How to Install Openlitespeed on Ubuntu 20.04

Este post também está disponível em: Português (Portuguese (Brazil))

OpenLiteSpeed is a modern Open Source Web Server with high performance features and top-notch security.

The server understands Apache rewrite rules and has smart cache acceleration features that allow you to implement faster caching on your server.

It has built-in Multiple PHP Support and also LSAPI for external applications 2x faster; In addition to all this it is possible to enable multiple PHP processors for different websites.

Key Features of OpenLiteSpeed

  • Apache rewrite rules compatibility.
  • Web Administration Panel.
  • Event-driven architecture.
  • HTTP/3 & HTTP/2 support.
  • Support for multiple PHP versions.
  • Multi-Thread Module.
  • LiteSpeed Cache.
  • WAF(mod_security 3), Anti-DDoS, and Bandwidth Limit.

In this post we will address

  • UFW Firewall Configuration
  • Installing OpenLiteSpeed
  • Installing PHP 7.4 and Extensions
  • Installing MariaDB 10.4
  • Correct vhost configuration in OpenLiteSpeed to host our first domain
  • Installing and configuring SSL with Let’s Encrypt on your domain at OpenLiteSpeed
  • WordPress installation

Note: For better security and excellent performance, SSL will use the new TLS 1.3 and http the new http/3 version.

UFW Firewall Configuration

We are going to use the default Firewall of Ubuntu 20.04. Let’s open the following ports:
Port: 80 tcp, 443 tcp/udp, 7080/tcp, 22/ssh

UFW by default is inactive.

By default, UFW is configured to deny all incoming connections and only allow outgoing connections, that is, no one outside would be able to access your server but your applications would be able to access the external network.

To avoid problems, let’s first create our rules, opening the ports that we are going to use.

ufw allow 80/tcp
ufw allow 443/tcp
ufw allow 443/udp
ufw allow 7080/tcp
ufw allow 22/tcp

Now let’s enable UFW. Type y in the question

root@helpsysadmin:~# ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y

Done! now we have UFW active and filtering the ports we reported.

Installing OpenLiteSpeed

Let’s install OpenLiteSpeed through the Repository

wget -O - http://rpms.litespeedtech.com/debian/enable_lst_debian_repo.sh | bash

Update repository list and install OpenLiteSpeed

apt update
apt install openlitespeed -y

After installation we will change the password. There are two ways to do this.

The first is to use the OpenLiteSpeed panel and with the default username and password (user: admin password: 123456) change your password.

The second is the one I recommend, at least knowing, as it will be very useful if one day you lose your admin password. Through the shell follow the steps below

cd /usr/local/lsws/admin/misc
./admpass.sh

In
User name[admin] : leave blank just hit enter
then enter twice the password you want to use.

This method is very useful if one day you lose your administration password.

To access the administration of OpenLiteSpeed use: https://ipdoseserver:7080

Installing PHP 7.4 and Extensions


By default, OpenLiteSpeed installs PHP 7.3.

For didactic purposes and improvements, let’s install PHP 7.4 and set it as default in OpenLiteSpeed.

Install PHP 7.4 and extensions

apt install -y lsphp74 lsphp74-apcu lsphp74-common lsphp74-curl lsphp74-dbg lsphp74-dev lsphp74-igbinary lsphp74-imagick lsphp74-imap lsphp74-intl lsphp74-ioncube lsphp74-json lsphp74-ldap lsphp74-memcached lsphp74-modules-source lsphp74-msgpack lsphp74-mysql lsphp74-opcache lsphp74-pear lsphp74-pgsql lsphp74-pspell lsphp74-redis lsphp74-snmp lsphp74-sqlite3 lsphp74-sybase lsphp74-tidy

Installing MariaDB 10.4

Installing the MariaDB 10.4 repository

apt-get install software-properties-common dirmngr apt-transport-https
apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc'
add-apt-repository 'deb [arch=amd64,arm64,ppc64el] https://espejito.fder.edu.uy/mariadb/repo/10.4/ubuntu focal main'

Installing MariaDB 10.4

apt update
apt install mariadb-server

Run the script for MariaDB security

mysql_secure_installation
Enter current password for root (enter for none): ( PRESSIONE ENTER )
Set root password? [Y/n] Y
New password: Digite a senha desejada para o root do mariadb
Re-enter new password: Digite novamente a senha para o root do mariadb
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y	

Enable and start MariaDB

systemctl enable mariadb
systemctl start mariadb
systemctl status mariadb

OpenLiteSpeed vhost setup to host our first domain

In this step, we need a domain that we will point to the IP of our server. In our example we are using a domain “helpsysadmin.ml” that uses cloudflare services.

In your DNS provider create a type A entry of your domain name for your OpenLiteSpeed server IP and another CNAME www entry for your domain name.

