Plesk 11 and Amazon AWS (EC2, EIP)

[perler2]

hi,

we migrated a plesk 10.4.4 server (HW, non-NAT) to Amazon AWS EC2 with an Elastic IP. All this is ubuntu 12.04 based, plesk is the newest version available.

migration worked somehow, and the domains have been accessible right afterwards, but the server didn't survive a reboot.

It seems to me all coming down to the use of nginx, as nginx doesn't start with

nginx: [emerg] bind() to 10.226.222.242:80 failed (99: Cannot assign requested address)

the IP is our internal IP at amazon and I suspect it all has something to do with the famously outdated KB http://kb.parallels.com/en/1984

I tried to disable DNS altogether, as we are not using the internal DNS anyways, no help.

I tried to /opt/psa/admin/bin/nginxmng --enable wich dies terribly with:

/opt/psa/admin/sbin/hmmng: 1448: /opt/psa/admin/sbin/hmmng: Syntax error: Bad fd number

I could happily live without nginx, so what would be a solution for this mess?

PAT

 

[IgorG]

Have you read this article - http://kb.parallels.com/114216 ?

 

[perler2]

Have you read this article - http://kb.parallels.com/114216 ?

yes, thanks. but this is a prepared machine by parallels. we use our own server, which is ubuntu based. so we don't have the mentioned

/usr/local/psa/bin/amazon_setup_ip

script. I tried an appearently older version which was posted here some time ago. if you could provide me with the current version I could try to fix it.

but you should seriously looking to support a configuration like this (plesk behind firewall in a NAT environment). it's no rocket science and actually quite common.. (think load balancers)

thanks in advance,

PAT

 

[perler2]

btw, the mentioned AMI (this is a template in amazon speak) doesn't exist, at least not in my european AWS account. could you check please?

 

[IgorG]

btw, the mentioned AMI (this is a template in amazon speak) doesn't exist, at least not in my european AWS account. could you check please?

Make sure that you have selected US East (N. Virginia) region. It is described in pdf file attached to KB article.

 

[perler2]

thanks, but you realize, that this is useless for production systems for everyone outside the east coast? I will at least extract the script..

 

[perler2]

Ok, one step further. I extracted the scripts to change the IP behind NAT, why Parallels isn't providing them somewhere is beyond me. So, for everyone else without support from Parallels, here are the scripts (on ubuntu, change all occurences of:

/usr/local/psa

to

/opt/psa

to initally setup the Elastic IP for all domains on the plesk server, use amazon_setup_ip:

#!/bin/sh

LOG=/usr/local/psa/var/log/amazon
PROFTPD_CONF=/etc/proftpd.conf
PROFTPD_CONF_BAK=$PROFTPD_CONF.bak
PROFTPD_CONF_TMP=$PROFTPD_CONF.tmp


IP=$1
IPchk=`echo $IP | sed -e "s/[0-9]\{1,3\}\\\\.[0-9]\{1,3\}\\\\.[0-9]\{1,3\}\\\\.[0-9]\{1,3\}//g"`


if [ -z "$1" -o "$1" = "--help" -o ! -z "$IPchk" ]; then
echo $0 \<external_ip\>
exit 1;
fi

date >> $LOG
echo $0 $* >> $LOG


######################################################################
# ProFTPd
######################################################################

# Make a backup
cp $PROFTPD_CONF $PROFTPD_CONF_BAK
ERR=$?

# If backup fails, there is a problem
if [ $ERR -ne 0 ]; then
echo ERROR making a backup copy of $PROFTPD_CONF to $PROFTPD_CONF_BAK
exit 2;
fi


# Remove uncommented MasqueradeAddress
grep -v -E ^[^#]\ *M?asqueradeAddress $PROFTPD_CONF > $PROFTPD_CONF_TMP

# Add MasqueradeAddress with specified IP
echo MasqueradeAddress $IP >> $PROFTPD_CONF_TMP

# Check if there is PassivePorts
grep -E ^[^#]\ *P?assivePorts $PROFTPD_CONF_TMP > /dev/null
ERR=$?

# Add PassivePorts if absent
if [ $ERR -ne 0 ]; then
echo PassivePorts 60000 65535 >> $PROFTPD_CONF_TMP;
fi

# Copy config from the working copy
mv $PROFTPD_CONF_TMP $PROFTPD_CONF



######################################################################
# DNS Templates
######################################################################

QUERY="UPDATE dns_recs_t SET displayVal='$IP', val='$IP' WHERE type='A';
UPDATE dns_recs_t SET displayHost='$IP', host='$IP' WHERE type='PTR' AND opt='24';"

echo $QUERY | mysql --user=admin --password=`cat /etc/psa/.psa.shadow` psa

For later changing the IP use amazon_update_ip:

#!/bin/sh

LOG=/usr/local/psa/var/log/amazon
RECONFIG=/root/amazon_update_ip.conf
ADMIN_PWD=`cat /etc/psa/.psa.shadow`
ERRFILE=/tmp/amazon_update_ip.err

