• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Proxy mode off: bug and problems with nginx config

TimReeves

Regular Pleskian
Plesk Onyx, 17.0.17, Debian Jessie, vServer at Hetzner (KVM virtualisation)

NOTE July 2017 - some specifics here are now outdated, see my post from July 2017 below!

Some time ago I started the thread turn off Apache, and I'm pleased that this is now possible by deselecting "Proxy mode". But I have inspected the nginx config which Plesk generates in that case, and it is problematical for the way I need to use nginx and php-fpm. In PHP Settings I have selected "FPM application served by nginx". The config thus generated has the following problems:
  1. Bug: A block "location ^~ /plesk-site-preview/ {...}" is still generated even when turned off in the Plesk GUI: Tools & Settings | Website Preview | Disable Quick Preview
  2. Custom-PHP-Killer: If PHP Support is turned on for a domain - to get the pool entries - then Plesk generates a location statement to handle .php files: "location ~ \.php(/.*)?$ {...}". That regex location statement is exactly what I would normally use myself, and coming before anything I can add in my custom nginx file, it pre-empts anything I would do. BUT the statements inside the block, while fine as far as they go, do not go far enough for me:
    (a) I really miss a "try_files" directive in there - without it, all the attack attempts which reference some URI in the hope of hitting something, get passed to PHP-FPM and logged by it. Since I am actively monitoring those logs, it is not only a waste of resources calling FPM, but also creates a lot of warnings from my log monitoring.
    (b) Some applications (e.g. owncloud/nextcloud) need custom fastcgi params. I have no possibilty to add them when Plesk is grabbing the location.
    (c) Sometimes we need to be careful about the order in which regex locations are defined, as the first one encountered which matches, wins. And thus we need control over the order anyway.
    So as far as I see: Please add an option (checkbox) to suppress the ".php" location, e.g. "Suppress .php location in Plesk nginx config" with subtitle: "If you select this option, then you must include a similar location statement in your custom nginx config file to get php processing".
  3. Irritation: There seems to be no way to turn off output of the location for web users: "location ~ ^/~(.+?)(/.*?\.php)(/.*)?$ {...}". I would do it explicitly if there were a checkbox somewhere; even more elegant would be that Plesk notes that for a domain there ARE no web users defined and silently omits the location.
So for me it seems that at the moment I have no other option than a custom template )-:

For more clarification, here is the actual config, with my explanatory remarks:
Code:
server {
        listen {local-ip}:{port} [default_server] ssl http2;

       # TR: SNI – Server Name Indication
       server_name [sub.]{domain.tld}
       server_name www.[sub.]{domain.tld}
       server_name ipv{4|6}.[sub.]{domain.tld}

       # TR: If with SSL certificate then 3 statements for the ssl_certificate

       # TR: This is problematic; see https://kb.plesk.com/en/122689
       # and https://talk.plesk.com/threads/client_max_body_size-duplicate-problem-still-exists.334148/
       # It goes away if you put "nginxClientMaxBodySize =" (with empty value) in Plesk's panel.ini
       client_max_body_size 128m;

        root "/var/www/vhosts/{domain.tld}/httpdocs";
        access_log "/var/www/vhosts/system/{domain.tld}/logs/proxy_access_ssl_log";
        error_log  "/var/www/vhosts/system/{domain.tld}/logs/proxy_error_log";

       # TR: One SHOULD be able to get rid of this in Plesk GUI: Tools & Settings | Website Preview | Disable Quick Preview
       #     BUT it remains present )-:  This is a bug, but only a minor irritation
        location ^~ /plesk-site-preview/ {
                proxy_pass http://127.0.0.1:8880;
                proxy_set_header Host             plesk-site-preview.local;
                proxy_set_header X-Real-IP        $remote_addr;
                proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
                proxy_cookie_domain plesk-site-preview.local $host;
                access_log off;
        }

       # TR: This is added when "Hosting Settings | Preferred domain" is without "www."
        if ($host ~* ^www.[sub.]{domain.tld}$) {
                rewrite ^(.*)$ https://[sub.]{domain.tld}$1 permanent;
        }

