Skip to content

Troubleshooting

Access to Context Denied

On a newly installed LiteSpeed on Plesk, a main website abcdef.com is running well, but there is no access to the subdomain webmail.abcdef.com. The error log displays the following:

[ACL] Access to context [/] is denied!

This error is caused by directives from the mod_access_xxxx module that say "Deny from ..." .

Solution

A full investigation of Apache httpd.conf, included conf files or .htaccess files related to the domain webmail.abcdef.com is required.

LiteSpeed reads Apache configuration files but ignored the "mod_php5,sapi_apache2,python,fcgid" Apache modules.

/etc/httpd/conf/httpd.conf is checked and there is no problem.

In /etc/httpd/conf/plesk.conf.d/horde.conf we find the following:

    <IfModule mod_fcgid.c>
        FcgidInitialEnv PP_CUSTOM_PHP_CGI_INDEX fastcgi
        FcgidInitialEnv PP_CUSTOM_PHP_INI "/etc/abcdef-webmail/horde/horde/php.ini"
        FcgidMaxRequestLen 134217728
        <Directory "/usr/share/psa-horde">
            <Files ~ (.php$)>
                SetHandler fcgid-script
                FCGIWrapper /var/www/cgi-bin/cgi_wrapper/cgi_wrapper .php
                Options +ExecCGI
            </Files>

            Order allow,deny
            Allow from all
        </Directory>
    </IfModule>

Although there is an Allow from all line for that directory, it is being ignored completely because mod_fcgid is black listed in the Apache Ignored Modules setting.

Add the following to the conf file:

<Directory "/usr/share/psa-horde">
Order allow,deny
Allow from all
</Directory>

Place it outside of <IfModule mod_fcgid.c>...</IfModule> and that should fix problem.

The Plesk template may need to be customized so that it no longer puts everything inside the <IfModule mod_fcgid.c> block. Alternatively, try not to use fcgid as the default PHP handler.

Unable to Access IPv6

After installing and switching to LSWS on Plesk, hosted sites are no longer accessible via IPv6.

LSWS requires an IPv6 listener directive which is not contained by default in Plesk's Apache configuration files.

Solution

Add the following directive into /etc/httpd/conf/httpd.conf:

<IfModule LiteSpeed>
Listen [::]:80
Listen [::]:443
</IfModule>

Graceful restart LSWS to take effect.

Mismatched PHP Settings

In certain cases you may see that a PHP setting in the panel is not corresponding with the one you see on the phpinfo page. Typically this can happen with upload_max_filesize and post_max_size.

In this example, upload_max_filesize is set to 128M and post_max_size is set to 128M, but phpinfo shows 2M and 8M, respectively.

lsphp2

Also, the PHP version may not match the one you set in PHP settings. For example, the panel's PHP version is set to 7.3.5, but phpinfo shows 7.2.18.

lsphp1

Set PHP Handler to FastCGI

LiteSpeed on Plesk requires the PHP handler to be set to FastCGI application. When it is set to FPM application, it may result in an inability to apply PHP settings. Setting the handler to FastCGI does not mean lower PHP performance when compared to PHP-FPM. LiteSpeed will load PHP with its own seamless, optimized LiteSpeed SAPI.

lsphp8

Log into Plesk, navigate to the website's PHP settings page, set run PHP as to FastCGI application, and save.

lsphp3

Now check the phpinfo page again. The values should now match.

lsphp77

Note

As of LSWS v5.3, with the introduction of PHP Detached Mode (which is the default), the application of the new configuration may be delayed. A new configuration only takes effect once LSPHP is restarted. You will either need to wait for the LSPHP process to time out and fork again, or you can manually kill it.

Enable FastCGI

If the FastCGI option is not shown, it may have been disabled.

lsphp4

Navigate to Tools & Settings > PHP Settings.

lsphp55

Click the grey dot in front of the handler to enable it.

lsphp6

PHP Selector Problem

A recent Plesk update changed the PHP configuration within the Apache configuration. This may interfere with LiteSpeed Web Server, Plesk PHP Selector, and CloudLinux PHP Selector.

