Nginx Connection Time-Outs

[CyberEdge_Alan]

Hello,

This might not be the right place for it but maybe someone has more experience with Nginx than me and since its a different version I didn't want to go modifying it for specifics.

I run vbulletin and when logging in it hangs and eventually times out after a few seconds. When timing out it lists my URL as http://site.com:7080/login.php I have also tried to get the the admincp or modcp and during the same steps it times out. It's like its not passing through the port. It still logs me in but doesn't do the redirect I guess. I don't know if you guys can help me but I've been searching google with no luck with this issue I'm having.

EDIT: Seems to not load sub directory's say for instance http://site.com/forums/includes/ it will time out. It will read up to the forums part but nothing else after that. I've searched and searched and can't find any reasonable fix for this.

This problems seems to show when saving settings, logging in to vbulletin. If anyone has experience with this sort of thing please let me know!


Regards,
Alan

 

[abdi]

Could you be having or running a firewall that blocks ALL connections to port 7080

 

[CyberEdge_Alan]

Yes, its blocking connections however if I were to open that port wouldn't that take the point out of running Nginx as a front-end? I mean all pages load except certain scripts, if it should be unblocked how should it? I use APF, I can unblock it with TCP but then people could just get to the site using 7080 bypassing Nginx. Reason for me wanting Nginx is because my site was being attacked by dos methods that don't exist for Nginx. Someone finding that port would just be bad.

 

[abdi]

Allan,

For APF do the following:

vi /etc/apf/conf.apf

Go to the line with

IG_TCP_CPORTS="21,25,....." then you add to the end of ports "7080"
Eg. IG_TCP_CPORTS="21,25,7080";

About DOS-Attacks, these kind of attacks can be directed to about anything on the server..Even Nginx can fall culprit of these attacks ..

Running away from apache because of dos-attacks is not a strong a reason to switch to Nginx..The strongest reason is server resource usage, Nginx is a light webserver compared to apache.

Have you installed BFD (Brute Force Detection) its a pretty good tool that can be used to fight and stop DOS attacks on your server.

I use ConfigServer for a firewall, I recommend it highly.

 

[CyberEdge_Alan]

The types of attacks have been Slowloris, HTTP GET/POST floods, Layer 7 types of attacks, and others. There are tools out there to mitigate like mod_security, mod_qos, mod_antiloris/mod_evasive which I have installed them all and still do not stop the attacks. I've gone everywhere and everyone's told me using Nginx as a front-end would be the solution to all my problems. As the attacks they are using are not vulnerable to Nginx if you have other ways of securing the environment please let me know, you seem extremely smart. I'm not a linux genius I just know the basics to get me by with maintaining my own dedicated used only to host my computer repair site and a few friends websites for a small price. If you have ideas or can help me please let me know.


I do have BFD installed with ddos deflate. Using Nginx seems to have solved my problems except for the few exceptions I'm encountering. When I did forward the port everything loads however when going to those areas it seems to change my url to http://site.com:7080/forums/ and then it uses straight apache.

 

[abdi]

One smart way to kill such attacks is to go down deep to the packets hitting your server, analysing them and throwing useless "DOS" packets to a "Black-Hole". (and fighting back )

About the port redirects, I used the instructions below to help my customers who had port 8443 blocked in there network still access Plesk control panel minus touching any of plesk port settings.

In many cases esp. in Africa, you find port 8443 by most ISPs blocked.

Firstly,

We create a domain in plesk which acts as access point, eg: host1234.theg7.com

Secondly:

vim /var/www/vhosts/host1234.theg7.com/conf/vhost.conf
and add the following contents:

SSLProxyEngine on
ProxyRequests off
ProxyPass / http://host1234.theg7.com:8443/
ProxyPassReverse / http://host1234.theg7.com:8443/

then finely:

For Plesk 9.*
/usr/local/psa/admin/sbin/websrvmng -a -v

For Plesk 10.*
/usr/local/psa/admin/sbin/httpdmng --reconfigure-all

Now when you open:

http://host1234.theg7.com

You would be welcomed by the plesk login page and all throughout the process. Never will they ever see a port 8443 anywhere. Even when the redirections occur they just end on the server but NOT on the client browser.

Using the same principle, you can redirect ALL port 7080 through Nginx ..Kinda complex but yes its possible

 

[CyberEdge_Alan]

I get it but it seems very complex for someone like me. I had trouble setting up Nginx with Plesk 10.x and ended up having to reinstall in the end. I just wanted a site that would stay up and run. I even had it running through cloudflare. On the upside I found cloudflare is great to host DNS Records keeps mail up and running when the site was down 24/7 due to someone using some random attack method.

Some of there attacks left SSH inaccessible. I'm used to just running IIS in Windows and perfer it more but I wanted to try using something different. I'm using this to all learn a little bit.

 

[abdi]

OK, just let us know if you need any our help.

 

[paulieG]

Hi Alan,

Please see the info in this thread : http://forum.parallels.com/showthread.php?p=628788

It should fix the redirect problem.

Paul.

 

[CyberEdge_Alan]

Could you post the configuration for what you mean. I don't want to mess anything up with my current.