       # TR: Web Users: I can't find any way to turn this off in general in Plesk GUI
       # =>  It DOES disappear if you deselect "PHP support" in the domain's PHP Settings
        location ~ ^/~(.+?)(/.*?\.php)(/.*)?$ {
                alias /var/www/vhosts/{domain.tld}/web_users/$1/$2;
                fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
                fastcgi_param PATH_INFO $fastcgi_path_info;
                fastcgi_pass "unix:///var/www/vhosts/system/[sub.]{domain.tld}/php-fpm.sock";
                include /etc/nginx/fastcgi.conf;
        }

       # TR: Catchall for .php files - send them straight to php-fpm via nginx
       # =>  The regex itself and ensuing capture of PATH_INFO are fine (except regex is case-sensitive)
       # =>  It correctly disappears if you deselect "PHP support" in the domain's PHP Settings
       # PRE-EMPTS any own location for .php files ***
       # We could get around this by NOT deselecting "Proxy mode" in Plesk - but then, Plesk will configure Apache...
       # THIS HERE IS THE ONLY REAL PROBLEM: Missing "try_files" and possibility for custom (app-specific) fastcgi params
        location ~ \.php(/.*)?$ {
                fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
                fastcgi_param PATH_INFO $fastcgi_path_info;
                fastcgi_pass "unix:///var/www/vhosts/system/[sub.]{domain.tld}/php-fpm.sock";
                include /etc/nginx/fastcgi.conf;
        }
        # TR: We could configure PHP support and then switch it off - currently Plesk leaves the fpm pool active.
        #     But that solution would be dependent on Plesk retaining a strategy which I have loudly criticised...
        # Another idea on that line would be to insert own php-fpm pools manually and turn off PHP support in Plesk,
        # but that would mean that we double up the pools - our own plus those NOT cleaned up by Plesk. Unsavoury...

       # TR: Blanket index statement for web-root - pre-empt with "location = /" to modify
       #     Although experiment shows that repeating the "location ~ /$" later also works
       # =>  This also disappears if you deselect "PHP support" in the domain's PHP Settings
        location ~ /$ {
                index index.html index.cgi index.pl index.php index.xhtml index.htm index.shtml;
        }

       # TR: This is where - last of all - our custom config gets included
       # Another solution would be for Plesk to include it near the top of this file, so that any "ours" pre-empts "theirs",
       # leaving "theirs" active if we do not pre-empt it in our custom config. Then, we would have the option!
        include "/var/www/vhosts/system/[sub.]{domain.tld}/conf/vhost_nginx.conf";
}
 
Last edited:
See my other thread Plesk still generates httpd config with Proxy mode off

Now the workaround for both issues:

First, create two custom template files to override the Plesk default templates:

nginxDomainVirtualHost.php:
- Line 63 add "&& FALSE" to test
- Line 88 add "FALSE &&" to test:
<?php if (FALSE && ($VAR->domain->active && (!$VAR->domain->physicalHosting->proxySettings['nginxTransparentMode'] ||
!$VAR->domain->physicalHosting->proxySettings['nginxProxyMode']))): ?>

domainVirtualHost.php (Apache):
Truncate the file to leave just the header (Plesk needs it):
<?php
/**
* @var Template_VariableAccessor $VAR
* @var array $OPT
*/
?>

Second, add them to your server and regenerate the webserver configs:

cd /usr/local/psa/admin/conf/templates
mkdir -p custom/domain

cp {your-modified}/nginxDomainVirtualHost.php /usr/local/psa/admin/conf/templates/custom/domain
cp {your-modified}/domainVirtualHost.php /usr/local/psa/admin/conf/templates/custom/domain

