How to install and configure OpenLiteSpeed ​​server on Fedora 31 and MariaDB

OpenLiteSpeed ​​is a lightweight open source version of LiteSpeed ​​Server developed by LiteSpeed ​​Technologies. It supports Apache Rewrite rules, HTTP / 2 and HTTP / 3, and TLS v1.3 and QUIC protocols. It comes with a WebGUI-based Administration panel that makes it different from other servers and easier to manage.

In this tutorial, we will learn how to install OpenLiteSpeed ​​Server on Fedora 31 as well as PHP 7.4 and MariaDB servers.

prerequisites

• Web server based on Fedora 31.

• A non-root user account with sudo privileges.

• Update your system.

  $ sudo dnf update
  

• libnsl package. This package contains the common client interface for the NIS service. To install it, issue the following command.

  $ sudo dnf install libnsl -y
  

Step 1-Configure the firewall

Before starting this tutorial, we need to configure the Fedora firewall, which is usually enabled by default. Let’s first check the status of the firewall.

$ sudo systemctl status firewalld

If that doesn’t work, enable the firewall.

$ sudo systemctl start firewalld

Next, we need to enable SSH, HTTP, HTTPS and ports 7080, 8088 for the firewall.

$ sudo firewall-cmd --permanent --add-service=ssh
$ sudo firewall-cmd --permanent --add-service=http
$ sudo firewall-cmd --permanent --add-service=https
$ sudo firewall-cmd --permanent --add-port=7080/tcp
$ sudo firewall-cmd --permanent --add-port=8088/tcp

Once complete, you can see a list of exemptions to be implemented.

$ sudo firewall-cmd --permanent --list-all

When you are satisfied with the changes, reload the firewall for the changes to take effect.

$ sudo firewall-cmd --reload

Enable the firewall so that it will reload every time it starts.

$ sudo systemctl enable firewalld

Step 2-install OpenLiteSpeed

Run the following command to download the OpenLiteSpeed ​​binary package from the website. At the time of this writing, the latest version available is 1.6.4. Check the latest version from the download page and change the URL as needed.

$ wget https://openlitespeed.org/packages/openlitespeed-1.6.4.tgz

Extract files.

$ tar -zxvf openlitespeed-1.6.4.tgz

Switch to openlitespeed Directory and run the installation script.

$ cd openlitespeed
$ sudo ./install.sh

Start the web server.

$ sudo /usr/local/lsws/bin/lswsctrl start

Check the status of the server.

$ sudo /usr/local/lsws/bin/lswsctrl status

turn on http: //: 8088 Access your web server. You should see the following page.

Step 3-install PHP

The OpenLiteSpeed ​​server comes with pre-enabled PHP 5.6. But we are going to use PHP 7.4, so we will install a copy.

Install the REMI repository, which is the official Fedora repository for installing PHP packages.

$ sudo dnf -y install https://rpms.remirepo.net/fedora/remi-release-31.rpm

Enable remi with remi-php74 Repository and disabled remi-modular database. This will enable the repositories required to install the PHP 7.4 package.

$ sudo dnf config-manager --set-enabled remi
$ sudo dnf config-manager --set-enabled remi-php74
$ sudo dnf config-manager --set-disabled remi-modular

Install PHP 7.4 and some other packages.

$ sudo dnf install php php-mysqlnd php-gd php-mcrypt php-bcmath php-litespeed

Verify your PHP installation.

$ php -v
PHP 7.4.0 (cli) (built: Nov 26 2019 20:13:36) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
   with Zend OPcache v7.4.0, Copyright (c), by Zend Technologies

You can check which PHP modules are enabled.

$ php --modules

Later, we will configure PHP for use with OpenLiteSpeed.

Step 4-install MariaDB

Install MariaDB server.

$ sudo dnf install mariadb-server

Start and enable MariaDB service.

