Login
    How to Install and Configure OpenLiteSpeed Server along with MariaDB and PHP on Ubuntu 20.04

    How to Install and Configure OpenLiteSpeed Server along with MariaDB and PHP on Ubuntu 20.04

    How to Install and Configure OpenLiteSpeed Server along with MariaDB and PHP on Ubuntu 20.04

    OpenLiteSpeed is a lightweight and open-source version of the LiteSpeed Server developed by LiteSpeed Technologies. It comes with a WebGUI based Administration panel which makes it different from other servers and easier to manage.eval(ez_write_tag([[728,90],’howtoforge_com-box-3′,’ezslot_6′,106,’0′,’0′]));

    In this tutorial, we will learn how to install OpenLiteSpeed Server on Ubuntu 20.04 along with PHP 7.4 and MariaDB server.eval(ez_write_tag([[580,400],’howtoforge_com-medrectangle-3′,’ezslot_2′,121,’0′,’0′]));

    Prerequisites

    • Ubuntu 20.04 based web server.

    • A non-root user account with sudo privileges.

    Update your system.

    $ sudo apt update
    $ sudo apt upgrade
    

    Step 1 – Configure Firewall

    Before we begin with the tutorial, we need to configure the Uncomplicated Firewall(UFW) which is usually enabled by default. Let’s check the status of the firewall first.

    We need to enable SSH, HTTP, HTTPS and ports 7080, 8088 for the firewall.

    $ sudo ufw allow OpenSSH
    $ sudo ufw allow http
    $ sudo ufw allow https
    $ sudo ufw allow 7080/tcp
    $ sudo ufw allow 8088/tcp
    

    Check the status of the firewall.

    $ sudo ufw status
    Status: active
    
    To                         Action      From
    --                         ------      ----
    OpenSSH                    ALLOW       Anywhere                  
    80/tcp                     ALLOW       Anywhere                  
    443/tcp                    ALLOW       Anywhere                  
    7080/tcp                   ALLOW       Anywhere                  
    8088/tcp                   ALLOW       Anywhere                  
    OpenSSH (v6)               ALLOW       Anywhere (v6)             
    80/tcp (v6)                ALLOW       Anywhere (v6)             
    443/tcp (v6)               ALLOW       Anywhere (v6)             
    7080/tcp (v6)              ALLOW       Anywhere (v6)             
    8088/tcp (v6)              ALLOW       Anywhere (v6)     
    

    If it is not working, then start the firewall.

    $ sudo ufw enable
    

    Step 2 – Install OpenLiteSpeed

    There are various versions of OpenLiteSpeed you can install. Recommended versions are from the 1.6.x or 1.7.x series at the time of writing this tutorial.

    We will use OpenLiteSpeed’s official Repository for our tutorial which maintains 1.6.x version only.

    Add the OpenLiteSpeed Repository Key.eval(ez_write_tag([[580,400],’howtoforge_com-medrectangle-4′,’ezslot_1′,108,’0′,’0′]));

    $ wget -qO - https://rpms.litespeedtech.com/debian/lst_repo.gpg | sudo apt-key add -
    

    Add the Repository.

    $ echo "deb http://rpms.litespeedtech.com/debian/ focal main" | sudo tee /etc/apt/sources.list.d/openlitespeed.list
    

    Update the Repository.

    $ sudo apt update
    

    Install OpenLiteSpeed

    $ sudo apt install openlitespeed
    

    Check the status of the server.

    $ sudo /usr/local/lsws/bin/lswsctrl status
    litespeed is running with PID 21825.
    

    If it is not running, you can start with the following command.

    $ sudo /usr/local/lsws/bin/lswsctrl start
    

    Open http://<YOURSERVERIP>:8088 to access your web server. You should see the following page.

    OpenLiteSpeed Default Page

    Step 3 – Install PHP

    OpenLiteSpeed server ships with PHP 7.3 which is pre-enabled. But we want to use PHP 7.4 so we will install our own copy.

    Install PHP 7.4 along with some additional packages.

    $ sudo apt install lsphp74 lsphp74-common lsphp74-mysql lsphp74-curl
    

    Verify your PHP installation.

    $ /usr/local/lsws/lsphp74/bin/php7.4 -v
    PHP 7.4.5 (cli) (built: May  7 2020 23:08:38) ( NTS )
    Copyright (c) The PHP Group
    Zend Engine v3.4.0, Copyright (c) Zend Technologies
        with Zend OPcache v7.4.5, Copyright (c), by Zend Technologies
    

    You can check for the enabled PHP modules.

    $ /usr/local/lsws/lsphp74/bin/php7.4 --modules
    

    We will configure PHP to work with OpenLiteSpeed later.

    Step 4 – Install MariaDB

    Install MariaDB server.

