Facebook
Twitter
ripvannwinkler
New Pleskian
I have a customer who has purchased / configured Plesk 11.0.9 for Linux on an EC2 instance. He has a private IP 10.x.x.x ("dedicated" in Plesk) and a public IP 54.x.x.x ("shared" in Plesk"). All of his customer domains are set up to use the shared IP address. Non-https domains work fine under this configuration. However, when trying to set up SSL, I found that nginx receives requests on the private IP, not the public one. This obviously doesn't work, since Plesk sets nginx up to listen for incoming requests on the public ip.
ifconfig output:
Relevant parts of last_nginx.conf for the problem domain:
Now of course, nginx is listening for requests on 54.x.x.x, but when I try to request the domain, I see this in tcpdump:
And of course, the connection is reset.
I can fix it temporarily by adding 'listen 10.x.x.x:443 ssl;' to the nginx config, but plesk will overwrite this the next time it updates the config. How can I permanently fix this?
ifconfig output:
Code:
eth0 Link encap:Ethernet HWaddr 12:31:3B:08:34:AA
inet addr:10.x.x.x Bcast:10.x.x.255 Mask:255.255.254.0
inet6 addr: fe80::1031:3bff:fe08:34aa/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:503676 errors:0 dropped:0 overruns:0 frame:0
TX packets:344482 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:115530687 (110.1 MiB) TX bytes:503997940 (480.6 MiB)
Interrupt:246
eth0:1 Link encap:Ethernet HWaddr 12:31:3B:08:34:AA
inet addr:54.x.x.x Bcast:54.x.x.x Mask:255.255.255.255
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:246Relevant parts of last_nginx.conf for the problem domain:
Code:
server {
listen 54.x.x.x:443 ssl;
server_name customerdomain.org;
server_name www.customerdomain.org;
server_name ipv4.customerdomain.org;
server_name "customerdomain.org.54-x-x-x.hosterdomain.com";
ssl_certificate /usr/local/psa/var/certificates/cert-sFkr9a;
ssl_certificate_key /usr/local/psa/var/certificates/cert-sFkr9a;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 128m;
location / { # IPv6 isn't supported in proxy_pass yet.
proxy_pass https://54.x.x.x:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
access_log off;
}
location /internal-nginx-static-location/ {
alias /var/www/vhosts/customerdomain.org/public_html/;
access_log /var/www/vhosts/customerdomain.org/statistics/logs/proxy_access_ssl_log;
add_header X-Powered-By PleskLin;
internal;
}
}
Code:
05:05:16.019768 IP n.n.n.n.61331 > 10.x.x.x.https: Flags [S], seq 3896553290,
win 8192, options [mss 1380,nop,wscale 8,nop,nop,sackOK], length 0And of course, the connection is reset.
I can fix it temporarily by adding 'listen 10.x.x.x:443 ssl;' to the nginx config, but plesk will overwrite this the next time it updates the config. How can I permanently fix this?