$ sudo systemctl start mariadb
$ sudo systemctl enable mariadb

Protect your MariaDB installation. This script will set your root password, delete anonymous users, prohibit remote root logins and delete the test table. Choose a strong password and follow the instructions below to answer the question.

$ sudo mysql_secure_installation
[sudo] password for username: 

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB 
root user without the proper authorisation.

Set root password? [Y/n] y
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

Once this is done, you can log in to MySQL Shell using the following command.

$ sudo mysql -u root -p

Create a test database and user with access. Replace testdb with testuser Use a name that suits your settings. Replace password Have a strong password.

CREATE DATABASE testdb;
CREATE USER 'testuser' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON testdb.* TO 'testuser';
FLUSH PRIVILEGES;

Exit MySQL Shell.

exit

Step 5-configure OpenLiteSpeed

Configuration Management Panel

Set administrator panel credentials.

$ sudo /usr/local/lsws/admin/misc/admpass.sh

You can use this command to set a username and password. You can also use this command if you forget your login details.

To access the admin panel, open http: //: 7080.

Switch HTTP port back to 80

Let’s change the default HTTP port to 80. Sign in to your admin panel at http: //: 7080 Use the credentials you just created.

The following screens will greet you.

Access the “Visitors” section from the left. You will see that the port of the default listener is 8080.

Click on view Button to see detailed configuration. On the next page Listener default> regular pageClick Edit icon And change the port from 8088 to 80.

Click Save and restart the server by clicking. Smooth restart Button.

Step 6-configure PHP

In this step, we need to associate a copy of PHP 7.4 with the server.

Click on server configuration On the left and then on the label External application. You will see an existing PHP 5.6 LiteSpeed ​​application. We will create our own LiteSpeed ​​application for PHP 7.4. If you want, you can easily switch between them later.

Click the Add button to create a new application. For type, select LiteSpeed ​​SAPI application Then click Next.

Next, add the following configuration. Leave all other fields blank.

Name: lsphp74
Address: uds://tmp/lshttpd/lsphp.sock
Max Connections: 35
Environment: PHP_LSAPI_MAX_REQUESTS=500
             PHP_LSAPI_CHILDREN=35
			LSAPI_AVOID_FORK=200M
Initial Request Timeout (secs): 60
Retry Timeout : 0
Persistent Connection: Yes
Response Buffering: no
Start By Server: Yes(Through CGI Daemon)
Command: /usr/bin/lsphp
Back Log: 100
Instances: 1
Priority: 0
Memory Soft Limit (bytes): 2047M
Memory Hard Limit (bytes): 2047M
Process Soft Limit: 1400
Process Hard Limit: 1500

Click “Save” when done.

Now that we have created our own PHP 7.4-based application, we need to tell the server to start using it.

Go to Script handler Label and edit lsphp handler. Switch handle name to lsphp74 From the drop-down menu.

Click Save and restart the server by clicking. Smooth restart Button.

To test if your PHP has switched correctly, visit http: ///phpinfo.php In your browser.

Step 7- set up virtual hosting

First, we need to create a directory for the virtual host.

$ sudo mkdir /usr/local/lsws/example.com/{html,logs} -p

of html The directory will hold public files, logs The directory will contain server logs.

Next, open the management console and access Web hosting Section and click the Add button.

Fill in the specified value

Virtual Host Name: example.com
Virtual Host Root: $SERVER_ROOT/example.com/
Config File: $SERVER_ROOT/conf/vhosts/$VH_NAME/vhconf.conf
Follow Symbolic Link: Yes
Enable Scripts/ExtApps: Yes
Restrained: Yes
External App Set UID Mode: Server UID

Click the “Save” button when done. Since the profile does not currently exist, you will receive the following error. Click the link to create a profile.

Click the Save button again to complete the creation of the virtual host.

After creating the virtual host, go to Web Hosting-> Select Web Host (example.com)-> General And modify it according to the given configuration.

Document Root: $VH_ROOT/html/
Domain Name: example.com
Enable Compression: Yes

Click the “Save” button when done. Next, we need to set up the index file. Click the Edit button for Index File under the General section. Set the following options.

