secound access URL for Plesk 12.5

[daanse]

Hi,
i have got an URL from Provider which is showing on IP from Plesk Server.
i have made a URL from DomainRobot pointed to that IP (my own URL).

Question: Is it possible to create a second URL for Plesk (so that Customers always can see my URL without any leads to my hoster?)?
The only thing (its working) but i get SSL Certificate Errors.

Any lead for me?
Thanks

 

[abdi]

Hello Daka,
Yes, it's very possible!

All you have to do is change the hostname of your server to your own domain name and that's it ...
For the SSL errors, you will definitely need a valid SSL certificate which you can purchase ...

BTW: Every domain name on your server can access to the control panel by going to there own domain name on port 8443 e.g. http://domain.com:8443/

 

[daanse]

Hi, i have no root rights. Just reseller Account. How can i setup a _second_ URL?
And the Thing with everydomain "e.g. http://domain.com:8443/" this is correct, but here i get always errors (certificate) how can i prevent that certificate Errors?

 

[trialotto]

Hi, i have no root rights. Just reseller Account. How can i setup a _second_ URL?
And the Thing with everydomain "e.g. http://domain.com:8443/" this is correct, but here i get always errors (certificate) how can i prevent that certificate Errors?

@Daka,

As @abdi already mentioned, these "SSL errors" are related to buying a valid SSL certificate.

One thing should be noted: the SSL errors are not really "errors", it is just the browser reporting that a "self-signed" certificate (i.e. default Plesk certificate) has been used.

In essence, one can ignore the errors and click through to the Plesk panel.

However, this is not really "nice" for you or your customers: buying a valid SSL certificate (even the most cheap and simple one) will prevent the error notifications by the browser.

Hope this explains a little bit...

Regards...

 

[scsa20]

There's also the non-SSL version by going to http://yourdomain.com:8880 unless your hoster disabled it (and this way is the most over looked way too, useful if you so happen to block yourself out with the firewall for port 8443 but 8880 works so you can get in and make the change back or whatever). Default way to enter the control panel is through the https (https://yourdomain.com:8443) though but the other way works too if you don't feel like dealing with clicking the "I know this site is using a self signed/invalid cert" warning message that your browser is giving you.

 

[daanse]

yes, the Hoster has got a valid Comodo Certificate!!! But its only for HIS Domain. If i want to use my Domain it wont work. Made 100 Tests.
Can i add some hidden (secret) Content here? I could provide those URLs to you, that you can understand my Configuration.
i will tests that Non SSL but would love to have an SSL Url

 

[scsa20]

It's only natural that your hoster would have a valid SSL cert otherwise you wouldn't be buying from them (I would hope not if they have an invalid cert). If you want to use HTTPS without it giving you an error about the SSL cert being self-signed/invalid, then you would need to get a SSL cert. There's a lot of different SSL certs out there so do your homework for which one would work for you for your set up.

 

[daanse]

hm. I set a certificate (from LetsEncrypt for my plesk.mydomain.com) if i call that URL via https://plesk.mydomain.com:8443 it shows the main URL from Hoster in that invalid Certificate Error.
Will it only work with comodo Certificate or something like that? or should it work with LetsEncrypt to? If i type: https://plesk.mydomain.com into Browser its fine with that Certificate.
So i don't think so that a payed Certificate will change that behavior.

 

[trialotto]

@Daka,

You stated:

yes, the Hoster has got a valid Comodo Certificate!!! But its only for HIS Domain. If i want to use my Domain it wont work.

Well, this is a "problem" that is known: if you only have a reseller account, you are using the setup as configured by the hosting provider, with all associated disadvantages.

In your case, the particular disadvantage is that you cannot simply change the hostname (set by the provider) and/or simply add some custom domain with a valid SSL certificate in Plesk (after all, when pointing DNS records to this custom domain, traffic is routed to the custom domain as created in Plesk and not routed to the Plesk panel interface itself).

First note that

- you actually need the 8443 port in the URL for accessing Plesk panel, at least in the current default Plesk configuration
- you can easily implement a custom URL for the Plesk panel, if (and only if) you have SSH access (in order to change configuration files)

and the problem is that your hosting provider is not very likely to adjust it´s Plesk configuration in order to allow you a custom URL for your Plesk panel.

As a result, we have to rely on a more elaborate solution.

