Page 1 of 2 1 2 LastLast
Results 1 to 20 of 33

Thread: nginx reverse proxy and php's $_SERVER['SERVER_PORT']

  1. #1
    Kilo Poster
    Join Date
    Jun 2012
    Posts
    12

    Default nginx reverse proxy and php's $_SERVER['SERVER_PORT']

    I tried using nginx as a reverse proxy as provided by plesk 11. Only problem remaining (so far) is that i have a php software that uses $_SERVER['SERVER_PORT'] inside redirects.

    apache's mod_php gets the wrong server port when using nginx: 7080 instead of 80, so every php script depending on the correct port won't run.

    i tried editing /opt/psa/admin/conf/templates/default/domain/nginxDomainVirtualHost.php and added $server_port:

    proxy_set_header Host $host:$server_port;

    this works on some scripts, but crashes typo3 for example.



  2. #2

    Default

    Quote Originally Posted by wombat View Post
    apache's mod_php gets the wrong server port when using nginx: 7080 instead of 80,
    I don't think its a wrong port, its just the exact port that apache is running on. 80 is for nginx. However, with an extra manuplation of your system you can have both apache and nginx run on port 80 but you would require 2 IPs on the server, tieing each web server on its own IP.
    Abdi Joseph

    Level 3 Hands-On Premium Support @ $20/Per Ticket
    ==> http://www.jolis.net/packages.php?spt=47 <==



  3. #3
    Kilo Poster
    Join Date
    Jun 2012
    Posts
    12

    Default

    yes, technically it's not the "wrong" port but it's the wrong port for most of the php scripts. e.g. i have one that has a redirect class. it's called if a user should be redirected via php to another site. the script checks also the server_port, to ensure, that installations of the script running on an apache that's not running on the standard port (80), will do a correct redirect. if the apache runs on 7080, the script will forward to "http://forward_url:7080".

    and that's the problem. the client sends it's request to port 80, nginx handles it, apache runs the php script, send the forward and determins port 7080 as server port, sends the header back to nginx and than to the client which will be redirected to port 7080 - a port the client never connected to.

    plesk uses special apache modules to ensure that apache gets the "right" ip adresses of it's clients (and not nginx ip in all requests). so there is already a methode of correction such problems but only for the client's ip.

    with the current configuration of plesk with nginx, you simply can't use nginx if you don't know exactly what php scripts you or your customers run. otherwise you will break something, that's for sure

    the suggested usage of a second ip for apache could solve the problem, i will test this on a second server. for now i won't use nginx with the plesk configuration as it seems more an alpha testing version.

    regards,
    andreas



  4. #4
    Tera Poster
    Join Date
    Mar 2009
    Location
    Lancaster
    Posts
    263

    Default

    Hi,

    In /usr/local/psa/admin/conf/templates/default/domain/domainVirtualHost.php (I'm guessing) you will see that the configuration file is appending the server port to the "ServerName" directive, if you remove this (well if you copy this file to /usr/local/psa/admin/conf/templates/custom/domain/domainVirtualHost.php and then remove the tertiary statement that echo's the port out to ServerName) then most (but perhaps not all) of these problems go away.

    I read up on this last week as I had serious problems getting proxy_redirect in nginx to actually do anything, and my fix on Plesk 9 (we run nginx as a frontend on some Plesk 9 servers) wasn't working on Plesk 11. Since fixing the above I fixed the two use cases where I was getting the problem (haven't tested any others).

    Let me know how you get on with it,

    Paul.
    http://www.nublue.co.uk/web-hosting



  5. #5

    Default

    Paul, removing the apache port from the template or domain vhosts, doesn't that render apache useless? Ie, without that port, it means all requests should now be handled by nginx.

    Help me understand or show me apache in that picture while the port is removed and Nginx is still running as front-end.
    Abdi Joseph

    Level 3 Hands-On Premium Support @ $20/Per Ticket
    ==> http://www.jolis.net/packages.php?spt=47 <==



  6. #6
    Tera Poster
    Join Date
    Mar 2009
    Location
    Lancaster
    Posts
    263

    Default

    Hi,

    Well first it kind of works : http://vz3001.nu-vps.com/phpinfo.php (That won't be available for long!)

    I say kind of because I've also made some other changes to virtualhost template that could be working in tandem.

    Second, you're changing the Apache configuration to make Apache think its running on its default ports 80/443, so that it won't append a port to any url redirects it builds.

    I should add for completeness that I also have these values in my apache virtualhost template :

    UseCanonicalName On
    UseCanonicalPhysicalPort Off
    These were required to stop the same thing happening on Plesk 9 nginx proxy setup.

