Tutorial

How to Install OpenLiteSpeed with MariaDB and PHP on Ubuntu 20.04

OpenLiteSpeed is a high-performance, lightweight, open source HTTP server developed and copyrighted by LiteSpeed Technologies. Users are free to download, use, distribute, and modify OpenLiteSpeed and its source code in accordance with the precepts of the GPLv3 license.

In this guide, we will learn how to install OpenLiteSpeed together with PHP 7.4, MariaDB and setup SSL using Let’s Encrypt on Ubuntu 20.04.

Prerequisites

  • Ubuntu Server 20.04

Step 1 – Adjust Firewall

Before we proceed, we need to allow ports used by OpenLiteSpeed such as HTTP, HTTPS as well as 7080 and 8088. So the server would we accessible to the public.

$ sudo ufw allow http
$ sudo ufw allow https
$ sudo ufw allow 7080/tcp
$ sudo ufw allow 8088/tcp

Step 2 – Install and Configure OpenLiteSpeed

Install OpenLiteSpeed

OpenLiteSpeed is not available in the Ubuntu Repository. So we need to add OpenLiteSpeed Official Repository to our system. To do that, use this command.

$ sudo wget -O - http://rpms.litespeedtech.com/debian/enable_lst_debian_repo.sh | sudo bash

And now, Install OpenLiteSpeed.

$ sudo apt install openlitespeed -y

OpenLiteSpeed has been successfully installed now. The Default installation directory is: /usr/local/lsws

The web server should started automatically after it was installed. To check that, we can use this command.

$ sudo /usr/local/lsws/bin/lswsctrl status
Output:
litespeed is running with PID 106310.

If it is not running, you can start with this command.

$ sudo /usr/local/lsws/bin/lswsctrl start

You can now check your newly installed OpenLiteSpeed web server on your favorite web browser to see if it’s working. Enter your domain name or IP address, followed by OpenLiteSpeed’s default HTTP port :8088.

http://domain_name_or_ip_address:8088

You should see an output like this.

OpenLiteSpeed Default Page

Create Administrative Account for WebAdmin Console

In order to login to the OpenLiteSpeed WebAdmin Console, we need to setup a username and password for the admin user. Always remember to use a strong password to prevent hacking incident on your server. Use admpass.sh script to set your login credentials.

$ sudo /usr/local/lsws/admin/misc/admpass.sh
Output:
Please specify the user name of administrator.
This is the user name required to login the administration Web interface.

User name [admin]: your_desired_username

Please specify the administrator's password.
This is the password required to login the administration Web interface.

Password:
Retype password:
Administrator's username/password is updated successfully!

You can also use admpass.sh to reset your login account incase forget your login details.

Now that you’ve successfully Install OpenLiteSpeed, setup your admin account, it’s time to log in and configure the web server. Enter your domain name or IP address, followed by OpenLiteSpeed’s Admin port :7080.

http://domain_name_or_ip_address:7080

You will encounter a warning saying Your connection isn’t private. Ignore it, we will fix it later by setting up a valid SSL certificate.

You should now see a login page like this.

After a successful log in, you should see the admin page similar to the screenshot below.

Change 8088 to Standard HTTP Port

By default, OpenLiteSpeed HTTP port is 8088. We are going to change it back to a standard HTTP port 80 so you can visit your website without specifying 8088 on the URL. On the OpenLiteSpeed WebAdmin Console, Click “Listeners” from the left. You will see the default listener configuration.

Click the “View” button, that will open the listeners configuration page.

On the “Address Settings” under “General” tab, click the “Edit” icon on the upper right.

You can now change the HTTP port from 8088 to 80. After that, click the Save button and then restart the server by clicking the Graceful Restart button.

Step 3 – Install and Configure PHP 7.4

Install PHP 7.4 together with some additional commonly required modules.

$ sudo apt install lsphp74 lsphp74-common lsphp74-mysql lsphp74-curl lsphp74-imagick

Click on Server Configuration on then left then click the External App tab. From the External App click the edit button on the right.

Scroll to Command then change its value from lsphp73/bin/lsphp to lsphp74/bin/lsphp .

Click Save button and restart the server by clicking the Graceful Restart button. PHP 7.4 is now the default PHP version on your web server.

Step 4 – Install MariaDB

Now that you have a web server running, we need to install database system where you can store and manage your website data. Although MySQL is a popular choice, we will use MariaDB because it is faster and open source.

$ sudo apt install mariadb-server mariadb-client

After we install MariaDB, it’s recommended to run the security script where you can set root password, disable remote login access, remove anonymous users and remove test database to further secure your database server.

$ sudo mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

After securing our database, we can now login to MySQL shell using this command.

$ sudo mysql -u root -p

Step 5 – Create Virtual Host

First, you need to create directories for your website.

$ sudo mkdir /usr/local/lsws/jcolideles.tech/{html,logs} -p

Note: Change jcolideles.tech to your domain name.

Go to WebAdmin Console, select Virtual Hosts from the left sidebar menu then click Add button on the right to create new virtual host.

Fill in some values specific for your website.

