0 votes
55 views
by Rookie
i have my servers behind an AWS NLB. Because of the number of domains on the server, I can not put my certs on the NLB. Instead I have to enable Proxy Protocol v2 on the NLB/Target group.

Once I run this command (sudo site domain.com -ssl=on) I have to update the ssl config like so:

sudo sed -i 's/http2/http2 proxy_protocol/g' /etc/nginx/sites-enabled/domain.com

Unfortunately, once I do that the site turns "red" under site list

sudo site -list

https://d.pr/i/83h4hN

This apparently means that the site is no longer managed. When I updated to 1.9 and this file, wpcommon-noauth.conf, was added all of my "unmanaged" sites had http auth added because the "wpcommon-noauth.conf" was not updated on those sites.

My suggestion/request is to either default to add "proxy_protocol" when ssl is enabled. Both can be there and it won't affect anything. Or add a command line option to add it (sudo site domain.com -ssl=on -proxy_protocol=on)

Thanks for a great tool for site management and server setup. I've migrated half of my sites from EasyEngine to Webinoly on AWS with RDS and this is the only issue I've run into.

1 Answer

0 votes
by Expert

Hi itdoug,

  • First of all, sites-enabled is just a symlink to sites-available, use the latest to avoid the red-listed sites.
  • Webinoly has the "Internal-API" feature that allows users to automate some tasks, in this case, you can add (automatically) the proxy protocol variable when a site is created.
Next year we will have some new features focused on Multi-Server environments, that's when this feature can make sense, I will save this post as a reference.
Thanks a lot for your feedback and nice support.
Regards.
by Rookie
Thanks for the quick reply. A couple follow ups...

Is there a way for me to get them back in sync? Do I just make the same edits in sites_available and then delete my files and fix the sym links?

I found the API documentation (https://webinoly.com/en/api/internal-api-events/), but I don't follow how I would automate the adding of proxy_protocol. It would have to happen after enable ssl, not before. I'm fine just updating the file in sites_available too if that's all I need to change about my process.
by Rookie
This worked to restore everything to green

remove file I created in sites-enabled

sudo ln -s /etc/nginx/sites-available/domain.com /etc/nginx/sites-enabled/domain.com

sudo service nginx reload

So just uncertain about the api, but can probably get by without it. too.
by Expert
If you want the API to run "after ssl" just wait for "sie" (end command execution) and check if $ssl == "on".
Welcome to the Community site for Webinoly.

Our Optimized LEMP Web Server is a powerful set of commands for doing just about anything you could wish.

With Webinoly you can set up your NGINX web server in just one step.

* * * * * * *

If you have a question about Webinoly, please ask in English or Spanish.

To report a bug, please ask a question here with the bug tag.

Donations

Webinoly Support Paypal Donations Webinoly Support Bitcoin Donations

Your regular donations is what keep this project moving forward. If you like Webinoly, buy me a coffee or a beer to show support.

Affiliate Links

It is very important that any visitor to the site read the disclaimer, terms of use and privacy and legal statement before start browsing.

...