Este post também está disponível em:
OpenLiteSpeed is a modern Open Source Web Server with high performance features and top-notch security.
The server understands Apache rewrite rules and has smart cache acceleration features that allow you to implement faster caching on your server.
It has built-in Multiple PHP Support and also LSAPI for external applications 2x faster; In addition to all this it is possible to enable multiple PHP processors for different websites.
Key Features of OpenLiteSpeed
- Apache rewrite rules compatibility.
- Web Administration Panel.
- Event-driven architecture.
- HTTP/3 & HTTP/2 support.
- Support for multiple PHP versions.
- Multi-Thread Module.
- LiteSpeed Cache.
- WAF(mod_security 3), Anti-DDoS, and Bandwidth Limit.
In this post we will address
- UFW Firewall Configuration
- Installing OpenLiteSpeed
- Installing PHP 7.4 and Extensions
- Installing MariaDB 10.4
- Correct vhost configuration in OpenLiteSpeed to host our first domain
- Installing and configuring SSL with Let’s Encrypt on your domain at OpenLiteSpeed
- WordPress installation
Note: For better security and excellent performance, SSL will use the new TLS 1.3 and http the new http/3 version.
UFW Firewall Configuration
We are going to use the default Firewall of Ubuntu 20.04. Let’s open the following ports:
Port: 80 tcp, 443 tcp/udp, 7080/tcp, 22/ssh
UFW by default is inactive.
By default, UFW is configured to deny all incoming connections and only allow outgoing connections, that is, no one outside would be able to access your server but your applications would be able to access the external network.
To avoid problems, let’s first create our rules, opening the ports that we are going to use.
ufw allow 80/tcp ufw allow 443/tcp ufw allow 443/udp ufw allow 7080/tcp ufw allow 22/tcp
Now let’s enable UFW. Type y in the question
root@helpsysadmin:~# ufw enable Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Done! now we have UFW active and filtering the ports we reported.
Installing OpenLiteSpeed
Let’s install OpenLiteSpeed through the Repository
wget -O - http://rpms.litespeedtech.com/debian/enable_lst_debian_repo.sh | bash
Update repository list and install OpenLiteSpeed
apt update apt install openlitespeed -y
After installation we will change the password. There are two ways to do this.
The first is to use the OpenLiteSpeed panel and with the default username and password (user: admin password: 123456) change your password.
The second is the one I recommend, at least knowing, as it will be very useful if one day you lose your admin password. Through the shell follow the steps below
cd /usr/local/lsws/admin/misc ./admpass.sh
In
User name[admin] : leave blank just hit enter
then enter twice the password you want to use.
This method is very useful if one day you lose your administration password.
To access the administration of OpenLiteSpeed use: https://ipdoseserver:7080
Installing PHP 7.4 and Extensions
By default, OpenLiteSpeed installs PHP 7.3.
For didactic purposes and improvements, let’s install PHP 7.4 and set it as default in OpenLiteSpeed.
Install PHP 7.4 and extensions
apt install -y lsphp74 lsphp74-apcu lsphp74-common lsphp74-curl lsphp74-dbg lsphp74-dev lsphp74-igbinary lsphp74-imagick lsphp74-imap lsphp74-intl lsphp74-ioncube lsphp74-json lsphp74-ldap lsphp74-memcached lsphp74-modules-source lsphp74-msgpack lsphp74-mysql lsphp74-opcache lsphp74-pear lsphp74-pgsql lsphp74-pspell lsphp74-redis lsphp74-snmp lsphp74-sqlite3 lsphp74-sybase lsphp74-tidy
Installing MariaDB 10.4
Installing the MariaDB 10.4 repository
apt-get install software-properties-common dirmngr apt-transport-https apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc' add-apt-repository 'deb [arch=amd64,arm64,ppc64el] https://espejito.fder.edu.uy/mariadb/repo/10.4/ubuntu focal main'
Installing MariaDB 10.4
apt update apt install mariadb-server
Run the script for MariaDB security
mysql_secure_installation
Enter current password for root (enter for none): ( PRESSIONE ENTER ) Set root password? [Y/n] Y New password: Digite a senha desejada para o root do mariadb Re-enter new password: Digite novamente a senha para o root do mariadb Remove anonymous users? [Y/n] Y Disallow root login remotely? [Y/n] Y Remove test database and access to it? [Y/n] Y Reload privilege tables now? [Y/n] Y
Enable and start MariaDB
systemctl enable mariadb systemctl start mariadb systemctl status mariadb
OpenLiteSpeed vhost setup to host our first domain
In this step, we need a domain that we will point to the IP of our server. In our example we are using a domain “helpsysadmin.ml” that uses cloudflare services.
In your DNS provider create a type A entry of your domain name for your OpenLiteSpeed server IP and another CNAME www entry for your domain name.
