v1.0.0 Plesk extension for safer nginx takeover

Run nginx-cyberpanel on Plesk without giving up Plesk.

CyberPanel nginx for Plesk replaces the public nginx layer on ports 80 and 443 while keeping Plesk as the control plane for domains, Apache config, certificates, PHP handlers, and WordPress cache signals.

Install on Plesk Read Guide View Plans
5003 req/sCyberPanel nginx
3.84 req/sDefault Plesk
p95 6 msCached gzip run
One-line installer Safe staging 
bash <(curl -sSL https://cyberpanel.net/nginx-plesk-install.sh)
Install does not take over traffic. Open Plesk, then use Extensions > CyberPanel nginx > Enable takeover when ready.

Live migrated WordPress benchmark

On the migrated CyberPanel WordPress homepage with LiteSpeed Cache active, nginx-cyberpanel served browser-like cached requests dramatically faster than the default Plesk nginx and Apache path.

Throughput gain 1303x

5003.63 requests/sec with CyberPanel nginx versus 3.84 requests/sec on the default Plesk stack.

Lower p95 latency 952x

p95 dropped from 5711 ms to 6 ms with takeover active and an LSCache gzip hit.

Browser-like benchmark: 1,000 requests at concurrency 20

Requests per secondHigher is better
CyberPanel nginx 5003.63
Plesk nginx 3.84
Mean response timeLower is better
CyberPanel nginx 4 ms
Plesk nginx 5211 ms
p95 response timeLower is better
CyberPanel nginx 6 ms
Plesk nginx 5711 ms

A controlled replacement for the Plesk nginx layer

Install and traffic takeover are separate operations. You can stage the extension first, review diagnostics, then switch traffic from the Plesk UI.

Safe by default

The installer downloads the extension and binary, but leaves default Plesk nginx and Apache active until takeover is enabled.

Uses existing Plesk config

Domains, vhosts, certificates, PHP handlers, and Apache backend behavior stay managed through Plesk.

WordPress cache signals

LiteSpeed Cache plugin headers, tag signals, vary signals, PURGE support, and file-backed public cache storage are supported.

Drop-in compatibility with your Plesk sites

nginx-cyberpanel translates Apache config and .htaccess at runtime, passes PHP directives through to PHP-FPM, and speaks the full LiteSpeed Cache plugin protocol — so existing Plesk sites move over with their behavior intact.

.htaccess that just works

Apache directives are read directly from existing Plesk vhosts and per-site .htaccess files.

  • Vhost configVirtualHost, ServerName, ServerAlias, DocumentRoot, logs, SSL certs, aliases, proxy rules, includes
  • RewritesRewriteEngine, RewriteCond, RewriteRule with L, R, QSA, F, G, NC
  • RedirectsRedirect, RedirectMatch — 301, 302, 303, 307, 308, gone
  • HeadersHeader set/add/append/merge/unset (+ always), RequestHeader set/add/append/merge/unset
  • Env rulesSetEnv, SetEnvIf, SetEnvIfNoCase, BrowserMatch, BrowserMatchNoCase
  • Access controlAllow, Deny, Order, Require all/ip/not ip, Satisfy Any/All, SSLRequireSSL
  • Basic authAuthType Basic, AuthUserFile, AuthGroupFile, Require user/group/valid-user
  • Files matchers<Files>, <FilesMatch>, <Limit>, <LimitExcept>
  • Expires & charsetExpiresActive, ExpiresDefault, ExpiresByType (with OLS A/M shorthand), AddDefaultCharset
  • Error documentsinternal path, external URL, or inline message
  • Brute-force protectionOpenLiteSpeed-style directives, no extra module install

PHP directives via .htaccess

WordPress and legacy PHP apps that tune PHP from .htaccess keep working — no PHP-FPM pool surgery needed.

  • Supported in .htaccessphp_value, php_flag, php_admin_value, php_admin_flag
  • Pass-through to PHP-FPMValues are forwarded as PHP_VALUE and PHP_ADMIN_VALUE on each request — same semantics as SetHandler + SetEnv under Apache
  • WordPress front-controllerStandard index.php rewrites supported out of the box
  • LSCache plugin hintInjects HTTP_X_LSCACHE=on so the LiteSpeed Cache plugin enables itself automatically
  • Cache-correct rewritesCache keys preserve the original request URL before any rewrite — no duplicate cache entries for the same page

Full LSCache signal coverage

Speaks the same cache protocol as LiteSpeed Enterprise and OpenLiteSpeed — every signal the WordPress LiteSpeed Cache plugin emits is honored.

  • Backend signals readX-LiteSpeed-Cache-Control, X-LiteSpeed-Tag, X-LiteSpeed-Vary
  • Response signals sentX-LiteSpeed-Cache: miss and X-LiteSpeed-Cache: hit on every request
  • Purge protocolsURL purge, X-LS-Purge: *, tag purge, and WordPress X-LiteSpeed-Purge
  • Header replayBackend response headers (cookies, security headers, custom plugin headers) are replayed on every cache hit
  • Cache rootFile-backed at /var/cache/nginx-cyberpanel/lscache — inspect, archive, or rsync like any other directory

How takeover works

The extension validates the generated config before changing services. If validation fails, Plesk nginx and Apache are not changed.

