Configuration¶
PHP¶
LiteSpeed works with Plesk PHP out of box. The only requirement is that PHP handler must be set to FastCGI, to avoid mismatched PHP settings. LiteSpeed honors Plesk's PHP settings by default without any extra configuration. However, if CloudLinux PHP Selector is enabled, and you prefer to use that as your PHP manager, extra handlers will be required, as explained later.
Disable PHP Override¶
You can disable the PHP override in .htaccess with LiteSpeed Web Server.
php_value and php_flag can be used in Apache configuration or .htaccess to override php.ini settings. However, they are only supported by Apache's mod_php handler, which is deprecated in most of the control panel systems, having been replaced by php-fpm, fastcgi or LSPHP. As a result, if you place php_value or php_flag in .htaccess, Apache should return an error. (You can check Plesk's documentation for details).
You could see any one of the following errors:
500 internal server error
503 Invalid command 'php_flag', perhaps misspelled or defined by a module not included in the server configuration.
The following error can be found in the domain error log in Domains > example.com > Logs:
/var/www/vhosts/example.com/httpdocs/.htaccess: Invalid command 'php_value', perhaps misspelled or defined by a module not included in the server configuration
/var/www/vhosts/example.com/httpdocs/.htaccess: Invalid command 'php_flag', perhaps misspelled or defined by a module not included in the server configuration
/var/www/vhosts/example.com/httpdocs/.htaccess: RewriteRule: bad flag delimiters
/var/www/vhosts/example.com/public_html/.htaccess: Invalid command 'suPHP_ConfigPath', perhaps misspelled or defined by a module not included in the server configuration.
LiteSpeed Web Server uses LSPHP, which supports php_value and php_flag usage in .htaccess. You can use these and LSWS will not return a 500 error. LSWS is more tolerant than Apache of these PHP overrides.
In some cases, you may want to disable such PHP overrides in .htaccess for LiteSpeed as well. There is a dedicated Apache directive DisablePhpOverride htaccess, which can be used at the server level httpd.conf to achieve this.
For example, on Plesk, create a file named DisablePhpOverrideLiteSpeed.conf in the following directory, depending upon your system:
/etc/httpd/conf.d/
/etc/apache2/conf.d/
/etc/apache2/conf-enabled
This DisablePhpOverrideLiteSpeed.conf file should contain the following:
<IfModule LiteSpeed>
DisablePhpOverride htaccess
</IfModule>
Customized Configuration¶
As of LiteSpeed Web Server v5.3, PHP is auto detected. Manual PHP external app configuration is no longer required, and Plesk itself is the preferred PHP manager.
However, if you want to have a customized configuration for a particular PHP version, you may need to manually create the external app and configure it.
You can create lsphpXX (e.g. lsphp70, lsphp71, lsphp72, etc) one by one, from LSWS Admin Console.
Simply change the Name, Address and Command settings to correspond with the correct PHP version.
If you prefer using the command line instead of the GUI tool, you can edit the LSWS configuration file (usually found at /usr/local/lsws/conf/httpd_config.xml) by adding the following to the <extProcessorList>... </extProcessorList> section:
<extProcessor>
<type>lsapi</type>
<name>lsphp70</name>
<address>uds://tmp/lshttpd/lsphp70.sock</address>
<maxConns>35</maxConns>
<env>PHP_LSAPI_MAX_REQUESTS=5000</env>
<env>PHP_LSAPI_CHILDREN=35</env>
<initTimeout>60</initTimeout>
<retryTimeout>0</retryTimeout>
<persistConn>1</persistConn>
<respBuffer>0</respBuffer>
<autoStart>1</autoStart>
<path>/opt/plesk/php/7.0/bin/lsphp</path>
<backlog>100</backlog>
<instances>1</instances>
<extMaxIdleTime>10</extMaxIdleTime>
<priority>0</priority>
<memSoftLimit>2048M</memSoftLimit>
<memHardLimit>2048M</memHardLimit>
<procSoftLimit>400</procSoftLimit>
<procHardLimit>500</procHardLimit>
</extProcessor>
