# Configuration¶

## PHP¶

LiteSpeed works with Plesk PHP out of box. The only requirement is that PHP handler must be set to FastCGI, to avoid mismatched PHP settings.

### Disable PHP Override¶

You can disable the PHP override in .htaccess with LiteSpeed Web Server.

php_value and php_flag can be used in Apache configuration or .htaccess to override php.ini settings. However, they are only supported by Apache's mod_php handler, which is deprecated in most of the control panel systems, having been replaced by php-fpm, fastcgi or LSPHP. As a result, if you place php_value or php_flag in .htaccess, Apache should return an error. (You can check Plesk's documentation for details).

You could see any one of the following errors:

    500 internal server error

    503 Invalid command 'php_flag', perhaps misspelled or defined by a module not included in the server configuration.
The following error can be found in the domain error log in Domains > example.com > Logs:
/var/www/vhosts/example.com/httpdocs/.htaccess: Invalid command 'php_value', perhaps misspelled or defined by a module not included in the server configuration

    /var/www/vhosts/example.com/httpdocs/.htaccess: Invalid command 'php_flag', perhaps misspelled or defined by a module not included in the server configuration

    /var/www/vhosts/example.com/httpdocs/.htaccess: RewriteRule: bad flag delimiters

    /var/www/vhosts/example.com/public_html/.htaccess: Invalid command 'suPHP_ConfigPath', perhaps misspelled or defined by a module not included in the server configuration.


LiteSpeed Web Server uses LSPHP, which supports php_value and php_flag usage in .htaccess. You can use these and LSWS will not return a 500 error. LSWS is more tolerant than Apache of these PHP overrides.

In some cases, you may want to disable such PHP overrides in .htaccess for LiteSpeed as well. There is a dedicated Apache directive DisablePhpOverride htaccess, which can be used at the server level httpd.conf to achieve this.

For example, on Plesk, create a file named DisablePhpOverrideLiteSpeed.conf in the following directory, depending upon your system:

/etc/httpd/conf.d/

/etc/apache2/conf.d/

/etc/apache2/conf-enabled


This DisablePhpOverrideLiteSpeed.conf file should contain the following:

<IfModule LiteSpeed>
DisablePhpOverride htaccess
</IfModule>


### Multi-PHP¶

As of LiteSpeed Web Server v5.3, PHP is auto detected, and manual PHP external app configuration is no longer required.

However , if you want to have some customized configuration on a particular PHP version, you may need to manually create the external app and configure it.

You can create lsphpXX (e.g. lsphp70, lsphp71, lsphp72, etc) one by one, from LSWS Admin Console.

Simply change the Name, Address and Command to settings to the corresponding version.

If you prefer using the command line instead of the GUI tool, you can edit the LSWS configuration file (usually found at /usr/local/lsws/conf/httpd_config.xml) by adding the following to the <extProcessorList>... \</extProcessorList\> section:

  <extProcessor>
<type>lsapi</type>
<name>lsphp70</name>
<address>uds://tmp/lshttpd/lsphp70.sock</address>
<maxConns>35</maxConns>
<env>PHP_LSAPI_MAX_REQUESTS=5000</env>
<env>PHP_LSAPI_CHILDREN=35</env>
<initTimeout>60</initTimeout>
<retryTimeout>0</retryTimeout>
<persistConn>1</persistConn>
<respBuffer>0</respBuffer>
<autoStart>1</autoStart>
<path>/opt/plesk/php/7.0/bin/lsphp</path>
<backlog>100</backlog>
<instances>1</instances>
<extMaxIdleTime>10</extMaxIdleTime>
<priority>0</priority>
<memSoftLimit>2048M</memSoftLimit>
<memHardLimit>2048M</memHardLimit>
<procSoftLimit>400</procSoftLimit>
<procHardLimit>500</procHardLimit>
</extProcessor>
<extProcessor>
<type>lsapi</type>
<name>lsphp71</name>
<address>uds://tmp/lshttpd/lsphp71.sock</address>
<maxConns>35</maxConns>
<env>PHP_LSAPI_MAX_REQUESTS=5000</env>
<env>PHP_LSAPI_CHILDREN=35</env>
<initTimeout>60</initTimeout>
<retryTimeout>0</retryTimeout>
<persistConn>1</persistConn>
<respBuffer>0</respBuffer>
<autoStart>1</autoStart>
<path>/opt/plesk/php/7.1/bin/lsphp</path>
<backlog>100</backlog>
<instances>1</instances>
<extMaxIdleTime>10</extMaxIdleTime>
<priority>0</priority>
<memSoftLimit>2048M</memSoftLimit>
<memHardLimit>2048M</memHardLimit>
<procSoftLimit>400</procSoftLimit>
<procHardLimit>500</procHardLimit>
</extProcessor>
<extProcessor>
<type>lsapi</type>
<name>lsphp72</name>
<address>uds://tmp/lshttpd/lsphp72.sock</address>
<maxConns>35</maxConns>
<env>PHP_LSAPI_MAX_REQUESTS=5000</env>
<env>PHP_LSAPI_CHILDREN=35</env>
<initTimeout>60</initTimeout>
<retryTimeout>0</retryTimeout>
<persistConn>1</persistConn>
<respBuffer>0</respBuffer>
<autoStart>1</autoStart>
<path>/opt/plesk/php/7.2/bin/lsphp</path>
<extMaxIdleTime>10</extMaxIdleTime>
<memSoftLimit>2048M</memSoftLimit>
<memHardLimit>2048M</memHardLimit>
<procSoftLimit>400</procSoftLimit>
<procHardLimit>500</procHardLimit>
</extProcessor>
<extProcessor>
<type>lsapi</type>
<name>lsphp73</name>
<address>uds://tmp/lshttpd/lsphp73.sock</address>
<maxConns>35</maxConns>
<env>PHP_LSAPI_MAX_REQUESTS=5000</env>
<env>PHP_LSAPI_CHILDREN=35</env>
<initTimeout>60</initTimeout>
<retryTimeout>0</retryTimeout>
<persistConn>1</persistConn>
<respBuffer>0</respBuffer>
<autoStart>1</autoStart>
<path>/opt/plesk/php/7.3/bin/lsphp</path>
<extMaxIdleTime>10</extMaxIdleTime>
<memSoftLimit>2048M</memSoftLimit>
<memHardLimit>2048M</memHardLimit>
<procSoftLimit>400</procSoftLimit>
<procHardLimit>500</procHardLimit>
</extProcessor>
<extProcessor>
<type>lsapi</type>
<name>lsphp74</name>
<address>uds://tmp/lshttpd/lsphp74.sock</address>
<maxConns>35</maxConns>
<env>PHP_LSAPI_MAX_REQUESTS=5000</env>
<env>PHP_LSAPI_CHILDREN=35</env>
<initTimeout>60</initTimeout>
<retryTimeout>0</retryTimeout>
<persistConn>1</persistConn>
<respBuffer>0</respBuffer>
<autoStart>1</autoStart>
<path>/opt/plesk/php/7.4/bin/lsphp</path>
<extMaxIdleTime>10</extMaxIdleTime>
<memSoftLimit>2048M</memSoftLimit>
<memHardLimit>2048M</memHardLimit>
<procSoftLimit>400</procSoftLimit>
<procHardLimit>500</procHardLimit>
</extProcessor>