1

Run installer

The script detects OS and architecture, installs runtime libraries, downloads the extension zip, downloads the matching binary, and installs the Plesk extension.

2

Review in Plesk

Use the Overview and Diagnose tabs to confirm status, cache paths, gzip, brotli, HTTP/2 listeners, LSCache signals, PID shim, and Redis state.

3

Enable takeover

Click Enable takeover. nginx-cyberpanel starts on public ports 80 and 443, while Apache remains the backend on local ports.

Extension controls built into Plesk

The extension gives admins the operational actions they need without leaving the panel.

Overview

Shows takeover status with enable, disable, and reload controls.

Cache

Purges LSCache-compatible cache globally or by URL.

Config

Shows synthesized config and key runtime toggles for gzip, brotli, HTTP/2, and LSCache.

SSL

Issues Let's Encrypt certificates for Plesk-managed domains with validation and useful ACME errors.

Diagnose

Checks takeover, cache, compression, HTTP/2, plugin signals, PID shim, and Redis.

License

Shows license and domain-count status with license input.

Ports stay predictable

During takeover, public traffic moves to nginx-cyberpanel while Apache remains available locally for Plesk-managed backend behavior.

Takeover active

  • :80nginx-cyberpanel
  • :443nginx-cyberpanel
  • 127.0.0.1:7080Apache backend
  • 127.0.0.1:7081Apache SSL backend
  • :8443Plesk panel

After restore

  • :80Plesk nginx
  • :443Plesk nginx
  • 127.0.0.1:7080Apache
  • 127.0.0.1:7081Apache

Supported platforms

The installer downloads the correct dynamically linked binary for the detected operating system.

Platform Binary Status
Ubuntu 22, Ubuntu 24, Debian 12 nginx-cyberpanel-1.0.0-x86_64-ubuntu Supported
RHEL 9, AlmaLinux 9, Rocky 9 nginx-cyberpanel-1.0.0-x86_64-rhel9 Supported
RHEL 8, AlmaLinux 8, Rocky 8 nginx-cyberpanel-1.0.0-x86_64-rhel8 Supported

Install, enable, verify, restore

Use the one-line installer, then enable takeover from Plesk only after reviewing diagnostics.

Install and stage extension

bash <(curl -sSL https://cyberpanel.net/nginx-plesk-install.sh)

Enable takeover in Plesk

Extensions > CyberPanel nginx > Enable takeover

Verify active takeover

cat /etc/nginx-cyberpanel/state
systemctl is-active apache2 nginx nginx-cyberpanel
curl -skI https://example.com/ | sed -n '1,10p'

Uninstall and restore Plesk defaults

bash <(curl -sSL https://cyberpanel.net/nginx-plesk-install.sh) --uninstall

License plans by domain count

Start free for small Plesk servers, then unlock higher domain limits with a license key from the CyberPanel platform.

Free

10 Domains

$0forever
Up to 10 registrable domains
  • Free license key
  • Plesk extension license tab
  • Local 10-domain entitlement
  • Good for small servers
Get Free License
Pro

50 Domains

$59/year
Up to 50 registrable domains
  • Paid license key
  • Platform entitlement checks
  • Cached response with grace period
  • Upgrade path from Free
Order Pro
Popular
Business

100 Domains

$99/year
Up to 100 registrable domains
  • Best fit for growing Plesk servers
  • Platform entitlement checks
  • Cached response with grace period
  • Works with the Plesk License tab
Order Business
Unlimited

Unlimited Domains

$199/year
Unlimited domain entitlement
  • For agencies and large Plesk nodes
  • Numeric unlimited entitlement
  • Platform entitlement checks
  • Cached response with grace period
Order Unlimited

Frequently asked questions

Operational details for Plesk admins before enabling takeover.

Does installation change live traffic?

No. Install and takeover are separate. The installer leaves default Plesk nginx and Apache active, with state set to installed-not-active.

What should I check before takeover?

Confirm default Plesk sites still load, then review the Diagnose tab. It checks takeover state, cache directory, gzip, brotli, HTTP/2 listeners, LSCache signals, PID shim, and Redis.

How do I test LiteSpeed Cache plugin compatibility?

Use a browser-like request such as curl -skI --compressed https://example.com/. gzip-specific cache objects may show a miss with plain curl because the stored object is encoding-specific.

Can the SSL tab issue certificates for any domain?

No. SSL issuance is restricted to valid Plesk-managed domains. The flow normalizes domains, validates syntax, rejects unmanaged domains, and surfaces Let's Encrypt errors like NXDOMAIN, rate limits, and ACME validation details.

How do I roll back?

Use the extension restore controls or run the installer with --uninstall. Restore returns public ports 80 and 443 to default Plesk nginx and restarts real Apache and nginx units.

Stage first. Switch when ready.

CyberPanel nginx for Plesk gives you a safer way to test and enable nginx-cyberpanel on production Plesk servers without losing the Plesk control plane.

Install CyberPanel nginx for Plesk