• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved How to restore real visitor IP in Plesk (due Cloudflare proxy)

A

ArendE

New Pleskian
Hi Pleskians,

My server is behind a Cloudflare proxy. Using mods on Nginx (ngx_http_realip_module) and Apache (mod_remoteip), I'm able to restore the real IP address on both these webservers, however Plesk still seems to get the proxy address:

upload_2019-9-2_14-4-44.png

Is there a way to also make Plesk see and use the real visitor IP address? (Either by CF-Connecting-IP or X-Forwarded-For).
 
@ArendE

A simple answer to the question you did not ask, being "is it wise to put an entire server behind Cloudflare", would be "NO, not recommended at all".

In essence, you should proxy domains with Cloudflare, not an entire server.

You should redefine your DNS, as managed with the Cloudflare dashboard - that will solve a lot of problems you are encountering and/or that you will encounter.

I cannot exactly tell what you should do now, due to the simple fact that I am not fully aware of what your config at Cloudfare is.

However, your print screen hints that you have at least your Plesk panel (and probably the entire server) behind the Cloudflare proxy - that is a bad idea, for many reasons!

Hope the above helps a tiny bit.

Kind regards.......
 
@trialotto Thanks for the reply! Can you give some reasons why it is a bad idea to proxy the domains used for managing Plesk/logging in to the Plesk panel?
 
ArendE said:
@trialotto Thanks for the reply! Can you give some reasons why it is a bad idea to proxy the domains used for managing Plesk/logging in to the Plesk panel?
Click to expand...

@ArendE

In essence, Cloudflare is a big custom Nginx proxy with a number of specific features like caching of requests and/or specific port blocks.

One major problem with Cloudflare (CF) is that you do not have access to and/or full privileges to change all CF settings, unless you have the most expensive subscription.

Another major problem with CF is that paid-for subscriptions are prioritized above free subscriptions : specific traffic in free subscriptions can be passed though to the target server with a lower priority, hence making the target server harder to reach - your server responds slower than necessary.

Moreover, even when disregarding the above mentioned problems, it is the case that your Plesk instance or server becomes unreachable if CF goes down - which happens!

In addition, disregarding all potential issues associated with CF, it can be safely stated that any Plesk instance behind CF does not make any sense.

Why? This is related to the concept of caching.

The concept of caching is that static assets or static results from dynamic scripts (like php scripts) can be cached to improve performance.

This also implies that the concept of caching has no merit for requests that are dynamic of nature, in the sense that dynamic results should be presented (not static ones).

Any Plesk instance is by nature a panel that should serve dynamic results to dynamic requests - anything else would be inefficient or even unreliable.

In short, enabling a proxy in front of a Plesk instance (or for any other application that should serve dynamic results) is not a very good idea - certainly not if the proxy cannot be tweaked to the full extent.

Please note that Plesk Panel runs on a highly tweaked custom Nginx environment (not being a proxy though, Nginx functions as a custom web server) - this also means that it will not make any sense to proxy Plesk with CF, which would add one additional Nginx layer without having full control over that additional Nginx layer.

In summary, it is not recommended at all to add Cloudflare (CF) as a proxy in front of any Plesk instance.

I hope the above explains the whole story a bit, even though I have only mentioned the rough outlines.

Kind regards................
 
trialotto said:
Moreover, even when disregarding the above mentioned problems, it is the case that your Plesk instance or server becomes unreachable if CF goes down - which happens!
Click to expand...

Why would that be the case? Unless you have configured your server to answer to nothing except the cloudflare IPs, which indeed would be quite a stupid thing to do, you can still access the server by IP (or even by name, if you use your local hosts file).
If you need cloudflare because your server is a dDoS target, it is a good idea to not have the IP of the real server anywhere in the DNS.
 
You must log in or register to reply here.

Similar threads

J
Issue apache2 proxy target - wrong ip-address
Replies
4
Views
4K
Jan
J
K
Resolved Plesk Panel Log and Cloudflare - log doesn't show Real IP
Replies
7
Views
3K
Katog Choling
K
kaw.one
Question (VPS) Cloudflare, Gmail and Other Plesk Panel 8443 (2 minutes - slow read)
Replies
1
Views
1K
kaw.one
kaw.one
D
Issue Incorrect logging of IP from Plesk Windows under Reverse Proxy
Replies
7
Views
5K
dairuru
D
O
Resolved Plesk shows old IP address after Vultr cloning + cloudflare
Replies
2
Views
1K
oldremains
O
Back
Top