Tag Archives: Nginx

Secure Redirects in Plesk

More and more sites are only available via https, now with the Let’s Encrypt extension available in Plesk 12.5 it’s even easier to make your site secure. As such I thought it would be a good time to write this guide.

This guide assumes…

  • You have already setup your SSL Certificate in Plesk for your domain,
  • You are using Apache (FastCGI or FPM) and Nginx is serving static files,
  • You want your site to be https only, redirecting all http requests to https
  • You have set preferred domain in Plesk to www.domain.tld

Apache

I’ll start with Apache, browse to your domain in Plesk and click on Additional Apache & Nginx settings. under Additional directives for HTTP use this redirect..

And Additional directives for HTTPS…

If you use Plesk’s built in SEO Safe redirect (preferred domain) from domain.tld to www.domain.tld, you will need to turn this off and add the following in the Additional HTTPS directives…

Nginx

Now onto the Nginx directives…

Notice I’m using $scheme rather than the more common $host, as using the $host rewrite affected ssllabs scores in that domain.tld and www.domain.tld would score differently after adding HPKP and HSTS headers in Apache.

I hope that helps someone.

Add DHParam to Plesk Panel

You can fix Logjam for the Plesk Panel by simply adding the standard Nginx dhparam directive to the plesk.conf file.
Very similar to previous posts on adding OCSP and HSTS to Plesk.

First you will need to create your dhparam, you can follow my guide Creating DH Parameters, and then locate the file and edit with your favourite editor…

And add the Nginx ssl_dhparam directive above the certificate entries like so…

Save the file and restart the Plesk server…

And you are good to go.
I hope that helps someone.

Add OCSP to Plesk Panel

Here’s a guide on adding OCSP to your Plesk 11.5.30 or Plesk 12.0.18 Panel.
Firstly you need to create a file containing both your intermediate and CA certificate, lets call it domainCA.pem.
create the folder…

and upload domainCA.pem to it.

Now create a file called ocsp.inc in

and add the following nginx directives to it…

Next you need to add an include statement for ocsp.inc in the plesk.conf file…

Like so…

With the other include directives.

And restart the Plesk server with

You now have OCSP on your Plesk Panel.

You can also add these directives on a per domain basis in the Plesk Panel under

Plesk -> Domains -> yourdomain.tld -> Apache & Nginx Settings -> Additional nginx directives