• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Various issues selecting PHP handlers (at the service plan and subsription level)

Sergio Manzi

Sergio Manzi

Regular Pleskian
Hello and my apologies if this has already been answered: I searched but couldn't find (almost anything)...

In my server (Plesk Onyx Version 17.5.3 Update #9) I want to have "PHP 7.1.6, FPM application served by nginx" as my default PHP handler instead of "5.4.16 by OS vendor, CGI application served by Apache", but I'm facing the following issues:
  1. At the "Service Plan" level I couldn't change it without getting an error stating that "This setting conflicts with the server-wide security policy". In "Tools & Settings -> Security Policy" (which seemed the logical place where that could be fixed) there is absolutely nothing about PHP handlers...
    I finally found this post where I found a workaround: enable the "Setup of potentially insecure web scripting options that override provider's policy" option. With it I could change the handler to my willing without getting the error message (and it seems to have effect...), but every time I re-open the Service Plan settings I still have "5.4.16 by OS vendor, CGI application served by Apache" listed...

  2. Almost the same thing at the "Subscription" level, PHP Settings: I can set the PHP handler to my wishes (and it definitely have effect), but when I reopen the PHP Settings page the dreadful "5.4.16 by OS vendor, CGI application served by Apache" is listed.
Please note that in "Tools & Settings -> PHP Settings" PHP 5.4.16 by OS vendor is not enabled, in any form (see attached image)!

Is there anything I can do to get out from this annoying situation or are these known bugs?

TIA!

Sergio
 

Attachments

  • Capture.PNG
    Capture.PNG
    26.2 KB · Views: 6
Hi Sergio Manzi,

Sergio Manzi said:
but every time I re-open the Service Plan settings I still have "5.4.16 by OS vendor, CGI application served by Apache" listed...
Click to expand...
Acctually, your described issue, should have been fixed by now, according to the changelog and the corresponding KB - article:


Pls. use the attached "WithPhpHandler.php" from the KB - article and replace it on your server ( pls. don't forget to follow the suggestions, to backup the current file, before you replace it! ;) )


Sergio Manzi said:
Almost the same thing at the "Subscription" level, PHP Settings: I can set the PHP handler to my wishes (and it definitely have effect), but when I reopen the PHP Settings page the dreadful "5.4.16 by OS vendor, CGI application served by Apache" is listed.
Click to expand...
Same answer as above, to solve your issue.


Consider as well to post an answer at: => https://talk.plesk.com/threads/disp...y-nginx-reverting-to-served-by-apache.343318/ , so that the Plesk devs might consider another update within upcoming micro-updates. :)
 
Thank-you, @UFHHH01: I will test the fixed WithPhpHandler.php and let you know...

Update #9 doesn't seems to have fixed this, at least for me...
 
Hello again, @UFHHH01,

the WithPhpHandler.php you pointed me to (which is definitely different from the one that came with #9) only partially solve my issues:

  1. the PHP version listed is now correct, 7.1.6
  2. the PHP wrapper is wrongly listed as "FPM application served by Apache" (instead of nginx)
  3. I still have to set the stupid "Setup of potentially insecure web scripting options that override provider's policy" option if I want to change PHP version
Why have you flagged this thread as "Resolved"? TBH, I don't see it as resolved at all...

Cheers!

Sergio

P.S.: I'm going to comment on the threads you pointed me at...
 
Hi Sergio Manzi,

Sergio Manzi said:
I still have to set the stupid "Setup of potentially insecure web scripting options that override provider's policy" option if I want to change PHP version
Click to expand...
This is not stupid, but an option, which works as expected. Nothing to solve here. ;)

Sergio Manzi said:
the PHP wrapper is wrongly listed as "FPM application served by Apache" (instead of nginx)
Click to expand...
I tested with different servers on different OS and couldn't reproduce this issue.
Could you pls try to change the version from apache again and afterwards back to nginx - each step with a "save settings" ? Pls. report back with the results and IF you still experience the very same issue, pls. include the corresponding entries from your "panel.log" for further investigations.

Sometimes, it is as well a good idea to change the log - level ( TEMPORARILY! ), to get more informations in Plesk - log - files:

 
Hello!

I've tried producing the panel.log but it seems I failed miserably... :(
  • I edited my panel.ini adding the necessary [debug] directives (enable = on, filter.priority = 7)
  • I did what I had to do (see below)
  • opened the /usr/local/psa/admin/logs/panel.log file...
  • most recent thing in there were failed login attempts of a few hours ago...
Where I'm making my mistake? o_O


Back to the topic, there is more (please note that all the following was tested with the modified WithPhpHandler.php you pointed me at):
  • I have 6 subscriptions under a Service Plan
  • all are checked-in as "in sync" with the Service Plan (no broken lock, nice green mark)
  • for all the 6 subscriptions, in the past I have changed their particular setting (5 x PHP 7.1 FPM nginx + 1 x PHP 5.6 FPM nginx)
  • ... but again, they are all listed as "in sync" with the Service Plan (at least one shouldn't...)
  • The Service Plan is now setted for PHP 7.1.6 FPM nginx (but list as PHP 7.1.6 FPM Apache)
  • I change the Service Plan settings to PHP 7.0.20 FPM nginx) and of course "Update and Sync"
  • All subscriptions are apparently "synced" (spinning arrow...)
  • ... as a side note, reentering the Service Plan, it says it is now PHP 7.0.20 FPM Apache
  • all 6 subscriptions are exactly as they where before: 5 x PHP 7.1 FPM nginx + 1 x PHP 5.6 FPM nginx
If you help me with the panel.log issue I can provide more details, but the behaviour seems to be quite wrong...

