Top Nav

Archive | Plesk

Mitigate SWEET32 On Plesk Panel

Here’s a great article on the SWEET32 vulnerability and how to mitigate:

SWEET32 Birthday attack : How to fix TLS vulnerability (CVE-2016-2183) in OpenSSL, Apache, Nginx and IIS in RedHat, CentOS, Ubuntu, Debian, OpenSUSE and Windows

If you have a Plesk server then you’ll need adjust the panel ciphers by editing:

and change the contents to:

The restart the panel:


Plesk – Bulk Reset Subscription Expire Date

Here’s a one liner to set the expire date on all subscriptions to unlimited:



Install New Relic With Plesk 12.5

Plesk 12.5 allow for multiple PHP versions and integration methods. This is a great feature but it makes installing New Relic more difficult. New Relic by default installs to the Linux distribution’s version of PHP. With Plesk 12.5, there are multiple PHP versions in different locations. Also New Relic uses a unix socket to facilitate communication between the newrelic-daemon and the PHP component. When running PHP under php-fpm there are permission problems with multiple sites using New Relic. Here are the steps to get New Relic working on CentOS or RedHat. Other Linux distributions will be similar.

1. Install New Relic for the operating system following the standard instructions:

2. Set the newrelic-daemon to run independently by copying the config file template:

3. Configure the newrelic-daemon to listen on a TCP port instead of a UNIX socket:

4. Start the newrelic-daemon:

5. Configure distribution provided PHP to use newrelic-daemon:

6. Restart Apache

7. Install New Relic on Plesk provided PHP installations using the instructions here:

We’ll start with PHP 5.6:

8. Set the TCP port

9. Restart cooresponding php-fpm process:

10. Repeat steps 7, 8 and 9 for each additional PHP version installed on the server.


Plesk 12 / CentOS / PHP 5.3 Issue Causes “abrt” Crash From Yum

Recent on servers with Plesk 12 and the PHP 5.3 distribution from Odin, we’re seeing “abrt” crash reports from Yum with a back trace like:

Until Odin fixes their repository the only way to get updates to proceed normally is to disable the PHP 5.3 repository by editing:

And adding this line:

Since PHP 5.3 is EOL there aren’t any updates expected so disabling the repository should not cause problems.



Plesk 12.5 Protected Directories Break Nginx/PHP-FPM

On Plesk 12.5, when using PHP-FPM with Nginx there’s a problem with the way protected directories are implemented. Each protected directory creates a “location” block in the Nginx config that proxies to Apache. So protected directories are implemented in Apache only. Nginx just passes through to Apache.  This is not a great design choice in our opinion. Instead protected directories should be implemented directly in Nginx.

One of the side effects of the 12.5 implementation is that inside protected directories Apache handles PHP even if you have the domain configured to use Nginx with PHP-FPM. This is especially problematic if you have the entire site password protected. The “location /” block takes precedence over the “location *.php” block so the entire sites ends up using Apache instead going directly to PHP-FPM.

To get around this problem I do the following in Plesk:

  1. Create a protected directory for “/protected”.  Add users as needed.
  2. On the “Apache & nginx Settings” screen, add the following to the “Additional nginx directives” field:
  3. In your .htaccess file add:

The last step is important because we need both Apache and Nginx to enforce the protected directory.