Plesk
One of the most important things to keep in mind when working on an account that uses the Plesk control panel is that Plesk is (essentially) a single, giant database. This means that while some command-line activity is ok, some activities - such as DNS edits and updates to the form or function of a domain - can only be performed from within the control panel environment; failure to observe this process will likely cause the server to behave erratically (in rare cases) or suffer catastrophic failure (much more likely to happen).
Please be careful when beginning to work on a Plesk on Linux server. You should always be checking this account when entering SSH, and it is strongly encouraged to make this a habit just like checking 'who' when you first login:
cat /usr/local/psa/version
Or:
plesk -v
Or:
plesk version
Due to the amount of customization that a user can place on a Plesk control panel, it is not uncommon to see a Plesk 9, Plesk 10, and Plesk 11 installation look very similar to an inexperienced or new technician. So please, save yourself (and SysRes) the time and headache: check your version and add that information to your phone log/ ticket note/ admin note for the account.
Basics
Restart Plesk via Command Line
Restart via CLI
If CentOS 7:
systemctl restart psa.service
If CentOS 6
service psa restart
If CentOS 5
/etc/init.d/psa restart
Plesk Key
Checking Plesk Key
grep 'key-number' /etc/sw/keys/keys/key*
Plesk Passwords
To find the passwords for the Plesk panel
cat /etc/psa/.psa.shadow
Displays the Plesk password unhashed (does not work on Plesk Onyx)
# /usr/local/psa/bin/admin --show-password
Reset Plesk password for the admin account
# /usr/local/psa/bin/init_conf -u -passwd <new_password>
Admin login link
In new versions of Plesk (Onyx and up), the 'show password' functionality has been removed. Instead, Plesk will provide you with a one-time login link that you can provide to the customer (Please do not test the link, as it is one-time-use!).
You can retrieve the link by doing the following:
plesk login $username
This will show something like:
https://plesk.exampledomain.com:8443/login?secret=WCNO3048kjHmTZeLzRCGESurtmNdY5bE2araLbvaR1A%3D https://1.2.3.4:8443/login?secret=WCZO3048kjHmSZeLzXCGESurtmNdY5bE2araLbvaR1A%3D
However, should you attempt the old method, Plesk will helpfully point out the error of your ways:
[root@plesk ~]# /usr/local/psa/bin/admin --show-password Due to security reasons the option '-show-password' is no longer supported. Use '--get-login-link' to generate a one-time login link.
User Password Compromised
If an SSH password for a Plesk domain needs to be changed, do it in:
Domains (or Websites & Domains) > domain.com > Web Hosting Access
Plesk accounts can have subaccounts with SSH access called Web Users. If a Web User password needs to be changed, do it here:
Domains (or Websites & Domains) > domain.com > Web users (under Show Advanced Options)
Plesk File Locations
Here are the locations of the main Plesk files:
Main Apache Conf
/etc/httpd/conf/httpd.conf
The main configuration file containing paths to utilities, services and packages used by Panel:
/etc/psa/psa.conf
The initialization script for opening and closing services during server startup and shutdown procedures:
/etc/init.d/psa
Panel database:
/var/lib/mysql/psa
Backup files:
/var/lib/psa/dumps/
Parallels also has a knowledge base article available with LOTS of locations for log and config files, as well as how to stop/start various services often running on Plesk:
http://kb.parallels.com/en/111283
There are also a few printable posters that show locations of logs, config files, etc.
http://kb.parallels.com/en/113217
Plesk Logs
Log file information and locations located here:
Plesk Document root Structure
This is the basic document structure for Plesk
/var/www/vhosts/<domain.com>/ /anon_ftp Anonymous FTP files /cgi-bin CGI SCRIPTS /conf Configuration Files /error_docs Error Message Files /etc Chroot Environ /httpdocs HTTP Documents /pd Passwords for .htpasswd/Other Passwords /private Private File Storage For the User /anon_ftpstat Stats on Anonymous FTP Usage /ftpstat Stats on Regular FTP Usage /logs VHOST logs /webstat HTTP stats /webstat-ssl HTTPS stats /usr Chroot Environment /web_users Users For this area /subdomains Directory For Subdomains
Plesk Mail
On Linux mailboxes are stored in directory specified in value to parameter PLESK_MAILNAMES_D in configuration file /etc/psa/psa.conf. By default the path is /var/qmail/mailnames (for both Qmail and Postfix). To change location of mailboxes, follow instructions provided in KB article #6312.
