OpenLiteSpeed is an easy-to-use, open-source web server. It offers unbeatable features and performance to your sites along with top-notch security.
The server understands all the Apache rewrite rules and has intelligent cache acceleration features that let you implement the fastest caching on your server. Apart from all these, you get to install a customized PHP processor that is optimized for the OpenLiteSpeed server.
In this tutorial, we will install the OpenLiteSpeed server on a simple cloud server running Ubuntu 20.04 or CentOS 8.
- Deploying Cloud Server
- Configuring firewall rules
- Installing OpenLiteSpeed server
- Setting the admin password
- Configuring the domain name
- Obtaining SSL certificates
- Enabling HTTPS for the admin panel
- Enabling HTTPS on the frontend
1. Deploying Cloud Server
Go ahead and deploy a new UpCloud server with Ubuntu 20.04 or CentOS 8 by logging in to your UpCloud Control Panel and clicking Deploy server. If you are new to UpCloud, you can get started with the free trial by signing up.
Once you’ve deployed a cloud server, connect to your cloud server using your preferred SSH client.
2. Configuring firewall rules
OpenLiteSpeed uses a couple of non-standard ports which means you need to accept incoming traffic to port 8088 and port 7080 to be able to access the admin panel and the default page of the server.
If you are running Ubuntu, you won’t have a firewall enabled by default but you should set up one for security purposes.
Check that the ufw firewall is installed with the command below.
sudo apt install ufw
Then allow the following ports, set default rule to reject other connections and enable the firewall.
sudo ufw allow 22,53,80,443,7080,8088/tcp sudo ufw default reject sudo ufw enable
CentOS servers come with firewalld enabled out of the box which requires configuration before OpenLiteSpeed can be installed.
Allow HTTP and HTTPS access as well as the custom ports used by OpenLiteSpeed with the commands below. Then reload the firewall rules to enable the changes.
sudo firewall-cmd --add-service={http,https} --permanent
sudo firewall-cmd --add-port={8088/tcp,7080/tcp} --permanent
sudo firewall-cmd --reloadOnce you’ve configured your firewall to allow the necessary ports and services, continue on with the OpenLiteSpeed install itself.
3. Installing OpenLiteSpeed server
Since the OpenLiteSpeed project maintains repositories for both CentOS and Ubuntu, we need not compile it ourselves. Simply add the repository on the server using the commands below.
On Ubuntu, use the script provided by OpenLiteSpeed to add the correct repository to your OS version. Afterwards, update the repo lists.
wget -O - http://rpms.litespeedtech.com/debian/enable_lst_debian_repo.sh | sudo bash sudo apt update
On CentOS, download the repository configuration file. Also, install the extra packages repository and update the repo lists.
sudo rpm -Uvh http://rpms.litespeedtech.com/centos/litespeed-repo-1.1-1.el8.noarch.rpm sudo dnf install epel-release sudo dnf update
Once the repository has been added, the OpenLitespeed server is available for installation using the commands below. In OpenLiteSpeed, we have customized PHP processors. For this tutorial, we will use the latest version of it – lsphp74
For Ubuntu
sudo apt install openlitespeed lsphp74
For CentOS
sudo dnf install openlitespeed lsphp74
We have then installed OpenLiteSpeed and a PHP processor for that. However, we still need to let our server know which PHP processor it should be utilized for normal operations. To do that, create a soft link to the PHP processor we have just installed.
sudo ln -sf /usr/local/lsws/lsphp74/bin/lsphp /usr/local/lsws/fcgi-bin/lsphp5
That’s it! OpenLiteSpeed should now be up and running. However, there are still a few things we need to configure to secure the site.
4. Setting admin password
Just like any other web hosting control panel, the OpenLiteSpeed server has an admin dashboard. To access it securely, create an admin account and set a password using the following command.
sudo /usr/local/lsws/admin/misc/admpass.sh
Once you run the above script, you will be prompted to input the admin username. If you do not type in a username, the system will use the default admin as a username.
The username input is followed by a password. It will then ask you to confirm the password by retyping it. Retype the password and hit enter.
Voila. If the passwords match, you’ll get a confirmation like the output below.
Administrator's username/password is updated successfully!
At this stage, you can visit your server’s default frontend and the admin control panel in your web browser going to the public IP address of your server followed by the port number.
