Nginx – New Server is randomly adding port 7081 on HTTPS requests

httpsnginxPHP

I just installed a new LAMP server running NGINX on the backside. While it does not occur every time – certain HTTPS requests are seeking port 7081 in the URL. For example:

  • http://www.nacdbenefits.com appears fine
  • clicking the contact us redirects to https just fine
  • clicking the link at the bottom right of the page (My Admin) shows a port 7081 and in turn causes errors once logged into the page.

Is this expected behavior from NGINX? I believe it is almost certainly related to NGINX because disabling it (and running off apache only) does not create this error.

NGINX conf

#user  nginx;
worker_processes  1;

#error_log  /var/log/nginx/error.log;
#error_log  /var/log/nginx/error.log  notice;
#error_log  /var/log/nginx/error.log  info;

#pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;
    #tcp_nodelay        on;

    #gzip  on;
    #gzip_disable "MSIE [1-6]\.(?!.*SV1)";

    server_tokens off;

    include /etc/nginx/conf.d/*.conf;
}

site vhost nginx conf

#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.


server {
    listen 216.70.86.230:443 ssl;

    server_name nacdbenefits.com;
    server_name www.nacdbenefits.com;
    server_name ipv4.nacdbenefits.com;

    ssl_certificate             /usr/local/psa/var/certificates/cert-rcx4WK;
    ssl_certificate_key         /usr/local/psa/var/certificates/cert-rcx4WK;
    ssl_client_certificate      /usr/local/psa/var/certificates/cert-Wj9EsP;
    ssl_session_timeout         5m;

    ssl_protocols               SSLv2 SSLv3 TLSv1;
    ssl_ciphers                 HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;

    client_max_body_size 128m;

    location / {
        proxy_pass https://127.0.0.1:7081;
        proxy_set_header Host             $host;
        proxy_set_header X-Real-IP        $remote_addr;
        proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_set_header X-Accel-Internal /internal-nginx-static-location;
        access_log off;
    }

    location /internal-nginx-static-location/ {
        alias      /var/www/vhosts/nacdbenefits.com/httpdocs/;
        access_log /var/www/vhosts/nacdbenefits.com/statistics/logs/proxy_access_ssl_log;
        add_header X-Powered-By PleskLin;
        internal;
    }
}



server {
    listen 216.70.86.230:80;

    server_name nacdbenefits.com;
    server_name www.nacdbenefits.com;
    server_name ipv4.nacdbenefits.com;


    client_max_body_size 128m;

    location / {
        proxy_pass http://127.0.0.1:7080;
        proxy_set_header Host             $host;
        proxy_set_header X-Real-IP        $remote_addr;
        proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_set_header X-Accel-Internal /internal-nginx-static-location;
        access_log off;
    }

    location /internal-nginx-static-location/ {
        alias      /var/www/vhosts/nacdbenefits.com/httpdocs/;
        access_log /var/www/vhosts/nacdbenefits.com/statistics/logs/proxy_access_log;
        add_header X-Powered-By PleskLin;
        internal;
    }
}

UPDATE 1

I think it must have something to do with switching directories in HTTPS. Any pages will exist on the same domain level (such as the contact us page) do not cause this error. However, once a https connection is made from a sub directory (for sample the admin site), the Port 7081 takes place (which is the newly reconfigured ssl port for Apache since NGINX took over the 443 port).

UPDATE 2

Using Firebug – I noticed that my server seems to be applying an automatic 301 redirect. Note: I do not have this in my current .htaccess file so not sure where it is coming from:

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 15 Aug 2012 22:27:50 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 314
Connection: keep-alive
Location: https://www.nacdbenefits.com:7081/myadmin/

UPDATE 3

I have noticed that if the trailing slash is added to the actual link, the issue does not occur anymore. It is almost as if NGINX is taking the requested URI, attempting to access the directory as a file and it passes it off to Apache which causes the 301 redirect. Adding a trailing slash eliminates this but is not exactly the solution I am hoping for. Surely there is a configuration within NGINX to resolve this.

Best Answer

The answers provided so far are targeted towards NGINX configuration, which makes them valid answers, however I have found that the actual problem for Plesk v11 servers (i.e. which is the situation in this particular case), lies in a misconfiguration with Apache on Plesk servers

To date Plesk have not provided a fix, however they do offer some workarounds:

http://kb.parallels.com/en/114425

Please note that the article linked to has references to PHP code but the problem also applies more generally at an Apache level. Apache by default will tend to redirect folders, e.g. /test to it's "correct" url equivalent, e.g. /test/ however it is this redirection that is failing due to Apache running on ports 7080 and 7081 on Plesk v11 servers, and Apache not being configured to handle these scenarios.

Related Topic