Qmail (deprecated)
Qmail has been deprecated, so you will likely only see this on older, end-of-life installations.
Please outline to any Qmail users the benefits of upgrading Plesk! If you're in a rush, the log is located here:
/usr/local/psa/var/log/maillog
Run this to verify what mail handler you're using:
/usr/local/psa/admin/sbin/mailmng --features |grep SMTP_Server
There is a lot of very specific information available in the Qmail wiki.
Postfix
Postfix is a full-featured MTA for Plesk - we do not support it on any other platform.
There is a large amount of information that can be found in the: Postfix wiki.
Run this to verify Postfix is running:
/usr/local/psa/admin/sbin/mailmng --features |grep SMTP_Server
If you need to review the mail log files, the newer versions of Plesk have it here:
/var/log/maillog
And the older servers may still have it here:
/usr/local/psa/var/log/maillog
You can check the Plesk logfile wiki for more full paths and locations:
Plesk logfile wiki
Looking for Outgoing Spam
The php_maillog should be enabled on all our Plesk on linux servers now, so you can first check that here:
/var/log/php_maillog
Here is a one-liner (provided by afortman) that should help in grabbing you the helpful information:
egrep -o "\/var\/www\/vhosts[^:]*" /var/log/php_maillog|sort|uniq -c|sort -rnk1|head
Checking for most email from authenticated users:
egrep sasl_username /usr/local/psa/var/log/maillog |awk '{print $9}'|sort |uniq -c|sort -n|tail -n5
More information about looking for spam is in the Postfix wiki (Coming Soon)
Mail Restore/Migrate
Tips & Tricks for migrating restoring plesk can be found here: Plesk_to_cPanel_Migrations#Email
Apache
Apache Configuration
Domain vhosts
One of the first things that you will likely notice when trying to troubleshoot Apache on Plesk, is that it does not structure it's domain configurations/vhosts like cPanel/EA3 does. Plesk's /etc/httpd/conf/httpd.conf is what you would expect to see on a core-managed server. The domain vhosts are located in the following configuration file:
/var/www/vhosts/system/$DOMAIN.TLD/conf/httpd.conf
In older versions of Plesk, the files were located under /var/www/vhosts/$DOMAIN.TLD/
If one were to ls -lah this directory, one would see something similar to the following:
-rw------- 1 root apache 6.7K Jan 30 17:50 httpd.conf -rw------- 1 root apache 6.7K Jan 30 17:50 httpd.conf.bak lrwxrwxrwx 1 root root 10 Jan 30 17:50 last_httpd.conf -> httpd.conf lrwxrwxrwx 1 root root 10 Jan 30 17:50 last_nginx.conf -> nginx.conf -rw------- 1 root nginx 3.8K Jan 30 17:50 nginx.conf -rw------- 1 root nginx 3.8K Jan 30 17:50 nginx.conf.bak drwxr-xr-x 2 root root 4.0K Jan 30 17:50 siteapp.d -rw-r--r-- 1 root root 2 Feb 3 03:26 stat_ttl.conf
These local configuration files are similar to cPanel's main httpd.conf, as they are automatically generated, and should not be edited manually. They are called from the following file:
/etc/httpd/conf.d/zz010_psa_httpd.conf
If for any reason you find that these files have been corrupted, or were not removed after a domain/webspace was, and Apache will no longer start, you can run the following:
/usr/local/psa/admin/bin/httpdmng --reconfigure-all
This is very similar to the cPanel /scripts/rebuildhttpdconf script.
Apache's MPM
Plesk 12 made it easier to change the MPM, but unfortunately Worker is no longer available.
You can check the currentl MPM with:
httpd -V | grep -i mpm
This can be also be checked and updated through Plesk, in Tools & Settings > in the Apache Web Server
Configuring Apache status
Validating (Working on getting this updated)
Some servers do not allow you to view Apache's status by default. There are some changes you may need to make. First you may need to install the links package or something similar.
[root@host ~]# /etc/init.d/httpd fullstatus The 'links' package is required for this functionality.
Simply install links or if that is not available, elinks should work as well.
yum install links
From here you may receive a 404 error.
[root@host ~]# /etc/init.d/httpd fullstatus
Not Found
The requested URL /server-status was not found on this server.
----------------------------------------------------------------------
Apache Server at localhost Port 80
This just means you need to uncomment the /server-status location in Apache's configuration file. Don't forget to back up that file first.
cp -a /etc/httpd/conf/httpd.conf{,.lwbak}
Then find and uncomment the following code in that file.
