• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Nginx receiving requests on wrong IP address, issuing reset.

R

ripvannwinkler

New Pleskian
I have a customer who has purchased / configured Plesk 11.0.9 for Linux on an EC2 instance. He has a private IP 10.x.x.x ("dedicated" in Plesk) and a public IP 54.x.x.x ("shared" in Plesk"). All of his customer domains are set up to use the shared IP address. Non-https domains work fine under this configuration. However, when trying to set up SSL, I found that nginx receives requests on the private IP, not the public one. This obviously doesn't work, since Plesk sets nginx up to listen for incoming requests on the public ip.

ifconfig output:

Code: 
  eth0      Link encap:Ethernet  HWaddr 12:31:3B:08:34:AA
            inet addr:10.x.x.x  Bcast:10.x.x.255  Mask:255.255.254.0
            inet6 addr: fe80::1031:3bff:fe08:34aa/64 Scope:Link
            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
            RX packets:503676 errors:0 dropped:0 overruns:0 frame:0
            TX packets:344482 errors:0 dropped:0 overruns:0 carrier:0
            collisions:0 txqueuelen:1000
            RX bytes:115530687 (110.1 MiB)  TX bytes:503997940 (480.6 MiB)
            Interrupt:246

  eth0:1    Link encap:Ethernet  HWaddr 12:31:3B:08:34:AA
            inet addr:54.x.x.x  Bcast:54.x.x.x  Mask:255.255.255.255
            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
            Interrupt:246

Relevant parts of last_nginx.conf for the problem domain:

Code: 
  server {

    listen 54.x.x.x:443 ssl;
    server_name customerdomain.org;
    server_name www.customerdomain.org;
    server_name ipv4.customerdomain.org;
    server_name "customerdomain.org.54-x-x-x.hosterdomain.com";

    ssl_certificate             /usr/local/psa/var/certificates/cert-sFkr9a;
    ssl_certificate_key         /usr/local/psa/var/certificates/cert-sFkr9a;
    ssl_session_timeout         5m;

    ssl_protocols               SSLv2 SSLv3 TLSv1;
    ssl_ciphers                 HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;

    client_max_body_size 128m;

    location / { # IPv6 isn't supported in proxy_pass yet.
        proxy_pass https://54.x.x.x:7081;

        proxy_set_header Host             $host;
        proxy_set_header X-Real-IP        $remote_addr;
        proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_set_header X-Accel-Internal /internal-nginx-static-location;
        access_log off;
    }

    location /internal-nginx-static-location/ {
        alias      /var/www/vhosts/customerdomain.org/public_html/;
        access_log /var/www/vhosts/customerdomain.org/statistics/logs/proxy_access_ssl_log;
        add_header X-Powered-By PleskLin;
        internal;
    }
  }
Now of course, nginx is listening for requests on 54.x.x.x, but when I try to request the domain, I see this in tcpdump:

Code: 
  05:05:16.019768 IP n.n.n.n.61331 > 10.x.x.x.https: Flags [S], seq 3896553290, 
     win 8192, options [mss 1380,nop,wscale 8,nop,nop,sackOK], length 0

And of course, the connection is reset.

I can fix it temporarily by adding 'listen 10.x.x.x:443 ssl;' to the nginx config, but plesk will overwrite this the next time it updates the config. How can I permanently fix this?
 
You must log in or register to reply here.

Similar threads

B
Question How is the server.conf file generated?
Replies
6
Views
883
Raul A.
R
L
Question Plesk with Mailman3 and Hyperkitty / nginx
Replies
0
Views
631
Larian
L
J
Issue apache2 proxy target - wrong ip-address
Replies
5
Views
5K
cmaxwell
C
L. Hagen
Question How to overwrite existing nginxs configurations?
Replies
1
Views
2K
Kaspar
K
Liew CheonFong
Issue 99: Cannot assign requested address (OLD IP address)
Replies
8
Views
5K
solucionesuno
solucionesuno
Back
Top