provide areal remoteIP software (mod_remoteip). It there will be enabled by default .
rpaf there does not need.
Here you can find the solution: http://syslint.com/syslint/replacin...in-apache-2-4-nginx-real_ip-problem-solution/
---
When analyzing the PLESK configuration has been found that in the file /etc/apache2/plesk.conf.d/server.conf it was found that in the configuration:
<IfModule mod_remoteip.c>
RemoteIPInternalProxy MY_SERVER_IP
</IfModule>
lacks one line:
RemoteIPHeader X-Real-IP

As PLESK configuration files can not be changed manually, I added the missing lines at the end of the main Apache configuration file /etc/apache2/apache2.conf

<IfModule mod_remoteip.c>
RemoteIPHeader X-Real-IP
</IfModule>

Then we need to restart Apache, and the problem is solved.

 

[RuslanT]

Yes, it's correct. The issue caused by missed mod_remoteip directive and it's actual for 2 OSes: Ubuntu 14.04 and CentOS 7. The issue internal ID is PPPM-2202 and it will be fixed one of the nearest updates.

 

[UFHH01]

Sorry to correct the work - around, but the /plesk.conf.d/server.conf has a template which is located at: "/opt/psa/admin/conf/templates/default/"

In order to modify the setting "<IfModule mod_remoteip.c> .. </IfModule>" you rather would create a new template in a custom template directory at : /opt/psa/admin/conf/templates/custom/server/

... and choose to copy the existent
/opt/psa/admin/conf/templates/default/server/remoteip.php
to
/opt/psa/admin/conf/templates/custom/server/remoteip.php


Afterwards you would edit your just copied "remoteip.php", save it and you would run the command:

/usr/local/psa/admin/sbin/httpdmng --reconfigure-all​

... to make the changes to the existent .../plesk.conf.d/server.conf



This procedure is necessary, because a Plesk - customer doesn't know WHEN Parallels will change the Plesk - default templates and untill this time, it might be that other patches/updates/updgrades from Plesk will reconfigure the webserver configuration settings with the existent deafult template and all your manual changes will be gone! Plesk will never touch existent custom templates and if a custom template is existent, THIS template will be used instead of the default one!!!

 

[Thorsten_Neckel]

I had to add 127.0.0.1 for RemoteIPInternalProxy. Otherwise will get 127.0.0.1 for [REMOTE_ADDR] if you connect via IPv6. Or did I missed domething?

<IfModule <?php echo $OPT['mod'] ?>>
  <?php for ($ipAddresses = $VAR->server->ipAddresses->all, $ipAddress = reset($ipAddresses); $ipAddress; $ipAddress = next($ipAddresses)): ?>
  RemoteIPInternalProxy 127.0.0.1 <?php echo $ipAddress->address ?><?php for ($n = 1; $n < $VAR->server->webserver->apache->vhostIpCapacity && $ipAddress = next($ipAddresses); $n++) { echo " {$ipAddress->address}"; } ?>
  <?php endfor; ?>
  RemoteIPHeader X-Forwarded-For
</IfModule>

regards
Thorsten