Question Redirect error with proxy_pass in nginx

[Zoo3]

I have three hosts in Plesk. One of them requires one of the specified ports.
I normally write nginx.conf in Plesk nginx add directive.
For example, set the standby port to 33000.

location / {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://localhost:33000;
}

This item is described only this.

When I access 'http://ccc.sample.com', I get an error due to repeated redirects(ERR_TOO_MANY_REDIRECTS).
I tried changing $http_port to $host, but I could not.
I created nginx/conf.d/my.conf. And specify upstream. I could not do it.

/etc/nginx/conf.d/my.cnf
upstream backend {
server XXX.XXX.XXX.XXX:33000;
}

nginx add directive(plesk)
location /
...
proxy_pass http://backend;
}

I write in nginx.conf(/etc/nginx/nginx.conf) without going through Plesk. Then I can access http://ccc.sample.com and go to 33000.

Is Plesk executing the following processing and it is judged to be a redirect repeatedly?

Start access

1. nginx.conf
2. server.conf(/etc/nginx/plesk.conf.d/server.conf)
3. 2nd nginx.conf(/etc/nginx/plesk.conf.d/vhosts/SUBDOMAIN.conf)
4. Plesk's nginx.conf(/var/www/vhosts/system/SUBDOMAIN/conf/nginx.conf)) = Plesk UI (nginx add directive column)

When I look at the contents of those .conf files, 80 port and 443 port calls have appeared many times.
Ignoring PLESK and writing it in nginx.conf, no redirection will occur. But I'm using Plesk. I would like to manage using Plesk as much as possible. And I look at the contents of Plesk's nginx.conf and copy the certificate to nginx.conf. This is a brute force way. In this case, I do not know if problems will occur when the Let's encrypt certificate is updated. How can I get through this port 33000 using Plesk?

---
CentOS 7.5 / Nginx 1.13.8 / Plesk 17.8.11

 

[Zoo3]

Of course there are problems on the application side, please let me know.

There is software requesting port 33000. I build and run the software without going through Plesk. Then the software works without any problem.
However, when I pass through Plesk, redirects and 502 Bad Gateway errors occur frequently.

When I do not use Plesk, when I access http://ccc.sample.com, I redirect / transition to https://ccc.sample.com/login. *All in /etc/nginx/nginx.conf. No nginx add directive on Plesk.
When using Plesk, when I access http://ccc.sample.com, it becomes https://ccc.sample.com/. It does not proceed to 'login'. *I am redirecting 301 to https. I entered https directly without 301 redirect, it is the same.

I seem to work if I type "https://ccc.sample.com/login" directly at this time. I can not use proxy_pass with a proxy.

Even if I adjust each proxy_set_header item, there is no change at all.
I'm blocking redirects to '/login' by using Plesk. Perhaps it is momentarily going to 'login' and then redirecting to "http://ccc.sample.com". Therefore, repeated redirection occurs and an error occurs.

How to pass requests to the application listening on a local TCP port, so this port would not be displayed?​

I tried the above but I could not.

Will this be helpful? I put index.html and I get 502 error or SSL error. I have to place nothing 403 error. When I place an html file with a file name other than index such as test.html, I will be redirected to "/login?test.html".

How can I prevent Plesk from interfering with proxy_pass processing?

 

[virtubox]

Of course there are problems on the application side, please let me know.

There is software requesting port 33000. I build and run the software without going through Plesk. Then the software works without any problem.
However, when I pass through Plesk, redirects and 502 Bad Gateway errors occur frequently.

When I do not use Plesk, when I access http://ccc.sample.com, I redirect / transition to https://ccc.sample.com/login. *All in /etc/nginx/nginx.conf. No nginx add directive on Plesk.
When using Plesk, when I access http://ccc.sample.com, it becomes https://ccc.sample.com/. It does not proceed to 'login'. *I am redirecting 301 to https. I entered https directly without 301 redirect, it is the same.

I seem to work if I type "https://ccc.sample.com/login" directly at this time. I can not use proxy_pass with a proxy.

Even if I adjust each proxy_set_header item, there is no change at all.
I'm blocking redirects to '/login' by using Plesk. Perhaps it is momentarily going to 'login' and then redirecting to "http://ccc.sample.com". Therefore, repeated redirection occurs and an error occurs.

How to pass requests to the application listening on a local TCP port, so this port would not be displayed?​

I tried the above but I could not.

Will this be helpful? I put index.html and I get 502 error or SSL error. I have to place nothing 403 error. When I place an html file with a file name other than index such as test.html, I will be redirected to "/login?test.html".

How can I prevent Plesk from interfering with proxy_pass processing?

Hello,
you set the nginx proxy configuration directly in your domain settings, in Apache & Nginx settings > additional nginx directives. It will not allow you to use "location / {}" but I have found a workaround by browsing Rocket.chat documentation :

location ~ ^/.* {
   proxy_pass http://upstream;
   proxy_set_header Host             $host;
   proxy_set_header X-Real-IP        $remote_addr;
   proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;

   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "upgrade";
   proxy_set_header X-Forward-Proto http;
   proxy_set_header X-Nginx-Proxy true;
   proxy_http_version 1.1;

   proxy_redirect off;
}

Then you just have to add your upstream configuration in a new file like /etc/nginx/conf.d/upstream. But adding configuration directly in nginx.conf isn't the best way to customize nginx configuration.

