1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

websrvmng --set-http-port --port=8080 on Plesk 10?

Discussion in 'Plesk 10.x for Linux Issues, Fixes, How-To' started by dlarmeir, Feb 5, 2011.

  1. dlarmeir

    dlarmeir Guest

    0
     
    I'm currently setting up a reverse proxy for a Plesk 10 server and noticed that the --set-http-port --port 8080 option is missing on /usr/local/psa/admin/sbin/websrvmng. Is there a way to get this back?

    If not, do I have to make the chamges manually and make the config files immutable? I'm hoping this feature is not gone..
     
  2. dlarmeir

    dlarmeir Guest

    0
     
    Found something in the Plesk administrators guide.

    Changing Default Apache Ports

    Changing default http and https ports of Web server is useful when employing additional
    Web server for caching purposes. For example, Nginx web server listens on the default ports
    (80 http, 443 https), serves static content, say, all requests but PHP, and redirects PHP
    requests to Apache. In turn, Apache web server listens on custom ports (say, 8888 and
    8999) as and serves dynamic content - PHP requests.

    To change the number of Apache HTTP port:
    Find all occurrences of the string $VAR->server->webserver->httpPort and replace
    them with the required port number enclosed in quotation marks, for example: "3456".

    To change the number of Apache HTTPS port:
    Find all occurrences of the string $VAR->server->webserver->httpsPort and replace
    them with the required port number enclosed in quotation marks, for example: "4567".

    Example
    To make Apache listen to HTTP requests on port 3456, and HTTPS on 4567, make the
    changes described above in all templates.

    For example, in domain/domainVirtualHost.php:
    <VirtualHost <?php echo $VAR->domain->physicalHosting->ipAddress->address
    ?>:<?php echo $OPT['ssl'] ? $VAR->server->webserver->httpsPort : $VAR-
    >server->webserver->httpPort ?>>
    ServerName "<?php echo $VAR->domain->asciiName ?>:<?php echo
    $OPT['ssl'] ? $VAR->server->webserver->httpsPort : $VAR->server->webserver-
    >httpPort ?>"

    change to

    <VirtualHost <?php echo $VAR->domain->physicalHosting->ipAddress->address
    ?>:<?php echo $OPT['ssl'] ? "4567" : "3456" ?>>
    ServerName "<?php echo $VAR->domain->asciiName ?>:<?php echo
    $OPT['ssl'] ? "4567" : "3456" ?>"
     
  3. dlarmeir

    dlarmeir Guest

    0
     
    I can easily make the changes, but Im curious this was removed from the websrvmng? Oh well, regardless the solution has been found.

    @Parallels, I'd suggest adding this feature back for power users of your product to expedite configuration.
     
  4. laztrix

    laztrix Guest

    0
     
    Didn't undestand a thing. Where do we change it exactly.
     
  5. laztrix

    laztrix Guest

    0
     
    Can anyone elaborate more?
     
  6. HristosH

    HristosH Guest

    0
     
    first of all this solution is not working as i reported http://forum.parallels.com/showthread.php?p=456017#post456017

    but, except this ...

    how can you set different ports to multiple domains under plesk 10.3 ?

    the plesk apache configuration documentation http://download1.parallels.com/Ples...linux-advanced-administration-guide/68800.htm lack of potential . it is a main apache's option to change listen ports to different domains

    if you don't know it here what apache documentation http://httpd.apache.org/docs/1.3/vhosts/examples.html says :
     
    Last edited by a moderator: Aug 23, 2011
  7. HristosH

    HristosH Guest

    0
     
    no any answer until now ! has anybody succefull changed the apache's default port without warnings or problems ?


    so , in plesk 10 we can not change the apache's default port ?

    is this official bug ?
     
  8. Frater

    Frater Regular Pleskian

    18
     
    Joined:
    Oct 17, 2011
    Messages:
    173
    Likes Received:
    3
    I personally don't like to change the port of the service itself.
    I used iptables to redirect port 80 to port 8888

    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8888

    To make this flexible I modified my /etc/init.d/pound (the reverse proxy I'm using)
    When pound starts it adds the rule and when it stops it deletes this rule.

    POUND_PORT=`grep -A5 -im1 '^ListenHTTP' /etc/pound/pound.cfg | grep -i Port | awk '{print $2}' | tr -cd '0-9'`

    ins_ipt_rule ()
    {
    iptables-save | grep PREROUTING | grep 'dport 80' | grep -q "${POUND_PORT}" || iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port ${POUND_PORT}
    }

    del_ipt_rule ()
    {
    iptables-save | grep PREROUTING | grep 'dport 80' | grep -q "${POUND_PORT}" && iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port ${POUND_PORT}
    }


    The reverse proxy is working after you also open port 8888 in your INPUT chain of the firewall.

