• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

nginx reverse proxy with TLSv1.1 and TLSv1.2

M

MoritzK

New Pleskian
Hello,

I've enabled the Reverse Proxy Server (nginx) in Plesk.
Code: 
Tools & Settings > Services Management > Reverse Proxy Server (nginx)
With enabled nginx I'm unable to contact web pages via TLSv1.1 and TLSv1.2. When nginx is disabled and the pages are handled by Apache everything is fine. But only when nginx is completely deactivated. It's not enough to disable "Smart static files processing" at the "Web Server Settings for sub.domain.tld".

I tried to add "ssl_protocols TLSv1.1 TLSv1.2;" at "Additional nginx directives" at the Web Server Settings, without effect.

I think i have to modify /etc/nginx/plesk.conf.d/server.conf but this file is generated by Plesk.

System:
OS: Ubuntu 12.04.4 LTS
Panel version: 11.5.30 Update #38
OpenSSL 1.0.1 14 Mar 2012

Results of SSL Server Test:

Summary
summary.png

Configuration (Protocols and Cipher Suites)
proto.png

Protocol Details and Miscellaneous
detail.png

Source: https://www.ssllabs.com/ssltest/analyze.html
 
Solution

I found a solution to enable TLS 1.1 and TLS 1.2 by my self.

You have to modify the two PHP files:
usr/local/psa/admin/conf/templetes/default/nginxWebmailPartial.php
usr/local/psa/admin/conf/templetes/default/domain/nginxDomainVirtualHost.php

Code: 
ssl_protocols             SSLv3 TLSv1 [B]TLSv1.1 TLSv1.2[/B];

webmail.* and all domains using nginx support TLS 1.1 and TLS 1.2 now.
 
MoritzK said:
I found a solution to enable TLS 1.1 and TLS 1.2 by my self.

You have to modify the two PHP files:
usr/local/psa/admin/conf/templetes/default/nginxWebmailPartial.php
usr/local/psa/admin/conf/templetes/default/domain/nginxDomainVirtualHost.php

Code: 
ssl_protocols             SSLv3 TLSv1 [B]TLSv1.1 TLSv1.2[/B];

webmail.* and all domains using nginx support TLS 1.1 and TLS 1.2 now.
Click to expand...

I am using Plesk 12.0.18 and Centos 6

I am getting the protocol score as 70

and the following message

TLS 1.2 No
TLS 1.1 No

I did exactly as you have mentioned but it still doesn't enable the TLS 1.2 or 1.1

Kindly help
 
You must log in or register to reply here.

Similar threads

D
Issue Can't enable TLSv1 and TLSv1.1 on Ubuntu 22.04
Replies
4
Views
5K
omniscient
O
D
Question LiteSpeed reverse proxy to docker with SSL
Replies
5
Views
2K
Felipe Almeman
F
T
Question Setup reverse proxy(apache2 or nginx)
Replies
3
Views
4K
Fabian H
Fabian H
C
Issue "New configuration files for the Apache web server were not created due to the errors in configuration templates"
Replies
4
Views
4K
The 8th
The 8th
O
Question Nginx compile by Plesk and chipers
Replies
6
Views
1K
IgorG
IgorG
Back
Top