    Paul
    http://www.nublue.co.uk/web-hosting



  7. #7

    Default

    Paul,

    You referred me here as I was reading what you did would you be able to post the information for the configurations? What they look like. I don't want to change something and not be able to come back from the change. I want to be able to know what exactly I'd change to resolve this problem.

    I don't know if this is what you meant but I removed the entire ServerName statement and was going to move it to "/usr/local/psa/admin/conf/templates/custom/domain/domainVirtualHost.php" however this path doesn't even exist on my server. Does it need to be created?

    My modified domainVirtualHost.php file - http://pastebin.com/n6kPJ9wL
    Last edited by CyberEdge_Alan; Jun 27, 2012 at 02:48 PM.



  8. #8
    Tera Poster
    Join Date
    Mar 2009
    Location
    Lancaster
    Posts
    263

    Default

    Hi,

    You will need to create the following two paths, its entirely correct that these directories don't exist on your server :

    /usr/local/psa/admin/conf/templates/custom/
    /usr/local/psa/admin/conf/templates/custom/domain/

    The Plesk templating system works by first looking for the template in /usr/local/psa/admin/conf/templates/custom, if it doesn't find it there then it looks in /usr/local/psa/admin/conf/templates/default .

    The custom directory isn't created or edited by Plesk, so any customisations you make will not be overwritten. Its probable that updates to Plesk _will_ overwrite the files in the default directory.

    You should not remove the ServerName directive, its pretty important
    You should remove the following from line 6 :

    :<?php echo $OPT['ssl'] ? $VAR->server->webserver->httpsPort : $VAR->server->webserver->httpPort ?>

    Leaving line 6 as :

    ServerName "<?php echo $VAR->domain->asciiName ?>"
    And insert the following at line 132 :

    <?php if ($VAR->server->webserver->proxyActive) echo "UseCanonicalName On\nUseCanonicalPhysicalPort Off\n"; ?>
    (This will only insert these directives if Nginx is enabled)

    However, I've just noticed that line 19 is UseCanonicalName Off, I don't have the time to investigate that further now but I'll work out where its being placed and why later.

    Paul.
    http://www.nublue.co.uk/web-hosting



  9. #9

    Default

    I did what was said and restarted the services. Is there a specific command I need to run for PSA? I restarted Apache and Nginx from the Plesk panel.

    It seems to be causing the same error unless I haven't did the update right. adbi I believe it was mentioned about unblocking 7080 TCP to everyone. Does this need to happen too? I was hoping I could leave it blocked and set up the reverse proxy to work like that so no one can bypass using 7080.



  10. #10
    Mega Poster
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    216

    Default

    You can restart Plesk with:

    # service psa restart
    [b]Blake M. Tyra[/b]
    [i]Product Manager, Control Panels[/i]

    [b][color="red"]||[/color] Parallels, Inc.[/b] / [url]www.parallels.com[/url]



  11. #11

    Default

    Yes, I don't have to do a reconfigure or anything though?



  12. #12
    Tera Poster
    Join Date
    Mar 2009
    Location
    Lancaster
    Posts
    263

    Default

    Hi Alan,

    Yes you do, you need to reconfigure the apache configuration files with :

    /usr/local/psa/admin/bin/httpdmng --reconfigure-all

    And you should be fine to leave 7080 and 7081 blocked.

    Paul.
    http://www.nublue.co.uk/web-hosting



  13. #13

    Default

    Paul,

    I did that and its now loading without unblocking anything from the firewall. It still displays the port now though http://site.com:7080 but I guess its reading from 80, is there a way to force the port out of the URL so it looks as if its a normal webpage now?
    Last edited by CyberEdge_Alan; Jun 28, 2012 at 02:19 PM.



  14. #14

    Default Walkthrough

    Hi,

    Could someone please provide a novice walkthrough for getting this to work so that the 7080 doesn't show after the domain, I'm having the same issue.

    The Second IP address solution would be fine if that too could be explained.

    Thanks



  15. #15
    Tera Poster
    Join Date
    Mar 2009
    Location
    Lancaster
    Posts
    263

    Default

    Hi,

    Alan, Antony, what applications are doing this? I'll need to replicate the problem to try to fix it,

    paul.
    http://www.nublue.co.uk/web-hosting



  16. #16

    Default Problem with nginx

    Hi Paul,

    I'm currently using the CMS Modx Revolution on a Centos 6.2 server running PhP 5.3, I tried this just using a static file too though and the same thing happened, it insists on sticking the 7080 port in there.