    I also don't like the very simple approach of the plesk module psa-firewall so I deleted it, but this is not necessary per se.

    iptables-save >/etc/iptables.rules
    aptitude remove psa-firewall
    vi /etc/network/if-up.d/iptables
    #!/bin/sh
    iptables-restore </etc/iptables.rules
    chmod +x /etc/network/if-up.d/iptables


    Now we have to solve the problem that all logs contain the IP of the proxy instead of the accessing host.

    mkdir -p /opt/psa/admin/conf/templates/custom/domain
    cp /opt/psa/admin/conf/templates/default/server.php /opt/psa/admin/conf/templates/custom/
    cp /opt/psa/admin/conf/templates/default/domain/domainVirtualHost.php /opt/psa/admin/conf/templates/custom/domain/
    cp /opt/psa/admin/conf/templates/default/domain/subDomainVirtualHost.php /opt/psa/admin/conf/templates/custom/domain/


    in those 3 files you need to replace the 'CustomLog' line with 2 'CustomLog' lines.

    # diff /opt/psa/admin/conf/templates/default/domain/domainVirtualHost.php /opt/psa/admin/conf/templates/custom/domain/domainVirtualHost.php
    28c28,29
    < CustomLog <?php echo $VAR->domain->physicalHosting->logsDir ?>/<?php echo $OPT['ssl'] ? 'access_ssl_log' : 'access_log' ?> plesklog
    ---
    > CustomLog <?php echo $VAR->domain->physicalHosting->logsDir ?>/<?php echo $OPT['ssl'] ? 'access_ssl_log' : 'access_log' ?> plesklog_proxy env=is-forwarder
    > CustomLog <?php echo $VAR->domain->physicalHosting->logsDir ?>/<?php echo $OPT['ssl'] ? 'access_ssl_log' : 'access_log' ?> plesklog env=!is-forwarder

    # diff /opt/psa/admin/conf/templates/default/domain/subDomainVirtualHost.php /opt/psa/admin/conf/templates/custom/domain/subDomainVirtualHost.php
    22c22,23
    < CustomLog <?php echo $VAR->domain->physicalHosting->logsDir ?>/<?php echo $OPT['ssl'] ? 'access_ssl_log' : 'access_log' ?> plesklog
    ---
    > CustomLog <?php echo $VAR->domain->physicalHosting->logsDir ?>/<?php echo $OPT['ssl'] ? 'access_ssl_log' : 'access_log' ?> plesklog env=!is-forwarder
    > CustomLog <?php echo $VAR->domain->physicalHosting->logsDir ?>/<?php echo $OPT['ssl'] ? 'access_ssl_log' : 'access_log' ?> plesklog_proxy env=is-forwarder

    # diff /opt/psa/admin/conf/templates/default/server.php /opt/psa/admin/conf/templates/custom/server.php
    16a17
    > SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" is-forwarder
    18a20
    > LogFormat "<?php echo $VAR->server->webserver->apache->pipelogEnabled ? '%v@@%p@@' : ''?>%{X-Forwarded-For}i %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" plesklog_proxy
    21a24
    > LogFormat "<?php echo $VAR->server->webserver->apache->pipelogEnabled ? '%v@@%p@@' : ''?>%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" plesklog_proxy
    25c28,29
    < CustomLog "|<?php echo $VAR->server->productRootDir ?>/admin/sbin/pipelog <?php echo $VAR->server->webserver->httpsPort ?>" plesklog
    ---
    > CustomLog "|<?php echo $VAR->server->productRootDir ?>/admin/sbin/pipelog <?php echo $VAR->server->webserver->httpsPort ?>" plesklog env=!is-forwarder
    > CustomLog "|<?php echo $VAR->server->productRootDir ?>/admin/sbin/pipelog <?php echo $VAR->server->webserver->httpsPort ?>" plesklog_proxy env=is-forwarder

    Then issue the commands:
    /opt/psa/admin/sbin/httpdmng --reconfigure-all
    /etc/init.d/apache2 restart

    This will change all the configs of the domains on your Plesk
    When Apache detects an X-Forwarded-For field it will use '%{X-Forwarded-For}i' instead of '%h'
    When the proxy is turned off there's a potential risk that a foreign proxy will influence your log too.
    I could set the 'is-forwarder' with the 'hostaddress' being the local proxy IP, but I don't know (yet) how to do this.
    If your proxy is always turned on this is a non-issue.

