Resolved Unbind IP address from Plesk

[Ross Edwards]

Hi - I have a Plesk 12.5.30 server with multiple IP addresses. I need to "release" one of the IP's for use by another Linux application (Jira) running on the server.

I have tried removing the IP address in Tools / Settings, however this seems to stop the IP address working completely. I still want Plesk to manage Firewall rules for this IP, however I don't want Apache / nginx listening on this IP.

I can see how to do this manually, however this requires manipulation of files that Plesk will overwrite.

I have searched, and can't find a proper solution, so what is the recommended solution to allow other applications on the server to use an IP?

 

[UFHH01]

Hi Ross Edwards,

your desired goals conflict with the command to remove an IP from Plesk. Pls. think again for example about the wish "I still want Plesk to manage Firewall rules for this IP", but on the other hand, you removed the IP from the psa - database.

You are certainly able to configure ( additional ) custom rules in your Plesk Firewall, which allows you to block/allow not only ports and IPs, but as well defined combinations of ports and IPs. Just give it a try and add a custom rule, to see how that works.

 

[Ross Edwards]

Hi there - thanks for your reply, however this is nothing to do with the firewall.

I can manage without having the IP address managed in the Plesk firewall. So if I don't need to manage the IP address in the Plesk firewall, then I remove the IP from the list. Then it stops working completely, for all other non-Plesk applications on the server. Presumably Plesk is updating the server's IP table and removing the IP address, so it can't be used at all.

So what is the recommended solution to have an IP address on a Plesk server, that is not used by Plesk, but is available for use by other services on the same hardware?

Many thanks in advance.

 

[UFHH01]

Hi Ross Edwards,

your system network - configuration is independent to Plesk and will be done over the configuration at "/etc/network" ( on Debian/Ubuntu - based operating systems ), or "/etc/sysconfig/network-scripts" ( on CentOS/RHEL - based systems ) for example. Pls. be aware, that this is a non-related-plesk task and you can find tutorials for such a task all over the internet, with a Google - Search like: => http://lmgtfy.com/?iie=1&q="add+IP"+"/etc/network"+"/etc/sysconfig/network-scripts"

But pls. still note, that IF you "reread" the IPs over the Plesk Control Panel ( which will even list and store ( manual ) added IPs on your server again in the Plesk database ) and you consider to "remove" an IP again there, as you already did, as you stated:

then I remove the IP from the list.

... that this will result as well in a removal of your ( manual added ) system network - configuration for this IP. That's the reason, why I wrote above, that your desired goals CONFLICT with the command to remove an IP over Plesk.

 

[Ross Edwards]

OK thanks - so as I understand it the process is:

Remove IP address from Plesk
Manually configure the server to enable the IP address to work (in my case this required creating a file "bond1:7" in /etc/sysconfig/network-scripts.
Avoid clicking "Re-read IP" in Plesk

To test - i did the last step and Plesk then re-binds to the IP address, if you then delete the IP again, Plesk deletes my network-scripts files and I am back to square one.

Is there no way to tell Plesk to "ignore" an IP address on the server to avoid the above problem?

 

[UFHH01]

Hi Ross Edwards,

Is there no way to tell Plesk to "ignore" an IP address on the server to avoid the above problem?

No.

But apart from that, I really don't see any difficulty at all in creating some custom rules in your Plesk firewall, to deny access at the webserver - ports for this specific IP. This is done within seconds.

Just to satisfy my curiosity: What holds you from creating custum rules and what is the reason to delete an existing IP from Plesk?

 

[Ross Edwards]

I want a 3rd party application which has it's own web server, to be accessible on a particular IP on port 80.

If Plesk is aware of the IP address then Apache listens on this port, I get the Plesk default webpage, and not my 3rd party application. If I block it in the Plesk firewall, then it doesn't work at all. I want it to be accessible publicly.

If I delete the IP from Plesk, it doesn't listen on this address, and my application can run. Until Plesk re-detects the IP addresses on the server...

 

[UFHH01]

Hi Ross Edwards,

If I delete the IP from Plesk, it doesn't listen on this address, and my application can run. Until Plesk re-detects the IP addresses on the server...

Actually, this description is partly incorrect. The initial apache - configuration for the ports is defined as:

NameVirtualHost *:80
Listen 80

<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to <VirtualHost *:443>
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    Listen 443
</IfModule>

<IfModule mod_gnutls.c>
    Listen 443
</IfModule>

OR ( when you use NGINX as well on your server ):

NameVirtualHost *:7080
Listen 7080

<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to <VirtualHost *:443>
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    Listen 7081
</IfModule>

<IfModule mod_gnutls.c>
    Listen 7081
</IfModule>

As you can see, apache listens on ALL IPs at port 80 or 7080 ( http ) and 443 or 7081 ( https ). The description for that information can be found in the apache2.conf ( Debian/Ubuntu ), or httpd.conf ( CentOS/RHEL ):

Example:

# It is split into several files forming the configuration hierarchy outlined
# below, all located in the /etc/apache2/ directory:
#
#    /etc/apache2/
#    |-- apache2.conf
#    |    `--  ports.conf
#    |-- mods-enabled
#    |    |-- *.load
#    |    `-- *.conf
#    |-- conf-enabled
#    |    `-- *.conf
#     `-- sites-enabled
#         `-- *.conf

... while the additional IP - configurations take place at the "sites-enabled" - folder ( symlinks from the "sites-available" - folder ) and ( with Plesk ) inside the folder "/etc/apache2/plesk.conf.d" ( Debian/Ubuntu ) or "/etc/httpd/plesk.conf.d" ( CentOS/RHEL ).


If your goal is to install an additional webserver on your server, you would certainly use different ports for this webserver, because apache/nginx are already listening on port 80/443 ( 7080/7081 ) for ALL IPs and to avoid that your specific IP would listen on port 80/443 ( 7080/7081 ), you would certainly add the already suggested customs rules, while you would continue to add additional custom rules, allowing the specific IP to listen on the configured ports from your additional webserver. - Quite logical, as I think.

 

[Ross Edwards]

Thanks for this information - very useful. I was hoping to run it on port 80 but from what you way, this may not be possible.