Facebook
TwitterI was looking into a problem with redirect loops when using varnish inside a docker instance and "enabling Permanent SEO-safe 301 redirect from HTTP to HTTPS"
The problem is as varnish cannot communicate over https it routes back over the http port (7080) which simply has redirect rules and nothing more. In an effort to fix this I created,
/usr/local/psa/admin/conf/templates/custom/domain/domainVirtualHost.php
To remove the ${HTTPS} off lines and also the return; so it still generates the vhost as there isn't really a need for this to be in apache anyway given nginx also handles the SSL redirect so it should never reach this. This works relatively well with the only problem being it cannot detect when it's over SSL (as the SERVER_PORT isn't set). Our mod_rpaf fork (GitHub - gnif/mod_rpaf: reverse proxy add forward module for Apache) which is the offical active one now adays contains several fixes for this and will convert the SERVER_PORT based on the X_FOWARDED_PORT so is a solution around this.
The problem is when this is enabled as Plesk auto generates a config for mod_rpaf using the old config syntax (The original developer of mod_rpaf requested we used underscores in the config names to separate) this will cause apache syntax errors. So I created,
/usr/local/psa/admin/conf/templates/custom/server/rpaf.php with the following setup,
So all is good and working well. It will convert the port if X_FORWARDED_PORT is set and in turn detect HTTPS is available.
The final issue is with the docker extension this generates the entries in the nginx config where we can't seem to be able to set the following X-Forwarded-Port headers.
As far as I can see this is done in domain/nginxDomainVirtualHost.php with "$VAR->domain->physicalHosting->nginxExtensionsConfigs" which produces,
We need to add the following 2 headers,
So my questions are,
1) Do you know where we can adjust the template for the docker generated line above that nginxExtensionsConfigs produces. As far as I can see it's going to be in /usr/local/psa/admin/plib/modules/docker/ but these are encoded. Do these use templates somewhere that could be created/modified ?
If this isn't template based and cannot be modified any suggestions to hook this? Could preg_replace in the template but this isn't really ideal as it will also match other extensions that add nginx configs (such as wp toolkit).
2) In relation to mod_rpaf creating the template is fine but is there a way to make sure this version gets compiled/built on updates? Does plesk simply use the os package (RPM in this case ) if so what is the package name or does it compile/expect admin to compile. Just want to make sure this version is not removed during upgrades.
2.1) Would it be possible to look into getting plesk configs replaced to use the new mod_rpaf syntax as the version I linked to is the new official one.
4) For the rpaf template it generates the IP's however it doesn't add the IP of the docker0 interface (172.17.x.x). Is there a setting currently for this in the API (We have it hard coded for testing just now). Since it's not contained in: server->ipAddresses->all , ironically when I was looking up on this I actually seen an article on the plesk.com blog ( Varnish HTTP Cache plugin for Wordpress in a Docker container ) that mentions not to use the https redirect as it will redirect loop.
The problem is as varnish cannot communicate over https it routes back over the http port (7080) which simply has redirect rules and nothing more. In an effort to fix this I created,
/usr/local/psa/admin/conf/templates/custom/domain/domainVirtualHost.php
To remove the ${HTTPS} off lines and also the return; so it still generates the vhost as there isn't really a need for this to be in apache anyway given nginx also handles the SSL redirect so it should never reach this. This works relatively well with the only problem being it cannot detect when it's over SSL (as the SERVER_PORT isn't set). Our mod_rpaf fork (GitHub - gnif/mod_rpaf: reverse proxy add forward module for Apache) which is the offical active one now adays contains several fixes for this and will convert the SERVER_PORT based on the X_FOWARDED_PORT so is a solution around this.
The problem is when this is enabled as Plesk auto generates a config for mod_rpaf using the old config syntax (The original developer of mod_rpaf requested we used underscores in the config names to separate) this will cause apache syntax errors. So I created,
/usr/local/psa/admin/conf/templates/custom/server/rpaf.php with the following setup,
Code:
<IfModule <?php echo $OPT['mod'] ?>>
RPAF_Enable On
RPAF_SetHostName On
RPAF_SetHTTPS On
RPAF_SetPort On
RPAF_ForbidIfNotProxy Off
<?php for ($ipAddresses = $VAR->server->ipAddresses->all, $ipAddress = reset($ipAddresses); $ipAddress; $ipAddress = next($ipAddresses)): ?>
RPAF_ProxyIPs <?php echo $ipAddress->escapedAddress ?><?php for ($n = 1; $n < $VAR->server->webserver->apache->vhostIpCapacity && $ipAddress = next($ipAddresses); $n++) { echo " {$ipAddress->escapedAddress}"; } ?>
<?php endfor; ?>
</IfModule>So all is good and working well. It will convert the port if X_FORWARDED_PORT is set and in turn detect HTTPS is available.
The final issue is with the docker extension this generates the entries in the nginx config where we can't seem to be able to set the following X-Forwarded-Port headers.
As far as I can see this is done in domain/nginxDomainVirtualHost.php with "$VAR->domain->physicalHosting->nginxExtensionsConfigs" which produces,
Code:
location ~ ^/.* {
proxy_pass http://0.0.0.0:65280;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}We need to add the following 2 headers,
Code:
proxy_set_header X-Forwarded-Port 443;
proxy_set_header X-Forwarded-Proto https;So my questions are,
1) Do you know where we can adjust the template for the docker generated line above that nginxExtensionsConfigs produces. As far as I can see it's going to be in /usr/local/psa/admin/plib/modules/docker/ but these are encoded. Do these use templates somewhere that could be created/modified ?
If this isn't template based and cannot be modified any suggestions to hook this? Could preg_replace in the template but this isn't really ideal as it will also match other extensions that add nginx configs (such as wp toolkit).
2) In relation to mod_rpaf creating the template is fine but is there a way to make sure this version gets compiled/built on updates? Does plesk simply use the os package (RPM in this case ) if so what is the package name or does it compile/expect admin to compile. Just want to make sure this version is not removed during upgrades.
2.1) Would it be possible to look into getting plesk configs replaced to use the new mod_rpaf syntax as the version I linked to is the new official one.
4) For the rpaf template it generates the IP's however it doesn't add the IP of the docker0 interface (172.17.x.x). Is there a setting currently for this in the API (We have it hard coded for testing just now). Since it's not contained in: server->ipAddresses->all , ironically when I was looking up on this I actually seen an article on the plesk.com blog ( Varnish HTTP Cache plugin for Wordpress in a Docker container ) that mentions not to use the https redirect as it will redirect loop.
