Everything nginx-cyberpanel does on Plesk
A broad Apache and .htaccess compatibility surface implemented directly inside nginx, plus the WordPress LiteSpeed Cache protocol — so cacheable traffic never falls through to PHP.
Reads Plesk's Apache config in place
The bundled ngx_apacheconf_module reads the Plesk-generated Apache configuration at nginx startup — no migration, no hand-rewriting vhosts.
readapacheconf /etc/nginx-cyberpanel/apache-entry.conf portmap=7080:80,7081:443;
Supported configuration surface
Listen,NameVirtualHost,VirtualHostServerName,ServerAliasDocumentRootErrorLog,CustomLogSSLEngine,SSLCertificateFile,SSLCertificateKeyFileDirectoryIndexAlias,ScriptAliasProxyPass,ProxyPassReverse, exclusionsErrorDocumentRewriteEngine,RewriteCond,RewriteRuleHeader,RequestHeaderOptions Indexes,Options -IndexesRequire,Allow,DenyInclude,IncludeOptional, glob includes- PHP handler hints:
AddHandler,AddType,SetHandler,FcgidWrapper,FCGIWrapper
Per-request .htaccess, merged like Apache
The bundled ngx_htaccess_module walks from document root to the request directory and merges .htaccess files per request. Parsed files are cached per worker with mtime checks; missing lookups use a negative cache.
Supported directive categories
RewriteCond,RewriteRuleRedirect,RedirectMatch- Basic auth with htpasswd & htgroups
Allow,Deny,RequireHeader,RequestHeaderSetEnv,SetEnvIf,SetEnvIfNoCaseBrowserMatch,BrowserMatchNoCaseErrorDocument<Files>,<FilesMatch>ExpiresActive,ExpiresDefault,ExpiresByTypeAddDefaultCharsetSSLRequireSSLSatisfy Any,Satisfy All<Limit>,<LimitExcept>php_value,php_flag,php_admin_value,php_admin_flag- OpenLiteSpeed-compatible
BruteForceProtection
Supported htpasswd hashes
Apache APR1-MD5 ($apr1$), {SHA}, crypt MD5 ($1$), crypt SHA-256 ($5$), crypt SHA-512 ($6$), and legacy DES crypt.
PHP values to PHP-FPM
php_value / php_admin_value are exported through generated FastCGI params:
fastcgi_param PHP_VALUE $cyberpanel_php_value if_not_empty; fastcgi_param PHP_ADMIN_VALUE $cyberpanel_php_admin_value if_not_empty;
The LiteSpeed Cache plugin protocol, in nginx
The bundled ngx_lscache_module implements the LiteSpeed Cache plugin signals so cacheable WordPress pages are served from nginx and never reach PHP.
Reads
X-LiteSpeed-Cache-Control, X-LiteSpeed-Vary (creates vary sidecars), X-LiteSpeed-Tag.
Signals
X-LiteSpeed-Cache: miss on store, hit,public on replay; handles X-LiteSpeed-Purge response headers.
Purge
PURGE by URL, X-LS-Purge: *, and tag purges. Safe stored backend headers replayed on hits.
Accept-Encoding (curl, ab, loaders) receive an inflated in-memory cache HIT instead of falling through to PHP — a load spike can't turn a cacheable page into uncached backend load. Public zero-body 301/308 redirects are cached too; HEAD misses never poison later GETs; responses with Set-Cookie are not stored.
HTTP/2, gzip and brotli
HTTP/2
Enabled on SSL listeners in the synthesized config.
gzip & brotli
Both supported with extension-side toggles. Cached bodies may be stored gzip-compressed and served directly to gzip-capable clients.
fd limits
Generated config sets worker_rlimit_nofile 65535 and the systemd unit sets LimitNOFILE=65535 for high-concurrency stability.
SSL helper & diagnostics
Let's Encrypt SSL helper
Normalizes domains, validates domain/email syntax, rejects unmanaged domains before calling certbot/Plesk, supports HTTP-01 from the document root, handles Plesk redirect-only HTTP vhosts, and surfaces useful ACME errors (NXDOMAIN, domain not pointing to server, rate limits, validation failure detail).
Diagnose tab checks
Takeover active, cache directory present, gzip config, brotli config, HTTP/2 on SSL listeners, LSCache plugin signal in synthesized config, Plesk PID shim, and Redis object cache status.
One feature set. Tiers differ by domain limit.
The binary enforces license validity and max_domains. Feature flags are informational for UI/support in v1.0.0 and do not disable runtime modules.
| Plan ID | Tier | Max domains |
|---|---|---|
25 | Free | 10 |
26 | Pro | 50 |
27 | Business | 100 |
28 | Unlimited | 2,147,483,647 |