Virtual Host Name: jcolideles.tech
Virtual Host Root: $SERVER_ROOT/jcolideles.tech/
Config File: $SERVER_ROOT/conf/vhosts/$VH_NAME/vhconf.conf
Follow Symbolic Link: Yes
Enable Scripts/ExtApps: Yes
Restrained: Yes
External App Set UID Mode: Server UID

When you’re finished, click Save. You will get an error because the config file doesn’t exist. Click the CLICK TO CREATE.

Then click the Save button again.

After the Virtual Host is created. Click your newly created Virtual Host then select General tab then click the Edit button to specify the web directory and domain name.

Document Root: $VH_ROOT/html/
Domain Name: jcolideles.tech
Domain Aliases: www.jcolideles.tech
Enable Compression: Yes

Click Save. Next is to setup index files. Click the Edit button on the Index Files group under the General section and fill in the following then click Save.

Use Server Index Files: No
Index files: index.php, index.html
Auto Index: No

Next, Go ahead to Log tab, click the Edit icon on the Virtual Host Log group then fill in the following values and hit save.

Use Server’s Log: Yes
File Name: $VH_ROOT/logs/error.log
Log Level: ERROR
Rolling Size (bytes): 10M

Click Add on the Access Log then fill in the following values and click Save.

Log Control: Own Log File
File Name: $VH_ROOT/logs/access.log
Rolling Size (bytes): 10M
Keep Days: 30
Compress Archive: Yes

Go to Security tab, click Edit on the Access Control then insert * to the Allowed List and click Save to allow public access on our website.

Next, we need to Enable Rewrite Mod and Allow load from .htaccess. Set the the Values for Enable Rewrite and Auto Load from .htaccess to Yes under Rewrite Tab.

Lastly, you need to map domain name on listeners. Got to Listeners, click the Default Listener then click Add on Virtual Host Mappings and select your newly created virtual host and fill in your domain name then click Save.

Click the Graceful Restart button to apply all changes you’ve made on your web server.

Step 6 – Setup Let’s Encrypt SSL

Secure Sockets Layer (SSL) is one of the basics to establish secure connection to a website. It provides secure connection between the client and webserver. For this tutorial, we’re going to use Let’s Encrypt SSL.

To generate Let’s Encrypt SSL, we need to install certbot.

$ sudo apt install certbot

Obtain Let’s Encrypt SSL using the following command. Specify your web root directory.

$ sudo certbot certonly --webroot -w /usr/local/lsws/jcolideles.tech/html/ -d jcolideles.tech -d www.jcolideles.tech

Fill in your email and follow the instructions.

Output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): your_email_address

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for jcolideles.tech
http-01 challenge for www.jcolideles.tech
Using the webroot path /usr/local/lsws/jcolideles.tech/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/jcolideles.tech/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/jcolideles.tech/privkey.pem
   Your cert will expire on 2021-03-28. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Now, lets create a listener port for SSL. Go back to WebAdmin Console, Click Listeners and click Add button and fill in the following then hit Save.

Listener Name: SSL
IP Address: ANY
Port: 443
Secure: Yes

Click your newly created Listener for SSL then click Add on Virtual Host Mappings and select our newly created virtual host and fill in your domain name then click Save.

On your SSL Listener, click SSL tab then click Edit on SSL Private Key & Certificate and fill the following values with the Let’s Encrypt Certificate then click Save.

Private Key File: /etc/letsencrypt/live/jcolideles.tech/privkey.pem
Certificate File: /etc/letsencrypt/live/jcolideles.tech/fullchain.pem
Chained Certificate: Yes

You can also set your SSL on virtual host level in some instances like if you add new virtual host with a different domain. Any SSL settings you set on your virtual host will override the SSL settings on the Listeners section.

Now that you have successfully setup SSL for your website, you may also want to secure your WebAdmin Console with your Let’s Encrypt SSL certificate instead of a default self signed certificate.

Go to WebAdmin Settings click Listeners then select adminListener on the Listener List and click SSL tab.

Click Edit on the SSL Private Key & Certificate under SSL settings tab and change the certificate with your Let’s Encrypt Certificate and Key.

Private Key File: /etc/letsencrypt/live/jcolideles.tech/privkey.pem
Certificate File: /etc/letsencrypt/live/jcolideles.tech/fullchain.pem
Chained Certificate: Yes

Click Save when you’re done then click the Graceful Restart button to apply your settings.

Step 7 – Final Testing

It’s now time to test your web server to verify if all of the configurations we did is properly working.

Lets check if PHP 7.4 is loaded. Create phpinfo file under your web root directory.

$ sudo nano /usr/local/lsws/jcolideles.tech/html/index.php

That will open a blank php file, fill in the php code below.

<?php
phpinfo();
?>

Press CTRL + o to save the CTRL + x to exit. Visit your website at https://your_domain_name.tld on your browser and you should see an output like this verifying that your PHP 7.4 is loaded.

Click on the padlock icon near your address bar to verify if your Let’s Encrypt SSL is working.

Congratulations ! You’ve now successfully installed and configured your OpenLiteSpeed with MariaDB, PHP 7.4 and SSL. Stay tuned for more upcoming tutorials.

Leave a Reply