Webinoly is just the perfect tool for NGINX experts. Give it a try!
Ask a Question

Could you please add support for proxy_protocol when enabling SSL

+1 vote
769 views
by Rookie
i have my servers behind an AWS NLB. Because of the number of domains on the server, I can not put my certs on the NLB. Instead I have to enable Proxy Protocol v2 on the NLB/Target group.

Once I run this command (sudo site domain.com -ssl=on) I have to update the ssl config like so:

sudo sed -i 's/http2/http2 proxy_protocol/g' /etc/nginx/sites-enabled/domain.com

Unfortunately, once I do that the site turns "red" under site list

sudo site -list

https://d.pr/i/83h4hN

This apparently means that the site is no longer managed. When I updated to 1.9 and this file, wpcommon-noauth.conf, was added all of my "unmanaged" sites had http auth added because the "wpcommon-noauth.conf" was not updated on those sites.

My suggestion/request is to either default to add "proxy_protocol" when ssl is enabled. Both can be there and it won't affect anything. Or add a command line option to add it (sudo site domain.com -ssl=on -proxy_protocol=on)

Thanks for a great tool for site management and server setup. I've migrated half of my sites from EasyEngine to Webinoly on AWS with RDS and this is the only issue I've run into.
by Rookie

I've upvote for this feature, please add proxy_protocol support. Thanks!

1 Answer

0 votes
by Expert

Hi itdoug,

  • First of all, sites-enabled is just a symlink to sites-available, use the latest to avoid the red-listed sites.
  • Webinoly has the "Internal-API" feature that allows users to automate some tasks, in this case, you can add (automatically) the proxy protocol variable when a site is created.
Next year we will have some new features focused on Multi-Server environments, that's when this feature can make sense, I will save this post as a reference.
Thanks a lot for your feedback and nice support.
Regards.
by Rookie
Thanks for the quick reply. A couple follow ups...

Is there a way for me to get them back in sync? Do I just make the same edits in sites_available and then delete my files and fix the sym links?

I found the API documentation (https://webinoly.com/en/api/internal-api-events/), but I don't follow how I would automate the adding of proxy_protocol. It would have to happen after enable ssl, not before. I'm fine just updating the file in sites_available too if that's all I need to change about my process.
by Rookie
This worked to restore everything to green

remove file I created in sites-enabled

sudo ln -s /etc/nginx/sites-available/domain.com /etc/nginx/sites-enabled/domain.com

sudo service nginx reload

So just uncertain about the api, but can probably get by without it. too.
by Expert
If you want the API to run "after ssl" just wait for "sie" (end command execution) and check if $ssl == "on".
Welcome to the Community site for Webinoly.

Our Optimized LEMP Web Server is a powerful set of commands for doing just about anything you could wish.

With Webinoly you can set up your NGINX web server in just one step.

* * * * * * *

To report a bug, please create a new issue on GitHub or ask a question here with the bug tag.

Related questions

Webinoly Support Paypal Donations

PayPal · GitHub Sponsors · Bitcoin

Snow Theme by Q2A Market
Powered by Question2Answer

It is very important that any visitor to the site read the disclaimer, terms of use and privacy and legal statement before start browsing.

...