<extProcessor>
<type>lsapi</type>
<name>lsphp71</name>
<address>uds://tmp/lshttpd/lsphp71.sock</address>
<maxConns>35</maxConns>
<env>PHP_LSAPI_MAX_REQUESTS=5000</env>
<env>PHP_LSAPI_CHILDREN=35</env>
<initTimeout>60</initTimeout>
<retryTimeout>0</retryTimeout>
<persistConn>1</persistConn>
<respBuffer>0</respBuffer>
<autoStart>1</autoStart>
<path>/opt/plesk/php/7.1/bin/lsphp</path>
<backlog>100</backlog>
<instances>1</instances>
<extMaxIdleTime>10</extMaxIdleTime>
<priority>0</priority>
<memSoftLimit>2048M</memSoftLimit>
<memHardLimit>2048M</memHardLimit>
<procSoftLimit>400</procSoftLimit>
<procHardLimit>500</procHardLimit>
</extProcessor>
<extProcessor>
<type>lsapi</type>
<name>lsphp72</name>
<address>uds://tmp/lshttpd/lsphp72.sock</address>
<maxConns>35</maxConns>
<env>PHP_LSAPI_MAX_REQUESTS=5000</env>
<env>PHP_LSAPI_CHILDREN=35</env>
<initTimeout>60</initTimeout>
<retryTimeout>0</retryTimeout>
<persistConn>1</persistConn>
<respBuffer>0</respBuffer>
<autoStart>1</autoStart>
<path>/opt/plesk/php/7.2/bin/lsphp</path>
<extMaxIdleTime>10</extMaxIdleTime>
<memSoftLimit>2048M</memSoftLimit>
<memHardLimit>2048M</memHardLimit>
<procSoftLimit>400</procSoftLimit>
<procHardLimit>500</procHardLimit>
</extProcessor>
<extProcessor>
<type>lsapi</type>
<name>lsphp73</name>
<address>uds://tmp/lshttpd/lsphp73.sock</address>
<maxConns>35</maxConns>
<env>PHP_LSAPI_MAX_REQUESTS=5000</env>
<env>PHP_LSAPI_CHILDREN=35</env>
<initTimeout>60</initTimeout>
<retryTimeout>0</retryTimeout>
<persistConn>1</persistConn>
<respBuffer>0</respBuffer>
<autoStart>1</autoStart>
<path>/opt/plesk/php/7.3/bin/lsphp</path>
<extMaxIdleTime>10</extMaxIdleTime>
<memSoftLimit>2048M</memSoftLimit>
<memHardLimit>2048M</memHardLimit>
<procSoftLimit>400</procSoftLimit>
<procHardLimit>500</procHardLimit>
</extProcessor>
<extProcessor>
<type>lsapi</type>
<name>lsphp74</name>
<address>uds://tmp/lshttpd/lsphp74.sock</address>
<maxConns>35</maxConns>
<env>PHP_LSAPI_MAX_REQUESTS=5000</env>
<env>PHP_LSAPI_CHILDREN=35</env>
<initTimeout>60</initTimeout>
<retryTimeout>0</retryTimeout>
<persistConn>1</persistConn>
<respBuffer>0</respBuffer>
<autoStart>1</autoStart>
<path>/opt/plesk/php/7.4/bin/lsphp</path>
<extMaxIdleTime>10</extMaxIdleTime>
<memSoftLimit>2048M</memSoftLimit>
<memHardLimit>2048M</memHardLimit>
<procSoftLimit>400</procSoftLimit>
<procHardLimit>500</procHardLimit>
</extProcessor>
CloudLinux PHP Selector¶
When CloudLinux PHP Selector is enabled in addition to Plesk's PHP settings, it can be unclear which PHP selector is in effect. LiteSpeed automatically honors Plesk's PHP selection out of the box without extra configuration, so if you wish to use CloudLinux PHP Selector, you will need to make some changes:
- Set up an extra handler for LiteSpeed, which will force Plesk PHP to point to CloudLinux for non
alt-phpxxversions. - In Plesk's PHP settings, choose a non-
alt-phpversion.
These actions together will cause the CloudLinux PHP Selector to be in effect.
Set up Extra Handler¶
Navigate to LSWS Web Admin Console > Server > PHP > Add PHP Handlers and set the following:
- Handler ID:
php - Command:
/var/www/cgi-bin/cgi_wrapper/cloudlinux_wrapper - Handled Suffixes:
php, php54, php55, php56, php70, php71, php72, php73, php74
The above settings will force the listed Plesk PHP versions to use CloudLinux PHP selector.
If you prefer, you could edit LiteSpeed's configuration directly:
vi /usr/local/lsws/conf/httpd_config.xml
Add the following within <phpConfig> ... </phpConfig> tags:
<phpHandler>
<id>php</id>
<command>/var/www/cgi-bin/cgi_wrapper/cloudlinux_wrapper</command>
<suffixes>php, php54, php55, php56, php70, php71, php72, php73, php74</suffixes>
</phpHandler>
Choose Plesk PHP¶
Once the handler is created, navigate to Plesk's PHP settings, and choose any PHP version that is not one of the alt-php versions (i.e. one of the versions listed in the newly-created PHP handler). This will ensure that CloudLinux PHP selector is used.