If this issue impacts you, no matter what PHP version you choose in CloudLinux PHP Selector, PHPinfo shows the PHP version that was selected in the Plesk PHP setting.

There are two possible solutions for this issue.

Choose ALT PHP

Use Plesk PHP Selector to choose an alt-php, such as alt-php51-fastcgi. Please note, you must choose fastcgi in order for LSWS to work properly.

Use CloudLinux PHP Selector

If Plesk PHP Selector is no longer needed, since CloudLinux PHP Selector pretty much covers all of the PHP settings and extensions, you could choose to use CloudLinux PHP Selector exclusively. This will completely disable the Plesk PHP Selector, which means no matter which PHP you choose in Plesk Selector, it will have no effect at all, and only the setting in CloudLinux Selector will be obeyed.

Login to LSWS WebAdmin Console by accessing https://SERVER_IP:7088.

Follow the instructions in the CloudLinux support documentation to set up the lsphp_selector external app, as seen in the screenshot.

After the external app is created, go to the Script Handler page, and create multiple handlersphp,php44,php51,php52,php53,php54,php55,php56,php70,php71,php72,php73. Be sure to change Handler Name to lsphp_selector for each suffix, as seen in the screenshot.

Now all of the handlers will use same lsphp binary that is controlled by the CloudLinux Selector.

PHP 500 Error

You may encounter random PHP 500 errors on domains with multiple subdomains.

This occurs when open_basedir protection is set to {DOCROOT}{/}{:}{TMP}{/} in Plesk's PHP settings, and multiple subdomains are defined inside a single parent domain, like in this example:

  • /var/www/vhosts/example.com/httpdocs/
  • /var/www/vhosts/example.com/sub1.example.com/
  • /var/www/vhosts/example.com/sub2.example.com/

You may see the 500 error in either the parent domain or one of the subdomains, depending on which domain is accessed first and where lsphp is started. You'll see an entry like this in the debug log:

2019-12-23 17:38:22.972520 [NOTICE] [1659563] [123.123.123.123:51625-1#APVH_example.com:lsapi] [STDERR] PHP Fatal error:  Unknown: Failed opening required '/var/www/vhosts/example.com/sub1.example.com/index.php' (include_path='.:/opt/alt/php73/usr/share/pear') in Unknown on line 0

Here's why: when the lsphp process is started by example.com, it will apply open_basedir as /var/www/vhosts/example.com/httpdocs/, so the subdomain cannot access its files in /var/www/vhosts/example.com/sub1.example.com/.

In Plesk, the {DOCROOT} variable is set to /var/www/vhosts/example.com/httpdocs or /var/www/vhosts/example.com/sub1.example.com/, for a domain and subdomain respectively.

The {WEBSPACEROOT} variable is set to /var/www/vhosts/example.com/, which is valid for all subdomains inside this same account.

Solutions

There are several ways to solve this issue:

  • If you have CageFS, there might not be much extra benefit to using open_basedir, so the simplest solution is to turn it off.
  • Change open_basedir from {DOCROOT} to {WEBSPACEROOT}, though this will not apply individual open_basedir to each subdomain.
  • Edit /usr/local/lsws/conf/httpd_config.xml, insert the line <phpAppByDomain>1</phpAppByDomain> anywhere between <phpConfig> and </phpConfig>, as seen in the screenshot below, then restart LSWS, killing lsphp if necessary.

PHP-By-Domain

Webmail 500 Error

In Plesk Obsidian 18.x, you may encounter an issue where the webmail.domain.com page returns a 500 error.

The issue occurs when Webmail uses PHP with minimal extensions, and some essential PHP extensions for the Webmail application are missing.

Solution

The default LSPHP that comes with a LiteSpeed Web Server installation is lsphp56, so you can solve the problem by replacing it with the higher version that is installed by Plesk, like so:

mv /usr/local/bin/lsphp /usr/local/bin/lsphp-bk
cp /opt/plesk/php/7.3/bin/lsphp /usr/local/bin/lsphp
If PHP 7.3 is not installed on your server, replace 7.3 in the commands above with another appropriate version number.

If your system is a CloudLinux system with CageFS, you must also run the following command:

cagefsctrl --force-update


Last update: August 1, 2023