    I used this as a reference:
    http://80.84.224.198/plesk/Plesk/PP...nistration-guide/index.htm?fileName=68693.htm
     
  9. Frater

    Frater Regular Pleskian

    18
     
    Joined:
    Oct 17, 2011
    Messages:
    173
    Likes Received:
    3
    I just recently found out that "iptables REDIRECT" didn't fully work as I expected.
    The syntax already implied that I could only redirect the port and not the IP.
    I assumed (wrong) that traffic would go to the original IP, but I found out it went to the IP of the parent interface.
    As virtual hosting on the plesk is configured in a way that it really needs to go to that IP this trick will not properly work on plesks in a multi-homed config (more than 1 external IP).


    I am therefore now using another iptables method (DNAT):

    iptables -t nat -A PREROUTING -d ${IP} -p tcp -m tcp --dport 80 -j DNAT --to-destination ${IP}:${VARNISH_PORT}



    As a reverse proxy I'm using varnish and I tinkered with the /etc/init.d/varnish script with the following result:



    Code:
    #! /bin/sh
    
    ### BEGIN INIT INFO
    # Provides:          varnish
    # Required-Start:    $local_fs $remote_fs $network
    # Required-Stop:     $local_fs $remote_fs $network
    # Default-Start:     2 3 4 5
    # Default-Stop:      0 1 6
    # Short-Description: Start HTTP accelerator
    # Description:       This script provides a server-side cache
    #                    to be run in front of a httpd and should
    #                    listen on port 80 on a properly configured
    #                    system
    ### END INIT INFO
    
    # Source function library
    . /lib/lsb/init-functions
    
    NAME=varnishd
    DESC="HTTP accelerator"
    PATH=/sbin:/bin:/usr/sbin:/usr/bin
    DAEMON=/usr/sbin/varnishd
    PIDFILE=/var/run/$NAME.pid
    
    test -x $DAEMON || exit 0
    
    #################################################### iptables modification
    # if varnish should redirect port 80
    REDIRECT=1
    ht=`echo -e '\011'` # codify horizontal tab
    IPLIST=`mktemp`
    
    getiplist ()
    {
      SRVPORT=$1
      echo -n '' >${IPLIST}
      if [ ! -z "${SRVPORT}" ] ; then
        # get IP's varnish is listening to (no localhost)
        netstat -lntp | grep 'tcp ' | egrep -o '[0-9.]+:6081' | grep -v '^127\.'  | awk -F: '{print $1}' >${IPLIST}
        # if it is listening to all interfaces (0.0.0.0) then get the ipv4 interfacelist
        grep -q '0\.0\.0\.0' ${IPLIST} && ifconfig | egrep -o 'inet addr:[0-9.]+' | awk -F: '{print $2}' | grep -v '^127\.' >${IPLIST}
      fi
    }
    
    ins_ipt_rule ()
    {
            echo "Check if ports need to be translated"
            while read IP ; do
                    # check if rule isn't yet present
                    if ! iptables-save | grep PREROUTING | grep "${IP}" | grep 'dport 80' | grep -q "${VARNISH_PORT}" ; then
                            echo "Traffic going to ${IP}:80 will be translated to ${IP}:${VARNISH_PORT}"
                            iptables -t nat -A PREROUTING -d ${IP} -p tcp -m tcp --dport 80 -j DNAT --to-destination ${IP}:${VARNISH_PORT}
                    fi
            done < ${IPLIST}
    }
    
    del_ipt_rule ()
    {
            echo "Check if port translations need to be deleted"
            while read IP ; do
                    # check if rule is present
                    if iptables-save | grep PREROUTING | grep "${IP}" | grep 'dport 80' | grep -q "${VARNISH_PORT}" ; then
                            echo "Traffic going to ${IP}:80 will NOT be translated anymore to ${IP}:${VARNISH_PORT}"
                            iptables -t nat -D PREROUTING -d ${IP} -p tcp -m tcp --dport 80 -j DNAT --to-destination ${IP}:${VARNISH_PORT}
                    fi
            done < ${IPLIST}
    }
    
    ################################################### end
    
    # Include varnish defaults if available
    if [ -f /etc/default/varnish ] ; then
            . /etc/default/varnish
    fi
    
    VARNISH_PORT=`echo "${DAEMON_OPTS}" | grep -o '\-a [a-z0-9.]*:.* ' | awk -F: '{print $2}' | awk '{print $1}'`
    [ -z "${VARNISH_LISTEN_PORT}" ] || VARNISH_PORT=${VARNISH_LISTEN_PORT}
    
