• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Question Apache SSL behind NGINX

O

OverWolf

Regular Pleskian
Hi,

I would like to know what do you think about configure SSL on Apache when that it's present on NGINX.
I have seen that default Plesk configuration for /etc/httpd/conf.d is turn off SSL.
Is this a best practice ? Or should I enable SSL as I have configure it on NGINX ? (ciphers, protocol, etc) ?

Thank you
 
Hello,
when you install a SSL certificate, it will be added to your nginx vhost configuration but also to the apache vhost. SSL is enabled for both of them.
 
Hi VirtuBox,
if I look inside ssl.conf in conf.d/ of https, I can see this
Code: 
##   SSL Engine Switch:
##   Enable/Disable SSL for this virtual host.
#SSLEngine on
#
##   SSL Protocol support:
## List the enable protocol levels with which clients will be able to
## connect.  Disable SSLv2 access by default:
#SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
If I read well, SSL is off, so every request that NGINX accept on 443 is pass to httpd not via ssl but it's pass "as clear text"; so the encryption is from NGINX to client.
My question is also about server different content over SSL, and if I can configure SSL from apache to client (using nginx as proxy front end) I'llbe sure that the correct content will be displayed. is this correct ?
 
Apache is listening on the port 7080 for http connections and on the port 7081 for https connections. If you check one of your vhosts, you will find the lines :
Code: 
   SSLEngine on
                SSLVerifyClient none
                SSLCertificateFile /opt/psa/var/certificates/cert-XXXXX
                SSLCACertificateFile /opt/psa/var/certificates/cert-XXXXX
 
Hi VirtuBox,
I can see that in plesk.conf.d there is SSLEngine on, but that file (server.conf) isn't modificable because it's generated automatically.
In ssl.conf I can specify witch protocol and ciphers can be used, so my question was about if I can enable it (use ssl.conf) without create problems with plesk configuration.
 
OverWolf said:
Hi VirtuBox,
I can see that in plesk.conf.d there is SSLEngine on, but that file (server.conf) isn't modificable because it's generated automatically.
In ssl.conf I can specify witch protocol and ciphers can be used, so my question was about if I can enable it (use ssl.conf) without create problems with plesk configuration.
Click to expand...

You don't need to enable ssl globally. That's the same for nginx, the directive "ssl on" is enabled only inside each vhosts, .
 
You must log in or register to reply here.

Similar threads

Jürgen_T
Issue Modsecurity works with Apache but error with nginx
Replies
5
Views
2K
Raul A.
R
I
Issue Issue with user Certs in Plesk 17, Apache and Nginx
Replies
0
Views
442
IsmaelDSC
I
P
Resolved Disable output buffering
Replies
4
Views
1K
Patashoow
P
brother4
Question Best way to block direct PHP file access and ensure .htaccess rules are always applied with Nginx as a reverse proxy?
Replies
1
Views
1K
brother4
brother4
s-light
Question NINGX CORS for multiple sub.domains
Replies
1
Views
1K
s-light
s-light
Back
Top