-------------------------

I find the "Setup of potentially insecure web scripting options that override provider's policy" (quite a name! ;)) option a stupid option, or else I'm profoundly stupid, as... it doesn't seems to do what it says it should probably do and instead does something totally different and honestly unexpected.

  • "Setup of potentially insecure web scripting options" I take this as meaning that the service plan does not allows to set up some particularly dangerous options (which ones?) for the scripting language (which one? PHP, I suppose...), so, probably, some php.ini option...
  • "that override provider's policy" I'm baffled... Who's the provider? Probably me, with my global Plesk Settings... Which policy? The only one I can think of is the the one in "Tools & Settings -> Security Policy", but there is nothing there as far as regards scripting options...
It instead prevents me to change another option (PHP version) in the same context, but in a different group (tab). And why should PHP 7.0.20 or 7.1.16 (or any other version that does not comes with the OS but is provided by Plesk instead) be considered insecure?

This is what I understand... I've searched the documentation but couldn't find anything specific about the meaning of the option... so... what am I missing? o_O

And of course, sorry, I didn't want to offend anybody with my "stupid"... probably I should have chose the adjective more carefully... maybe "confusing", but again it wasn't addressed to anybody, just "the thing" "per se"...
 
Last edited:
Hi Sergio Manzi,

Sergio Manzi said:
I've tried producing the panel.log but it seems I failed miserably... :(
  • I edited my panel.ini adding the necessary [debug] directives (enable = on, filter.priority = 7)
  • I did what I had to do (see below)
  • opened the /usr/local/psa/admin/logs/panel.log file...
  • most recent thing in there where failed login attempts of a few hours ago...
Where I'm making my mistake? o_O
Click to expand...

Correct entry would be for example:
Code: 
...

[log]

; Log messages verbosity level (from 0 to 7)
; 0 - only critical errors, 7 - all including debug messages, default - 3
filter.priority = 7

...



Sergio Manzi said:
Back to the topic, there is more (please note that all the following was tested with the modified WithPhpHandler.php you pointed me at):
  • I have 6 subscriptions under a Service Plan
  • all are checked-in as "in sync" with the Service Plan (no broken lock, nice green mark)
  • for all the 6 subscriptions, in the past I have changed their particular setting (5 x PHP 7.1 FPM nginx + 1 x PHP 5.6 FPM nginx)
  • ... but again, they are all listed as "in sync" with the Service Plan (at least one shouldn't...)
  • The Service Plan is now setted for PHP 7.1.6 FPM nginx (but list as PHP 7.1.6 FPM Apache)
  • I change the Service Plan settings to PHP 7.0.20 FPM nginx) and of course "Update and Sync"
  • All subscriptions are apparently "synced" (spinning arrow...)
  • ... as a side note, reentering the Service Plan, it says it is now PHP 7.0.20 FPM Apache
  • all 6 subscriptions are exactly as they where before: 5 x PHP 7.1 FPM nginx + 1 x PHP 5.6 FPM nginx
If you help me with the panel.log issue I can provide more details, but the behaviour seems to be quite wrong...
Click to expand...
Your detailed description indicates that there might be MORE issues than the initial one. You might consider to open a support ticket, so that official Plesk - Support is able to investigate the issues directly on your server: => Contact Support - Plesk
 
cr*p! I forgot the [log] :mad:

To be honest I'm in such a mess of things to do these days (btw, I've also just become a grandfather, oh yeah! :D) that I really don't have the time for going through the official support procedure... I know I should... but I can't... sorry...

Add to that that I'm truly paranoid as far as regards giving access to anybody to my server... I know I shouldn't, but again... IF it is not really necessary I'd rather not...

I can live with this issue...

Tomorrow I'll try producing the panel.log, just in case...

Thanks again!

Sergio
 
You must log in or register to reply here.

Similar threads

X
Question Stopping Dedicated PHP FPM via CLI for single domain
Replies
0
Views
105
xero232
X
M
When you create/edit a Service Plan, disabled PHP-handlers show up on the PHP-settings page
Replies
2
Views
804
Peter Debik
P
WhiteTiger
Question "Your server is neither Nginx nor Apache"
Replies
2
Views
1K
WhiteTiger
WhiteTiger
T
Resolved Migration from Debian 9 to 11.5 massive problems, warnings and errors
Replies
2
Views
2K
Thera
T
R
Issue Migrator Issues: php handler and Apache modules
Replies
9
Views
3K
CobraArbok
CobraArbok
Back
Top