• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

nginx reverse proxy with TLSv1.1 and TLSv1.2

M

MoritzK

New Pleskian
Hello,

I've enabled the Reverse Proxy Server (nginx) in Plesk.
Code: 
Tools & Settings > Services Management > Reverse Proxy Server (nginx)
With enabled nginx I'm unable to contact web pages via TLSv1.1 and TLSv1.2. When nginx is disabled and the pages are handled by Apache everything is fine. But only when nginx is completely deactivated. It's not enough to disable "Smart static files processing" at the "Web Server Settings for sub.domain.tld".

I tried to add "ssl_protocols TLSv1.1 TLSv1.2;" at "Additional nginx directives" at the Web Server Settings, without effect.

I think i have to modify /etc/nginx/plesk.conf.d/server.conf but this file is generated by Plesk.

System:
OS: Ubuntu 12.04.4 LTS
Panel version: 11.5.30 Update #38
OpenSSL 1.0.1 14 Mar 2012

Results of SSL Server Test:

Summary
summary.png

Configuration (Protocols and Cipher Suites)
proto.png

Protocol Details and Miscellaneous
detail.png

Source: https://www.ssllabs.com/ssltest/analyze.html
 
Solution

I found a solution to enable TLS 1.1 and TLS 1.2 by my self.

You have to modify the two PHP files:
usr/local/psa/admin/conf/templetes/default/nginxWebmailPartial.php
usr/local/psa/admin/conf/templetes/default/domain/nginxDomainVirtualHost.php

Code: 
ssl_protocols             SSLv3 TLSv1 [B]TLSv1.1 TLSv1.2[/B];

webmail.* and all domains using nginx support TLS 1.1 and TLS 1.2 now.
 
MoritzK said:
I found a solution to enable TLS 1.1 and TLS 1.2 by my self.

You have to modify the two PHP files:
usr/local/psa/admin/conf/templetes/default/nginxWebmailPartial.php
usr/local/psa/admin/conf/templetes/default/domain/nginxDomainVirtualHost.php

Code: 
ssl_protocols             SSLv3 TLSv1 [B]TLSv1.1 TLSv1.2[/B];

webmail.* and all domains using nginx support TLS 1.1 and TLS 1.2 now.
Click to expand...

I am using Plesk 12.0.18 and Centos 6

I am getting the protocol score as 70

and the following message

TLS 1.2 No
TLS 1.1 No

I did exactly as you have mentioned but it still doesn't enable the TLS 1.2 or 1.1

Kindly help
 
You must log in or register to reply here.

Similar threads

Heinrich
Resolved node.js configuration in PLESK Obsidian 18.0.67 Update Nr. 3
Replies
3
Views
464
alvarezcruz
alvarezcruz
brother4
Question Best way to block direct PHP file access and ensure .htaccess rules are always applied with Nginx as a reverse proxy?
Replies
1
Views
1K
brother4
brother4
B
Question Reverse Proxy Setup: VPS + Mikrotik DDNS – Feeling Lost
Replies
1
Views
1K
iberium456
I
P
Question Getting X-Forwarded-For IP address from behind a nginx proxy server
Replies
4
Views
2K
philglau
P
JerryTek101
Question Apache With Nginx Reverse Proxy Question
Replies
0
Views
2K
JerryTek101
JerryTek101
Back
Top