<Location /server-status> SetHandler server-status Order deny,allow Deny from all Allow from .example.com </Location>
Change .example.com to 127.0.0.1 ::1 localhost or you will probably receive a 403 Forbidden Error.
<Location /server-status> SetHandler server-status Order deny,allow Deny from all Allow from 127.0.0.1 ::1 localhost </Location>
As always make sure you restart Apache so your changes take effect.
/etc/init.d/httpd restart
And you should be good to go. If you don't see that code in httpd.conf, I (CKelley) usually add it to an include file inside of /etc/httpd/conf.d/. I usually call the file status.conf. I believe this primarily affects Plesk 12. Also in these examples, make sure that ExtendedStatus is set to On. If it isn't you will only see the scoreboard and other information for the individual Apache processes along with information for FCGI, but you won't actually see the connections being made within Apache and you will see the following message inside an Apache fullstatus.
To obtain a full report with current status information you need to use the ExtendedStatus On directive.
https://httpd.apache.org/docs/current/mod/core.html#extendedstatus
CentOS 7
This too needs to be updated
Because of systemd, there is no longer an init script we can use for Apache so we have to use apachectl to view fullstatus.
apachectl fullstatus
You may still need to install the links package and set up the server-status location as listed above.
Distilling Changes to the httpd.conf
Sometimes you just need to reconfigure the Apache conf
/usr/local/psa/admin/bin/httpdmng --reconfigure-all
Apache version
The Apache version is tied directly to the CentOS version, and can not just be upgraded.
Plesk does not support Apache 2.4 on CentOS 6. ( https://support.plesk.com/hc/en-us/articles/213917645 ) If the customer needs Apache 2.4 they will need to migrate to a CentOS 7 server, then migrate their data to it.
mod_status
- This section is in progress:
mod_status is an Apache module that outputs current server status, along with requests currently being processed. It is installed and set up by default on cPanel boxes, but not on Plesk.
Enabling it on Plesk is pretty simple. It's likely already installed, just not enabled. You can enable it by creating this file:
In Onyx: /etc/httpd/conf.d/status.conf
Edit: This was listed previously. Leaving just in case. /etc/httpd/conf.modules.d/status.conf
<IfModule mod_status.c> <Location /server-status> SetHandler server-status Order deny,allow Deny from all Allow from 127.0.0.1 localhost ip6-localhost </Location> ExtendedStatus On </IfModule>
and restarting Apache.
PHP
All relevant PHP information has been relocated for your sanity.
MySQL
MySQL functions in a nearly identical capacity on a Plesk server as it does on a cPanel server, but there are indeed a few differences. For the sake of simplicity, all Plesk-related MySQL information can be found here:
Plesk on Linux - MySQL
FTP
FTP is served by xinetd, but depends on the /etc/proftpd.conf file for configuration options. For instance, if you wanted to allow root FTP login to your Plesk machine, you would need to take a good look at yourself in the mirror and then decide not to do it.
Plesk Backups
Plesk handles backups almost entirely from the control panel. While you can certainly access some or all of the information from the command-line, it is highly recommended to perform all needed actions from the GUI.
Tools & Settings > Tools & Resources > Backup Manager
Server-level backup configuration and listing.
Domains > domain.com > Backup Manager
Domain-level backup configuration and listing.
For either, clicking on the backup name link gets you into the Restore Tool menu. Here you can restore whole sites, directories, databases, DNS zones, individual files, etc. The main Plesk backup restore also has: Subscription, Mail Account, Database, and Mailing Lists.
All other backup information can be found and referenced here:
Plesk on Linux - Backups
Plesk CLI
Recover User password link. This will give a one time link for the customer to use to log into plesk and change their password.
