nginx reverse proxy and php's $_SERVER['SERVER_PORT']

Discussion in 'Parallels Plesk Panel 11.x for Linux Problems, Suggested Fixes, and How-To' started by wombat, Jun 24, 2012.

  1. wombat

    wombat New Member

    Messages:
    12
    I tried using nginx as a reverse proxy as provided by plesk 11. Only problem remaining (so far) is that i have a php software that uses $_SERVER['SERVER_PORT'] inside redirects.

    apache's mod_php gets the wrong server port when using nginx: 7080 instead of 80, so every php script depending on the correct port won't run.

    i tried editing /opt/psa/admin/conf/templates/default/domain/nginxDomainVirtualHost.php and added $server_port:

    proxy_set_header Host $host:$server_port;

    this works on some scripts, but crashes typo3 for example.
  2. abdi

    abdi Product Expert

    Messages:
    2,202
    I don't think its a wrong port, its just the exact port that apache is running on. 80 is for nginx. However, with an extra manuplation of your system you can have both apache and nginx run on port 80 but you would require 2 IPs on the server, tieing each web server on its own IP.
  3. wombat

    wombat New Member

    Messages:
    12
    yes, technically it's not the "wrong" port but it's the wrong port for most of the php scripts. e.g. i have one that has a redirect class. it's called if a user should be redirected via php to another site. the script checks also the server_port, to ensure, that installations of the script running on an apache that's not running on the standard port (80), will do a correct redirect. if the apache runs on 7080, the script will forward to "http://forward_url:7080".

    and that's the problem. the client sends it's request to port 80, nginx handles it, apache runs the php script, send the forward and determins port 7080 as server port, sends the header back to nginx and than to the client which will be redirected to port 7080 - a port the client never connected to.

    plesk uses special apache modules to ensure that apache gets the "right" ip adresses of it's clients (and not nginx ip in all requests). so there is already a methode of correction such problems but only for the client's ip.

    with the current configuration of plesk with nginx, you simply can't use nginx if you don't know exactly what php scripts you or your customers run. otherwise you will break something, that's for sure ;)

    the suggested usage of a second ip for apache could solve the problem, i will test this on a second server. for now i won't use nginx with the plesk configuration as it seems more an alpha testing version.

    regards,
    andreas
  4. paulieG

    paulieG New Member

    Messages:
    263
    Hi,

    In /usr/local/psa/admin/conf/templates/default/domain/domainVirtualHost.php (I'm guessing) you will see that the configuration file is appending the server port to the "ServerName" directive, if you remove this (well if you copy this file to /usr/local/psa/admin/conf/templates/custom/domain/domainVirtualHost.php and then remove the tertiary statement that echo's the port out to ServerName) then most (but perhaps not all) of these problems go away.

    I read up on this last week as I had serious problems getting proxy_redirect in nginx to actually do anything, and my fix on Plesk 9 (we run nginx as a frontend on some Plesk 9 servers) wasn't working on Plesk 11. Since fixing the above I fixed the two use cases where I was getting the problem (haven't tested any others).

    Let me know how you get on with it,

    Paul.
  5. abdi

    abdi Product Expert

    Messages:
    2,202
    Paul, removing the apache port from the template or domain vhosts, doesn't that render apache useless? Ie, without that port, it means all requests should now be handled by nginx.

    Help me understand or show me apache in that picture while the port is removed and Nginx is still running as front-end.
  6. paulieG

    paulieG New Member

    Messages:
    263
    Hi,

    Well first it kind of works : http://vz3001.nu-vps.com/phpinfo.php (That won't be available for long!)

    I say kind of because I've also made some other changes to virtualhost template that could be working in tandem.

    Second, you're changing the Apache configuration to make Apache think its running on its default ports 80/443, so that it won't append a port to any url redirects it builds.

    I should add for completeness that I also have these values in my apache virtualhost template :

    These were required to stop the same thing happening on Plesk 9 nginx proxy setup.