    $ sudo apt install mariadb-server
    

    Start and enable the MariaDB service.

    $ sudo systemctl start mariadb
    $ sudo systemctl enable mariadb
    

    Secure your MariaDB installation. This script will set your root password, remove anonymous users, disallow remote root login and drop test tables. Choose a strong password and answer the questions as described below.

    $ sudo mysql_secure_installation
    [sudo] password for username: 
    
    NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
    SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!
    
    In order to log into MariaDB to secure it, we'll need the current
    password for the root user.  If you've just installed MariaDB, and
    you haven't set the root password yet, the password will be blank,
    so you should just press enter here.
    
    Enter current password for root (enter for none): 
    OK, successfully used password, moving on...
    
    Setting the root password ensures that nobody can log into the MariaDB 
    root user without the proper authorisation.
    
    Set root password? [Y/n] y
    New password: 
    Re-enter new password: 
    Password updated successfully!
    Reloading privilege tables..
     ... Success!
    
    By default, a MariaDB installation has an anonymous user, allowing anyone
    to log into MariaDB without having to have a user account created for
    them.  This is intended only for testing, and to make the installation
    go a bit smoother.  You should remove them before moving into a
    production environment.
    
    Remove anonymous users? [Y/n] y
     ... Success!
    
    Normally, root should only be allowed to connect from 'localhost'.  This
    ensures that someone cannot guess at the root password from the network.
    
    Disallow root login remotely? [Y/n] y
     ... Success!
    
    By default, MariaDB comes with a database named 'test' that anyone can
    access.  This is also intended only for testing, and should be removed
    before moving into a production environment.
    
    Remove test database and access to it? [Y/n] y
     - Dropping test database...
     ... Success!
     - Removing privileges on test database...
     ... Success!
    
    Reloading the privilege tables will ensure that all changes made so far
    will take effect immediately.
    
    Reload privilege tables now? [Y/n] y
     ... Success!
    
    Cleaning up...
    
    All done!  If you've completed all of the above steps, your MariaDB
    installation should now be secure.
    
    Thanks for using MariaDB!
    

    Once this is done, you can log in to the MySQL shell using the following command.

    $ sudo mysql -u root -p
    

    Create a test database and user with access permission. Replace testdb and testuser with appropriate names for your setup. Replace password with a strong password.

    CREATE DATABASE testdb;
    CREATE USER 'testuser' IDENTIFIED BY 'password';
    GRANT ALL PRIVILEGES ON testdb.* TO 'testuser';
    FLUSH PRIVILEGES;
    

    Exit the MySQL shell.

    exit
    

    Step 5 – Configure OpenLiteSpeed

    Configure Admin Panel

    Set the Administrator panel credentials.

    $ sudo /usr/local/lsws/admin/misc/admpass.sh
    Please specify the user name of administrator.
    This is the user name required to login the administration Web interface.
    
    User name [admin]: <username>
    
    Please specify the administrator's password.
    This is the password required to login the administration Web interface.
    
    Password: 
    Retype password: 
    Administrator's username/password is updated successfully!
    

    You can also use this command in case you forget your login details.

    To access the administration panel, open http://<YOURSERVERIP>:7080.

    On your first login, your browser will give warnings saying your connection is not private. Click Advanced and click “Accept the risk and Continue” (in case of Firefox) or “Proceed to <YOURSERVERIP>(unsafe)” (in case of Chromium-based browser). You won’t see the warning again.

    You will be greeted by the following screen.

    OpenLiteSpeed Login Page

    Switch HTTP port back to 80

    Let us change the default HTTP port to 80. Log in to your administration panel at http://<YOURSERVERIP>:7080 with the credentials you just created.

    You will be greeted by the following screen.

    OpenLiteSpeed Admin Home

     Visit Listeners section from the left. You will see the default listeners with port 8080.

    OpenLiteSpeed Listeners

    Click the View button to see details configuration. On the next page under Listener Default > General Page, click on the Edit icon and change the port from 8080 to 80.

    OpenLiteSpeed Default Listener

    OpenLiteSpeed Listener Edit

    Click Save and then restart the server by clicking on the Graceful restart button.

    OpenLiteSpeed Restart Server

    Step 6 – Configure PHP

    In this step, we need to associate our copy of PHP 7.4 with the server.

    Click on Server Configuration section on the left and then on the tab External App. You will see an existing LiteSpeed App for PHP 7.3. We will create our own LiteSpeed App for PHP 7.4. You can easily switch between them later on if you want.

    External Applications

    Click on the Add button to create a new app. For the type, select LiteSpeed SAPI App and click on Next.

    External App Configuration

    Next, add the configuration below. Leave all the other fields blank.