    
    # Open files (usually 1024, which is way too small for varnish)
    ulimit -n ${NFILES:-131072}
    
    # Maxiumum locked memory size for shared memory log
    ulimit -l ${MEMLOCK:-82000}
    
    # If $DAEMON_OPTS is not set at all in /etc/default/varnish, use minimal useful
    # defaults (Backend at localhost:8080, a common place to put a locally
    # installed application server.)
    DAEMON_OPTS=${DAEMON_OPTS:--b localhost}
    
    # Ensure we have a PATH
    export PATH="${PATH:+$PATH:}/usr/sbin:/usr/bin:/sbin:/bin"
    
    start_varnishd() {
        log_daemon_msg "Starting $DESC" "$NAME"
        output=$(/bin/tempfile -s.varnish)
        if start-stop-daemon \
            --start --quiet --pidfile ${PIDFILE} --exec ${DAEMON} -- \
            -P ${PIDFILE} ${DAEMON_OPTS} > ${output} 2>&1; then
            log_end_msg 0
            if [ ${REDIRECT} -ne 0 ] && [ ! -z "${VARNISH_PORT}" ] ; then
                    getiplist "${VARNISH_PORT}"
                    ins_ipt_rule
            elif [ ${REDIRECT} -ne 0 ] ; then
                    echo "Could not detect port on which Varnish is running"
            fi
        else
            log_end_msg 1
            cat $output
            exit 1
        fi
        rm $output
    }
    
    disabled_varnishd() {
        log_daemon_msg "Not starting $DESC" "$NAME"
        log_progress_msg "disabled in /etc/default/varnish"
        log_end_msg 0
    }
    
    stop_varnishd() {
        log_daemon_msg "Stopping $DESC" "$NAME"
        if [ ${REDIRECT} -ne 0 ] && [ ! -z "${VARNISH_PORT}" ] ; then
            getiplist ${VARNISH_PORT}
        elif [ ${REDIRECT} -ne 0 ] ; then
            echo "Could not detect port on which Varnish is running"
        fi
        if start-stop-daemon \
            --stop --quiet --pidfile $PIDFILE --retry 10 \
            --exec $DAEMON; then
            log_end_msg 0
            del_ipt_rule
        else
            log_end_msg 1
        fi
    }
    
    reload_varnishd() {
        log_daemon_msg "Reloading $DESC" "$NAME"
        if /usr/share/varnish/reload-vcl -q; then
            log_end_msg 0
        else
            log_end_msg 1
        fi
    }
    
    status_varnishd() {
        status_of_proc -p "${PIDFILE}" "${DAEMON}" "${NAME}"
    }
    
    case "$1" in
        start)
            case "${START:-}" in
                [Yy]es|[Yy]|1|[Tt]|[Tt]rue)
                    start_varnishd
                    ;;
                *)
                    disabled_varnishd
                    ;;
            esac
            ;;
        stop)
            stop_varnishd
            ;;
        reload)
            reload_varnishd
            ;;
        status)
            status_varnishd
            ;;
        restart|force-reload)
            $0 stop
            $0 start
            ;;
        *)
            log_success_msg "Usage: $0 {start|stop|restart|force-reload}"
            exit 1
            ;;
    esac
    
    [ -f ${IPLIST} ] && rm -f ${IPLIST}
    
    exit 0
    
     
    Last edited: Nov 28, 2011
  10. SergiuV

    SergiuV Guest

    0
     
    Hi guys

    Just in case any of you is still looking for a clean way to change the apache ports (http and https) on Plesk 10, please see bellow how this is done:

    WARNING!!!!!!!
    Create backup copies of the files that you are going to change!!!!!


    1. For https (SSL) you need to edit file
    /etc/httpd/conf.d/ssl.conf
    and change the line
    Listen 443
    to whatever value you want, like for example
    Listen 1234

    2. For http you need to edit this file
    /etc/httpd/conf/httpd.conf
    and change the line
    Liste 80
    to the port number that you wish, like for example
    Listen 8080

    Of course that before changing the ports, make sure that they are not yet in use by another application. For this, run this command at the command promt:
    > netstat -nl | grep <port_number>
    See bellow an example:
    # netstat -nl | grep 443
    tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN
    tcp 0 0 :::1443 :::* LISTEN

    In this case port 443 is available so I can use it.

    After changing the files you need to reconfigure/resync Plesk. Eventually manual restart Apache.


    So, good luck

    P.S. I take no responsibility for any damage that might result from following this tutorial.
     
    Last edited by a moderator: Dec 2, 2011
Loading...