When Nginx and Apache are used, Apache should only listen to ports 7080 and 7081 on localhost.
As discussed in https://talk.plesk.com/threads/security-attack-surface-ports-7080-and-7081.368543 security should be reinforced: When Nginx and Apache are used, Apache should only listen to ports 7080 and 7081 on localhost. When Nginx is not used, Apache should only listen to ports 80 and 443.
Michael Wolter commented
To elaborate: At the moment, plesk - at least on debian 10 - listens on the public IP only on ports 7080 and 7081. When nginx is used as proxy for all domains on that public IP, it is not necessary for apache to listen on that public IP because requests to 7080 & 7081 should only originate from nginx.
(Strictly speaking, it wouldn't even be necessary to listen on 7081 because costly SSL negotiation on localhost is superfluous, but that requires a bit more configuration to work so that links stay https.)
When nginx is not used, obviously apache needs to listen on the standard ports of that public IP.