Home / server / Questions / 417867
Accepted
JM4
Asked: 2012-08-16 08:16:45 +0800 CST

New Server is randomly adding port 7081 on HTTPS requests

  • 772

I just installed a new LAMP server running NGINX on the backside. While it does not occur every time - certain HTTPS requests are seeking port 7081 in the URL. For example:

  • http://www.nacdbenefits.com appears fine
  • clicking the contact us redirects to https just fine
  • clicking the link at the bottom right of the page (My Admin) shows a port 7081 and in turn causes errors once logged into the page.

Is this expected behavior from NGINX? I believe it is almost certainly related to NGINX because disabling it (and running off apache only) does not create this error.

NGINX conf

#user  nginx;
worker_processes  1;

#error_log  /var/log/nginx/error.log;
#error_log  /var/log/nginx/error.log  notice;
#error_log  /var/log/nginx/error.log  info;

#pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;
    #tcp_nodelay        on;

    #gzip  on;
    #gzip_disable "MSIE [1-6]\.(?!.*SV1)";

    server_tokens off;

    include /etc/nginx/conf.d/*.conf;
}

site vhost nginx conf

#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.


server {
    listen 216.70.86.230:443 ssl;

    server_name nacdbenefits.com;
    server_name www.nacdbenefits.com;
    server_name ipv4.nacdbenefits.com;

    ssl_certificate             /usr/local/psa/var/certificates/cert-rcx4WK;
    ssl_certificate_key         /usr/local/psa/var/certificates/cert-rcx4WK;
    ssl_client_certificate      /usr/local/psa/var/certificates/cert-Wj9EsP;
    ssl_session_timeout         5m;

    ssl_protocols               SSLv2 SSLv3 TLSv1;
    ssl_ciphers                 HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;

    client_max_body_size 128m;

    location / {
        proxy_pass https://127.0.0.1:7081;
        proxy_set_header Host             $host;
        proxy_set_header X-Real-IP        $remote_addr;
        proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_set_header X-Accel-Internal /internal-nginx-static-location;
        access_log off;
    }

    location /internal-nginx-static-location/ {
        alias      /var/www/vhosts/nacdbenefits.com/httpdocs/;
        access_log /var/www/vhosts/nacdbenefits.com/statistics/logs/proxy_access_ssl_log;
        add_header X-Powered-By PleskLin;
        internal;
    }
}



server {
    listen 216.70.86.230:80;

    server_name nacdbenefits.com;
    server_name www.nacdbenefits.com;
    server_name ipv4.nacdbenefits.com;


    client_max_body_size 128m;

    location / {
        proxy_pass http://127.0.0.1:7080;
        proxy_set_header Host             $host;
        proxy_set_header X-Real-IP        $remote_addr;
        proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_set_header X-Accel-Internal /internal-nginx-static-location;
        access_log off;
    }

    location /internal-nginx-static-location/ {
        alias      /var/www/vhosts/nacdbenefits.com/httpdocs/;
        access_log /var/www/vhosts/nacdbenefits.com/statistics/logs/proxy_access_log;
        add_header X-Powered-By PleskLin;
        internal;
    }
}

UPDATE 1

I think it must have something to do with switching directories in HTTPS. Any pages will exist on the same domain level (such as the contact us page) do not cause this error. However, once a https connection is made from a sub directory (for sample the admin site), the Port 7081 takes place (which is the newly reconfigured ssl port for Apache since NGINX took over the 443 port).

UPDATE 2

Using Firebug - I noticed that my server seems to be applying an automatic 301 redirect. Note: I do not have this in my current .htaccess file so not sure where it is coming from:

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 15 Aug 2012 22:27:50 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 314
Connection: keep-alive
Location: https://www.nacdbenefits.com:7081/myadmin/

UPDATE 3

I have noticed that if the trailing slash is added to the actual link, the issue does not occur anymore. It is almost as if NGINX is taking the requested URI, attempting to access the directory as a file and it passes it off to Apache which causes the 301 redirect. Adding a trailing slash eliminates this but is not exactly the solution I am hoping for. Surely there is a configuration within NGINX to resolve this.

php

5 Answers

  1. Best Answer

    The answers provided so far are targeted towards NGINX configuration, which makes them valid answers, however I have found that the actual problem for Plesk v11 servers (i.e. which is the situation in this particular case), lies in a misconfiguration with Apache on Plesk servers

    To date Plesk have not provided a fix, however they do offer some workarounds:

    http://kb.parallels.com/en/114425

    Please note that the article linked to has references to PHP code but the problem also applies more generally at an Apache level. Apache by default will tend to redirect folders, e.g. /test to it's "correct" url equivalent, e.g. /test/ however it is this redirection that is failing due to Apache running on ports 7080 and 7081 on Plesk v11 servers, and Apache not being configured to handle these scenarios.

    • 4

  2. What happens is 

    https://www.nacdbenefits.com/myadmin

    Redirects to:

    https://www.nacdbenefits.com:7081/myadmin/

    So, you must look at www.nacdbenefits.com:443 for /myadmin/ (is this your nginx server?) to see what is causing this redirect.

    I'm guessing there is a .htaccess or other file which causes the redirect to the new url.

    If you want to find out what is hosting on that port, use 

    lsof -i tcp:443

    This will show if this is the Apache or nginx server. You posted the nginx init script, not the nginx config file.

    Hopefully that gives you something to go on!

    • 2

  3. Have a look at your nginx.conf, and more specifically to the upstream { } declaration.

    The random behavior suggests a load balancing configuration.

    edit

    According to the configuration, you are not using the load balancing via upstream, but

      proxy_pass https://127.0.0.1:7081;

    making the https requests are redirected to the port 7081 via proxy_pass. Maybe this line comes from a sample configuration found on the Internet?

    Removing the proxy_pass and proxy_set... lines should fix the redirection.

    • 0

  4. There is something wrong with your configuration. IT will help if you describe your architecture and post nginx and apache configs.

    https://www.nacdbenefits.com:7081/ is definitely accessible publicly so you do have something running on that port.

    • 0

  5. As redirects returned by your backend server doesn't match what's written in your proxy_pass, default proxy_redirect doesn't work for you and you have to configure proxy_redirect yourself. The following should do the trick:

    proxy_redirect  https://www.nacdbenefits.com:7081/  /;

    See docs for details.

    • 0