# check arguments
if [ -z "$2" ]; then
OLD_EXT_IP=""
NEW_EXT_IP=$1
else
OLD_EXT_IP=$1
NEW_EXT_IP=$2
fi
IPchk=`echo $NEW_EXT_IP | sed -e "s/[0-9]\{1,3\}\\\\.[0-9]\{1,3\}\\\\.[0-9]\{1,3\}\\\\.[0-9]\{1,3\}//g"`

# help
if [ -z "$1" -o "$1" = "--help" -o ! -z "$IPchk" ]; then
echo $0 [old_external_ip] new_external_ip
exit 1;
fi

date >> $LOG
echo $0 $* >> $LOG


# get old internal IP from DB
QUERY="SELECT ip_address FROM IP_Addresses;"
OLD_INT_IP=`echo $QUERY | mysql --user=admin --password=$ADMIN_PWD psa 2>$ERRFILE | tail -n 1`
if [ -s $ERRFILE ]; then
echo "Error querying database for the old IP address"
cat $ERRFILE
rm $ERRFILE
exit 2;
fi
rm -f $ERRFILE

# get new internal IP from network device
NEW_INT_IP=`/usr/local/psa/admin/sbin/ifmng -l | grep eth0 | cut -d\ -f 1`

# escape the dots to be usable in regex
OLD_INT_IP_RE=`echo $OLD_INT_IP | sed -e s/\\\\./\\\\\\\\./g`
NEW_INT_IP_RE=`echo $NEW_INT_IP | sed -e s/\\\\./\\\\\\\\./g`

# try to guess old external IP
if [ -z "$OLD_EXT_IP" ]; then
OLD_EXT_IP=`grep ^\w*MasqueradeAddress /etc/proftpd.conf | cut -d\ -f 2`
fi

# check if old IP is set
IPchk=`echo $OLD_EXT_IP | sed -e "s/[0-9]\{1,3\}\\\\.[0-9]\{1,3\}\\\\.[0-9]\{1,3\}\\\\.[0-9]\{1,3\}//g"`
if [ -z "$OLD_EXT_IP" -o ! -z "$IPchk" ]; then
echo Can\'t guess old IP or it is not defined properly as an argument
$0 --help
exit 1;
fi

echo Change IP: $OLD_INT_IP to $NEW_INT_IP and $OLD_EXT_IP to $NEW_EXT_IP
echo Change IP: $OLD_INT_IP to $NEW_INT_IP and $OLD_EXT_IP to $NEW_EXT_IP >> $LOG

# Make a backup
cp /etc/hosts /etc/hosts.tmp
ERR=$?

# If backup fails, there is a problem
if [ $ERR -ne 0 ]; then
echo ERROR making a backup copy of /etc/hosts to /etc/hosts.tmp
exit 2;
fi

sed -e s/$OLD_INT_IP_RE/$NEW_INT_IP_RE/g < /etc/hosts.tmp > /etc/hosts


# create reconfigurator config
rm -f $RECONFIG.{old,new}
/usr/local/psa/bin/reconfigurator $RECONFIG.old

# map OLD_INT_IP -> NEW_INT_IP
if [ "$OLD_INT_IP" != "$NEW_INT_IP" ]; then
sed -e s/\>\ eth0\ $OLD_INT_IP_RE/\>\ eth0\ $NEW_INT_IP_RE/g < $RECONFIG.old > $RECONFIG.new;
else
cp $RECONFIG.old $RECONFIG.new;
fi
# map OLD_EXT_IP -> NEW_EXT_IP
if [ "$OLD_EXT_IP" != "$NEW_EXT_IP" ]; then
echo xxx $OLD_EXT_IP 255.255.255.0 -\> xxx $NEW_EXT_IP 255.255.255.0 >> $RECONFIG.new;
fi

# do the actual work
/usr/local/psa/bin/reconfigurator $RECONFIG.new
/usr/local/psa/bin/amazon_setup_ip $NEW_EXT_IP

rm -f $RECONFIG.{old,new} $ERRFILE

 

[IgorG]

http://kb.parallels.com/114245

 

[johnrt]

Had the same issue with a new Plesk instance on AWS. Driving me nutz that an external DNS setup (using AWS DNS services). Everything looked fine. nslookup, ping, etc. but the browser kept getting DNS errors on the host name. The above KB resolved the issue.

 

[FabOno]

amazon_setup_ip.cmd for Windows

Is there a amazon_setup_ip version for windows available for download somewhere? I have the smae issue but with windows.

Tks

 

[williamli1983]

Hi all, I have the similar problem running Plesk 11 over EC2.

I made a custom template based on the default settings with the additional NAT support.

The template will translate all public IPs into private IPs ones so that servers behind NAT can use public IPs which gets translated to private IPs when private IPs are required.

https://github.com/pixlsHQ/plesk.templates.nat_support