/usr/local/psa/admin/bin/httpdmng --reconfigure-all

Assuming you set EVERYTHING empty / deselected on Plesk GUI "Apache & nginx Settings for {domain}" - except for including your own nginx config file - this will leave you with
  1. NO config generated for any normal domain for Apache, neither normal domains nor IP-Defaults (but webmail is another story and will still be fine). This is good news especially for people on virtuozzo-powered vServers that may otherwise run out of user beancounter resources like numothersock...
  2. Almost TOTAL responsibility for handling the domain in our own custom nginx config file, including catching .php files
  3. NO provision for web users, site previews or access to statistics in the config.
If you want AWstats you need to be a bit tricky:
  1. Obviously, install the Plesk module and select it for the domain
  2. We know some webserver config will be missing - but Plesk will faithfully run an offline Perl job in its "daily" cron job and have AWstats generate data for static html pages. So the data will be there, we just need to get to them.
  3. Note: Plesk does not set the right log file format; do it once and for all: echo "LogFormat=1" >>/etc/awstats/awstats.conf.local
  4. # cd /var/www/vhosts/{webspace}/{domain}
    > Choose a random place where no-one will expect your web stats, e.g. "myhiddenstats"
    # ln -s /var/www/vhosts/system/[sub.]{domain}/statistics myhiddenstats
    # ln -s /usr/share/awstats/icon awstats-icon
  5. Now your stats are available at:
    [sub.]{domain}/myhiddenstats/webstat-ssl/
    [sub.]{domain}/myhiddenstats/webstat/
    [sub.]{domain}/myhiddenstats/ftpstat/
  6. I suggest you protect them with a .htpasswd file, which you can specify in nginx like this:
    location ~ ^/(myhiddenstats/webstat|myhiddenstats/ftpstat) {
    auth_basic "Your Password Prompt";
    auth_basic_user_file /var/www/vhosts/{webspace}/.{filename};
    }
Hope this helps!
 
Hi Tim,

EXCELLENT JOB finding this and breaking everything down. A+ This thread should stay at the top of the forums for users who have the same issue. It should also be held as important and fixed in the very next Plesk update by the plesk team
 
Thanks Tim for the solution,

but i checked my nginxDomainVirtualHost.php,
my line 63 is:
Code:
<?php endif ?>

and my line 88 is:
Code:
internal;

how should i add the code "&& FALSE" and "FALSE &&"?

and where do i add this line?
Code:
<?php if (FALSE && ($VAR->domain->active && (!$VAR->domain->physicalHosting->proxySettings['nginxTransparentMode'] ||
!$VAR->domain->physicalHosting->proxySettings['nginxProxyMode']))): ?>

any help would be much appreciated!
 
Hi @einstein

thanks for raising this - it gave me cause to check out the current situation. Indeed, recently (I think around mid march 2017) Plesk made a small improvement in nginxDomainVirtualHost.php: After line 55 they have improved the handling of sslRedirect, inserting about 5 lines which check for with/without www.

So the line numbers where my modification is needed have changed:

nginxDomainVirtualHost.php:

- Line 69 append "&& FALSE" to test: if ($OPT['default'] && FALSE):

- Line 96 add "FALSE &&" to start of test, put rest in round brackets (so those 2 lines then look like this - replace not add)
<?php if (FALSE && ($VAR->domain->active && (!$VAR->domain->physicalHosting->proxySettings['nginxTransparentMode'] ||
!$VAR->domain->physicalHosting->proxySettings['nginxProxyMode']))): ?>

That should get you on track - good luck!

Tim
 
Hi @einstein

thanks for raising this - it gave me cause to check out the current situation. Indeed, recently (I think around mid march 2017) Plesk made a small improvement in nginxDomainVirtualHost.php: After line 55 they have improved the handling of sslRedirect, inserting about 5 lines which check for with/without www.

So the line numbers where my modification is needed have changed:

nginxDomainVirtualHost.php:

- Line 69 append "&& FALSE" to test: if ($OPT['default'] && FALSE):

- Line 96 add "FALSE &&" to start of test, put rest in round brackets (so those 2 lines then look like this - replace not add)
<?php if (FALSE && ($VAR->domain->active && (!$VAR->domain->physicalHosting->proxySettings['nginxTransparentMode'] ||
!$VAR->domain->physicalHosting->proxySettings['nginxProxyMode']))): ?>

That should get you on track - good luck!

