• The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Wrong server nginx config with plesk11.5

Azurel

Azurel

Silver Pleskian
Hello. I have plesk11.5 and found a big security bug in my script because plesk11 do a strange behavior:

[REMOTE_ADDR] => 95.*.*.*
[SERVER_PORT] => 80
[SERVER_ADDR] => 91.*.*.*
[SERVER_NAME] => domain.com
[SERVER_SOFTWARE] => Apache

[REMOTE_ADDR] => 2003:67:4b4b:*
[SERVER_PORT] => 80
[SERVER_ADDR] => 127.0.0.1
[SERVER_NAME] => domain.com
[SERVER_SOFTWARE] => Apache
Click to expand...

You can see... visitors with IPv4 get the correct Server-IPv4, BUT visitors with IPv6 get localhost 127.0.0.1
Thats fatal for me. I check in php ($_SERVER['SERVER_ADDR']=='127.0.0.1' for Offline development. Now all IPv6 users get critical outputs since months! :(

I have take a look and found this in /etc/nginx/plesk.config.d/server.conf
server {
listen 91.*.*.*:80 default_server ;

location / {
proxy_pass http://91.*.*.*:7080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

server {
listen [2a01:*:0:1]:80 default_server ipv6only=on;

location / {
proxy_pass http://127.0.0.1:7080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Click to expand...

Why is this 127.0.0.1 and not "proxy_pass http://91.*.*.*:7080;" or better "proxy_pass http://[2a01:*:0:1]:7080;"!?
 
Last edited:
I have report this "bug" to hosteurope and they have make changed for me
wir haben die Änderung in

"/usr/local/psa/admin/conf/templates/custom/nginx.php"

vorgenommen und die Nginx-Konfiguration mit

"plesk sbin nginxmng -d && plesk sbin nginxmng -e"

neu geschrieben.

Die Änderungen sind nun permanent.
Click to expand...
 
Can anybody tell me, that bug is in plesk12 for /etc/nginx/plesk.config.d/server.conf too? (see start posting) Thanks!
 
You must log in or register to reply here.

Similar threads

B
Question How is the server.conf file generated?
Replies
6
Views
912
Raul A.
R
D
Question Making a reverse proxy to a domain hosted in Plesk or cpanel with nginx
Replies
0
Views
728
davibigi
D
itexpertnow
Issue Appwrite Websocket not working
Replies
0
Views
979
itexpertnow
itexpertnow
C
Question nginx reverse proxy and password protected directory
Replies
2
Views
838
Raul A.
R
H
Question Docker, expose more than one port
Replies
0
Views
1K
harcoded1984
H
Back
Top