• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Turn off Apache, use only Nginx

TimReeves

Regular Pleskian
I have worked hard on my nginx configurations and for all the packages I (or my clients) have in use I have developed nginx configs which pass nothing through to Apache - all static requests are delivered directly, and PHP is passed by nginx directly to PHP-FPM.

This is mean 'n lean and works real fine. But now I have the problem that on virtual servers I keep overrunning the virtualised system resources (user beancounters: tcpsndbuf, numothersock, shmpages etc.) while using only a fraction of the RAM and SDD space available.

So: I want to minimise unneccessary use of those system resources. To that end: I would like to switch off Apache completely as I don't use it, but it uses lots of resources.

My question is: Is there any way to tell Plesk not to use or start Apache at all? And if not, could this be put on the wish list?

Cheers, Tim
 
@TimReeves

The resource (over-)usage that you describe is (primarily) related to the PHP FPM process, it is (practically) unrelated to Apache.

Furthermore, when absolutely not passing any request to Apache, it is in fact the case that Apache should be idle (to a high degree): are you sure that Apache is not serving requests?

Anyway, "telling Plesk not to use Apache at all" is the same as doing what you already have done (considering your statements): using Nginx as a pure and lightweight web server.

However, there is a huge difference between theory and practice:

- in theory, Plesk with Nginx as a pure web server can work and will work,
- in practice, Plesk with Nginx as a pure web server will NOT work, unless one completely changes the whole default Nginx configuration template, as provided with Plesk.

Nevertheless, theory and practice are barely relevant in the case of Plesk and Nginx combined.

Just stop Apache and verify that all your websites are still working properly: if that is true, then you have a pure Nginx web server.

And that is the beauty of it: your question "Is there any way to tell Plesk not to use or start Apache at all?" is already answered, if Apache can be stopped without disrupting site serving.

In that case, Apache can be simply shutdown (forever) or even be removed.

In short, there is no need "to tell Plesk" and/or put it on a wish list.

Note that you should be really careful with custom Nginx configurations: any update, upgrade or micro-update can undo the customizations of Nginx conf files.

Also note that you should be really careful with shutting down Apache: it will restart.

Finally, note that there are no real alternatives to the "restart problem of Apache": removal is not an option and/or the update scripts for Plesk will really not change to support this.

To be honest, if you really want a pure Nginx web server, you should not install Plesk at all: just use another stack.

I can recommend EasyEngine and/or Webmin.

In conclusion, it not realistic to have the desire to discard Apache from the Plesk stack.

Hope the above provides a little bit of information.

Regards......
 
@IgorG,

I suppose that "going" means "planning, not yet implemented", is that correct?

Would be a nice addition though, having the trusted Plesk stack with an option to use Nginx as a standalone web server (really speeds up things).

If I have time, I will PM you, in order to present some of our experiences when testing with Nginx 1.9.12 (in the Apache + Nginx and standalone Nginx setup).

Regards......
 
I suppose that "going" means "planning, not yet implemented", is that correct?
Yes, you are correct. It will be implemented as an official feature. You will be able to switch webserver to using the only nginx engine.
 
Hi bambamboole,

Are there any news about this topic
Pls. be informed, that you are able to use the feature "Proxy mode" ( on/off ) with the new Plesk Onyx version: => "Home > Subscriptions > YOUR-DOMAIN.COM > Apache and nginx Settings"

Plesk-Onyx_Apache_and_nginx_Settings_PROXY_001.png

You can find additional informations at:



 
Yes, you can use this new feature on Onyx, but note, that Apache will not be completely disabled, stopped, etc. Webmail will work on Apache anyway, for example.
Unfortunately, there is still some kind of limitations which doesn't allow to disable Apache completely. But developers continue to look for options, try them and try to implement them.
 
I would like to switch off Apache completely? I have Wordpress sites only and WP needs mod_rewrite Apache module in their requirements. (About » Requirements — WordPress)
However some experts says "Forget about Apache and use nginx instead."
Can I stop Apache? If yes, how?

(note:I tried to disable "Proxy mode" of nginx but my WP sites became unavaible;
XkfCqVI.png
 
Hello, I'm attempting to get rid of Apache also. I've just disabled the service and all still fine (i.e. the Plesk backend is still viewable over the web!) - I haven't installed any domains yet just about to.

I have two questions, as this thread is quite old in case anything has changed.

1) Is it yet possible to use webmail without Apache? So I can just keep Apache turned off and still have fully functional webhost? I've set up all plans to now use NGINX + FPM, and disabled proxy mode.