Creating Virtual Host in OpenLiteSpeed

Access OpenLiteSpeed administration https://ipdoseserver:7080 and then Virtual Hosts , click the Add icon

save Changes

Add the configuration below

VariablesValue
Virtual Host Namehelpsysadmin.ml
Virtual Host Root$SERVER_ROOT/helpsysadmin.ml/
Config File$SERVER_ROOT/conf/vhosts/$VH_NAME/helpsysadmin.ml.conf
Follow Symbolic Linkyes
Enable Scripts/ExtAppsyes
Restrainedyes
ExtApp Set UID ModeServer UID

At the top of the page click save . You will see a message that the .conf file does not exist. Below there will be the option to create the .conf file where you must click ” CLICK TO CREATE ” then you will be able to save this part.

save Changes

When we click on “CLICK TO CREATE” Openlitespeed creates a virtual host configuration file that allows us to save the settings

The final settings should be similar to the image

Once our virtual host has been created, go back to Virtual Hosts –> click on Virtual Host (helpsysadmin.ml) –> select the General tab and modify the settings as shown below.

VariablesValue
Document Root $VH_ROOT/html/
domain namehelpsysadmin.ml
Enable Compressionyes

save Changes

save Changes

Again go to Virtual Hosts> click on your Virtual Host (helpsysadmin.ml) –> General and edit Index Files

VariablesValue
Use Server Index Files At the
Index Filesindex.html, index.php
Auto IndexAt the
Auto Index URI
save Changes

Again go to Virtual Hosts > click on your Virtual Host (helpsysadmin.ml) –> Log and edit Virtual Host Log

VariablesValue
Use Server’s Logyes
File Name$VH_ROOT/logs/error.log
log levelERROR
Rolling Size (bytes)10M
save Changes

Again go to Virtual Hosts > click on your Virtual Host (helpsysadmin.ml) –> Log and edit Access Log

VariablesValue
Log ControlOwn Log File
Piped Logger
Log Format
log headers
Rolling Size (bytes)10M
keep days30
log bytes
Compress Archiveyes
save Changes

After creating a Virtual Host for our domain, we need to map it so that we can finally access it.

To do this, go to Listeners , we will create two records, one will be responsible for configuring our domain on port 80 , the other on secure port 443.

Locate the ” Listener List ” menu and right click on the ” + ” sign to add our first Listener.
Fill in the fields according to the table

VariableValue
listener namePorta80
IP AddressANY
Port 80
binding
secureAt the
Notes
save Changes

Now add a new Listener for port 443 as below

VariableValue
listener namePort443
IP AddressANY
Port443
binding
secureyes
Notes
save changes

At this point we have the Listerners for port 80 and 443. Click on the name of one of the Listernes you created, then on ” Virtual Host Mappings ” click on the ” + ” sign.

On the next screen under Virtual Host * select your domain name and below under Domains re-enter your domain name without www or http

save Changes

Perform the same steps with the Porta443 Listener that you created earlier.

Creating folders for logs and website

Access your server’s SSH and type (replace the domain informed by the one you configured in OpenLiteSpeed)

mkdir /usr/local/lsws/helpsysadmin.ml/
mkdir /usr/local/lsws/helpsysadmin.ml/{html,logs}

Before proceeding, let’s restart OpenLiteSpeed and install a Let’s Encrypt SSL certificate for the domain.

It is important that your domain is pointing to the IP of your server as we informed at the beginning of this post

Access the dashboard and restart the OLS

Access your server’s SSH and install certbot

apt install certbot -y

Run certbot and answer the questions as below adapting for your domain

certbot certonly
How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel): helpsysadmin.ml
Input the webroot for helpsysadmin.ml: /usr/local/lsws/helpsysadmin.ml/html

If everything went well, you will see a message informing you that Certificate and Key were created, save this information. Let’s use them next

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/helpsysadmin.ml/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/helpsysadmin.ml/privkey.pem
   Your cert will expire on 2021-04-27. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Go back to the OpenLiteSpeed dashboard under Virtual Hosts >> helpsysadmin.ml and select the SSL tab.

Edit SSL Private Key & Certificate

Private Key File is second result when requested certificate

Certificate File is the first result when requested the certificate

save Changes

After saving the changes continue to the SSL tab, let’s make some changes and improvements

Edit SSL Protocol

VariableValue
Protocol VersionTLS v1.2 TLS v1.3
ciphers
Enable ECDH Exchange
Enable DH Key Exchange
DH Parameter
Save the changes and continue to the SSL tab

Edit Security

VariableValue
SSL Renegotiation ProtectionHTTP/2SSL Renegotiation Protectionyes
Enable Session Cacheyes
Enable Session Ticketsyes
Enable SPDY/HTTP2/HTTP3HTTP/3
Enable QUICyes

As this is the first domain with an SSL certificate, we will need to repeat these steps in Listeners , then click on Porta443 and access the SSL tab.
Fill in the fields exactly as you did in Virtual Hosts earlier. At the end save and restart OpenLiteSpeed from the panel.