  17. #17

    Default

    I'm running CentOS 6.2 Final x64. Using vBulletin forum. When accessing admincp, modcp it will redirect to those ports. The login.php also causes it when logging in.



  18. #18
    Tera Poster
    Join Date
    Mar 2009
    Location
    Lancaster
    Posts
    263

    Default

    Hi,

    Tested with modx and I can't replicate (that said my Installatron install of modx whitescreens on the frontend and only works on the backend). I can't easily get access to vbulletin so that rules that out.

    I did notice that my template may be somewhat different to what I first claimed, so I'm going to take a look at that and post my changes again (although I think the only non-mentioned change is : UseCanonicalName Off inserted immediately after the serverName and ServerAlias directives).

    Since I'm pretty certain my proxy_redirect within nginx is broken it can only be the code in the apache template thats making this work.

    I'll try to compare my template with a newly installed default later today and post the diff.

    Paul.
    http://www.nublue.co.uk/web-hosting



  19. #19
    Tera Poster
    Join Date
    Mar 2009
    Location
    Lancaster
    Posts
    263

    Default

    Hi,

    Here's my diff output, you can use it to create a patch. This appears to work for me with the following port redirection problems I've encountered in the past :

    Wordpress Admin
    Joomla Admin
    Webtrees All Links
    Modx Admin

    Code:
    CT-9999-bash-4.1# diff -u custom/domain/domainVirtualHost.php default/domain/domainVirtualHost.php
    --- custom/domain/domainVirtualHost.php 2012-07-03 15:12:09.000000000 +0100
    +++ default/domain/domainVirtualHost.php        2012-05-03 09:05:07.000000000 +0100
    @@ -3,7 +3,7 @@
     <?php endif; ?>
    
     <VirtualHost <?php echo $OPT['ipAddress']->escapedAddress ?>:<?php echo $OPT['ssl'] ? $VAR->server->webserver->httpsPort : $VAR->server->webserver->httpPort ?> <?php echo ($VAR->server->webserver->proxyActive) ? "127.0.0.1:" . ($OPT['ssl'] ? $VAR->server->webserver->httpsPort : $VAR->server->webserver->httpPort) : ''; ?>>
    -    ServerName "<?php echo $VAR->domain->asciiName ?>"
    +    ServerName "<?php echo $VAR->domain->asciiName ?>:<?php echo $OPT['ssl'] ? $VAR->server->webserver->httpsPort : $VAR->server->webserver->httpPort ?>"
         <?php if ($VAR->domain->isWildcard): ?>
         ServerAlias  "<?php echo $VAR->domain->wildcardName ?>"
         <?php else: ?>
    @@ -129,8 +129,6 @@
    
         <Directory <?php echo $OPT['ssl'] ? $VAR->domain->physicalHosting->httpsDir : $VAR->domain->physicalHosting->httpDir ?>>
    
    -   <?php if ($VAR->server->webserver->proxyActive) echo "UseCanonicalName On\nUseCanonicalPhysicalPort Off\n"; ?>
    -
     <?php
     if ($VAR->domain->physicalHosting->perl) {
         echo $VAR->includeTemplate('service/mod_perl.php');
    @@ -148,7 +146,7 @@
             'enabled' => $VAR->domain->physicalHosting->php,
             'safe_mode' => $VAR->domain->physicalHosting->phpSafeMode,
             'dir' => $OPT['ssl'] ? $VAR->domain->physicalHosting->httpsDir : $VAR->domain->physicalHosting->httpDir,
    -        'settings' => $VAR->domain->physicalHosting->phpSettings
    +        'settings' => $VAR->domain->physicalHosting->phpSettings,
         ));
     }
    If you copy/paste all but the first line into a file then you have yourself a patch file :

    mkdir -p /usr/local/psa/admin/conf/templates/custom/domain
    cp /usr/local/psa/admin/conf/templates/default/domain/domainVirtualHost.php /usr/local/psa/admin/conf/templates/custom/domain/domainVirtualHost.php
    patch /usr/local/psa/admin/conf/templates/custom/domain/domainVirtualHost.php < your_patch.patch
    /usr/local/psa/admin/bin/httpdmng --reconfigure-all
    Last edited by paulieG; Jul 15, 2012 at 12:42 PM.
    http://www.nublue.co.uk/web-hosting



  20. #20

    Default

    Your patch does not work:

    Code:
    root@login ~ # patch /usr/local/psa/admin/conf/templates/custom/domain/domainVirtualHost.php < plesk.patch 
    patching file /usr/local/psa/admin/conf/templates/custom/domain/domainVirtualHost.php
    patch: **** malformed patch at line 4: <?php endif; ?>
    Best regards
    Tim



Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •