Nginx receiving requests on wrong IP address, issuing reset. (#3)

[ripvannwinkler]

I have a customer who has purchased / configured Plesk 11.0.9 for Linux on an EC2 instance. He has a private IP 10.x.x.x ("dedicated" in Plesk) and a public IP 54.x.x.x ("shared" in Plesk"). All of his customer domains are set up to use the shared IP address. Non-https domains work fine under this configuration. However, when trying to set up SSL, I found that nginx receives requests on the private IP, not the public one. This obviously doesn't work, since Plesk sets nginx up to listen for incoming requests on the public ip.

ifconfig output:

  eth0      Link encap:Ethernet  HWaddr 12:31:3B:08:34:AA
            inet addr:10.x.x.x  Bcast:10.x.x.255  Mask:255.255.254.0
            inet6 addr: fe80::1031:3bff:fe08:34aa/64 Scope:Link
            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
            RX packets:503676 errors:0 dropped:0 overruns:0 frame:0
            TX packets:344482 errors:0 dropped:0 overruns:0 carrier:0
            collisions:0 txqueuelen:1000
            RX bytes:115530687 (110.1 MiB)  TX bytes:503997940 (480.6 MiB)
            Interrupt:246

  eth0:1    Link encap:Ethernet  HWaddr 12:31:3B:08:34:AA
            inet addr:54.x.x.x  Bcast:54.x.x.x  Mask:255.255.255.255
            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
            Interrupt:246

Relevant parts of last_nginx.conf for the problem domain:

  server {

    listen 54.x.x.x:443 ssl;
    server_name customerdomain.org;
    server_name www.customerdomain.org;
    server_name ipv4.customerdomain.org;
    server_name "customerdomain.org.54-x-x-x.hosterdomain.com";

    ssl_certificate             /usr/local/psa/var/certificates/cert-sFkr9a;
    ssl_certificate_key         /usr/local/psa/var/certificates/cert-sFkr9a;
    ssl_session_timeout         5m;

    ssl_protocols               SSLv2 SSLv3 TLSv1;
    ssl_ciphers                 HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;

    client_max_body_size 128m;

    location / { # IPv6 isn't supported in proxy_pass yet.
        proxy_pass https://54.x.x.x:7081;

        proxy_set_header Host             $host;
        proxy_set_header X-Real-IP        $remote_addr;
        proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_set_header X-Accel-Internal /internal-nginx-static-location;
        access_log off;
    }

    location /internal-nginx-static-location/ {
        alias      /var/www/vhosts/customerdomain.org/public_html/;
        access_log /var/www/vhosts/customerdomain.org/statistics/logs/proxy_access_ssl_log;
        add_header X-Powered-By PleskLin;
        internal;
    }
  }

Now of course, nginx is listening for requests on 54.x.x.x, but when I try to request the domain, I see this in tcpdump:

  05:05:16.019768 IP n.n.n.n.61331 > 10.x.x.x.https: Flags [S], seq 3896553290, 
     win 8192, options [mss 1380,nop,wscale 8,nop,nop,sackOK], length 0

And of course, the connection is reset.

I can fix it temporarily by adding 'listen 10.x.x.x:443 ssl;' to the nginx config, but plesk will overwrite this the next time it updates the config. How can I permanently fix this?