LiteSpeed Cache¶
You can mass install the LSCache plugin in all of the WordPress installations on your server using the LiteSpeed Plesk Extension. After you have installed the LiteSpeed Plesk Extension, you may see a No Cache Management data file found message, like so:
Set Cache Root¶
Click Manage Cache Installations.
Click Set Missing Cache Roots.
Scan and Enable¶
After successfully setting up the cache root, go back to extension main page and click on Manage Cache Installations again.
The next step will be to scan for WordPress installations across the server, and install LSCache for WordPress (LSCWP) on them, but first, you'll need to choose which version of the LSCache plugin to install.
Usually you should choose the latest version available.
The scan will take a while, depending on how many sites you have.
Once the scan is complete, you will be able to manage the WordPress sites the scan discovered. In the future, you can use the Discover New button, which will save time as it will only scan the sites that have not been scanned before.
Now you can choose to enable the LiteSpeed Cache Plugin for WordPress individually, or run bulk activation across multiple sites.
Once LSCWP is successfully activated, you will see a green light symbol in Cache Status column.
If you wish to verify a site is cached, look for the x-litespeed-cache: hit response header. This indicates the caching is working.
QUIC¶
QUIC connections will use UDP port 443. Please make sure your firewall is not blocking it.
HTTP/2 and HTTP/3 via Apache Config¶
You can enable and disable a variety of protocols in httpd.conf, using the SpdyEnabled directive.
Example
Disable all protocols
<IfModule LiteSpeed>
SpdyEnabled off
</IfModule>
Example
Enable HTTP protocols and disable everything else
<IfModule LiteSpeed>
SpdyEnabled http2 http3
</IfModule>
HTTP protocols are enabled by default, while SPDY protols are disabled by default.
| Parameter | Function | Default Value |
|---|---|---|
spdy2 | Enable SPDY/2 | Disabled |
spdy3 | Enable SPDY/3 | Disabled |
http2 | Enable HTTP/2 | Enabled |
http3 | Enable HTTP/3 | Enabled |
off | Disable all protocols |
Tip
When you use this directive to explicitly enable one or more protocols, anything not selected will be disabled. For example, SpdyEnabled http2 will enable HTTP/2, while SPDY/2, SPDY/3 and HTTP/3 will be disabled. Be careful not to inadvertantly disable a protocol you wanted to use!
TLS¶
You can enhance Plesk's security features by enabling TLS 1.3 and disabling weak cipher suites.
By default, Plesk configuration enables TLS1.0 , TLS1.1 and TLS1.2. This guide will show you how to enable TLS 1.3.
This guide is made and tested on Plesk 17.8 and Centos 7.5. For Debian/Ubuntu Plesk ,configuration files should be located in /etc/apache2/mods-available/ssl.conf.
Don't forget, as with all changes to Apache config files, you will need to restart the server when the adjustments below are made. Restart with the following command:
systemctl restart lsws
Enable TLS1.3¶
Edit the file /etc/httpd/conf.d/ssl.conf.
Find the following line and comment out (you can use # ):
<IfModule mod_ssl.c>
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite HIGH:!aNULL:!MD5
</IfModule>
Replace it with:
<IfModule LiteSpeed>
SSLProtocol TLSv1.1 TLSv1.2 TLSv1.3
SSLCipherSuite HIGH:!aNULL:!MD5
</IfModule>
This enables TLS1.1 , TLS1.2 and TLS1.3
If you want to disable TLS1.1 as well, then change the line to:
SSLProtocol TLSv1.2 TLSv1.3
Disable Weak Cipher Suites (Optional)¶
By default, Plesk also comes with some weak cipher suites. If you want to disable them, find the following line:
SSLCipherSuite HIGH:!aNULL:!MD5
And replace it with:
SSLCipherSuite TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Be aware, this may cause CPU load.
Testing is done through SSL Labs.
WebAdmin Console¶
The LiteSpeed WebAdmin Console uses port 7088 instead of 7080 for Plesk. Check your firewall to see if port 7088 has been enabled. Then you should be able to access WebAdmin through https://SERVER_IP:7088.
Plesk Login Page¶
You can set up a Plesk login page that doesn't require a port number in the URL, for example, https://IP-or-domain:8443 could become https://domain.com.
Create a vhost in Plesk, and then place the following rewrite rule in its .htaccess:
RewriteRule ^(.*)$ https://127.0.0.1:8443/$1 [P,L]