The Frontend (default page)
The backend (admin console) Log in to the Admin panel of your OpenLiteSpeed server. In the login screen, simply put the username and password you created in the previous step and hit the Login button. You’ll then be greeted by the OpenLiteSpeed dashboard view. Once you are logged into the admin dashboard, continue to the next section for further configurations. At this stage, your server resolves and serves the site for any domain that has your server’s IP in its DNS records. You may want your server to resolve only for your domain and return a 404 error page for any other domain. To accomplish this, navigate to the Listeners in your left sidebar menu and click the View icon on the right under Actions. On the default listener’s configuration, open the Example Virtual Host Mapping settings by clicking the Edit button. In the domains field, type your domain name and click on the Save icon at the top right corner. Once you hit the save button, the OpenLiteSpeed server will notify you to gracefully restart your server to apply the changes. Click the green Graceful Restart button to enable the new settings. At this point, we have installed the OpenLiteSpeed server on a cloud server. But the site is still served at port 8088 and uses simple HTTP. Continue on with obtaining SSL certificates and enabling HTTPS. SSL certificates allow your website to the authenticated by a known trusted Certificate Authority such as Let’s Encrypt. They provide free certificates via an easy-to-use client called Certbot. Note that obtaining certificates requires a valid domain name. You can find out more about how to create domain name records at its own guide. To obtain trusted certificates, install the Let’s Encrypt Certbot using one of the following commands depending on your operating system. Ubuntu CentOS Then obtain certificates using the command below. Replace the <your-domain> with a valid domain name pointing to your OpenLiteSpeed server. The command starts an interactive installation script which will ask a few questions to help you set up the certificate. After you’ve entered all necessary details, Certbot will perform a number of challenges to confirm the authority for the domain. If Certbot is successful, you’ll see an output similar to the example below. Now that we have valid certificates, we can set the admin panel and frontend to use them. Once you have obtained trusted SSL certificates from Let’s Encrypt, you can use them to enable HTTPS access to the admin dashboard. First, go to the WebAdmin Settings and Listeners, then click the View icon under Actions. Then, go to the SSL tab while still in the admin listener settings and open the SSL Private Key & Certificate section by clicking the edit icon on the same row. Let’s Encrypt saved the newly obtained certificates in /etc/letsencrypt/live/<your-domain>/ where <your-domain> is the domain name you used to obtain the certificates. Set the key and certificate files as follows. Replace <your-domain> on each row with your OpenLiteSpeed server’s domain. Once all set, save the new settings by clicking the Save icon on the right. With the admin panel settings configured, apply the changes by clicking the Graceful Restart button. Afterwards, confirm that the changes were successfully applied by re-opening the admin panel domain in a new browser tab. Your web browser should then show the appropriate icon to indicate that the website is using valid certificates and the connection is secure. By default, the OpenLiteSpeed front listens to port 8088. Since we’ve got valid SSL certificates, we can change it to use port 443 instead which is the default port for HTTPS requests. To do this, log in to your OpenLiteSpeed admin panel and click on Listeners from the left sidebar menu. Then on the right under Actions, click on the View icon. It will land you on the page where you can further configure the listener with your custom values. In the next default listener general settings, click the Edit icon on the Address Settings. In the default listener address settings, make the following two changes: Then click the Save icon on the right of the Address Settings row. Next, go to the SSL tab in the default listener settings and open the SSL Private Key & Certificate configuration by clicking the Edit icon on the right. Use the same certificates saved in /etc/letsencrypt/live/<your-domain>/ by setting the key and certificate files as follows. Replace <your-domain> on each row with your OpenLiteSpeed server’s domain. When you are all set, click the Save icon on the right of the SSL Private Key & Certificate row to store the new settings. Again after making changes to the server configuration in the admin panel, you need to restart the OpenLiteSpeed server to reflect the change live. Click the Graceful Restart icon to apply the changes. If everything was done correctly, you should now be able to open your OpenLiteSpeed frontend by going to your domain without specifying a port and be redirected to the secure HTTPS version. OpenLiteSpeed is one of the fastest web servers available for Linux servers. On any hardware, the performance of the OpenLitespeed server is unbeatable. You are then ready to start hosting websites and here are a few tidbits to help you get started:
5. Configuring the domain name
6. Obtaining SSL certificates
sudo apt install certbot
sudo dnf install certbot
sudo certbot certonly --standalone -d <your-domain>IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/openlitespeed.example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/openlitespeed.example.com/privkey.pem
Your cert will expire on 2020-11-24. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
7. Enabling HTTPS for the admin panel
8. Enabling HTTPS at the frontend
Conclusions
sudo mkdir -p /usr/local/lsws/NewSite/html/
amir albatal
Thank you for this tutorial
Is there is any guide to install WordPress
Janne Ruostemaa
Hi Amir, thanks for the comment. We have a follow-up tutorial coming soon that will go into how to install WordPress on OpenLiteSpeed.
