On Plesk 12.5, when using PHP-FPM with Nginx there’s a problem with the way protected directories are implemented. Each protected directory creates a “location” block in the Nginx config that proxies to Apache. So protected directories are implemented in Apache only. Nginx just passes through to Apache. This is not a great design choice in our opinion. Instead protected directories should be implemented directly in Nginx.
One of the side effects of the 12.5 implementation is that inside protected directories Apache handles PHP even if you have the domain configured to use Nginx with PHP-FPM. This is especially problematic if you have the entire site password protected. The “location /” block takes precedence over the “location *.php” block so the entire sites ends up using Apache instead going directly to PHP-FPM.
To get around this problem I do the following in Plesk:
- Create a protected directory for “/protected”. Add users as needed.
- On the “Apache & nginx Settings” screen, add the following to the “Additional nginx directives” field:
12auth_basic "Restricted";auth_basic_user_file /var/www/vhosts/system/acme.com/pd/d..httpdocs@protected;
- In your .htaccess file add:
123AuthType BasicAuthUserFile "/var/www/vhosts/system/acme.com/pd/d..httpdocs@protected"Require valid-user
The last step is important because we need both Apache and Nginx to enforce the protected directory.