Vesta Control Panel - Forum

I recently migrated my site from an Ubuntu 14.04 installation with apache2 to an Ubuntu 16.04 installation with apache2 + nginx. Aside from a few hiccups everything seemed to be working fine until I realized no one could register on my forums because "there has already been a new registration from your ip address". I then noticed that listed under Who's Online of the forums that everyone had the same IP, the IP of my site.

The only thing I can think of is that this is a reverse proxy problem. I host on Linode and have reverse proxy set up through the DNS there, and nginx is also doing a reverse proxy so I can only assume there is some sort of conflict.

How do I disable the reverse proxy of nginx to (hopefully) fix the problem? Or would it be better to disable the reverse proxy in the DNS manager of my Linode?

I was able to resolve the issue but using a strict IP check in the forums. It was a setting that was disabled and never needed to be on before but I guess it's needed now.

This is related to the fact that the original IP is 'seen' by nginx acting as the proxy. It then passes information back to apache, which only 'sees' it as coming from the nginx IP address.
Here's a related thread viewtopic.php?f=10&t=13499

The script it mentions -- /usr/local/vesta/upd/switch_rpath.sh -- fixed the issue for me. However, I don't recommend blindly running it. Read and understand it, so you understand what its doing, and then issue the commands manually. If it doesn't work, you can then revert.
For the record it checks for the rpaf and remoteip modules in your apache config.
If it finds rpaf it disables it. It then tries to enable remoteip module.

Check your apache logs before and after. If they change from all requests from a single IP to lots of different IPs, then its worked.

Thank you for the extra info.

So is it recommended I turn off the reverse proxy through my hosts control panel and just use nginx, or should I just leave them both on?

Its a personal preference which setup you use. My current preference is for apache behind an nginx proxy. This way you get the benefits of both servers: the speed of the nginx server with static files and SSL termination, and the flexibility and compatibility of apache (being able to use .htaccess files).

I started like many in this business with apache, when there was no real alternative. I switched to nginx for a few years and loved it, but missed the convenience of .htaccess, and the slight fiddliness of getting php-fpm to work with different web apps. So now I chose a mixture. The fact that Vesta supports this configuration out of the box is actually what drew me to it.

plutocrat wrote:Its a personal preference which setup you use. My current preference is for apache behind an nginx proxy. This way you get the benefits of both servers: the speed of the nginx server with static files and SSL termination, and the flexibility and compatibility of apache (being able to use .htaccess files).

I started like many in this business with apache, when there was no real alternative. I switched to nginx for a few years and loved it, but missed the convenience of .htaccess, and the slight fiddliness of getting php-fpm to work with different web apps. So now I chose a mixture. The fact that Vesta supports this configuration out of the box is actually what drew me to it.

Good day,

Im new to vestacp and also use nginx and apache, can I please know what templates you used for apache and nginx with ssl enabled (I generated a certificate at cloudflare)? Thanks :)

If you install vesta with the nginx+apache option then the "default" template (selected when you set up a web domain) is already providing nginx as a reverse proxy in front of apache.

For the SSL, you have a couple of options. I use the SSL and Letsencrypt options on the web domain Edit page. But you can also copy and paste your certificates from another CA into the boxes provided. Not sure if your cloudfront ones will work ... aren't they issued for a domain like 9870987.cloudfront.net?

If you let VestaCP and letsencrypt handle the certs, then they'll also handle the autorenewal, so you'll never have to worry about it again.

I don't use CF myself but using cloudflare SSL means extra config, there were a few threads before that you should read up.
https://www.google.com/search?q=vestacp+cloudflare+ssl