Use Server Index Files: No
Index files: index.php, index.html, index.htm
Auto Index: No

Click “Save” when done. Next, we need to select the log file. Go to the log section and click on Web Host Log And fill in the following values.

Use Server’s Log: Yes
File Name: $VH_ROOT/logs/error.log
Log Level: ERROR
Rolling Size (bytes): 10M

You can choose the log level as debugging If you are using a production / development machine.

Click save and open Access log section. Fill in the following values.

Log Control: Own Log File
File Name: $VH_ROOT/logs/access.log
Piped Logger: Not Set
Log Format: Not Set
Log Headers: Not Set
Rolling Size (bytes): 10M
Keep Days: 30
Bytes log: Not Set
Compress Archive: Yes

Click “Save” when done. Next, we need to configure Access control under Safety section. Set the following values.

Allowed List: *
Denied List: Not set

Click “Save” when done. Next, we need to set up a script handler. Set the following values.

Suffixes: php
Handler Type: LiteSpeed SAPI
Handler Name: [Server Level]: lsphp74

Next, we need to set Rewrite control Under the rewrite section. Set the following values.

Enable Rewrite: Yes
Auto Load from .htaccess: Yes
Log Level: Not Set

Finally, we need to set up the listener. Go to the “Listener” section and click the “View” button Default listener. Then, click the add button Virtual host mapping Add a new mapping and set the following values.

Virtual Host: example.com
Domains: example.com

Click “Save” when done. Now, click the “Normal Restart” button to apply all the above changes and restart the server.

Step 8- set up SSL

To use “Let’s Encrypt”, we need to install the Certbot tool.

$ sudo dnf install certbot

Obtain an SSL certificate.

$ sudo certbot certonly --webroot -w /usr/local/lsws/example.com/html/ -d example.com

Follow the interactive prompt.

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org

-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree
in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel: A

-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
-------------------------------------------------------------------------------
(Y)es/(N)o: N
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for example.com
Using the webroot path /usr/local/lsws/example.com/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/example/fullchain.pem. Your key file has 
   been saved at:
   /etc/letsencrypt/live/linode.nspeaks.com/privkey.pem Your cert will
   expire on 2020-03-07. To obtain a new or tweaked version of this
   certificate in the future, simply run certbot again. To
   non-interactively renew *all* of your certificates, run "certbot
   renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Now open the admin console and go to Listener >> add new listener And add the following values.

Listener Name: SSL
IP Address: ANY
Port: 443
Secure: Yes

Click “Save” when done. Next, go to Virtual host mapping Next part SSL listenerClick the Add button and fill in the following values.

Virtual Host: example.com
Domains: example.com

Click “Save” when done.

Go next Listener >> SSL Listener >> SSL Tab >> SSL Private Key and Certificate (Edit button) and fill in the following values

Private Key File: /etc/letsencrypt/live/example.com/privkey.pem
Certificate File: /etc/letsencrypt/live/example.com/fullchain.pem
Chained Certificate: Yes

Click “Save” when done. Restart the server by clicking the normal restart button.

Step 9-test site

Create a test file in your computer html table of Contents.

$ sudo nano /usr/local/lsws/example.com/html/index.php

Paste the following code into the Nano editor.

    
OpenLiteSpeed Server Install Test

    
    Hello,
';

    // Define PHP variables for the MySQL connection.
    $servername = "localhost";
    $username = "testuser";
    $password = "password";

    // Create a MySQL connection.
    $conn = mysqli_connect($servername, $username, $password);

    // Report if the connection fails or is successful.
    if (!$conn) {
        exit('
Your connection has failed.
' .  mysqli_connect_error());
    }
    echo '
You have connected successfully.
';
    ?>

Visit your website at https://example.com In your browser, you should see the following page.

That’s all for this tutorial. If you have any questions, please post them in the comments below.