How to make Plesk interface accessible over a hostname without entering the port number

Follow

Comments

52 comments

  • Avatar
    Lev Iurev

    @Jason, I see the point, reproduced the same on the test server. Thank you for your notification, the article requires internal review. We will re-check the article and update it with required information.

  • Avatar
    Jason Schilling

    After I followed all the steps I get back redirected to the login page after trying to login. Using the incognito mode doesnt work.

  • Avatar
    Floris (Edited )

    >Isn't there a way to bypass the proxy for .well-known requests in nginx-settings as there will be renewals of the certificate?

     

    nginx uses the configuration inside the longest matching location field.

    So you can just add to your nginx directives:

     

    location /.well-known {
    }

     

    So that the proxy configuration inside the "location /" block is not used, and it will fallback to the document root specified in the block that describes the vhost.

     

    ==

     

    Another thing I noticed is that Plesk adds "client_max_body_size 128m;" to the vhost block by default.

    Which gives problems if users want to upload a file larger than 128 MB (e.g. a website backup) through the web interface.

    Can solve that by adding "client_max_body_size 2048m;" to the "location /" block.

    So you end up with:

     

    location / {
       proxy_pass https://plesk.your-domain.com:8443;
       port_in_redirect off;
       proxy_buffer_size 128k;
       proxy_buffers 4 256k;
       proxy_busy_buffers_size 256k;
       client_max_body_size 2048m;
    }
    location /.well-known {
    }
  • Avatar
    Jason Schilling (Edited )

    I'm using Plesk Onyx v17.5.3_build1705170317.16 and added only the one directive that was given for Onyx in this article. I changed only the domain to the IP-Address.

    location / {
    proxy_pass https://IPv4-Address:8443; 
    port_in_redirect off;
    }

  • Avatar
    Simeon Ivaylov Petrov (Edited )

    @Konstantin, as I said 3 comments above, I've already done it, but it continuously redirects me to the login page. I've followed all the steps in this article (version: psa-17.5.3-cos7.build1705170317.16.x86_64).

  • Avatar
    Floris (Edited )

    @Konstantin

    Yes, I did.

    And as mentioned, after enlarging the proxy buffer size, the problem page does work.

     

    Watching with Firebug one can see that this particular page tries to set a lot of cookies through "Set-Cookie:" HTTP response headers.

    The total size of the HTTP response headers is 2053 bytes.

    One would think that 2053 bytes should fit in the default 4 KB nginx buffer size. But for some reason it does not. Perhaps because it proxies to HTTPS it needs twice the space, or something like that?

     

  • Avatar
    Webmaster

    Thanks, Lev! When I type in my new Plesk hostname before the port 'plesk.mydomain.com:8447...' it works just fine. Would that be possible to make the Upades&Upgrades redirect relative to the hostname then, not the localhost? Hiding a port number for the updates will, of course, not be possible but still better than typing in a custom hostname every time.

    On the other note, I have noticed that proxying port 80 to 8880 or 8443 opens the port for everyone on the Internet. I suggest blocking that with nginx: 

    location / {

        if ($remote_addr = 0.0.0.0) {
            proxy_pass https://127.0.0.1:8443;
        }
        if ($remote_addr != 0.0.0.0) {
            return 404;
        }

    }
  • Avatar
    Grímur Daníelsson (Edited )

    I'm using Plesk Onyx v17.5.3_build1705170317.16 os_CentOS 7 and the steps are a little different, the firewall is a Plesk component not an extension, so make sure the component is enabled.

    But my main problem is that I'm unable to login after following these steps. The login page is displayed correctly but when I login i get redirected to the login page like I haven't logged in at all.

    EDIT: It was a browser problem for me. Works when I try it in incognito

  • Avatar
    Derek

    Unable to find the last step:
    What do I do?

  • Avatar
    Nikolay Zhmuk (Edited )

    @Martin Check the solution provided by @Floris

    location /.well-known {
    }

    @Floris Additionally you can check https://support.plesk.com/hc/en-us/articles/213914565 article regarding client_max_body_size directive.

  • Avatar
    Konstantin Annikov (Edited )

    Oh, yes, I see. 

    The last part of the link could not be hidden. 

    However it occurs on the login page only and it (last part) is grayed out in the status bar in most of modern browsers (For example Chrome and Safari). 
    So, i believe that it is not a big problem. 

    However if you think that such functionality should be implemented in Plesk as a native one (function to add a domain to access Plesk without entering port number), you can create corresponding feature request here: 

     https://plesk.uservoice.com/forums/184549-feature-suggestions

    The top-ranked suggestions are likely to be included in the next versions of Plesk.

  • Avatar
    Webmaster

    Worked fine, but when I click "Updates & Upgrades" it redirects me to https://127.0.0.1:8447/?secret=&locale=en-US. How to fix this?

