• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Question Plesk in intranet and outgoing traffic through a proxy

M

marcemi

New Pleskian
Server operating system version
Linux Debian 11
Plesk version and microupdate number
Obsidian 18.0.56.1
In my infrastructure all outgoing traffic needs to transit through an http proxy.
Is there a way to configure plesk in order to use an http proxy for outgoing traffic?

Marcello
 
Here are some thoughts on this. I think you'll at least need this
docs.plesk.com

Running Plesk Behind a Router with NAT

If your Plesk server is behind NAT, you can match private IP addresses on the server to the corresponding public IP a...
docs.plesk.com docs.plesk.com
because in that configuration your Plesk web server IP addresses won't be the public IP addresses of the network. You'll probably also need to edit the virtual host templates so that Nginx (if you use Nginx+Apache) will not listen on ports 80/443, but on the ports that your http proxy sends requests to.
 
Hi Peter, thanks

In my scenario the Plesk panel will not exposed to Internet, neither directly nor configuring a NAT for incoming traffic.

My question was about outgoing traffic. I'm new on Plesk software, I noticed that Plesk needs to contact external services at least to check license and I think also for other activities (plugin, updates...).

In my infrastructure all outgoing traffic needs to transit through a proxy for security reason.

I would like to configure Plesk in order to use a proxy server for any connection to internet.
 
Sounds like an unsupported scenario. I am afraid that there is no documentation by Plesk on how to configure your network, because it is an unsupported configuration and use. Plesk does not behave any different when it is installed in a local network, but, as you already mentioned, it needs to communicate with other servers on the Internet, and that is not only for license reasons.
 
Hi,

I had a real headache for 3 days searching for every solution I could...
I'm in the same scenario marcemi.

I want to expose Plesk behind LB and FW, but outgoing traffic is allowed only through proxies.

When I wanted to install all feature or updates, I could not go any further and stopped with errors.

The way I resolved this was is a bit twisted, using a squid in transparent mode and upstreaming to the main proxy.

Hope this helps.
 
I need to do the same thing.

Does the regular documentation address outward connectivity requirements anywhere?

I've noticed that ka.plesk.com and ext.plesk.com must be reachable; are there any more hosts and ports Plesk needs to be able to reach for normal operation and upgrades? I understand that 3rd party plugins may add their own requirements; but what does Plesk require by itself?

Can someone from Plesk confirm that running Plesk on a host without direct Internet connection (i.e. with only a proxy for outward connectivity) is unsupported?
 
I mean you could do whatever you want with traffic routes within Linux but it needs to be done through Linux and is not natively supported by Plesk. But routing traffic through a proxy after getting an request defeats the purpose. Proxy is meant for browsing, not for servers serving sites. You would have a hard time even if trying to set up a web server manually to get it to work properly. If you must go through a proxy at the environment you're at, I suggest spinning up a VPS that's outside and isolated of the main environment.
 
You don't understand the request. This is not about requests being made to Plesk.

Plesk needs to communicate with the outside world, e.g. to receive updates. At my institution, we secure servers by requiring their outgoing HTTP and HTTPS traffic to go through an application level HTTP(S) proxy. This requires applications to explicitly set this proxy when they want to perform HTTP(S) traffic; e.g. with curl, we can use the HTTP(S)_PROXY environment variable.

I'm not saying this is the right thing to do, but it's how things are set up for me and I have no way to change it, and clearly we are not the only institution that has set things up in this way.

Yes, I can hack my Linux iptables to automatically pass any outgoing HTTP(S) requests through the proxy and receive the replies as if no proxy were there, but I don't need to do this for curl and many other applications. The request is to not have to do it for Plesk, either.
 
Reinier Post said:
I've noticed that ka.plesk.com and ext.plesk.com must be reachable; are there any more hosts and ports Plesk needs to be able to reach for normal operation and upgrades? I understand that 3rd party plugins may add their own requirements; but what does Plesk require by itself?

Can someone from Plesk confirm that running Plesk on a host without direct Internet connection (i.e. with only a proxy for outward connectivity) is unsupported?
Click to expand...


Using proxy is not supported scenario as Plesk is intended to be used as an internet web server. autoinstall.plesk.com is used for updates in case you still want to give it a try.
 
You must log in or register to reply here.

Similar threads

T
Question Plesk access with Proxy
Replies
3
Views
1K
Sebahat.hadzhi
Sebahat.hadzhi
C
Question Plesk with Cloudflare Proxy DNS Records and Letsencrypt..
Replies
0
Views
2K
cpulove
C
majdi draouil
Question How to Block Direct IP Access and Ensure All Traffic Routes Through Cloudflare
Replies
1
Views
2K
Raul A.
R
T
Issue Wrong traffic stats
Replies
0
Views
618
ties
T
S
Issue Abnormal traffic usage caused by POP3/IMAP
Replies
9
Views
2K
Raul A.
R
Back
Top