Facebook
Twitter
-
If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
CentOS2Alma discussion
Input Bash script to compile Nginx from source with additional modules on Plesk Onyx
- Thread starter virtubox
- Start date
-
- Tags
- compile nginx plesk onyx script
By the way, this A+ rating can easily be achieved with the help of SSL IT extensions without regard to tsl v1.3
learning_curve
Silver Pleskian
You can achieve A+ without TLSv1.3 so that's helpful and quite correct @IgorG
but you can also achieve A+ without using the SSL IT extension too (as we have done for some time). The question about using Plesk and TLSv1.3? We'll deal with that in another thread, because that's a long and difficult subject.... Edit / Addition - For the setup that we currently use (forum sig) Plesk have now (...finally
) solved the TLSv1.3 issue. See this post: Resolved - Plesk 17.8.11 / Ubuntu 18.04.3 LTS / OpenSSL / TLSv1.3
Last edited:
Of course, you can, no one argues. But what could be easier to turn on three or four switches in the interface, instead of writing complex entries in the configuration files?
learning_curve
Silver Pleskian
Yes, can't fault that summary either @IgorG However... If you want to use Let's Encrypt Certificates that cover MultiDomain + Wildcard (including all Sub-Domains) all in the same certificate, then that's still outside of the current Plesk remit.Of course, you can, no one argues. But what could be easier to turn on three or four switches in the interface, instead of writing complex entries in the configuration files?
FWIW With our setup, Apache & Nginx setings made within Plesk plus a combination of Plesk Let's Encrypt Extension and Acme.SH for things like the previous example all works fine
Hello @Rar9
The only step missing to get A+ SSL score is to enable HSTS on your domain by adding the following line in your domain settings > "Nginx additional configuration" :
NGINX:
more_set_headers "Strict-Transport-Security: max-age=31536000; includeSubDomains; preload";
Last edited:
@Sally1
The more_set_headers is not part of the original Nginx source code, it is a directive belonging to the ngx_headers_more module from OpenResty.
A good and detailled explanation with respect to this OpenResty module can be found on Github.
The main difference is that the ngx_headers_more module is a bit more flexible and/or that it contains more options than the modules shipped with Nginx.
Please note that
- OpenResty is essentially a re-invention of and (in most cases, but not all cases) an improvement of Nginx : it is build on Nginx, consisting of additions to Nginx,
- OpenResty contains a whole lot of "loose ends", even though the quality in general is excellent : alignment of Nginx and OpenResty is not always certain,
- Plesk is using default Nginx : adding non-native Nginx code could be and/or become problematic.
I highly recommend to stick to the basic Nginx, as shipped with Plesk - even though shortcomings thereof are present.
Anyway, it is not at all problematic to use the native Ngxinx add_header directives - but beware of specific HSTS (HTTP Strict Transport Security) pitfalls : activation of HSTS and/or changes in Nginx config might lead to unexpected results that cannot be undone easily : please test your (new) Nginx config on a development server first!
Hope the above helps a bit.
Kind regards........