    Paul
  7. CyberEdge_Alan

    CyberEdge_Alan New Member

    Messages:
    35
    Paul,

    You referred me here as I was reading what you did would you be able to post the information for the configurations? What they look like. I don't want to change something and not be able to come back from the change. I want to be able to know what exactly I'd change to resolve this problem.

    I don't know if this is what you meant but I removed the entire ServerName statement and was going to move it to "/usr/local/psa/admin/conf/templates/custom/domain/domainVirtualHost.php" however this path doesn't even exist on my server. Does it need to be created?

    My modified domainVirtualHost.php file - http://pastebin.com/n6kPJ9wL
    Last edited: Jun 27, 2012
  8. paulieG

    paulieG New Member

    Messages:
    263
    Hi,

    You will need to create the following two paths, its entirely correct that these directories don't exist on your server :

    /usr/local/psa/admin/conf/templates/custom/
    /usr/local/psa/admin/conf/templates/custom/domain/

    The Plesk templating system works by first looking for the template in /usr/local/psa/admin/conf/templates/custom, if it doesn't find it there then it looks in /usr/local/psa/admin/conf/templates/default .

    The custom directory isn't created or edited by Plesk, so any customisations you make will not be overwritten. Its probable that updates to Plesk _will_ overwrite the files in the default directory.

    You should not remove the ServerName directive, its pretty important :)
    You should remove the following from line 6 :


    Leaving line 6 as :

    And insert the following at line 132 :

    (This will only insert these directives if Nginx is enabled)

    However, I've just noticed that line 19 is UseCanonicalName Off, I don't have the time to investigate that further now but I'll work out where its being placed and why later.

    Paul.
  9. CyberEdge_Alan

    CyberEdge_Alan New Member

    Messages:
    35
    I did what was said and restarted the services. Is there a specific command I need to run for PSA? I restarted Apache and Nginx from the Plesk panel.

    It seems to be causing the same error unless I haven't did the update right. adbi I believe it was mentioned about unblocking 7080 TCP to everyone. Does this need to happen too? I was hoping I could leave it blocked and set up the reverse proxy to work like that so no one can bypass using 7080.
  10. Blake@Parallels

    Blake@Parallels New Member

    Messages:
    216
    You can restart Plesk with:

    # service psa restart
  11. CyberEdge_Alan

    CyberEdge_Alan New Member

    Messages:
    35
    Yes, I don't have to do a reconfigure or anything though?
  12. paulieG

    paulieG New Member

    Messages:
    263
    Hi Alan,

    Yes you do, you need to reconfigure the apache configuration files with :

    /usr/local/psa/admin/bin/httpdmng --reconfigure-all

    And you should be fine to leave 7080 and 7081 blocked.

    Paul.
  13. CyberEdge_Alan

    CyberEdge_Alan New Member

    Messages:
    35
    Paul,

    I did that and its now loading without unblocking anything from the firewall. It still displays the port now though http://site.com:7080 but I guess its reading from 80, is there a way to force the port out of the URL so it looks as if its a normal webpage now?
    Last edited: Jun 28, 2012
  14. AntonyJ

    AntonyJ New Member

    Messages:
    2
    Walkthrough

    Hi,

    Could someone please provide a novice walkthrough for getting this to work so that the 7080 doesn't show after the domain, I'm having the same issue.

    The Second IP address solution would be fine if that too could be explained.

    Thanks :)
  15. paulieG

    paulieG New Member

    Messages:
    263
    Hi,

    Alan, Antony, what applications are doing this? I'll need to replicate the problem to try to fix it,

    paul.
  16. AntonyJ

    AntonyJ New Member

    Messages:
    2
    Problem with nginx

    Hi Paul,

    I'm currently using the CMS Modx Revolution on a Centos 6.2 server running PhP 5.3, I tried this just using a static file too though and the same thing happened, it insists on sticking the 7080 port in there.
  17. CyberEdge_Alan

    CyberEdge_Alan New Member

    Messages:
    35
    I'm running CentOS 6.2 Final x64. Using vBulletin forum. When accessing admincp, modcp it will redirect to those ports. The login.php also causes it when logging in.
  18. paulieG

    paulieG New Member

    Messages:
    263
    Hi,

    Tested with modx and I can't replicate (that said my Installatron install of modx whitescreens on the frontend and only works on the backend). I can't easily get access to vbulletin so that rules that out.

    I did notice that my template may be somewhat different to what I first claimed, so I'm going to take a look at that and post my changes again (although I think the only non-mentioned change is : UseCanonicalName Off inserted immediately after the serverName and ServerAlias directives).

    Since I'm pretty certain my proxy_redirect within nginx is broken it can only be the code in the apache template thats making this work.

    I'll try to compare my template with a newly installed default later today and post the diff.

    Paul.
  19. paulieG

    paulieG New Member

    Messages:
    263
    Hi,

    Here's my diff output, you can use it to create a patch. This appears to work for me with the following port redirection problems I've encountered in the past :

    Wordpress Admin
    Joomla Admin
    Webtrees All Links
    Modx Admin

    Code:
    CT-9999-bash-4.1# diff -u custom/domain/domainVirtualHost.php default/domain/domainVirtualHost.php
    --- custom/domain/domainVirtualHost.php 2012-07-03 15:12:09.000000000 +0100
    +++ default/domain/domainVirtualHost.php        2012-05-03 09:05:07.000000000 +0100
    @@ -3,7 +3,7 @@
     <?php endif; ?>
    
     <VirtualHost <?php echo $OPT['ipAddress']->escapedAddress ?>:<?php echo $OPT['ssl'] ? $VAR->server->webserver->httpsPort : $VAR->server->webserver->httpPort ?> <?php echo ($VAR->server->webserver->proxyActive) ? "127.0.0.1:" . ($OPT['ssl'] ? $VAR->server->webserver->httpsPort : $VAR->server->webserver->httpPort) : ''; ?>>
    -    ServerName "<?php echo $VAR->domain->asciiName ?>"
    +    ServerName "<?php echo $VAR->domain->asciiName ?>:<?php echo $OPT['ssl'] ? $VAR->server->webserver->httpsPort : $VAR->server->webserver->httpPort ?>"
         <?php if ($VAR->domain->isWildcard): ?>
         ServerAlias  "<?php echo $VAR->domain->wildcardName ?>"
         <?php else: ?>
    @@ -129,8 +129,6 @@
    
         <Directory <?php echo $OPT['ssl'] ? $VAR->domain->physicalHosting->httpsDir : $VAR->domain->physicalHosting->httpDir ?>>
    
    -   <?php if ($VAR->server->webserver->proxyActive) echo "UseCanonicalName On\nUseCanonicalPhysicalPort Off\n"; ?>
    -
     <?php
     if ($VAR->domain->physicalHosting->perl) {
         echo $VAR->includeTemplate('service/mod_perl.php');
    @@ -148,7 +146,7 @@
             'enabled' => $VAR->domain->physicalHosting->php,
             'safe_mode' => $VAR->domain->physicalHosting->phpSafeMode,
             'dir' => $OPT['ssl'] ? $VAR->domain->physicalHosting->httpsDir : $VAR->domain->physicalHosting->httpDir,
    -        'settings' => $VAR->domain->physicalHosting->phpSettings
    +        'settings' => $VAR->domain->physicalHosting->phpSettings,
         ));
     }
    
    
    If you copy/paste all but the first line into a file then you have yourself a patch file :

    Last edited: Jul 15, 2012
  20. Timchen

    Timchen New Member

    Messages:
    2
    Your patch does not work:

    Code:
    root@login ~ # patch /usr/local/psa/admin/conf/templates/custom/domain/domainVirtualHost.php < plesk.patch 
    patching file /usr/local/psa/admin/conf/templates/custom/domain/domainVirtualHost.php
    patch: **** malformed patch at line 4: <?php endif; ?>
    Best regards
    Tim

Share This Page