Creating Virtual Host in OpenLiteSpeed
Access OpenLiteSpeed administration https://ipdoseserver:7080 and then Virtual Hosts , click the Add icon
Add the configuration below
Variables | Value |
Virtual Host Name | helpsysadmin.ml |
Virtual Host Root | $SERVER_ROOT/helpsysadmin.ml/ |
Config File | $SERVER_ROOT/conf/vhosts/$VH_NAME/helpsysadmin.ml.conf |
Follow Symbolic Link | yes |
Enable Scripts/ExtApps | yes |
Restrained | yes |
ExtApp Set UID Mode | Server UID |
At the top of the page click save . You will see a message that the .conf file does not exist. Below there will be the option to create the .conf file where you must click ” CLICK TO CREATE ” then you will be able to save this part.
When we click on “CLICK TO CREATE” Openlitespeed creates a virtual host configuration file that allows us to save the settings
Once our virtual host has been created, go back to Virtual Hosts –> click on Virtual Host (helpsysadmin.ml) –> select the General tab and modify the settings as shown below.
Variables | Value |
Document Root | $VH_ROOT/html/ |
domain name | helpsysadmin.ml |
Enable Compression | yes |
save Changes
Again go to Virtual Hosts> click on your Virtual Host (helpsysadmin.ml) –> General and edit Index Files
Variables | Value |
Use Server Index Files | At the |
Index Files | index.html, index.php |
Auto Index | At the |
Auto Index URI |
Again go to Virtual Hosts > click on your Virtual Host (helpsysadmin.ml) –> Log and edit Virtual Host Log
Variables | Value |
Use Server’s Log | yes |
File Name | $VH_ROOT/logs/error.log |
log level | ERROR |
Rolling Size (bytes) | 10M |
Again go to Virtual Hosts > click on your Virtual Host (helpsysadmin.ml) –> Log and edit Access Log
Variables | Value |
Log Control | Own Log File |
Piped Logger | |
Log Format | |
log headers | |
Rolling Size (bytes) | 10M |
keep days | 30 |
log bytes | |
Compress Archive | yes |
After creating a Virtual Host for our domain, we need to map it so that we can finally access it.
To do this, go to Listeners , we will create two records, one will be responsible for configuring our domain on port 80 , the other on secure port 443.
Locate the ” Listener List ” menu and right click on the ” + ” sign to add our first Listener.
Fill in the fields according to the table
Variable | Value |
listener name | Porta80 |
IP Address | ANY |
Port | 80 |
binding | |
secure | At the |
Notes |
Now add a new Listener for port 443 as below
Variable | Value |
listener name | Port443 |
IP Address | ANY |
Port | 443 |
binding | |
secure | yes |
Notes |
At this point we have the Listerners for port 80 and 443. Click on the name of one of the Listernes you created, then on ” Virtual Host Mappings ” click on the ” + ” sign.
On the next screen under Virtual Host * select your domain name and below under Domains re-enter your domain name without www or http
Perform the same steps with the Porta443 Listener that you created earlier.
Creating folders for logs and website
Access your server’s SSH and type (replace the domain informed by the one you configured in OpenLiteSpeed)
mkdir /usr/local/lsws/helpsysadmin.ml/ mkdir /usr/local/lsws/helpsysadmin.ml/{html,logs}
Before proceeding, let’s restart OpenLiteSpeed and install a Let’s Encrypt SSL certificate for the domain.
It is important that your domain is pointing to the IP of your server as we informed at the beginning of this post
Access the dashboard and restart the OLS
Access your server’s SSH and install certbot
apt install certbot -y
Run certbot and answer the questions as below adapting for your domain
certbot certonly How would you like to authenticate with the ACME CA? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: Spin up a temporary webserver (standalone) 2: Place files in webroot directory (webroot) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2 Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel): helpsysadmin.ml Input the webroot for helpsysadmin.ml: /usr/local/lsws/helpsysadmin.ml/html
If everything went well, you will see a message informing you that Certificate and Key were created, save this information. Let’s use them next
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/helpsysadmin.ml/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/helpsysadmin.ml/privkey.pem Your cert will expire on 2021-04-27. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Go back to the OpenLiteSpeed dashboard under Virtual Hosts >> helpsysadmin.ml and select the SSL tab.
Edit SSL Private Key & Certificate
Private Key File is second result when requested certificate
Certificate File is the first result when requested the certificate
After saving the changes continue to the SSL tab, let’s make some changes and improvements
Edit SSL Protocol
Variable | Value |
Protocol Version | TLS v1.2 TLS v1.3 |
ciphers | |
Enable ECDH Exchange | |
Enable DH Key Exchange | |
DH Parameter |
Edit Security
Variable | Value |
SSL Renegotiation ProtectionHTTP/2SSL Renegotiation Protection | yes |
Enable Session Cache | yes |
Enable Session Tickets | yes |
Enable SPDY/HTTP2/HTTP3 | HTTP/3 |
Enable QUIC | yes |
As this is the first domain with an SSL certificate, we will need to repeat these steps in Listeners , then click on Porta443 and access the SSL tab.