plesk login <$USERNAME>
Change the language of the plesk panel:
plesk bin admin -u -locale en-US
View all Registered php handlers within plesk
plesk bin php_handler --list
List users using php handler (ID can go grabbed from the above command)
plesk bin php_handler --get-usage -id cgi plesk bin php_handler --get-usage -id fpm plesk bin php_handler --get-usage -id fastcgi plesk bin php_handler --get-usage -id plesk-php54-fpm plesk bin php_handler --get-usage -id plesk-php55-fpm plesk bin php_handler --get-usage -id plesk-php56-fpm
Plesk Installations & Upgrades
If you simply need to upgrade Plesk to the latest current minor revision or add a module (such as a new webmail type), you can do this on any Plesk box 9.0 and later:
/usr/local/psa/admin/sbin/autoinstaller
You can also upgrade Plesk through the Plesk panel, and these are generally safe to upgrade, from 11 to 12, and from 12 to 17 (CentOS 6.x and higher)
Plesk > Tools & Settings > Updates and Upgrades, then click Install or Upgrade Product to upgrade the Plesk version
One some new Plesk nginx kicks, you may see a rather large red error in the Plesk panel, like so:
Internal error ;-P [<---yes, it actually says this]
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<title>502 Bad Gateway</title>
<link rel="stylesheet" href="/error_docs/styles.css">
</head>
<body>
<div class="page">
<div class="main">
<div class="error-description">
<h1>Server Error</h1>
<div class="error-code">502</div>
<h2>Bad Gateway</h2>
<p class="lead">Web server received an invalid response while acting as a gateway or proxy server.</p>
<hr/>
<p>If you think this is an error, please <a href="https://www.plesk.com/bug-report/" target="_blank">let us know</a> so we can fix it!</p>
<p>That's what you can do</p>
<div class="help-actions">
<a href="javascript:location.reload();">Reload Page</a>
<a href="javascript:history.back();">Back to Previous Page</a>
<a href="/">Home Page</a>
</div>
</div>
<div class="help-links">
<a href="https://www.plesk.com/bug-report/" class="help-link" title="Report a problem" target="_blank">
<div class="icon report"><svg><use xlink:href="/error_docs/symbols.svg#report"></use></svg></div>
</a>
<a href="https://docs.plesk.com/" class="help-link" title="Documentation" target="_blank">
<div class="icon documentation"><svg><use xlink:href="/error_docs/symbols.svg#documentation"></use></svg></div>
</a>
<a href="https://kb.plesk.com/" class="help-link" title="Knowledge base" target="_blank">
<div class="icon knowledge-base"><svg><use xlink:href="/error_docs/symbols.svg#knowledge-base"></use></svg></div>
</a>
<a href="https://talk.plesk.com/" class="help-link" title="Forum" target="_blank">
<div class="icon forum"><svg><use xlink:href="/error_docs/symbols.svg#forum"></use></svg></div>
</a>
<a href="https://www.youtube.com/channel/UCeU-_6YHGQFcVSHLbEXLNlA" class="help-link" title="YouTube" target="_blank">
<div class="icon youtube"><svg><use xlink:href="/error_docs/symbols.svg#youtube"></use></svg></div>
</a>
<a href="https://www.facebook.com/Plesk" class="help-link" title="Facebook" target="_blank">
<div class="icon facebook"><svg><use xlink:href="/error_docs/symbols.svg#facebook"></use></svg></div>
</a>
</div>
</div>
</div>
<script defer src="/error_docs/svgxuse.min.js"></script>
</body>
</html>
This can be fixed with a simple service sw-engine restart from the command-line or an uninstall/reinstall of nginx in Plesk > Tools & Settings > Updates and Upgrades.
If you need further assistance, or are trying to install Plesk for the first time on a server, please refer to the installation and upgrade wiki.
Plesk Licenses - upgrading and replacing
Currently Plesk 12, and Onyx are supported, while Plesk 11 and earlier are EOL. If a customer is still running Plesk 11 or earlier, suggest upgrading.
https://www.plesk.com/support/plesk-lifecycle/
Plesk 8 and 9 used a specific license structure, while 10 and above use a completely different license setup. Please refer to the Plesk License wiki for additional information.
Web Pro is now the standard license, and offers more features for the customer. If you're working on a Web Admin server for any reason, please update the license per the above wiki link!
NOTE: You will be forced to upgrade the license when upgrading to Plesk 10.x+ for the first time.
Plesk SSL Management & Installation
Plesk has no native AutoSSL equivalent, but Let's Encrypt can be added via Extensions (left menu bar) and works for both domain and hostname SSLs!
Generating A CSR
You can perform the following command:
openssl req -new -nodes -keyout mydomain.key -out domain.csr
This will create the CSR and private key. Keep owned by root.
You can also generate the CSR from Plesk
by clicking the 'Request' button while adding a new Certificate for the domain. Remember to change the Certificate Name at the top, so you know what SSL to enable later.
Installing an SSL for a domain
When you have the SSL you would like to install
Domains (or Websites & Domains) > $domain.tld > SSL Certificates
You will have the option to either select a current SSL to update, or Add SSL Certificate. After selecting the SSL (or new cert) you can "Upload certificate files" or "Upload certificate as text."
