1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Nginx Connection Time-Outs

Discussion in 'Plesk 11.x for Linux' started by CyberEdge_Alan, Jun 25, 2012.

  1. CyberEdge_Alan

    CyberEdge_Alan Basic Pleskian

    11
    85%
    Joined:
    Jun 23, 2012
    Messages:
    35
    Likes Received:
    0
    Hello,

    This might not be the right place for it but maybe someone has more experience with Nginx than me and since its a different version I didn't want to go modifying it for specifics.

    I run vbulletin and when logging in it hangs and eventually times out after a few seconds. When timing out it lists my URL as http://site.com:7080/login.php I have also tried to get the the admincp or modcp and during the same steps it times out. It's like its not passing through the port. It still logs me in but doesn't do the redirect I guess. I don't know if you guys can help me but I've been searching google with no luck with this issue I'm having.

    EDIT: Seems to not load sub directory's say for instance http://site.com/forums/includes/ it will time out. It will read up to the forums part but nothing else after that. I've searched and searched and can't find any reasonable fix for this.

    This problems seems to show when saving settings, logging in to vbulletin. If anyone has experience with this sort of thing please let me know!


    Regards,
    Alan
     
    Last edited: Jun 25, 2012
  2. abdi

    abdi Platinum Pleskian

    31
    18%
    Joined:
    May 14, 2006
    Messages:
    2,913
    Likes Received:
    60
    Could you be having or running a firewall that blocks ALL connections to port 7080
     
  3. CyberEdge_Alan

    CyberEdge_Alan Basic Pleskian

    11
    85%
    Joined:
    Jun 23, 2012
    Messages:
    35
    Likes Received:
    0
    Yes, its blocking connections however if I were to open that port wouldn't that take the point out of running Nginx as a front-end? I mean all pages load except certain scripts, if it should be unblocked how should it? I use APF, I can unblock it with TCP but then people could just get to the site using 7080 bypassing Nginx. Reason for me wanting Nginx is because my site was being attacked by dos methods that don't exist for Nginx. Someone finding that port would just be bad.
     
  4. abdi

    abdi Platinum Pleskian

    31
    18%
    Joined:
    May 14, 2006
    Messages:
    2,913
    Likes Received:
    60
    Allan,

    For APF do the following:

    vi /etc/apf/conf.apf

    Go to the line with

    IG_TCP_CPORTS="21,25,....." then you add to the end of ports "7080"
    Eg. IG_TCP_CPORTS="21,25,7080";

    About DOS-Attacks, these kind of attacks can be directed to about anything on the server..Even Nginx can fall culprit of these attacks ..

    Running away from apache because of dos-attacks is not a strong a reason to switch to Nginx..The strongest reason is server resource usage, Nginx is a light webserver compared to apache.

    Have you installed BFD (Brute Force Detection) its a pretty good tool that can be used to fight and stop DOS attacks on your server.

    I use ConfigServer for a firewall, I recommend it highly.
     
  5. CyberEdge_Alan

    CyberEdge_Alan Basic Pleskian

    11
    85%
    Joined:
    Jun 23, 2012
    Messages:
    35
    Likes Received:
    0
    The types of attacks have been Slowloris, HTTP GET/POST floods, Layer 7 types of attacks, and others. There are tools out there to mitigate like mod_security, mod_qos, mod_antiloris/mod_evasive which I have installed them all and still do not stop the attacks. I've gone everywhere and everyone's told me using Nginx as a front-end would be the solution to all my problems. As the attacks they are using are not vulnerable to Nginx if you have other ways of securing the environment please let me know, you seem extremely smart. I'm not a linux genius I just know the basics to get me by with maintaining my own dedicated used only to host my computer repair site and a few friends websites for a small price. If you have ideas or can help me please let me know.


    I do have BFD installed with ddos deflate. Using Nginx seems to have solved my problems except for the few exceptions I'm encountering. When I did forward the port everything loads however when going to those areas it seems to change my url to http://site.com:7080/forums/ and then it uses straight apache.
     
  6. abdi

    abdi Platinum Pleskian

    31
    18%
    Joined:
    May 14, 2006
    Messages:
    2,913
    Likes Received:
    60
    One smart way to kill such attacks is to go down deep to the packets hitting your server, analysing them and throwing useless "DOS" packets to a "Black-Hole". (and fighting back :))

    About the port redirects, I used the instructions below to help my customers who had port 8443 blocked in there network still access Plesk control panel minus touching any of plesk port settings.

    In many cases esp. in Africa, you find port 8443 by most ISPs blocked.

    Firstly,

    We create a domain in plesk which acts as access point, eg: host1234.theg7.com

    Secondly:

    vim /var/www/vhosts/host1234.theg7.com/conf/vhost.conf
    and add the following contents:

    SSLProxyEngine on
    ProxyRequests off
    ProxyPass / http://host1234.theg7.com:8443/
    ProxyPassReverse / http://host1234.theg7.com:8443/

    then finely:

    For Plesk 9.*
    /usr/local/psa/admin/sbin/websrvmng -a -v

    For Plesk 10.*
    /usr/local/psa/admin/sbin/httpdmng --reconfigure-all

    Now when you open:

    http://host1234.theg7.com

    You would be welcomed by the plesk login page and all throughout the process. Never will they ever see a port 8443 anywhere. Even when the redirections occur they just end on the server but NOT on the client browser.

    Using the same principle, you can redirect ALL port 7080 through Nginx ..Kinda complex but yes its possible :)
     
  7. CyberEdge_Alan

    CyberEdge_Alan Basic Pleskian

    11
    85%
    Joined:
    Jun 23, 2012
    Messages:
    35
    Likes Received:
    0
    I get it but it seems very complex for someone like me. I had trouble setting up Nginx with Plesk 10.x and ended up having to reinstall in the end. I just wanted a site that would stay up and run. I even had it running through cloudflare. On the upside I found cloudflare is great to host DNS Records keeps mail up and running when the site was down 24/7 due to someone using some random attack method.

    Some of there attacks left SSH inaccessible. I'm used to just running IIS in Windows and perfer it more but I wanted to try using something different. I'm using this to all learn a little bit.
     
  8. abdi

    abdi Platinum Pleskian

    31
    18%
    Joined:
    May 14, 2006
    Messages:
    2,913
    Likes Received:
    60
    OK, just let us know if you need any our help.
     
  9. paulieG

    paulieG Regular Pleskian

    25
     
    Joined:
    Mar 5, 2009
    Messages:
    164
    Likes Received:
    0
    Location:
    Lancaster
  10. CyberEdge_Alan

    CyberEdge_Alan Basic Pleskian

    11
    85%
    Joined:
    Jun 23, 2012
    Messages:
    35
    Likes Received:
    0
    Could you post the configuration for what you mean. I don't want to mess anything up with my current.
     
Loading...