websrvmng --set-http-port --port=8080 on Plesk 10?

[dlarmeir]

I'm currently setting up a reverse proxy for a Plesk 10 server and noticed that the --set-http-port --port 8080 option is missing on /usr/local/psa/admin/sbin/websrvmng. Is there a way to get this back?

If not, do I have to make the chamges manually and make the config files immutable? I'm hoping this feature is not gone..

 

[dlarmeir]

Found something in the Plesk administrators guide.

Changing Default Apache Ports

Changing default http and https ports of Web server is useful when employing additional
Web server for caching purposes. For example, Nginx web server listens on the default ports
(80 http, 443 https), serves static content, say, all requests but PHP, and redirects PHP
requests to Apache. In turn, Apache web server listens on custom ports (say, 8888 and
8999) as and serves dynamic content - PHP requests.

To change the number of Apache HTTP port:
Find all occurrences of the string $VAR->server->webserver->httpPort and replace
them with the required port number enclosed in quotation marks, for example: "3456".

To change the number of Apache HTTPS port:
Find all occurrences of the string $VAR->server->webserver->httpsPort and replace
them with the required port number enclosed in quotation marks, for example: "4567".

Example
To make Apache listen to HTTP requests on port 3456, and HTTPS on 4567, make the
changes described above in all templates.

For example, in domain/domainVirtualHost.php:
<VirtualHost <?php echo $VAR->domain->physicalHosting->ipAddress->address
?>:<?php echo $OPT['ssl'] ? $VAR->server->webserver->httpsPort : $VAR-
>server->webserver->httpPort ?>>
ServerName "<?php echo $VAR->domain->asciiName ?>:<?php echo
$OPT['ssl'] ? $VAR->server->webserver->httpsPort : $VAR->server->webserver-
>httpPort ?>"

change to

<VirtualHost <?php echo $VAR->domain->physicalHosting->ipAddress->address
?>:<?php echo $OPT['ssl'] ? "4567" : "3456" ?>>
ServerName "<?php echo $VAR->domain->asciiName ?>:<?php echo
$OPT['ssl'] ? "4567" : "3456" ?>"

 

[dlarmeir]

I can easily make the changes, but Im curious this was removed from the websrvmng? Oh well, regardless the solution has been found.

@Parallels, I'd suggest adding this feature back for power users of your product to expedite configuration.

 

[laztrix]

Didn't undestand a thing. Where do we change it exactly.

 

[laztrix]

Can anyone elaborate more?

 

[HristosH]

first of all this solution is not working as i reported http://forum.parallels.com/showthread.php?p=456017#post456017

but, except this ...

how can you set different ports to multiple domains under plesk 10.3 ?

the plesk apache configuration documentation http://download1.parallels.com/Ples...linux-advanced-administration-guide/68800.htm lack of potential . it is a main apache's option to change listen ports to different domains

if you don't know it here what apache documentation http://httpd.apache.org/docs/1.3/vhosts/examples.html says :

Port-based vhosts

Setup: The server machine has one IP address (111.22.33.44) which resolves to the name www.domain.tld. If we don't have the option to get another address or alias for our server we can use port-based vhosts if we need a virtual host with a different configuration.
Server configuration:

...
Listen 80
Listen 8080
ServerName www.domain.tld
DocumentRoot /www/domain

<VirtualHost 111.22.33.44:8080>
DocumentRoot /www/domain2
...
</VirtualHost>

A request to www.domain.tld on port 80 is served from the main server and a request to port 8080 is served from the virtual host.

 

[HristosH]

no any answer until now ! has anybody succefull changed the apache's default port without warnings or problems ?


so , in plesk 10 we can not change the apache's default port ?

is this official bug ?

 

[Frater]

I personally don't like to change the port of the service itself.
I used iptables to redirect port 80 to port 8888

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8888

To make this flexible I modified my /etc/init.d/pound (the reverse proxy I'm using)
When pound starts it adds the rule and when it stops it deletes this rule.

POUND_PORT=`grep -A5 -im1 '^ListenHTTP' /etc/pound/pound.cfg | grep -i Port | awk '{print $2}' | tr -cd '0-9'`

ins_ipt_rule ()
{
iptables-save | grep PREROUTING | grep 'dport 80' | grep -q "${POUND_PORT}" || iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port ${POUND_PORT}
}

del_ipt_rule ()
{
iptables-save | grep PREROUTING | grep 'dport 80' | grep -q "${POUND_PORT}" && iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port ${POUND_PORT}
}


The reverse proxy is working after you also open port 8888 in your INPUT chain of the firewall.