    Name: lsphp74
    Address: uds://tmp/lshttpd/lsphp.sock
    Max Connections: 35
    Environment: PHP_LSAPI_MAX_REQUESTS=500
                 PHP_LSAPI_CHILDREN=35
                 LSAPI_AVOID_FORK=200M
    Initial Request Timeout (secs): 60
    Retry Timeout : 0
    Persistent Connection: Yes
    Response Buffering: no
    Start By Server: Yes(Through CGI Daemon)
    Command: lsphp74/bin/lsphp
    Back Log: 100
    Instances: 1
    Priority: 0
    Memory Soft Limit (bytes): 2047M
    Memory Hard Limit (bytes): 2047M
    Process Soft Limit: 1400
    Process Hard Limit: 1500
    

    Click Save when finished.

    LiteSpeed SAPI App

    Now that we have created our own PHP 7.4 based app, we need to tell the server to start using it.

    Go to the Script Handler tab and edit the lsphp handler. Switch the Handle name to lsphp74 from the drop-down menu.

    Script Handler Definition

    Click Save and then restart the server by clicking on the Graceful restart button.

    To test whether your PHP has been switched correctly, visit http://<YOURSERVERIP>/phpinfo.php in your browser.

    PHP Info

    Step 7 – Setup Virtual Host

    First, we need to create directories for our virtual host.

    $ sudo mkdir /usr/local/lsws/example.com/{html,logs} -p
    

    The html directory will hold the public files and the logs directory will contain server logs.

    Next, open the Admin console and access the Virtual Hosts section from the left and click the Add button.

    Virtual Hosts Summary

    Fill in the values as specified

    Virtual Host Name: example.com
    Virtual Host Root: $SERVER_ROOT/example.com/
    Config File: $SERVER_ROOT/conf/vhosts/$VH_NAME/vhconf.conf
    Follow Symbolic Link: Yes
    Enable Scripts/ExtApps: Yes
    Restrained: Yes
    External App Set UID Mode: Server UID
    

    Virtual Host Settings

    Click on the Save button when finished. You will get the following error because the configuration file doesn’t exist as of now. Click on the link to create the configuration file.

    Virtual Host Configuration

    Click the Save button again to finish creating the Virtual Host.

    Once the virtual host is created, go to Virtual Hosts -> Choose Virtual Host(example.com) -> General and modify the configuration as given.

    Document Root: $VH_ROOT/html/
    Domain Name: example.com
    Enable Compression: Yes
    

    Virtual Host General Section

    Click the Save button when finished. Next, we need to setup index files. Click the edit button against Index files below the General Section. Set the following options.

    Use Server Index Files: No
    Index files: index.php, index.html, index.htm
    Auto Index: No
    

    OpenliteSpeed Index Files

    Click Save when done. Next, we need to choose Log files. Go to the Log section and click Edit against Virtual Host Log and fill the following values.

    Use Server’s Log: Yes
    File Name: $VH_ROOT/logs/error.log
    Log Level: ERROR
    Rolling Size (bytes): 10M
    

    Virtual Host Log

    You can choose the Log Level as DEBUG if you are on a production/development machine.

    Click Save and then click the plus sign in the Access Log section to add a new entry. Fill in the following values.

    Log Control: Own Log File
    File Name: $VH_ROOT/logs/access.log
    Piped Logger: Not Set
    Log Format: Not Set
    Log Headers: Not Set
    Rolling Size (bytes): 10M
    Keep Days: 30
    Bytes log: Not Set
    Compress Archive: Yes
    

    OpenliteSpeed Access Log

    Click Save when done. Next, we need to configure Access Control under the Security section. Set the following Values.

    Allowed List: *
    Denied List: Not set
    

    OpenliteSpeed Access Control

    Click Save when done. Next, we need to set the Script Handler Definition. Set the following values.

    Suffixes: php
    Handler Type: LiteSpeed SAPI
    Handler Name: [Server Level]: lsphp74
    

    Script Handler Definition

    Next, we need to set Rewrite Control under Rewrite section. Set the following values.

    Rewrite Control

    And at last, we need to set the Listeners. Go to the Listeners section and click on View button against Default Listener. Then, click on the Add button against Virtual Host Mappings to add a new mapping and set the following values.

    Virtual Host Mappings

    Click Save when done. Now, click on the Graceful restart button to apply all the changes above and restart the server.

    Step 8 – Setup SSL

    Setting up SSL in OpenLiteSpeed requires us to set up two certificates. A self-signed certificate for the overall server and a Let’s Encrypt site-specific server.

    Let us create the Self Signed Certificate first.

    $ openssl req -x509 -days 365 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes
    Generating a RSA private key
    ..++++
    ......................++++
    writing new private key to 'key.pem'
    -----
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [AU]:
    State or Province Name (full name) [Some-State]:
    Locality Name (eg, city) []:
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:
    Organizational Unit Name (eg, section) []:
    Common Name (e.g. server FQDN or YOUR name) []:
    Email Address []:
    

    You can press enter through all the fields and leave them empty.