## LiteSpeed Cache¶

You can mass install the LSCache plugin in all of the WordPress installations on your server using the LiteSpeed Plesk Extension. After you have installed the LiteSpeed Plesk Extension, you may see a No Cache Management data file found message, like so:

### Set Cache Root¶

Click Manage Cache Installations.

Click Set Missing Cache Roots.

### Scan and Enable¶

After successfully setting up the cache root, go back to extension main page and click on Manage Cache Installations again.

The next step will be to scan for WordPress installations across the server, and install LSCache for WordPress (LSCWP) on them, but first, you'll need to choose which version of the LSCache plugin to install.

Usually you should choose the latest version available.

The scan will take a while, depending on how many sites you have.

Once the scan is complete, you will be able to manage the WordPress sites the scan discovered. In the future, you can use the Discover New button, which will save time as it will only scan the sites that have not been scanned before.

Now you can choose to enable the LiteSpeed Cache Plugin for WordPress individually, or run bulk activation across multiple sites.

Once LSCWP is successfully activated, you will see a green light symbol in Cache Status column.

If you wish to verify a site is cached, look for the x-litespeed-cache: hit response header. This indicates the caching is working.

## QUIC¶

QUIC connections will use UDP port 443. Please make sure your firewall is not blocking it.

## TLS¶

You can enhance Plesk's security features by enabling TLS 1.3 and disabling weak cipher suites.

By default, Plesk configuration enables TLS1.0 , TLS1.1 and TLS1.2. This guide will show you how to enable TLS 1.3.

This guide is made and tested on Plesk 17.8 and Centos 7.5. For Debian/Ubuntu Plesk ,configuration files should be located in /etc/apache2/mods-available/ssl.conf.

### Enable TLS1.3¶

Edit the file /etc/httpd/conf.d/ssl.conf.

Find the following line and comment out (you can use # ):

<IfModule mod_ssl.c>
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite HIGH:!aNULL:!MD5
</IfModule>


Replace it with:

<IfModule LiteSpeed>
SSLProtocol TLSv1.1 TLSv1.2 TLSv1.3
SSLCipherSuite HIGH:!aNULL:!MD5
</IfModule>


This enables TLS1.1 , TLS1.2 and TLS1.3

If you want to disable TLS1.1 as well, then change the line to:

SSLProtocol TLSv1.2 TLSv1.3


### Disable Weak Cipher Suites (Optional)¶

By default, Plesk also comes with some weak cipher suites. If you want to disable them, find the following line:

SSLCipherSuite HIGH:!aNULL:!MD5


And replace it with:

SSLCipherSuite TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA


Be aware, this may cause CPU load.

Testing is done through SSL Labs.

## WebAdmin Console¶

The LiteSpeed WebAdmin Console uses port 7088 instead of 7080 for Plesk. Check your firewall to see if port 7088 has been enabled. Then you should be able to access WebAdmin through https://SERVER_IP:7088.

## Plesk Login Page¶

You can set up a Plesk login page that doesn't require a port number in the URL, for example, https://IP-or-domain:8443 could become https://domain.com.

Create a vhost in Plesk, and then place the following rewrite rule in its .htaccess:

RewriteRule ^(.*)$https://127.0.0.1:8443/$1 [P,L]


Last update: April 17, 2020