I also don't like the very simple approach of the plesk module psa-firewall so I deleted it, but this is not necessary per se.

iptables-save >/etc/iptables.rules
aptitude remove psa-firewall
vi /etc/network/if-up.d/iptables
#!/bin/sh
iptables-restore </etc/iptables.rules
chmod +x /etc/network/if-up.d/iptables


Now we have to solve the problem that all logs contain the IP of the proxy instead of the accessing host.

mkdir -p /opt/psa/admin/conf/templates/custom/domain
cp /opt/psa/admin/conf/templates/default/server.php /opt/psa/admin/conf/templates/custom/
cp /opt/psa/admin/conf/templates/default/domain/domainVirtualHost.php /opt/psa/admin/conf/templates/custom/domain/
cp /opt/psa/admin/conf/templates/default/domain/subDomainVirtualHost.php /opt/psa/admin/conf/templates/custom/domain/


in those 3 files you need to replace the 'CustomLog' line with 2 'CustomLog' lines.

# diff /opt/psa/admin/conf/templates/default/domain/domainVirtualHost.php /opt/psa/admin/conf/templates/custom/domain/domainVirtualHost.php
28c28,29
< CustomLog <?php echo $VAR->domain->physicalHosting->logsDir ?>/<?php echo $OPT['ssl'] ? 'access_ssl_log' : 'access_log' ?> plesklog
---
> CustomLog <?php echo $VAR->domain->physicalHosting->logsDir ?>/<?php echo $OPT['ssl'] ? 'access_ssl_log' : 'access_log' ?> plesklog_proxy env=is-forwarder
> CustomLog <?php echo $VAR->domain->physicalHosting->logsDir ?>/<?php echo $OPT['ssl'] ? 'access_ssl_log' : 'access_log' ?> plesklog env=!is-forwarder

# diff /opt/psa/admin/conf/templates/default/domain/subDomainVirtualHost.php /opt/psa/admin/conf/templates/custom/domain/subDomainVirtualHost.php
22c22,23
< CustomLog <?php echo $VAR->domain->physicalHosting->logsDir ?>/<?php echo $OPT['ssl'] ? 'access_ssl_log' : 'access_log' ?> plesklog
---
> CustomLog <?php echo $VAR->domain->physicalHosting->logsDir ?>/<?php echo $OPT['ssl'] ? 'access_ssl_log' : 'access_log' ?> plesklog env=!is-forwarder
> CustomLog <?php echo $VAR->domain->physicalHosting->logsDir ?>/<?php echo $OPT['ssl'] ? 'access_ssl_log' : 'access_log' ?> plesklog_proxy env=is-forwarder

# diff /opt/psa/admin/conf/templates/default/server.php /opt/psa/admin/conf/templates/custom/server.php
16a17
> SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" is-forwarder
18a20
> LogFormat "<?php echo $VAR->server->webserver->apache->pipelogEnabled ? '%v@@%p@@' : ''?>%{X-Forwarded-For}i %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" plesklog_proxy
21a24
> LogFormat "<?php echo $VAR->server->webserver->apache->pipelogEnabled ? '%v@@%p@@' : ''?>%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" plesklog_proxy
25c28,29
< CustomLog "|<?php echo $VAR->server->productRootDir ?>/admin/sbin/pipelog <?php echo $VAR->server->webserver->httpsPort ?>" plesklog
---
> CustomLog "|<?php echo $VAR->server->productRootDir ?>/admin/sbin/pipelog <?php echo $VAR->server->webserver->httpsPort ?>" plesklog env=!is-forwarder
> CustomLog "|<?php echo $VAR->server->productRootDir ?>/admin/sbin/pipelog <?php echo $VAR->server->webserver->httpsPort ?>" plesklog_proxy env=is-forwarder

Then issue the commands:
/opt/psa/admin/sbin/httpdmng --reconfigure-all
/etc/init.d/apache2 restart

This will change all the configs of the domains on your Plesk
When Apache detects an X-Forwarded-For field it will use '%{X-Forwarded-For}i' instead of '%h'
When the proxy is turned off there's a potential risk that a foreign proxy will influence your log too.
I could set the 'is-forwarder' with the 'hostaddress' being the local proxy IP, but I don't know (yet) how to do this.
If your proxy is always turned on this is a non-issue.