2) How comes I can still see the PLESK web interface after i've turned Apache off... does Plesk use Nginx, to serve it's web interface?

Thanks!
 
Hi @Elextric
  1. I think maybe not: Look in /usr/local/psa/admin/conf/templates/default/webmail, the Nginx config there just seems to be passing requests through to Apache.
  2. AFAIK, Plesk uses an own Nginx and an own PHP, to be independent of whatever else is present or not on the host.
I wrote about this topic 4 years ago: Resolved - Proxy mode off: bug and problems with nginx config
That article is now out of date - but the general principle still applies. And although Plesk I believe now has reasonable nginx config to pass PHP files to PHP-FPM, I still throw out that section and use my own config for that, it allows me to tweak things whenever I need to.

As an nginx fan, you may like to upvote my request to add nginx jails to the shipped configuration of fail2ban. That's the rub - we get rid of Apache, and currently thereby lose an important security component :mad:
 
Interesting thanks Tim, I do prefer Nginx, and am also optimizing the server for page load times so have gone purely for NginX. Funnily enough I'm using an almost identical setup to the one you mentioned as an example in your original post in this thread. I'm using plesk for the first time but have used nginx standalone on a linux server before. Have upvoted your feature request, looks like it would be useful.

although Plesk I believe now has reasonable nginx config to pass PHP files to PHP-FPM, I still throw out that section and use my own config for that, it allows me to tweak things whenever I need to.

Would you mind sharing an example of your config? I'm setting this server up for the first time. I have 64GB ram available and 8 threads, and just going to be running 10 WordPress sites, eight under one subscription, and 2 under another.
 
Nowadays, when you deselect the option in Plesk "Proxy mode", then Plesk will indeed generate the Nginx config to pass requests for PHP files to PHP-FPM. But I use custom templates at this point:
  1. domainVirtualHost.php
    This is the Apache Config file - I wipe it clean, leaving only the header comment - just to be sure :)
  2. nginxDomainVirtualHost.php
    This is the Nginx config for a domain. By adding "FALSE &" to a test at line 185 (Plesk 18.0.31) I completely suppress that part of Plesk config which deals with PHP files.
  3. Then my own additional nginx domain config registered in Plesk under "Additional nginx directives" contains the own handling of PHP files.
I've uploaded a zip containing all 3 files in question. You can read up on Custom Templates in the Plesk documentation.

Note that my nginx config expects and includes an "nginx.conf" - in my case that's a file deposited by iThemes Security. But it does not make provisions for caching plugins. If you use for example W3 Total Cache (which I recommend) then you'll need to cut out a lot of the nginx config for handling of non PHP files, as the cache plugin creates that code.

Hope this sets you on a good path.
 

Attachments

  • plesk-nginx-wp.zip
    8 KB · Views: 2
@TimReeves appreciate the time you took posting that and your nginx templates, will definately start experimenting with this, thank you!

Here is a follow up question, about fail2ban as you mentioned it. Is this doing nothing in a plesk install that is running NGINX exclusively? because I've just had a look at it's running and taking a fair bit of virtual memory and 1% of available CPU... here is a screenshot...

fail2ban.png


Should I disable this do you think?

If so (and this goes out to wider community also of course) is there a preferred way of doing this with Plesk?

Thanks!
 
Fail2ban is written in Python and interpreted, I don't know how efficient Python is, but it may be one cause of runtime usage. But apart from that, fail2ban is constantly monitoring the logs of a number of processes which need intrusion detection. In Plesk, look at Tools & Settings | IP Address Banning | Jails. As we see there, Plesk defines 2 jails for Apache (turn them off), but others for dovecot, postfix, plesk panel, proftpd, SSH (very important) and a couple of others.

So good grief no, don't switch off fail2ban, only the jails you don't use (e.g. plesk-wordpress if you're not installing WordPress via Plesk).

On the above mentioned screen you'll see a button "Add Jail" - that's where I'll be at as soon as I find time to write an nginx jail - if Plesk-People don't do it soon.

Final tip for a security plugin: I've recently plumped for one called WP Cerber. One reason is that it's "nginx friendly" - you can configure it to write log entries which can be picked up by fail2ban, and thus have the attacker blocked right at the Linux firewall. Another good reason is, that it provides a fairly good Anti-spam on your forms but does not send any data away from your local host, saving you a lot of headache with GDPR.

You're very welcome, just note that I won't be able to add to this thread as I have a lot of other pressing work.
 
That's great it's nice talking, and thanks for the information. I have installed the Comodo free Nginx rules they should help also

Best of luck with your work schedule!
 
Back
Top