Tim

Hi @TimReeves ,

I tried your above recommendation and it gave me blank page, saving php files instead of loading them.

is there any additional config required to make this work?

my sites are running on wordpress.

thanks in advance.
 
@einstein
Yup there sure is more needed - my modifications completely remove all Apache config for all domains on the server, and PHP handling in nginx, cos they do the latter in a way which does not suffice for all applications. So what you need to do is to link an own Nginx configuration file under "Apache & nginx Settings" which handles EVERYTHING - including php. For WordPress this needs to be done in a special way. I have attached my own tried and tested nginx config for WordPress here (I had to add an ending ".txt" to be able to upload, you can remove that from the name).
Note: You MUST read the first 40 lines of comment in that file and obey them all, otherwise it will not work. And select "FPM application served by nginx" in the PHP or Hosting settings. AND to set a line "nginxClientMaxBodySize =" in Plesk's panel.ini, because to upload large files we need to set that value on a per domain basis, to be as much as, but not more than, actually needed (having it too big in general increases vulnerability).
There may be more questions on your way, but I have a lot of other things to do, so hope this is enough.
Cheers, Tim
 

Attachments

  • nginx-plesk-phpfpm-wordpress-plesk-onyx.conf.txt
    8.3 KB · Views: 6
@einstein
Yup there sure is more needed - my modifications completely remove all Apache config for all domains on the server, and PHP handling in nginx, cos they do the latter in a way which does not suffice for all applications. So what you need to do is to link an own Nginx configuration file under "Apache & nginx Settings" which handles EVERYTHING - including php. For WordPress this needs to be done in a special way. I have attached my own tried and tested nginx config for WordPress here (I had to add an ending ".txt" to be able to upload, you can remove that from the name).
Note: You MUST read the first 40 lines of comment in that file and obey them all, otherwise it will not work. And select "FPM application served by nginx" in the PHP or Hosting settings. AND to set a line "nginxClientMaxBodySize =" in Plesk's panel.ini, because to upload large files we need to set that value on a per domain basis, to be as much as, but not more than, actually needed (having it too big in general increases vulnerability).
There may be more questions on your way, but I have a lot of other things to do, so hope this is enough.
Cheers, Tim

@TimReeves sorry to bug you again mate, but i've tried numerous times and couldn't get it to work, it just gave me a blank page. i also tried getting my server admin to work on it but he failed too.

im not sure if this is too much to ask, but is it possible if you can provide a step by step documentation on how to do it?

i could pay too. i just need to get this thing done.

hope to hear from you soon Tim,

Cheers!
 
Plesk 17.5.3 noticed 1. July 2017

The template nginxDomainVirtualHost.php has had further non-trivial changes:
  • Line 87 (add_header X-Powered-By PleskLin) deleted from "location /internal-nginx-static-location/" block
  • Lines (previously) 96 - 110 for the file sharing location have been completely reworked, to handle protected directories and file sharing before and independently of the ".php" handling block, which now starts at line 129.
  • The following "location @fallback" block has been improved to "return 404" if proxy mode is not selected
  • The following static extensions block has had an "expires" directive added.
    The expires value [ $VAR->domain->physicalHosting->expires ] is not settable in the Plesk GUI "Apache & nginx Settings for..."
    It is only settable in the [webserver] section of panel.ini, default value is 1209600 seconds (20160 Min = 336 hrs = 14 days).
    To manage entries in Plesk's panel.ini you can load the Plesk extension "Panel.ini Editor"
    Panel.ini Editor - Plesk Extensions
    The editor (viewer tab) is the ONLY full list of all options, but does not explain them.
    See: Where to find panel.ini full documentation?
    "the description is stored in different parts of Administration's and Advanced Administration's guides"
  • In the following "location ~ /$" block, the internal addressing of the directoryIndex value has been updated
  • Before the final block to include any custom nginx file (i.e. OUR file), two new blocks are inserted:
    • An expires statement if appropriate
    • An internal list of http headers for physical hosting is iterated and output, and an "add_header X-Powered-By PleskLin;" appended
    • > Where does the headers list come from?
SO the changes now required to suppress the parts of the config we don't want are now:
  • No longer needed: Line 69 append "&& FALSE" to test: if ($OPT['default'] && FALSE):
  • Modified (was line 96, now): Line 129
ORIG: <?php if ($VAR->domain->active && $VAR->domain->physicalHosting->php && $VAR->domain->physicalHosting->proxySettings['nginxServePhp']): ?>
MOD: <?php if (FALSE && ($VAR->domain->active && $VAR->domain->physicalHosting->php && $VAR->domain->physicalHosting->proxySettings['nginxServePhp'])): ?>
  • New: I recommend to delete line 163: add_header X-Powered-By PleskLin;
    Reason: Misplaced pride - anything we let a caller know about our internal architecture tells hackers something to target
 
