Facebook
Twitter
-
If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
CentOS2Alma discussion -
Inviting everyone to the UX test of a new security feature in the WP Toolkit
For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.
Issue Plesk Panel HTTP/2 Not Working
- Thread starter PandoraT
- Start date
-
- Tags
- centos centos 6 http2 plesk onyx
zeeshan786
New Pleskian
- Make sure that SSL support is enabled for the web site in the Hosting Settings section of the domain. HTTP/2 is supported for SSL sites only, so non-SSL sites will continue to work under HTTP /1.x. That is a restriction of nginx web server and web browsers.
- Check that nginx is enabled:
# plesk sbin nginxmng –s
Enable it if necessary:
# plesk sbin nginxmng -e
- Check that OpenSSL package has the version 1.0.1 or higher:
# rpm -qa | grep openssl
openssl-1.0.1e-42.el6_7.4.x86_64.
- Check that there is no custom configuration template in /usr/local/psa/admin/conf/templates/custom/domain/nginxDomainVirtualHost.php. Remove it if it was found and re-create configuration files:
# plesk sbin httpdmng --reconfigure-all
Alternatively, if you do not want to remove your customizations, you can modify the file /usr/local/psa/admin/conf/templates/custom/domain/nginxDomainVirtualHost.php like below.
Find the row similar to
($OPT['default'] ? ' default_server' : '') . ($OPT['ssl'] ? ' ssl' : '') ?>;
And replace it with the two following rows:
($OPT['default'] ? ' default_server' : '') . ($OPT['ssl'] ? ' ssl' : '') .
($OPT['ssl'] && $VAR->domain->physicalHosting->proxySettings['nginxHttp2'] ? ' http2' : '') ?>;
After that run the command:
# plesk bin http2_pref enable
- In case of ssl connection problems with HTTP/2 enabled, ensure that the ssl_ciphers directive in /etc/nginx/conf.d/ssl.conf or in customised nginxDomainVirtualHost.php has the following value:
ssl_ciphers EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EECDH+CHACHA20:EDH+AESGCM+AES128:EDH+AESGCM+AES256:EDH+CHACHA20:EECDH+SHA256+AES128:EECDH+SHA384+AES256:EDH+SHA256+AES128:EDH+SHA256+AES256:EECDH+SHA1+AES128:EECDH+SHA1+AES256:EDH+SHA1+AES128:EDH+SHA1+AES256:EECDH+HIGH:EDH+HIGH:AESGCM+AES128:AESGCM+AES256:CHACHA20:SHA256+AES128:SHA256+AES256:SHA1+AES128:SHA1+AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!KRB5:!aECDH:!EDH+3DES;
- If you site does not work in some browsers after enabling HTTP/2, this may mean that you have no necessary ciphers and protocols for HTTP/2 support. Use the sslmng utility from Plesk to set up available protocols and TLS ciphers list after you have enabled HTTP/2. For example if you want to use exactly the same ciphers list as Plesk does, the command will be the following:
#plesk sbin sslmng --services=nginx --custom --ciphers="EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EECDH+CHACHA20:EDH+AESGCM+AES128:EDH+AESGCM+AES256:EDH+CHACHA20" --protocols="TLSv1 TLSv1.1 TLSv1.2"
Configuration will be stored in the /etc/nginx/conf.d/ssl.conf file. We do not recommend to edit this file manually.
- If no steps above helped, contact Plesk technical support.
Similar threads
- Sticky