• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Apache SSL behind NGINX

OverWolf

Regular Pleskian
Hi,

I would like to know what do you think about configure SSL on Apache when that it's present on NGINX.
I have seen that default Plesk configuration for /etc/httpd/conf.d is turn off SSL.
Is this a best practice ? Or should I enable SSL as I have configure it on NGINX ? (ciphers, protocol, etc) ?

Thank you
 
Hello,
when you install a SSL certificate, it will be added to your nginx vhost configuration but also to the apache vhost. SSL is enabled for both of them.
 
Hi VirtuBox,
if I look inside ssl.conf in conf.d/ of https, I can see this
Code:
##   SSL Engine Switch:
##   Enable/Disable SSL for this virtual host.
#SSLEngine on
#
##   SSL Protocol support:
## List the enable protocol levels with which clients will be able to
## connect.  Disable SSLv2 access by default:
#SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
If I read well, SSL is off, so every request that NGINX accept on 443 is pass to httpd not via ssl but it's pass "as clear text"; so the encryption is from NGINX to client.
My question is also about server different content over SSL, and if I can configure SSL from apache to client (using nginx as proxy front end) I'llbe sure that the correct content will be displayed. is this correct ?
 
Apache is listening on the port 7080 for http connections and on the port 7081 for https connections. If you check one of your vhosts, you will find the lines :
Code:
   SSLEngine on
                SSLVerifyClient none
                SSLCertificateFile /opt/psa/var/certificates/cert-XXXXX
                SSLCACertificateFile /opt/psa/var/certificates/cert-XXXXX
 
Hi VirtuBox,
I can see that in plesk.conf.d there is SSLEngine on, but that file (server.conf) isn't modificable because it's generated automatically.
In ssl.conf I can specify witch protocol and ciphers can be used, so my question was about if I can enable it (use ssl.conf) without create problems with plesk configuration.
 
Hi VirtuBox,
I can see that in plesk.conf.d there is SSLEngine on, but that file (server.conf) isn't modificable because it's generated automatically.
In ssl.conf I can specify witch protocol and ciphers can be used, so my question was about if I can enable it (use ssl.conf) without create problems with plesk configuration.

You don't need to enable ssl globally. That's the same for nginx, the directive "ssl on" is enabled only inside each vhosts, .
 
Back
Top