After installing the SSL, you will need to tell Plesk what certificate to use, and you can do this in:
Domains (or Websites & Domains) > $domain.tld > Hosting Settings, in the Security section.
Installing an SSL for Plesk Services
This guide will help you install a Trusted (purchased) SSL for Plesk core services (PSA,IMAP,POP,SMTP).
Generate CSR and Purchase Certificate.
Tools & Settings > SSL Certificates > Add SSL Certificate
Fill out necessary information to generate CSR and KEY - Please ensure that you set "Domain name" to the servers hostname
Install the Certificate
Tools & Settings > SSL Certificates, then select the SSL you created earlier Add the Certificate and CA certificate from the issuer, and click Upload Certificate
If this is Onyx (17), you can click the [Change] link next to: Certificate for securing Plesk and: Certificate for securing mail, then select the certificate to use
If this is 12.5, you can click on the checkbox for the certificate you want to use, then click Secure Plesk This does not cover the mail connections, just the panel connections, so there are a few more steps to finish
Installing the certificate for securing mail (12.5)
SSH into the server then verify the server is using Postfix:
/usr/local/psa/admin/sbin/mailmng --features | grep SMTP_Server
Then back up the files we need to replace, /etc/postfix/postfix_default.pem and /etc/dovecot/private/ssl-cert-and-key.pem :
cp /etc/postfix/postfix_default.pem /etc/postfix/postfix_default.pem.bak cp /etc/dovecot/private/ssl-cert-and-key.pem /etc/dovecot/private/ssl-cert-and-key.pem.bak
For Courier, the files should be /usr/share/imapd.pem and /usr/share/pop3d.pem:
cp -a /usr/share/imapd.pem{,.bak}
cp -a /usr/share/pop3d.pem{,.bak}
After backing up these files, we need to replace the certificate details in them. The files should look kinda like the following except the actual characters where [CONTENTS] is. Key, Cert, then CA bundle:
-----BEGIN PRIVATE KEY-----
[CONTENTS]
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
[CONTENTS]
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
[CONTENTS]
-----END CERTIFICATE-----
Then restart the services to finish:
systemctl restart postfix.service systemctl restart psa.service /usr/local/psa/admin/sbin/mailmng --restart-service
For Courier:
service courier-imapd restart service courier-pop3d restart
Ports and Networking
Plesk Firewalls
APF Firewall
Automated Installer
wget -O /scripts/plesk-apf.pl http://layer3.liquidweb.com/scripts/plesk/plesk-apf.pl chmod +x /scripts/plesk-apf.pl /scripts/plesk-apf.pl
This script will automatically configure the right ports open in the firewall before starting it, avoiding the constant issue of Plesk crashing when closing their license ports
Plesk Firewall Module
In Plesk 12:
Plesk -> Tools & Settings -> Updates & Upgrades -> Add/Remove Components
You can add the "Firewall" Module and "Fail2Ban" but at this time it looks like these can not be used to manually block ip's and don't integrate with CSF.
In older versions of Plesk:
Run the Plesk installation and upgrade tool either inside Plesk in the 'updates' section or via command line the installer tool or from the command line:
/usr/local/psa/admin/bin/modulemng --install --file=/opt/modules/firewall.rpm
Edit the firewall from Modules > Firewall > Edit Firewall Configuration
Plesk Networking
Here are the basic ports needed for Plesk:
PLESK PANEL::TCP 8443, 8880 VPN::UDP 1194 HTTP::TCP 80,443 FTPD::TCP 21 SSH::TCP 22 SMTP::TCP 25,465 POP3::TCP 110,995 IMAP::TCP 143,993 MAILPASS::TCP 106 MySQL::TCP 3306 Postgres::TCP 5432 Licensing Server::TCP 5224 BIND::UDP 53::TCP 53
The full list of ports from Plesk:
https://support.plesk.com/hc/en-us/articles/213932745
Plesk Health Monitor
We have a few commands/logs/conf files to help with the Health Monitor
Logs
/usr/local/psa/admin/logs/health-alarm.log
Services Stop:
/etc/init.d/sw-collectd stop
Start:
/etc/init.d/sw-collectd start
Restart:
/etc/init.d/sw-collectd restart
Configuration:
/usr/local/psa/admin/conf/health-config.xml /usr/local/psa/var/custom-health-config.xml /etc/sw-collectd/collectd.conf