    The certificates are now stored at /home/user directory. We will need this information later.

    To use Let’s Encrypt, we need to install the Certbot tool.

    $ sudo apt install certbot
    

    Obtain the SSL certificate.

    $ sudo certbot certonly --webroot -w /usr/local/lsws/example.com/html/ -d example.com
    

    Follow the Interactive prompt.

    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Plugins selected: Authenticator webroot, Installer None
    Enter email address (used for urgent renewal and security notices) (Enter 'c' to
    cancel): [email protected]
    Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
    
    -------------------------------------------------------------------------------
    Please read the Terms of Service at
    https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree
    in order to register with the ACME server at
    https://acme-v02.api.letsencrypt.org/directory
    -------------------------------------------------------------------------------
    (A)gree/(C)ancel: A
    
    -------------------------------------------------------------------------------
    Would you be willing to share your email address with the Electronic Frontier
    Foundation, a founding partner of the Let's Encrypt project and the non-profit
    organization that develops Certbot? We'd like to send you email about our work
    encrypting the web, EFF news, campaigns, and ways to support digital freedom.
    -------------------------------------------------------------------------------
    (Y)es/(N)o: N
    Obtaining a new certificate
    Performing the following challenges:
    http-01 challenge for example.com
    Using the webroot path /usr/local/lsws/example.com/html for all unmatched domains.
    Waiting for verification...
    Cleaning up challenges
    
    IMPORTANT NOTES:
     - Congratulations! Your certificate and chain have been saved at:
       /etc/letsencrypt/live/example/fullchain.pem. Your key file has 
       been saved at:
       /etc/letsencrypt/live/linode.nspeaks.com/privkey.pem Your cert will
       expire on 2020-09-04. To obtain a new or tweaked version of this
       certificate in the future, simply run certbot again. To
       non-interactively renew *all* of your certificates, run "certbot
       renew"
     - Your account credentials have been saved in your Certbot
       configuration directory at /etc/letsencrypt. You should make a
       secure backup of this folder now. This configuration directory will
       also contain certificates and private keys obtained by Certbot so
       making regular backups of this folder is ideal.
     - If you like Certbot, please consider supporting our work by:
    
       Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
       Donating to EFF:                    https://eff.org/donate-le
    

    Now open the Admin console and go to Listeners >> Add New Listener and add the following values.

    Listener Name: SSL
    IP Address: ANY
    Port: 443
    Secure: Yes
    

    SSL Listener

    Click Save when done. Next, go to Virtual Host Mappings section under the SSL Listener by clicking on SSL, click on the Add button and fill the following values.

    Virtual Host: example.com
    Domains: example.com
    

    Virtual Host Mapping

    Click Save when done.

    Next, go to Listeners >> SSL Listener >> SSL Tab >>SSL Private Key & Certificate (Edit button) and fill the following values for the self-signed certificate we created before.

    Private Key File: /home/user/key.pem
    Certificate File: /home/user/cert.pem
    Chained Certificate: Yes
    

    Self Signed SSL Key and Certificate

    Next go to Virtual Hosts >> example.com >> SSL Tab >> SSL Private Key & Certificate (Edit button) and fill the following values with the Let’s Encrypt Certificate.

    Private Key File: /etc/letsencrypt/live/example.com/privkey.pem
    Certificate File: /etc/letsencrypt/live/example.com/fullchain.pem
    Chained Certificate: Yes
    

    Let's Encrypt SSL Key and Certificate

    Click Save when finished.

    Restart the server by clicking on the Graceful restart button.

    Step 9 – Test Site

    Create a Test file in your html directory.

    $ sudo nano /usr/local/lsws/example.com/html/index.php
    

    Paste the following code in the Nano editor.

    <html>
    <head>
        <h2>OpenLiteSpeed Server Install Test</h2>
    </head>
        <body>
        <?php echo '<p>Hello,</p>';
    
        // Define PHP variables for the MySQL connection.
        $servername = "localhost";
        $username = "testuser";
        $password = "password";
    
        // Create a MySQL connection.
        $conn = mysqli_connect($servername, $username, $password);
    
        // Report if the connection fails or is successful.
        if (!$conn) {
            exit('<p>Your connection has failed.<p>' .  mysqli_connect_error());
        }
        echo '<p>You have connected successfully.</p>';
        ?>
    </body>
    </html>
    

    Visit your site at https://example.com in a browser and you should see the following page.

    OpenLiteSpeed Site Test

    That’s all for this tutorial. If you have any questions, shoot them in the comments below.

    Leave a Reply