Now you have to note that Plesk panel is relying on some Nginx directives for URL redirection to the https address of the panel: we can "build" on that setup AND we have to take care at the same time that before mentioned default Plesk directives are not interfering with our solution (otherwise, some requests would end up on the hostname URL for the Plesk panel).

The most "convenient" work-around is the following, at least in theory (I did not test it completely, but it should work).

a) get or use a (custom) domain that you own and

- create an A record pointing to the IP assigned to your server,
- create a wildcard A record (i.e. *.<domain>.<tld>) pointing to the IP assigned to your server,

and note that this is the FIRST part of the solution: any https request with some name and a port extension 8443 can be typed into the browser and you are at your Plesk panel.

For instance, https://<custome name>:8443 will result in the login pages for the Plesk panel interface on your server.

Now we can address the SECOND part of the solution: to assure that ALL requests are served via https without losing the custom name.

b) go to Plesk Panel and

- create hosting for the (custom) domain
- create an empty directory (for the sake of convenience, I will use "panel" henceforth)
- go to the (custom) domain and go to "Apache & nginx Settings"
- enter in the "Additional nginx directives" textbox:

location = /panel {
return 301 https://<name>:8443;
}

and note that the value for <name> can be anything of the form <subdomain>.<custom domain>.<tld> or <custom domain>.<tld>, as long as proper A records do exist.

For instance, panel.domain.tld is possible, as well as domain.tld (the latter is not adviceable).

Also note that I did have to create an empty directory, in this case called "panel", with this empty directory being necessary to allow Nginx to override the Nginx settings and directives, as provided by default for the Plesk panel interface.

Plesk uses the following directive by default for the Plesk panel: error_page 497 https://$hostname:$server_port$request_uri;

This directive should be magical, according to Plesk, but in the real world, this directive becomes a problem, since there is no way of overriding the default directives if one does not have SSH access or sysadmin rights to change configuration files (and, moreover, manually editing config files is not really adviceable).

In essence, my directive does the same and a little bit more, when compared to the default Plesk directive: just rerouting all traffic for the panel to a standard https port.

Finally note that this is the SECOND part of the solution.

There should be some good news by now: if I am not mistaken, you do not get any SSL related errors at this stage, since the SSL certificate of the hosting provider should be used.

However, you still have the minor issue that you do not apply or implement valid SSL certificates for your (custom) domain (even though the SSL certificates actually used are valid).

Well, let´s proceed to the third an final part of the solution.

c) in order to use your own valid SSL certificates (as opposed to using the certificates from the hosting provider), you should simply

- buy them, if necessary
- upload them to (i.e. apply them in) the (custom) domain.

To be honest, this is the part that I did not test.

However, it should be the case that there is a tiny chance that it works: instead of using an error_page directive (i.e. returning pages from a https request with $hostname), the return directive (i.e. returning pages from a https request with the correct domain name) has been used within the domain itself.

I am not pretty sure, but it could work.

On the other hand, I personally should not bother to buy SSL certificates, if the certificates of the hosting provider remove all error notifications concerning these certificates.


In summary, I sincerely hope the above helps, but I would even more appreciate feedback from you, especially with respect to section c).

Regards and let me know!

PS To respond to your last post: you can use any kind of certificate, but at this moment letsencrypt is not the best choice: it is still in (public) beta.

 

[daanse]

@Daka,
....

HI, wow. Thank you. You understand my Problem. In this Case i do have access to that "SSH Key manager".
Is this the Section which work for a proper Solution? If not, i will go thru your awesome Guide.

Kindly let me know how we proceed. I don't know what i have to do in that SSH Key Manager. Never used that before.

Thank you

 

[trialotto]

@Daka,

I suppose that there is some misunderstanding: you mention a "ssh key manager", while I did refer to "root access via SSH" (i.e. SSH access with root rights).

There is a huge difference between the two and if you are actually referring to a "key manager", than this is not equal to the SSH access required.

However, I can be mistaken, you can correct me if I am mistaken.

Note that, if you have a reseller account (i.e. giving reseller access to the Plesk control panel from the hosting provider), it is very unlikely that you will be having sufficient administrative rights to alter fundamental elements and settings, like the hostname and/or the default configuration settings of the Plesk panel.

Also note that some recommended "easy" solutions (found online and/or given by Plesk) do not work in the real world and/or do not meet your requirements.

In essence, most of your requirements are met by the solution from my post.