 

[Zoo3]

Hello,
you set the nginx proxy configuration directly in your domain settings, in Apache & Nginx settings > additional nginx directives. It will not allow you to use "location / {}" but I have found a workaround by browsing Rocket.chat documentation :

location ~ ^/.* {
   proxy_pass http://upstream;
   proxy_set_header Host             $host;
   proxy_set_header X-Real-IP        $remote_addr;
   proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;

   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "upgrade";
   proxy_set_header X-Forward-Proto http;
   proxy_set_header X-Nginx-Proxy true;
   proxy_http_version 1.1;

   proxy_redirect off;
}

Then you just have to add your upstream configuration in a new file like /etc/nginx/conf.d/upstream. But adding configuration directly in nginx.conf isn't the best way to customize nginx configuration.

Thank you for your advice.
But I could not do it.

 

[Zoo3]

It seems that software developers do not know the situation of Plesk.
I wrote directly in nginx.conf by tuning the DNS of the target subdomain of Plesk and it sounded like Let's encrypt could also be used. If I do not use Plesk's "nginx additional directive field", software is ready to use. *I would also like to use the nginx additional directive field for future management.

In general, writing directly in nginx.conf works normally, and writing in the nginx additional directive field causes problems.
What do you think is the cause?

 

[virtubox]

It seems that software developers do not know the situation of Plesk.
I wrote directly in nginx.conf by tuning the DNS of the target subdomain of Plesk and it sounded like Let's encrypt could also be used. If I do not use Plesk's "nginx additional directive field", software is ready to use. *I would also like to use the nginx additional directive field for future management.

In general, writing directly in nginx.conf works normally, and writing in the nginx additional directive field causes problems.
What do you think is the cause?

Hello,

upstreams must be declared in nginx http{ } block, but plesk additional nginx directives are added in the server {} block. So that's probably why it wasn't working.
I recommend you to create new configuration files in /etc/nginx/conf.d instead of editing nginx.conf. All .conf files added in conf.d are automatically included in nginx.conf.

 

[Zoo3]

Thank you for reply.

upstreams must be declared in nginx http{ } block, but plesk additional nginx directives are added in the server {} block. So that's probably why it wasn't working.

As a way of thinking, I thought that the nginx additional directive was a server{} block in nginx.conf. Is this similar and different?

 

[virtubox]

Thank you for reply.
As a way of thinking, I thought that the nginx additional directive was a server{} block in nginx.conf. Is this similar and different?

Nginx additional directive are only included inside the domain server {} block, but it's not an additional server {} block.
You can display your whole nginx configuration with the command :

nginx -T

 

[Zoo3]

I saw "nginx -T" command, "IP Address:80" and "IP Address:443" appear multiple times. The nginx additional directive field is written in the server{} block. It seems that it is written on 80 ports of each subdomain.

Surely a redirect is occurring while attempting SSL connection. I am configuring 301 redirects in the hosting settings, but still as before, the nginx additional directive field is port 80.
However, according to software developers, the software itself seems to have nothing to do with SSL connection or non-SSL connection.
As a behavior of software, when I access my.domain.com, it is redirected to my.domain.com/aaa. Software does not intentionally designate 80 or 443 ports. Perhaps at this time it seems that Plesk's characteristics are going back and forth multiple times between 80 and 443 ports.

Is there a way to prevent this?

 

[trialotto]

@Zoo3,

The post of @virtubox, being

Hello,
you set the nginx proxy configuration directly in your domain settings, in Apache & Nginx settings > additional nginx directives. It will not allow you to use "location / {}" but I have found a workaround by browsing Rocket.chat documentation :

location ~ ^/.* {
proxy_pass http://upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_http_version 1.1;

proxy_redirect off;
}

Then you just have to add your upstream configuration in a new file like /etc/nginx/conf.d/upstream. But adding configuration directly in nginx.conf isn't the best way to customize nginx configuration.

is right and has the advantage that it is safe when Plesk generates Nginx config , but has the disadvantage of making use of a selector beside other selectors: tricky!

In essence, Nginx is flexible enough to allow you to

- put a custom server block into /etc/nginx/conf.d (and one can even copy the default Nginx config for a vhost and just change the ports to 33000)
- prevent the usage of the upstream directive (which in your case would/should not be necessary)
- use the standard Nginx selector / with the location directive (read: location / as opposed to location ~ ^/.*)
- make Nginx more efficient and more performant by decreasing the number of match selectors to one, being location /

and the only thing you have to make sure is that you deactivate Nginx in the Plesk control panel for the domain in question.

After all, Nginx reads and processes any properly configured server block, even if it is placed in the /etc/nginx/conf.d directory.

I am just saying all of the above to present you with an alternative that has the associated advantage of being less sensitive to errors and upstream errors in specific.

Kind regards........