I used this as a reference:
http://80.84.224.198/plesk/Plesk/PP...nistration-guide/index.htm?fileName=68693.htm

 

[Frater]

I just recently found out that "iptables REDIRECT" didn't fully work as I expected.
The syntax already implied that I could only redirect the port and not the IP.
I assumed (wrong) that traffic would go to the original IP, but I found out it went to the IP of the parent interface.
As virtual hosting on the plesk is configured in a way that it really needs to go to that IP this trick will not properly work on plesks in a multi-homed config (more than 1 external IP).


I am therefore now using another iptables method (DNAT):

iptables -t nat -A PREROUTING -d ${IP} -p tcp -m tcp --dport 80 -j DNAT --to-destination ${IP}:${VARNISH_PORT}



As a reverse proxy I'm using varnish and I tinkered with the /etc/init.d/varnish script with the following result:

#! /bin/sh

### BEGIN INIT INFO
# Provides:          varnish
# Required-Start:    $local_fs $remote_fs $network
# Required-Stop:     $local_fs $remote_fs $network
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Start HTTP accelerator
# Description:       This script provides a server-side cache
#                    to be run in front of a httpd and should
#                    listen on port 80 on a properly configured
#                    system
### END INIT INFO

# Source function library
. /lib/lsb/init-functions

NAME=varnishd
DESC="HTTP accelerator"
PATH=/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/varnishd
PIDFILE=/var/run/$NAME.pid

test -x $DAEMON || exit 0

#################################################### iptables modification
# if varnish should redirect port 80
REDIRECT=1
ht=`echo -e '\011'` # codify horizontal tab
IPLIST=`mktemp`

getiplist ()
{
  SRVPORT=$1
  echo -n '' >${IPLIST}
  if [ ! -z "${SRVPORT}" ] ; then
    # get IP's varnish is listening to (no localhost)
    netstat -lntp | grep 'tcp ' | egrep -o '[0-9.]+:6081' | grep -v '^127\.'  | awk -F: '{print $1}' >${IPLIST}
    # if it is listening to all interfaces (0.0.0.0) then get the ipv4 interfacelist
    grep -q '0\.0\.0\.0' ${IPLIST} && ifconfig | egrep -o 'inet addr:[0-9.]+' | awk -F: '{print $2}' | grep -v '^127\.' >${IPLIST}
  fi
}

ins_ipt_rule ()
{
        echo "Check if ports need to be translated"
        while read IP ; do
                # check if rule isn't yet present
                if ! iptables-save | grep PREROUTING | grep "${IP}" | grep 'dport 80' | grep -q "${VARNISH_PORT}" ; then
                        echo "Traffic going to ${IP}:80 will be translated to ${IP}:${VARNISH_PORT}"
                        iptables -t nat -A PREROUTING -d ${IP} -p tcp -m tcp --dport 80 -j DNAT --to-destination ${IP}:${VARNISH_PORT}
                fi
        done < ${IPLIST}
}

del_ipt_rule ()
{
        echo "Check if port translations need to be deleted"
        while read IP ; do
                # check if rule is present
                if iptables-save | grep PREROUTING | grep "${IP}" | grep 'dport 80' | grep -q "${VARNISH_PORT}" ; then
                        echo "Traffic going to ${IP}:80 will NOT be translated anymore to ${IP}:${VARNISH_PORT}"
                        iptables -t nat -D PREROUTING -d ${IP} -p tcp -m tcp --dport 80 -j DNAT --to-destination ${IP}:${VARNISH_PORT}
                fi
        done < ${IPLIST}
}

################################################### end

# Include varnish defaults if available
if [ -f /etc/default/varnish ] ; then
        . /etc/default/varnish
fi

VARNISH_PORT=`echo "${DAEMON_OPTS}" | grep -o '\-a [a-z0-9.]*:.* ' | awk -F: '{print $2}' | awk '{print $1}'`
[ -z "${VARNISH_LISTEN_PORT}" ] || VARNISH_PORT=${VARNISH_LISTEN_PORT}