Here is the current (2. July 17) complete actual (generated) nginx config, with my explanatory remarks:

Assuming the Checkboxes:

o Proxy mode
o Smart static files processing
o Serve static files directly by nginx

are NOT selected!

Code:
# LOCATED IN: /etc/nginx/nginx.conf

worker_processes  1;
include /etc/nginx/modules.conf.d/*.conf;  # TR: Dir is empty
events { worker_connections  1024; }

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    server_tokens off;
    include /etc/nginx/conf.d/*.conf;
}

# TR: A nice possibility to configure nginx which is not used by Plesk
# override global parameters e.g. worker_rlimit_nofile
include /etc/nginx/*global_params;

   # LOCATED IN: /etc/nginx/conf.d/aa500_psa_tweaks.conf (usually not there, but sometimes)
   # Perhaps it gets set by Plesk when there are more domains in use?
   # See: Server names
   # See: Module ngx_http_core_module
   server_names_hash_bucket_size 128;


# LOCATED IN: /etc/nginx/conf.d/ssl.conf
ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM
-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:EC
DHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDH
E-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES25
6-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES25
6-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;


# LOCATED IN: /etc/nginx/conf.d/zz010_psa_nginx.conf (no statements there which impact our scenario)
include /etc/nginx/plesk.conf.d/server.conf;
include /etc/nginx/plesk.conf.d/webmails/*.conf;
include /etc/nginx/plesk.conf.d/vhosts/*.conf;      # TR: These just include the nginx domain configs generated by Plesk
include /etc/nginx/plesk.conf.d/forwarding/*.conf;
include /etc/nginx/plesk.conf.d/wildcards/*.conf;


# LOCATED IN /var/www/vhosts/system/{domain.tld}/conf/nginx.conf
#         OR /var/www/vhosts/system/{domain.tld}/conf/nginx_ip_default.conf
# in total 4 times - IPv4 + IPv6, Ports 443 and 80

server {
   listen {local-ip}:{port} [default_server] ssl http2;

   # TR: SNI – Server Name Indication
   server_name [sub.]{domain.tld}
   server_name www.[sub.]{domain.tld}
   server_name ipv{4|6}.[sub.]{domain.tld}

   # TR: If with SSL certificate then 3 statements for the ssl_certificate

   # TR: See Module ngx_http_proxy_module (default is 60)
   proxy_read_timeout 300;

   # TR: This is problematic; see Invalid nginx configuration: nginx: [emerg] "client_max_body_size" directive is duplicate
   # and Resolved - client_max_body_size duplicate Problem still exists
   # It goes away if you put "nginxClientMaxBodySize =" (with empty value) in Plesk's panel.ini
    client_max_body_size 128m;

   root "/var/www/vhosts/{domain.tld}/httpdocs";
   access_log "/var/www/vhosts/system/{domain.tld}/logs/proxy_access_ssl_log";
   error_log  "/var/www/vhosts/system/{domain.tld}/logs/proxy_error_log";

   # TR: This is added when "Hosting Settings | Preferred domain" is without "www."
   if ($host ~* ^www.[sub.]{domain.tld}$) {
       rewrite ^(.*)$ https://[sub.]{domain.tld}$1 permanent;
   }

