• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved How to restore real visitor IP in Plesk (due Cloudflare proxy)

A

ArendE

New Pleskian
Hi Pleskians,

My server is behind a Cloudflare proxy. Using mods on Nginx (ngx_http_realip_module) and Apache (mod_remoteip), I'm able to restore the real IP address on both these webservers, however Plesk still seems to get the proxy address:

upload_2019-9-2_14-4-44.png

Is there a way to also make Plesk see and use the real visitor IP address? (Either by CF-Connecting-IP or X-Forwarded-For).
 
@ArendE

A simple answer to the question you did not ask, being "is it wise to put an entire server behind Cloudflare", would be "NO, not recommended at all".

In essence, you should proxy domains with Cloudflare, not an entire server.

You should redefine your DNS, as managed with the Cloudflare dashboard - that will solve a lot of problems you are encountering and/or that you will encounter.

I cannot exactly tell what you should do now, due to the simple fact that I am not fully aware of what your config at Cloudfare is.

However, your print screen hints that you have at least your Plesk panel (and probably the entire server) behind the Cloudflare proxy - that is a bad idea, for many reasons!

Hope the above helps a tiny bit.

Kind regards.......
 
@trialotto Thanks for the reply! Can you give some reasons why it is a bad idea to proxy the domains used for managing Plesk/logging in to the Plesk panel?
 
ArendE said:
@trialotto Thanks for the reply! Can you give some reasons why it is a bad idea to proxy the domains used for managing Plesk/logging in to the Plesk panel?
Click to expand...

@ArendE

In essence, Cloudflare is a big custom Nginx proxy with a number of specific features like caching of requests and/or specific port blocks.

One major problem with Cloudflare (CF) is that you do not have access to and/or full privileges to change all CF settings, unless you have the most expensive subscription.

Another major problem with CF is that paid-for subscriptions are prioritized above free subscriptions : specific traffic in free subscriptions can be passed though to the target server with a lower priority, hence making the target server harder to reach - your server responds slower than necessary.

Moreover, even when disregarding the above mentioned problems, it is the case that your Plesk instance or server becomes unreachable if CF goes down - which happens!

In addition, disregarding all potential issues associated with CF, it can be safely stated that any Plesk instance behind CF does not make any sense.

Why? This is related to the concept of caching.

The concept of caching is that static assets or static results from dynamic scripts (like php scripts) can be cached to improve performance.

This also implies that the concept of caching has no merit for requests that are dynamic of nature, in the sense that dynamic results should be presented (not static ones).

Any Plesk instance is by nature a panel that should serve dynamic results to dynamic requests - anything else would be inefficient or even unreliable.

In short, enabling a proxy in front of a Plesk instance (or for any other application that should serve dynamic results) is not a very good idea - certainly not if the proxy cannot be tweaked to the full extent.

Please note that Plesk Panel runs on a highly tweaked custom Nginx environment (not being a proxy though, Nginx functions as a custom web server) - this also means that it will not make any sense to proxy Plesk with CF, which would add one additional Nginx layer without having full control over that additional Nginx layer.

In summary, it is not recommended at all to add Cloudflare (CF) as a proxy in front of any Plesk instance.

I hope the above explains the whole story a bit, even though I have only mentioned the rough outlines.

Kind regards................
 
trialotto said:
Moreover, even when disregarding the above mentioned problems, it is the case that your Plesk instance or server becomes unreachable if CF goes down - which happens!
Click to expand...

Why would that be the case? Unless you have configured your server to answer to nothing except the cloudflare IPs, which indeed would be quite a stupid thing to do, you can still access the server by IP (or even by name, if you use your local hosts file).
If you need cloudflare because your server is a dDoS target, it is a good idea to not have the IP of the real server anywhere in the DNS.
 
You must log in or register to reply here.

Similar threads

majdi draouil
Question How to Block Direct IP Access and Ensure All Traffic Routes Through Cloudflare
Replies
1
Views
652
Raul A.
R
S
Issue Plesk not showing correct IPs in error logs and is blocking cloudflare IPs in fail 2 ban resulting in server going down.
Replies
4
Views
1K
sulabhpuri
S
P
Question Getting X-Forwarded-For IP address from behind a nginx proxy server
Replies
4
Views
2K
philglau
P
J
Issue apache2 proxy target - wrong ip-address
Replies
5
Views
5K
cmaxwell
C
propz
Question Best way to include persistent Docker data in Plesk Backups?
Replies
0
Views
246
propz
propz
Back
Top