• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

SSL sites receive 502 Bad Gateway when nginx is enabled

BoiseComputer

Regular Pleskian
When I turn on nginx for the server I am able to browse non SSL protected sites correctly. I receive a 502 Bad Gateway error on any sites that have an SSL certificate. Is there a fix for this? I have been unable to find one.

I am running Plesk 12 on an Ubuntu server.
 
I have gotten all but one of my SSL sites to work. It seems for that domain the files/symlinks are not the same as on of my other SSL sites. I am thinking I might delete that user/domain and re-upload the files and recreate the database to see if it fixes the issue. I have tried rebuilding the config files with the extension and reconfiguring the domain from the command line. Once I get this one site fixed I will finally be able to use nginx.
 
I have gotten all but one of my SSL sites to work. It seems for that domain the files/symlinks are not the same as on of my other SSL sites. I am thinking I might delete that user/domain and re-upload the files and recreate the database to see if it fixes the issue. I have tried rebuilding the config files with the extension and reconfiguring the domain from the command line. Once I get this one site fixed I will finally be able to use nginx.
Id plain check nginx.conf in the https-section and compare to http-section - same for Apache. Educated guess without info: the Apache-https in that domain's vhost is configured incorrectly (fast fix: clone site to another; delete that customer site incl. the domain; clone back to the original site - I know, but thats Plesk logic ;) ).
 
I fixed it.
I added the following at the end of the file vhosts_ssl.conf in the conf folder for each domain that wouldn't pull up correctly.
Code:
SSLHonorCipherOrder On
SSLProtocol all -SSLv2
SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AEDH:!AESGCM
SSLInsecureRenegotiation off
 
Hi BoiseComputer,

your current modifications are vulnerable and NGINX SSL/TLS renegotiation is disabled since "nginx 0.8.23" ( 11.11.2009 ).
Some of your domains on your server ip even don't have a valid SSL certificate ( false configurations or certificates pointing to ssl2000.cloudflare.com ). You might want to check your configurations on https://www.ssllabs.com/ssltest/
 
Thanks for pointing that out UFHH01. I found out that the "Run As User" was causing errors with SSL on NGINX. I disabled that on the accounts and the secure ciphers and protocols now work correctly. The cloudflare.com SSL is hybrid between the user and cloudflare. The others should be normal SSL now. Feel free to let me know if you see any other issues.
 
Back
Top