Fill in the fields exactly as you did in Virtual Hosts earlier. At the end save and restart OpenLiteSpeed from the panel.
Note: For the next domains you host, you will need to inform the SSL settings only on the Virtual Host for the domain.
At this point, if we access our domain with https, we will see a 404 page because we have not sent any files to our account.
We could from this point on how to install WordPress, because as I mentioned at the beginning, OpenLiteSpeed installs php 7.3 by default with some extensions.
We have already installed php 7.4 with important extensions for WordPress, now let’s configure it in OpenLiteSpeed.
Access the OpenLiteSpeed dashboard >> Server Configuration ,
select External App and under External Applications click on the ” + ” symbol then under Type Select LiteSpeed SAPI App
Then click on the Next icon
Fill in the fields according to the table below:
Variable | Value |
Name * | lsphp74 |
Address * | uds://tmp/lshttpd/lsphp74.sock |
Notes | |
Max Connections * | 10 |
Environment | PHP_LSAPI_CHILDREN=10 LSAPI_AVOID_FORK=200M |
Initial Request Timeout (secs) * | 60 |
Retry Timeout (secs) * | 0 |
Persistent Connection | yes |
Connection Keep-Alive Timeout | |
Response Buffering * | At the |
Start By Server * | Yes (Through CGI Daemon) |
Command | lsphp74/bin/lsphp |
Back Log | 100 |
instances | 1 |
Run As User | |
Run As Group | |
umask | |
Run On Start Up | |
Max Idle Time | |
priority | 0 |
Memory Soft Limit (bytes) | 2047M |
Memory Hard Limit (bytes) | 2047M |
Process Soft Limit | 1400 |
Process Hard Limit | 1400 |
Save the changes and click on the “Script Handler” tab. This tab is currently configured to run php 7.3. We are going to make changes so that our applications use the php 7.4 we just configured from now on.
In the Actions column, find and click the “Edit” icon
In “Handler Name *” change to lsphp74 and then click “Save” and restart OpenLiteSpeed so that the settings are activated.
The next step is WordPress. Before we leave OpenLiteSpeed , let’s enable .htaccess support which will be very important in WordPress.
In Server Configuration> General
Find and edit Rewrite Control
Change Auto Load from .htaccess to Yes and save the change.
Now, in the Virtual Host menu, select the record for your domain.
Locate the ” Rewrite ” tab and edit ” Rewrite Control “
Variable | Value |
Enable Rewrite | yes |
Auto Load from .htaccess | yes |
log level |
Save changes, restart OpenLiteSpeed.
Installing WordPress and Litespeed LS CACHE Plugin
Access ssh as root on your server and then the directory where your site files will be. save wordpress files
cd /usr/local/lsws/helpsysadmin.ml/html/ wget https://br.wordpress.org/latest-pt_BR.tar.gz tar -xzvf latest-pt_BR.tar.gz mv wordpress/* .
Creating Database and User for WordPress with MariaDB
Access MariaDB with the root user and password you set when you installed MariaDB above
mysql -u root -pSENHAROOT
create the database
CREATE DATABASE wordpress DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
Next we will create a user (wordpress_user) with all permissions in this database and set the password. I suggest using a secure username and password. Keep this information, we will use it later.
GRANT ALL ON wordpress.* TO 'wordpress_user'@'localhost' IDENTIFIED BY 'senha';
We have a database and a user with full access to this database to use in WordPress. Now we need to run the following command to reload the tables and let the current MySQL instance know about the changes you’ve made:
FLUSH PRIVILEGES;
Now, let’s exit MariaDB.
EXIT;
Go back to the directory where the WordPress files are, create the .htaccess file, change the user and group of the files to nobody and nogroup. By default OpenLiteSpeed runs as “user(nobody) : group(nogroup)”, so that we don’t have permissions problems these changes are necessary
cd /usr/local/lsws/helpsysadmin.ml/html/ touch .htaccess chown nobody.nogroup .htaccess chown -R nobody.nogroup
Access the domain you have configured in your web browser.
Example: https://helpsysadmin.ml
You’ll see a page explaining what’s next in the WordPress setup. Click ” Let’s Go “
On the next page, fill in the name of the database you created, username and password. Click next.
A message will be displayed informing that it was not possible to create the wp-config.php file and in the table below the content that this file should have. Copy the content, go back to the location of your files, create wp-config.php and paste the previous content. Save the changes and reset your domain configuration in your browser
cd /usr/local/lsws/helpsysadmin.ml/html nano wp-config.php
In this part you must inform the admin user name, password and e-mail, click on proceed!
Your WordPress is now installed.
Now I would like to briefly address a powerful plugin for Openlitespeed and Litespeed users. It is an excellent plugin with basic and advanced features. I suggest spending some time figuring out what works and what doesn’t for your site. Locate the LiteSpeed Cache plugin.
This was a long post, but I thought it was necessary to address these issues with quality and not just another one on the Web. Hope you like it and leave comments below.