Note: For the next domains you host, you will need to inform the SSL settings only on the Virtual Host for the domain.

At this point, if we access our domain with https, we will see a 404 page because we have not sent any files to our account.

We could from this point on how to install WordPress, because as I mentioned at the beginning, OpenLiteSpeed installs php 7.3 by default with some extensions.

We have already installed php 7.4 with important extensions for WordPress, now let’s configure it in OpenLiteSpeed.

Access the OpenLiteSpeed dashboard >> Server Configuration ,
select External App and under External Applications click on the ” + ” symbol then under Type Select LiteSpeed SAPI App

Then click on the Next icon

Fill in the fields according to the table below:

VariableValue
Name *lsphp74
Address *uds://tmp/lshttpd/lsphp74.sock
Notes
Max Connections *10
EnvironmentPHP_LSAPI_CHILDREN=10
LSAPI_AVOID_FORK=200M
Initial Request Timeout (secs) *60
Retry Timeout (secs) *0
Persistent Connectionyes
Connection Keep-Alive Timeout
Response Buffering *At the
Start By Server *Yes (Through CGI Daemon)
Commandlsphp74/bin/lsphp
Back Log100
instances1
Run As User
Run As Group
umask
Run On Start Up
Max Idle Time
priority0
Memory Soft Limit (bytes)2047M
Memory Hard Limit (bytes)2047M
Process Soft Limit1400
Process Hard Limit1400

Save the changes and click on the “Script Handler” tab. This tab is currently configured to run php 7.3. We are going to make changes so that our applications use the php 7.4 we just configured from now on.

In the Actions column, find and click the “Edit” icon

In “Handler Name *” change to lsphp74 and then click “Save” and restart OpenLiteSpeed so that the settings are activated.

The next step is WordPress. Before we leave OpenLiteSpeed , let’s enable .htaccess support which will be very important in WordPress.

In Server Configuration> General
Find and edit Rewrite Control
Change Auto Load from .htaccess to Yes and save the change.

Now, in the Virtual Host menu, select the record for your domain.
Locate the ” Rewrite ” tab and edit ” Rewrite Control

VariableValue
Enable Rewriteyes
Auto Load from .htaccessyes
log level

Save changes, restart OpenLiteSpeed.

Installing WordPress and Litespeed LS CACHE Plugin

Access ssh as root on your server and then the directory where your site files will be. save wordpress files

cd /usr/local/lsws/helpsysadmin.ml/html/
wget https://br.wordpress.org/latest-pt_BR.tar.gz
tar -xzvf latest-pt_BR.tar.gz
mv wordpress/* . 

Creating Database and User for WordPress with MariaDB

Access MariaDB with the root user and password you set when you installed MariaDB above

mysql -u root -pSENHAROOT

create the database

CREATE DATABASE wordpress DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;

Next we will create a user (wordpress_user) with all permissions in this database and set the password. I suggest using a secure username and password. Keep this information, we will use it later.

GRANT ALL ON wordpress.* TO 'wordpress_user'@'localhost' IDENTIFIED BY 'senha';

We have a database and a user with full access to this database to use in WordPress. Now we need to run the following command to reload the tables and let the current MySQL instance know about the changes you’ve made:

FLUSH PRIVILEGES;

Now, let’s exit MariaDB.

EXIT;

Go back to the directory where the WordPress files are, create the .htaccess file, change the user and group of the files to nobody and nogroup. By default OpenLiteSpeed runs as “user(nobody) : group(nogroup)”, so that we don’t have permissions problems these changes are necessary

cd /usr/local/lsws/helpsysadmin.ml/html/
touch .htaccess
chown nobody.nogroup .htaccess
chown -R nobody.nogroup 

Access the domain you have configured in your web browser.
Example: https://helpsysadmin.ml

You’ll see a page explaining what’s next in the WordPress setup. Click ” Let’s Go
On the next page, fill in the name of the database you created, username and password. Click next.

A message will be displayed informing that it was not possible to create the wp-config.php file and in the table below the content that this file should have. Copy the content, go back to the location of your files, create wp-config.php and paste the previous content. Save the changes and reset your domain configuration in your browser

cd /usr/local/lsws/helpsysadmin.ml/html
nano wp-config.php

In this part you must inform the admin user name, password and e-mail, click on proceed!

Your WordPress is now installed.

Now I would like to briefly address a powerful plugin for Openlitespeed and Litespeed users. It is an excellent plugin with basic and advanced features. I suggest spending some time figuring out what works and what doesn’t for your site. Locate the LiteSpeed Cache plugin.

This was a long post, but I thought it was necessary to address these issues with quality and not just another one on the Web. Hope you like it and leave comments below.