Can anybody show this nginx config file?

[Azurel]

Hello.

In plesk 11.5. have this file /etc/nginx/plesk.config.d/server.conf a bug. Can anoybody show me the new server.conf from plesk12 setting, please?

EDIT: Which have ipv6 included.

 

[abdi]

Here you go:

#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.

include "/etc/nginx/plesk.conf.d/ip_default/*.conf";

server {
  listen 93.**.**.**:80;

  location / {
  proxy_pass http://93.**.**.**:7080;
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}

server {
  listen 93.**.**.**:443 ssl;

  ssl_certificate  /usr/local/psa/var/certificates/certTp2DpZM;
  ssl_certificate_key  /usr/local/psa/var/certificates/certTp2DpZM;
  ssl_session_timeout  5m;

  ssl_protocols  SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers  HIGH:!aNULL:!MD5;
  ssl_prefer_server_ciphers  on;

  location / {
  proxy_pass https://93.**.**.**:7081;
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}

 

[Azurel]

Thanks. My bad. I search for a version with ipv6 support enabled. The bug was is in the ipv6 part.

 

[abdi]

Alright,
Have you reported the respective bug?

 

[Azurel]

I have posted it in this thread http://talk.plesk.com/threads/wrong-server-nginx-config-with-plesk11-5.329698/

 

[abdi]

Alright, seen it ...
Thanks

 

[Azurel]

Another one with ipv6?

 

[abdi]

Do you need a /etc/nginx/plesk.config.d/server.conf configuration file for IPv6?

 

[Azurel]

So nobody was able to tell me the actual config, I tried and upgraded to plesk12 and see still the problem from plesk11. Bad!

server {
listen xx.xx.xx.xx:80;

location / {
proxy_pass http://xx.xx.xx.xx:7080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

server {
listen [2a01:................:0:1]:80 ipv6only=on;

location / {
proxy_pass http://127.0.0.1:7080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

Why is this localhost? When you request in php a file with readfile() to a protected folder (another domain on the server)
with apache "Order allow,deny" in "Web Server Settings"

<Directory "/var/www/vhosts/domain.com/httpdocs/folder/">
Order allow,deny
Allow from 2a01:..................:0:1/128
</Directory>

you will get

failed to open stream: HTTP request failed! HTTP/1.1 403 Forbidden

After change the in nginx conf:
proxy_pass http://127.0.0.1:7080;
to:
proxy_pass http://[2a01:..............:0:1]:7080;

all will work fine. But that not possible, because file change automatically after each update:

#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.

What is here a good permanent solution?

 

[Azurel]

Instead of change nginx proxy_pass, is here a possibility to protect a folder and make it accessable from another domain?

with

proxy_pass http://[2a01:..............:0:1]:7080;

this work:

<Directory "/var/www/vhosts/domain.com/httpdocs/folder/">
Order allow,deny
Allow from 2a01:..................:0:1/128
</Directory>

---------

with

proxy_pass http://127.0.0.1:7080;

this will not work:

<Directory "/var/www/vhosts/domain.com/httpdocs/folder/">
Order allow,deny
# server ipv6
Allow from 2a01:..................:0:1/128
# server ipv4
Allow from xx.xx.xx.xx
# server localhost
Allow from 127
</Directory>

How i can set permission to a nginx request?