Facebook
Twitter
- Server operating system version
- Ubuntu 20.04.5 LTS
- Plesk version and microupdate number
- Version 18.0.47 Update #5, last updated on Oct 26, 2022 06:38 AM
This morning all websites on 1 server stopped working.
Thanks to monitoring software (zabbix) I knew that this was because of an invalid nginx-config (which tests the output of "nginx -t")
nginx -t gave me:
For years I have a file /etc/nginx/conf.d/aa400_own_tweaks.conf which contains among other things
It turns out that Plesk this morning added this line to /etc/nginx/conf.d/ssl.conf
...and thus rendered my nginx configuration corrupt.
Plesk could have opted for a soft reload and nginx would have continued working.
In my case Zabbix would have noticed the invalid config and I could have fixed it without any sites offline.
To fix it I have now commented out the "ssl_dhparam" in my own "/etc/nginx/conf.d/aa400_own_tweaks.conf" and the issue is solved.
This month I installed another Plesk server from scratch and upon installation I noticed that /opt/psa/etc/dhparams2048.pem was added to /etc/nginx/conf.d/ssl.conf, so I refrained from adding it to my own config.
I didn't suspect Plesk to start implementing the ssl_dhparam on my older Plesk managed servers.
I'm posting this here for 2 reasons.
One to help others who haven't found why this happened, so they now can quickly resolve it.
The other is that I have more servers with the ssl_dhparam already configured, but these servers don't have the file /opt/psa/etc/dhparams2048.pem yet.
I have some ideas, but I would like to know what the Plesk team thinks of this.
I think it's best to add this line to /etc/nginx/conf.d/ssl.conf instead of /etc/nginx/conf.d/aa400_own_tweaks.conf
I then only risk /etc/nginx/conf.d/ssl.conf being overwritten with no ssl_dhparam
Thanks to monitoring software (zabbix) I knew that this was because of an invalid nginx-config (which tests the output of "nginx -t")
nginx -t gave me:
For years I have a file /etc/nginx/conf.d/aa400_own_tweaks.conf which contains among other things
It turns out that Plesk this morning added this line to /etc/nginx/conf.d/ssl.conf
...and thus rendered my nginx configuration corrupt.
Plesk could have opted for a soft reload and nginx would have continued working.
In my case Zabbix would have noticed the invalid config and I could have fixed it without any sites offline.
To fix it I have now commented out the "ssl_dhparam" in my own "/etc/nginx/conf.d/aa400_own_tweaks.conf" and the issue is solved.
This month I installed another Plesk server from scratch and upon installation I noticed that /opt/psa/etc/dhparams2048.pem was added to /etc/nginx/conf.d/ssl.conf, so I refrained from adding it to my own config.
I didn't suspect Plesk to start implementing the ssl_dhparam on my older Plesk managed servers.
I'm posting this here for 2 reasons.
One to help others who haven't found why this happened, so they now can quickly resolve it.
The other is that I have more servers with the ssl_dhparam already configured, but these servers don't have the file /opt/psa/etc/dhparams2048.pem yet.
I have some ideas, but I would like to know what the Plesk team thinks of this.
I think it's best to add this line to /etc/nginx/conf.d/ssl.conf instead of /etc/nginx/conf.d/aa400_own_tweaks.conf
I then only risk /etc/nginx/conf.d/ssl.conf being overwritten with no ssl_dhparam
Last edited:
