• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Apache SSL behind NGINX

O

OverWolf

Regular Pleskian
Hi,

I would like to know what do you think about configure SSL on Apache when that it's present on NGINX.
I have seen that default Plesk configuration for /etc/httpd/conf.d is turn off SSL.
Is this a best practice ? Or should I enable SSL as I have configure it on NGINX ? (ciphers, protocol, etc) ?

Thank you
 
Hello,
when you install a SSL certificate, it will be added to your nginx vhost configuration but also to the apache vhost. SSL is enabled for both of them.
 
Hi VirtuBox,
if I look inside ssl.conf in conf.d/ of https, I can see this
Code: 
##   SSL Engine Switch:
##   Enable/Disable SSL for this virtual host.
#SSLEngine on
#
##   SSL Protocol support:
## List the enable protocol levels with which clients will be able to
## connect.  Disable SSLv2 access by default:
#SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
If I read well, SSL is off, so every request that NGINX accept on 443 is pass to httpd not via ssl but it's pass "as clear text"; so the encryption is from NGINX to client.
My question is also about server different content over SSL, and if I can configure SSL from apache to client (using nginx as proxy front end) I'llbe sure that the correct content will be displayed. is this correct ?
 
Apache is listening on the port 7080 for http connections and on the port 7081 for https connections. If you check one of your vhosts, you will find the lines :
Code: 
   SSLEngine on
                SSLVerifyClient none
                SSLCertificateFile /opt/psa/var/certificates/cert-XXXXX
                SSLCACertificateFile /opt/psa/var/certificates/cert-XXXXX
 
Hi VirtuBox,
I can see that in plesk.conf.d there is SSLEngine on, but that file (server.conf) isn't modificable because it's generated automatically.
In ssl.conf I can specify witch protocol and ciphers can be used, so my question was about if I can enable it (use ssl.conf) without create problems with plesk configuration.
 
OverWolf said:
Hi VirtuBox,
I can see that in plesk.conf.d there is SSLEngine on, but that file (server.conf) isn't modificable because it's generated automatically.
In ssl.conf I can specify witch protocol and ciphers can be used, so my question was about if I can enable it (use ssl.conf) without create problems with plesk configuration.
Click to expand...

You don't need to enable ssl globally. That's the same for nginx, the directive "ssl on" is enabled only inside each vhosts, .
 
You must log in or register to reply here.

Similar threads

brother4
Question Best way to block direct PHP file access and ensure .htaccess rules are always applied with Nginx as a reverse proxy?
Replies
1
Views
373
brother4
brother4
B
Issue NGINX Issue
Replies
1
Views
531
Martin Dias
Martin Dias
T
ISSUE - Nginx config generation failure and http2 directive implementation failure
Replies
14
Views
2K
Bitpalast
Bitpalast
brother4
Question Optimizing PHP FPM Handler Settings for Apache and Nginx in Plesk
Replies
0
Views
221
brother4
brother4
D
Question NGINX Unit on server under plesk
Replies
4
Views
1K
trialotto
T
Back
Top