  • Avatar
    Simeon Ivaylov Petrov (Edited )

    Hello I have the psa-17.5.3-cos7.build1705170317.16.x86_64 version installed and I followed the article, but when I try to login into "http://plesk.mydomain.tld" I always get a redirect to the same page (url: "https://plesk.mydomain.tld/login_up.php?success_redirect_url=https%3A%2F%2Fplesk.mydomain.tld%3A8443%2F").
    When I add the port there is no problem (http://plesk.mydomain.tld:8443), but without the port I get always redirected. Can I use it without the port or it is required for working?

  • Avatar
    Konstantin Annikov

    @Simeon

    I do not see any additional ways to get such errors in test environment. 

    So, I recommend you to contact Plesk Technical Support (submit a ticket or start chat). 

  • Avatar
    Thomas

    @Lev lurev Do you have a more detailed explanation as to why this happens? I used this method and it works fine for the Plesk login. However, I do have the same redirect problem as @Webmaster when trying to reach the "Updates & Upgrades" page.

    After the redirect fails I can change 127.0.0.1 back to sub.domain.ext and reach the page, so it does still work.

    Is there any way to fix the redirect so it doesn't change the host name initially and redirects to https://sub.domain.ext:8447?

  • Avatar
    Floris (Edited )

    >@Floris Additionally you can check https://support.plesk.com/hc/en-us/articles/213914565 article regarding client_max_boy_size directive.

     

    That's another way to do it.

     

    Do note that the duplicate directive problem described there does not apply if you stick the parameter inside the "location /" block.

    Can have both a parameter at vhost level (added by Plesk) and an overriding one at location level (specified by you).

    Just not two at vhost level.

  • Avatar
    Konstantin Annikov

    @Simeon

     

    Could you please watch this video

    Here you can see the solution on how to "use the login page (and so login to the admin panel) without entering the port"

    I just performed the steps from the article and as a result I can use the plain URL as a login page to Plesk. 

    Does it meet your expectations? 

  • Avatar
    Simeon Ivaylov Petrov

    @Konstantin

    It works now! I set my new plesk admin domain "admin.mydomain.com" as the main System Server full hostname and now it works! The interesting thing is if I put again my old main domain that was set before "mydomain.com", it is working anyway. I think it was some kind of Plesk cache or similar so I suggest you to add a last step in this article suggesting to go and re-save the system settings.

    Anyway, what hostname should be right to set for the "Full hostname" parameter? The IP, the new admin panel domain (admin.mydomain.com) or the main domain (mydomain.com)?

     

     

    Thank you very much!

  • Avatar
    Bulat Tsydenov

    @Martin, I am not sure if it is possible at all. But I can say for sure, Plesk cannot make such configuration.

  • Avatar
    Jason Schilling

    @Lev thank you for the fast reply. I will wait for the fix.

  • Avatar
    Robert Asilbekov (Edited )

    @Webmaster I suppose that it will be better to restrict access via allow/deny

     

    location / {

    allow 192.168.1.0/24;
    # drop rest of the world
    deny all;

    proxy_pass ...

    }
  • Avatar
    Simeon Ivaylov Petrov (Edited )

    So there is no solution to have a clean url for my clients without obligating them to put the port every time?

    Edit: In fact, the topic of this thread says "...without entering the port?"

  • Avatar
    Konstantin Annikov

    @Floris

    Ok, thank you for input. I will add this to article. 

  • Avatar
    Adrian Bedrunka

    I don't have the field "Additional nginx directives", just the apache directives:


    How can I chance the plesk admin from mydomain.com:8443 to admin.mydomain.com?

  • Avatar
    Andrey Ivanov

    Hello Simeon,

    Most probably, a cause of that behaviour was in a browser cache.

    As for the hostname, do not use an IP address as your full hostname. Instead of that, feel free to use "admin.mydomain.com" or "mydomain.com". The main point is that it should be resolvable from the server and nginx directive should contain exactly the same hostname.

  • Avatar
    Lev Iurev

    @Webmaster unfortunatelly it does not work for "Updates & Upgrades" as it is listening on another port. 

  • Avatar
    Martin

    @Floris Thank you - it worked!

  • Avatar
    Bulat Tsydenov

    @Martin Let's Encrypt extension places temporary script to .well-known/acme-challenge/ directory of the website. Therefore, in order to generate Let's Encrypt certificate for the domain, you need to generate it before applying the solution from this article. In other words, the domain should not redirect to somewhere.

  • Avatar
    Simeon Ivaylov Petrov

    @Artyom

    Hi Artyom! So currently there is no solution to use the login page (and so login to the admin panel) without entering the port and I will always be redirected if I do not enter the port in the login URL? Why this article suggests this solution if you are unable to access the admin panel through the login page without the port in the first place?

    Thanks

Please sign in to leave a comment.

Have more questions? Submit a request