Question How is the server.conf file generated?

[budiantoip]

Server operating system version

CentOS 7.9

Plesk version and microupdate number

18.0.65_build1800241122.08

Hello,

I have Plesk Obsidian installed on CentOS 7.9 and have the following Nginx configuration file:

/etc/nginx/plesk.conf.d/server.conf

The file content is as follows:

#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.

include "/etc/nginx/plesk.conf.d/ip_default/*.conf";

server {
    listen 1.2.3.4:443 ssl;

    ssl_certificate             "/usr/local/psa/var/certificates/xxxxxxxxx";
    ssl_certificate_key         "/usr/local/psa/var/certificates/xxxxxxxxx";
    client_max_body_size 2048m;

    proxy_read_timeout 600;
    proxy_send_timeout 600;

    proxy_max_temp_file_size 0;
    proxy_buffers 16 16k;
    proxy_buffer_size 32k;
    proxy_busy_buffers_size 32k;

    server_name _;

    location / {
        proxy_pass http://127.0.0.1:8880;
        proxy_redirect http://$host:8880 $scheme://$host;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Http-Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        access_log off;

        gzip on;
        gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;
    }

    location ~ /ws$ {
        proxy_pass http://127.0.0.1:8880;
        proxy_redirect off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Http-Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        access_log off;
    }

    underscores_in_headers on;
}

server {
    listen 1.2.3.4:80;

    location ^~ /plesk-site-preview/ {
        proxy_pass http://127.0.0.1:8880;
        proxy_set_header Host               plesk-site-preview.local;
        proxy_set_header X-Real-IP          $remote_addr;
        proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto  $scheme;
        proxy_cookie_domain plesk-site-preview.local $host;
        access_log off;
    }

    location / {
        proxy_pass http://1.2.3.4:7080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

server {
    listen 1.2.3.4:443 ssl;

    server_name lists.*;

    ssl_certificate             /usr/local/psa/var/certificates/xxxxxxxxx;
    ssl_certificate_key         /usr/local/psa/var/certificates/xxxxxxxxx;

    location / {
        proxy_pass https://1.2.3.4:7081;
        proxy_hide_header upgrade;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

As noted in the first few lines, this file is auto-generated, and manual changes will be overwritten. I would like to implement a rate-limiting rule.

I have tried searching on Google, but I haven’t had any luck so far.

Does anyone know the recommended way to achieve this without directly modifying the auto-generated file?

Thank you!

Regards,

Budianto IP

 

[scsa20]

First off, don't touch the server.conf configuration, that is managed for the main plesk panel server itself. You'll want to edit the default templates instead by copying the default template to a custom's template location. Refer to Changing Virtual Hosts Settings Using Configuration Templates for information how.

 

[budiantoip]

First off, don't touch the server.conf configuration, that is managed for the main plesk panel server itself. You'll want to edit the default templates instead by copying the default template to a custom's template location. Refer to Changing Virtual Hosts Settings Using Configuration Templates for information how.

If you review the configuration file, the server.conf file I shared earlier is not related to virtual hosts. The virtual host files are stored under

/etc/nginx/plesk.conf.d/vhosts/

Is there a custom template available to modify the server.conf file?

 

[AYamshanov]

Is there a custom template available to modify the server.conf file?

Appendix A: Configuration Templates Structure ?

 

[Raul A.]

You can also use the WebServer Hook to dynamically add directives to Nginx/Apache virtual hosts when they are generated by Plesk.

I think you can also use the Additional Nginx directives sections to load rate-limit zones.

 

[budiantoip]

Thank you, @AYamshanov. That article was the final piece of the puzzle for me.

I also want to thank everyone who contributed to this thread.

I’ve successfully modified the custom templates for server.conf.

Here's what I did:

# Modify this file to define the rate limit zone
vim /etc/nginx/nginx.conf

cd /usr/local/psa/admin/conf/templates

# Customize template files for server.conf
mkdir -p custom/server/
cp -p default/server/nginxPleskAccess.php custom/server/
# Modify the "location / {" block to add the limit_req rule
vim custom/server/nginxPleskAccess.php
/opt/plesk/php/7.4/bin/php -l custom/domain/service/proxy.php

mkdir -p custom/server/
cp -p default/server/nginxVhosts.php custom/server/
# Modify the "location / {" block to add the limit_req rule
vim custom/server/nginxVhosts.php
/opt/plesk/php/7.4/bin/php -l custom/server/nginxVhosts.php

# Regenerate server.conf
/usr/local/psa/admin/sbin/httpdmng --reconfigure-server

# Confirm the result by checking the server.conf file
cat /etc/nginx/plesk.conf.d/server.conf

# Validate all of nginx configurations
# Ensure there's no warning or error messages
nginx -t

# Reload the nginx service
service nginx reload

I've stored a nginx snippet for this rate-limiting rule here:

Nginx snippets

Nginx snippets. GitHub Gist: instantly share code, notes, and snippets.

gist.github.com

Hope it helps anyone who has the same problem as I did.

 

[Raul A.]

Keep in mind that you should compare the default and custom templates every few Plesk upgrades because new features might be introduced and not be available with your custom templates.