   # TR: This block is added if any web statistics are selected for the domain
   location ~ ^/(plesk-stat|awstats-icon|webstat|webstat-ssl|ftpstat|anon_ftpstat) {
       autoindex on;
       location ~ ^/plesk-stat(.*) {
           alias /var/www/vhosts/system/[sub.]{domain.tld}/statistics/$1;
       }
       location ~ ^/awstats-icon(.*) {
           alias /usr/share/awstats/icon/$1;
       }
       location ~ ^/(.*)/(.*) {
           alias /var/www/vhosts/system/[sub.]{domain.tld}/statistics/$1/$2;
       }
   }

# TR: A block for protected directories will appear here if you define any
#     The actual statements depend on whether proxy mode is selected or not (we do not)

# TR: A block appears here to handle file sharing, if you have configured that in Plesk

# TR: If we would select "Serve static files directly by nginx" (we do not) then 2 blocks for that would appear here

#   BEGIN DELETED BY TIM REEVES CUSTOM TEMPLATE

   # TR: If no web users are defined / allowed, you will still get this - in that case - useless block
   location ~ ^/~(.+?)(/.*?\.php)(/.*)?$ {
       alias /var/www/vhosts/[sub.]{domain.tld}/web_users/$1/$2;
       fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
       fastcgi_param PATH_INFO $fastcgi_path_info;
       fastcgi_pass "unix:///var/www/vhosts/system/[sub.]{domain.tld}/php-fpm.sock";
       include /etc/nginx/fastcgi.conf;
   }

   # TR: Catchall for .php files - send them straight to php-fpm via nginx
   # =>  The regex itself and ensuing capture of PATH_INFO are fine
   # =>  It correctly disappears if you deselect "PHP support" in the domain's PHP Settings
   # PRE-EMPTS any own location for .php files ***
   # We could get around this by NOT deselecting "Proxy mode" in Plesk - but then, Plesk will configure Apache...
   # THIS HERE IS THE ONLY REAL PROBLEM: Missing "try_files" and possibility for custom (app-specific) fastcgi params
   location ~ \.php(/.*)?$ {
       fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
       fastcgi_param PATH_INFO $fastcgi_path_info;
       fastcgi_pass "unix:///var/www/vhosts/system/[sub.]{domain.tld}/php-fpm.sock";
       include /etc/nginx/fastcgi.conf;
   }
   # TR: We could configure PHP support and then switch it off - currently Plesk leaves the fpm pool active.
   #     But that solution would be dependent on Plesk retaining a strategy which I have loudly criticised...
   # Another idea on that line would be to insert own php-fpm pools manually and turn off PHP support in Plesk,
   # but that would mean that we double up the pools - our own plus those NOT cleaned up by Plesk. Unsavoury...

   # TR: Blanket index statement for web-root - pre-empt with "location = /" to modify
   #     Although experiment shows that repeating the "location ~ /$" later also works
   # =>  This also disappears if you deselect "PHP support" in the domain's PHP Settings
   location ~ /$ {
       index index.html index.cgi index.pl index.php index.xhtml index.htm index.shtml;
   }

#   END DELETED BY TIM REEVES CUSTOM TEMPLATE

   # TR: Optionally "disable_symlinks if_not_owner;" (1)
   # TR: Optionally "expires <value>" (2)
   # TR: foreach ((array)$VAR->domain->physicalHosting->headers as list($name, $value)): ?>
   #     I have no clue as to where the list of headers is set )-:

   # TR: Get rid of this, we do not want to expose our internal architecture to attackers
   add_header X-Powered-By PleskLin;

   # TR: This is where - last of all - our custom config gets included
   # Another solution would be for Plesk to include it near the top of this file, so that any "ours" pre-empts "theirs",
   # leaving "theirs" active if we do not pre-empt it in our custom config. Then, we would have the option!
   include "/var/www/vhosts/system/[sub.]{domain.tld}/conf/vhost_nginx.conf";
}

(1) $VAR->domain->physicalHosting->restrictFollowSymLinks is tested -
see GUI Apache & nginx Settings for... | Restrict the ability to follow symbolic links

(2) $VAR->domain->physicalHosting->expiresStaticOnly is tested - no idea how it is set )-:
 
Last edited:
Back
Top