• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question Apache SSL behind NGINX

O

OverWolf

Regular Pleskian
Hi,

I would like to know what do you think about configure SSL on Apache when that it's present on NGINX.
I have seen that default Plesk configuration for /etc/httpd/conf.d is turn off SSL.
Is this a best practice ? Or should I enable SSL as I have configure it on NGINX ? (ciphers, protocol, etc) ?

Thank you
 
Hello,
when you install a SSL certificate, it will be added to your nginx vhost configuration but also to the apache vhost. SSL is enabled for both of them.
 
Hi VirtuBox,
if I look inside ssl.conf in conf.d/ of https, I can see this
Code: 
##   SSL Engine Switch:
##   Enable/Disable SSL for this virtual host.
#SSLEngine on
#
##   SSL Protocol support:
## List the enable protocol levels with which clients will be able to
## connect.  Disable SSLv2 access by default:
#SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
If I read well, SSL is off, so every request that NGINX accept on 443 is pass to httpd not via ssl but it's pass "as clear text"; so the encryption is from NGINX to client.
My question is also about server different content over SSL, and if I can configure SSL from apache to client (using nginx as proxy front end) I'llbe sure that the correct content will be displayed. is this correct ?
 
Apache is listening on the port 7080 for http connections and on the port 7081 for https connections. If you check one of your vhosts, you will find the lines :
Code: 
   SSLEngine on
                SSLVerifyClient none
                SSLCertificateFile /opt/psa/var/certificates/cert-XXXXX
                SSLCACertificateFile /opt/psa/var/certificates/cert-XXXXX
 
Hi VirtuBox,
I can see that in plesk.conf.d there is SSLEngine on, but that file (server.conf) isn't modificable because it's generated automatically.
In ssl.conf I can specify witch protocol and ciphers can be used, so my question was about if I can enable it (use ssl.conf) without create problems with plesk configuration.
 
OverWolf said:
Hi VirtuBox,
I can see that in plesk.conf.d there is SSLEngine on, but that file (server.conf) isn't modificable because it's generated automatically.
In ssl.conf I can specify witch protocol and ciphers can be used, so my question was about if I can enable it (use ssl.conf) without create problems with plesk configuration.
Click to expand...

You don't need to enable ssl globally. That's the same for nginx, the directive "ssl on" is enabled only inside each vhosts, .
 
You must log in or register to reply here.

Similar threads

Jürgen_T
Issue Modsecurity works with Apache but error with nginx
Replies
5
Views
1K
Raul A.
R
I
Issue Issue with user Certs in Plesk 17, Apache and Nginx
Replies
0
Views
279
IsmaelDSC
I
brother4
Question Best way to block direct PHP file access and ensure .htaccess rules are always applied with Nginx as a reverse proxy?
Replies
1
Views
991
brother4
brother4
s-light
Question NINGX CORS for multiple sub.domains
Replies
1
Views
764
s-light
s-light
B
Issue NGINX Issue
Replies
1
Views
2K
Martin Dias
Martin Dias
Back
Top