# Open files (usually 1024, which is way too small for varnish)
ulimit -n ${NFILES:-131072}

# Maxiumum locked memory size for shared memory log
ulimit -l ${MEMLOCK:-82000}

# If $DAEMON_OPTS is not set at all in /etc/default/varnish, use minimal useful
# defaults (Backend at localhost:8080, a common place to put a locally
# installed application server.)
DAEMON_OPTS=${DAEMON_OPTS:--b localhost}

# Ensure we have a PATH
export PATH="${PATH:+$PATH:}/usr/sbin:/usr/bin:/sbin:/bin"

start_varnishd() {
    log_daemon_msg "Starting $DESC" "$NAME"
    output=$(/bin/tempfile -s.varnish)
    if start-stop-daemon \
        --start --quiet --pidfile ${PIDFILE} --exec ${DAEMON} -- \
        -P ${PIDFILE} ${DAEMON_OPTS} > ${output} 2>&1; then
        log_end_msg 0
        if [ ${REDIRECT} -ne 0 ] && [ ! -z "${VARNISH_PORT}" ] ; then
                getiplist "${VARNISH_PORT}"
                ins_ipt_rule
        elif [ ${REDIRECT} -ne 0 ] ; then
                echo "Could not detect port on which Varnish is running"
        fi
    else
        log_end_msg 1
        cat $output
        exit 1
    fi
    rm $output
}

disabled_varnishd() {
    log_daemon_msg "Not starting $DESC" "$NAME"
    log_progress_msg "disabled in /etc/default/varnish"
    log_end_msg 0
}

stop_varnishd() {
    log_daemon_msg "Stopping $DESC" "$NAME"
    if [ ${REDIRECT} -ne 0 ] && [ ! -z "${VARNISH_PORT}" ] ; then
        getiplist ${VARNISH_PORT}
    elif [ ${REDIRECT} -ne 0 ] ; then
        echo "Could not detect port on which Varnish is running"
    fi
    if start-stop-daemon \
        --stop --quiet --pidfile $PIDFILE --retry 10 \
        --exec $DAEMON; then
        log_end_msg 0
        del_ipt_rule
    else
        log_end_msg 1
    fi
}

reload_varnishd() {
    log_daemon_msg "Reloading $DESC" "$NAME"
    if /usr/share/varnish/reload-vcl -q; then
        log_end_msg 0
    else
        log_end_msg 1
    fi
}

status_varnishd() {
    status_of_proc -p "${PIDFILE}" "${DAEMON}" "${NAME}"
}

case "$1" in
    start)
        case "${START:-}" in
            [Yy]es|[Yy]|1|[Tt]|[Tt]rue)
                start_varnishd
                ;;
            *)
                disabled_varnishd
                ;;
        esac
        ;;
    stop)
        stop_varnishd
        ;;
    reload)
        reload_varnishd
        ;;
    status)
        status_varnishd
        ;;
    restart|force-reload)
        $0 stop
        $0 start
        ;;
    *)
        log_success_msg "Usage: $0 {start|stop|restart|force-reload}"
        exit 1
        ;;
esac

[ -f ${IPLIST} ] && rm -f ${IPLIST}

exit 0

 

[SergiuV]

Hi guys

Just in case any of you is still looking for a clean way to change the apache ports (http and https) on Plesk 10, please see bellow how this is done:

WARNING!!!!!!!
Create backup copies of the files that you are going to change!!!!!


1. For https (SSL) you need to edit file
/etc/httpd/conf.d/ssl.conf
and change the line
Listen 443
to whatever value you want, like for example
Listen 1234

2. For http you need to edit this file
/etc/httpd/conf/httpd.conf
and change the line
Liste 80
to the port number that you wish, like for example
Listen 8080

Of course that before changing the ports, make sure that they are not yet in use by another application. For this, run this command at the command promt:
> netstat -nl | grep <port_number>
See bellow an example:
# netstat -nl | grep 443
tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN
tcp 0 0 :::1443 :::* LISTEN

In this case port 443 is available so I can use it.

After changing the files you need to reconfigure/resync Plesk. Eventually manual restart Apache.


So, good luck

P.S. I take no responsibility for any damage that might result from following this tutorial.