Applicable to:
- Plesk for Linux
Symptoms
- Websites hosted in Plesk that are configured to be served by Apache (after going through nginx as a reverse proxy) are loading fine over HTTP, but display an error that is similar to the following in browsers when opened via HTTPS:
CONFIG_TEXT: 502 Bad Gateway nginx
CONFIG_TEXT: ERR_CONNECTION_REFUSED
- An error that is similar to the following appears at Domains > example.com > Dashboard > Logs or in the domain's
/var/www/vhosts/system/example.com/logs/proxy_error_log
:
CONFIG_TEXT: connect() failed (111: Connection refused) while connecting to upstream, client: 203.0.113.2, server: example.com, request: "GET / HTTP/2.0", upstream: "https://192.0.2.2:7081/", host: "example.com"
Cause
The ssl_module
configuration file ssl.conf
file is either corrupted or not included into Apache configuration. As a result Apache is not listening on port 7081 (when nginx is enabled in Tools & Settings > Services Management) or 443 port (when nginx is disabled in Tools & Settings > Services Management) and therefore cannot handle any incoming HTTPS connections:
-
-
on CentOS/RHEL-based distributions
# netstat -tunap | grep httpd
tcp 0 0 0.0.0.0:7080 0.0.0.0:* LISTEN 2647/httpd -
on Debian/Ubuntu-based distributions
# netstat -tunap | grep apache
tcp6 0 0 :::7080 :::* LISTEN 763/apache2
-
Resolution
Restore the proper ssl.conf
file of the Apache ssl_module
and make sure that it is loaded:
-
Log into your server via SSH
-
Make sure that the
conf.d
directory is included in Apache configuration:# grep IncludeOptional /etc/httpd/conf/httpd.conf
IncludeOptional conf.d/*.confIf no output is returned or the line has a hash sign "#" at the beginning, open the file
/etc/httpd/conf/httpd.conf
in any text editor (for example, vi editor) and add/uncomment the mentioned line. -
Restore the default
ssl.conf
file:3.1. Download the file for your OS and unzip it:
-
CentOS/RHEL/CloudLinux 8
# wget https://cpanel.zendesk.com/hc/article_attachments/12377382019607 -O ssl_conf_8.zip
# unzip ssl_conf_8.zip
-
CentOS/RHEL/CloudLinux 7
# wget https://cpanel.zendesk.com/hc/article_attachments/12377433751447 -O ssl_conf_7.zip
# unzip ssl_conf_7.zip
3.2. Rename the original file, if exists:
# mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.old
3.3. Put the file in the
conf.d
directory:# mv ssl.conf /etc/httpd/conf.d/
-
-
Restore SELinux context of the file:
# restorecon /etc/httpd/conf.d/ssl.conf
-
Restart Apache:
# service httpd restart
-
Verify that Apache is now listening on port 7081:
# netstat -tunap | grep httpd
tcp 0 0 0.0.0.0:7080 0.0.0.0:* LISTEN 17817/httpd
tcp 0 0 0.0.0.0:7081 0.0.0.0:* LISTEN 17817/httpd
-
Log into your server via SSH
- Create two symbolic links:
# ln -s /etc/apache2/mods-available/ssl.conf /etc/apache2/mods-enabled/ssl.conf
# ln -s /etc/apache2/mods-available/ssl.load /etc/apache2/mods-enabled/ssl.load -
Restart Apache:
# service apache2 restart
-
Verify that Apache is now listening on port 7081:
# netstat -tunap | grep apache
tcp6 0 0 :::7080:::* LISTEN 2462/apache2
tcp6 0 0 :::7081:::* LISTEN 2462/apache2
Comments
0 comments
Please sign in to leave a comment.