I would suggest to implement (i.e. test) the solution and report some of the results back, primarily those results concerning the SSL certificates.

If any issue still exists, I will be happy to do a more detailed investigation, in order to resolve the SSL certificate problem.

Regards....

PS You can also start a personal conversation, if you would like to discuss the matter personally.

PS2 I would strongly advice you to consider to buy a small VPS in order to start hosting, since the costs are negligible and the flexibility (in general) can be enormous.

 

[daanse]

b) go to Plesk Panel and

- create hosting for the (custom) domain
- create an empty directory (for the sake of convenience, I will use "panel" henceforth)
- go to the (custom) domain and go to "Apache & nginx Settings"
- enter in the "Additional nginx directives" textbox:

location = /panel {
return 301 https://<name>:8443;
}

Cant find this one!
Please see Screenshot. Theres no Textfield

If you meant this: http://cdn.curvve.com/wp-content/uploads/Plesk-11.5-PHP-FPM-settings.png
i dont have that because Hoster turned nginx off. nginx is not good with some CMS (Joomla, Wordpress, Typo etc.)
Always Connection Timeouts, therefor he disabled it.

 

[trialotto]

@Daka,

I must stat that your hosting provider is telling you complete non-sense: Nginx can work fine with Joomla, WordPress etc. (and Nginx should certainly not be turned off in general).

I will continue with my response in the conversation started, have a look at that (in a couple of minutes).

Regards....

 

[daanse]

yes but it would come accross with the Golden Rule you mentioned. For Joomla and Wordpress etc. you have to make some changes at the nginx.conf File. Kinda different to each CMS.
And this would explain the whole connection timeout things i've been receiving since a few month. Its always related to nginx Webserver.
If you can proof different, your are very welcome.
thank you for your help.

 

[trialotto]

@Daka,

No, it is not really necessary to change a lot when using Nginx in front of specific applications, such as WordPress for example.

Changes to default Nginx configuration are only required if you want Nginx (or even Apache) to perform some specific task, such as caching.

In essence, in the default configuration used by Plesk, Nginx is simpy passing some requests to Apache (and vice versa), i.e. Nginx is functioning as a "pure proxy".

The above is somewhat simplified, but that is the core of the Apache + Nginx setup used in Plesk.

Also note that your connection timeouts are not very likely to be related to Nginx itself, but are probably the result of WordPress cronjobs and such alike.

In general, people tend to forget that, in the Apache + Nginx stack, Nginx will time out if Apache is overloaded and not providing a timely response.

In that case, one gets the error notification by Nginx (since it is the "front-end" of the stack), but the actual issue is caused by something else than Nginx.

To be honest, the "golden rule" still applies: "do not mess with...." and in this case "to mess" concerns a misunderstanding of the nature of the Apache + Nginx stack and the endresult is often a terrible configuration on either the Apache or the Nginx end of the stack.

In short, it is no rocket science, if one follows the correct path.......(that sounds like a part of a Star Wars dialogue, my apologies).

Regards!

 

[daanse]

Hm okay, thank you. But is there (Point B) a nother possibility to add some Commands without nginx installed?

in the PHP Settings Area

 

[trialotto]

@Daka,

To answer your (most recent) question: no, not really.

The Plesk panel interface is (by default) behind a Nginx front-end, making it very hard to apply a .htaccess rewrite (in theory, a .htaccess can work, but there is this high probability that the presence of the before mentioned front-end will mitigate the effects of a .htaccess rewrite).

Regards....

 

[daanse]

Hi,
thank you.

I did everything you said with nginx etc. and folder named "panel"
and

location = /panel {
return 301 https://server.xxx.xx:8443;
}
and a subdomain "server.xxx.xx" which points to that Server IP but still get that Error "False Certificate" and this error shows some Problems with that Server Certificate.
We activated nginx.

Should we restart server after we paste that Command into nginx directives?
Should the empty Folder has the same name as the Subdomain tag? (i.e. "server")?
I tried this thing with a valid Certificate for server.xxx.xx and without SSL support. Both leads me to same Certificate Error.
I deleted Cache and tried with several Browsers.

 

[trialotto]

@Daka,

In essence, Nginx does not have to be restarted (Nginx only needs to reload directives and the reload should have been taking place already).

There is one thing that you can try, but I want to test it myself first. I will keep you informed (and if I forget, just mail me in the already started conversation).

Regards....