James
Hi
I’ve spent two weeks trying to install OpenLiteSpeed on several Cloud providers. This has been a total disaster!. Instructions are vague and in most instances, after spending hours, I had to destroy the servers.
This is the best tutorial that I’ve found (a friend referred me to it), and it is definitely a jewel.
Looking forward to your how to install WordPress on OpenLiteSpeed document.
On to register with UpCloud.
Keep it up!!
Janne Ruostemaa
Hi James, thanks for the comment, glad to hear you found the tutorial useful. We spend great effort to ensure our guides are as easy to follow as possible. Welcome to UpCloud!
Moshe
I get stuck on installing openlite speed server. After I hit enter on ‘wget -O – http://rpms.litespeedtech.com/debian/enable_lst_debian_repo.sh | sudo bash’
returns
bash: line 1: –2020-09-15: command not found
bash: line 2: syntax error near unexpected token `(‘
bash: line 2: `Resolving rpms.litespeedtech.com (rpms.litespeedtech.com)… 34.210.113.18’
Pramod
How to install cert for both non www & www. I installed cert using following command:
sudo certbot certonly –standalone -d http://www.example.com but example.com returning with following error: Your connection is not private.
So how to install cert for both version of domain?
Thanks.
Janne Ruostemaa
Hi Pramod, thanks for the question. You’ll need to obtain certificates for both domains. You can do this with a single Certbot run: sudo certbot certonly –standalone -d http://www.example.com -d example.com
Janne Ruostemaa
Hi Moshe, thanks for the question. The error seems to refer to an issue with downloading the repo script. Try downloading the script first and then running it manually:
Pramod Kumar
Thanks :)
Manish Jain
Thank you for this nice and detailed tutorial. It worked like charm. can you also share a tutorial on how to install wordpress with OpenLiteSpeed.
It would be great if you can also cover the speed optimization part because this is very crucial.
Thanks
Janne Ruostemaa
Hi Manish, thanks for the comment. Glad to hear you found the tutorial useful and stay tuned, the follow-up is coming soon.
Mats
How should this be configured? Do you have to have two virtual hosts (one for example.com and another for http://www.example.com)? Or can you somehow define multiple keys in the listener?
ariana
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for arianabaires.com.ar
Cleaning up challenges
Problem binding to port 80: Could not bind to IPv4 or IPv6.
ariana@openlitespeed-wordpress-1-vm:~$
Its not possible for me to obtain a certificate, nor login thru 7080/8080/8090 nothing. so frustrating….
Janne Ruostemaa
Hi Ariana, thanks for the comment. It seems something else is already bound to the port 80 and blocking Certbot. Check if you already have another web server running such as Nginx or Apache and stop them while you are obtaining the certificates.
Janne Ruostemaa
Hi Mats, thanks for the question. You can have the subdomains combined in the same certificate and use a single listener by adding the domains you want that site respond to as described in step 5. Configuring the domain name.
Mats
Thanks, I had configured a certificate before and didn’t realize you can extend it with other subdomains. I just thought you need a new certificate for each subdomain but it’s all good now.
Geo
Wonder why there is no 1-click install for this when its available on other cloud providers from their marketplace sections?
Does UpCloud not have the 1-click apps option (have not tried for a while, so considering it).
Also OLS team does support their scripts they provide AFAIK on others, so I guess its a matter of inviting them.
Janne Ruostemaa
Hi Geo, thanks for the question. While we do not currently have a 1-click solution for OpenLiteSpeed server, we are in the process of developing our marketplace and just recently made available our first pre-installed software with the Plesk template.
Ronit
All the other tutorials suck, even the litespeed’s own KBs.
This is the only tutorial that works like a charm, Thank you so much for this.
Waiting for your WordPress Installation tutorial on OLS.
sunil
Yes. Clear and simple steps. But I found one more script and for me, it’s the simplest method to set up any PHP-based webserver to host an unlimited website without any cost.
Its openlitespeed + MariaDB + PHPMyAdmin and lot more.
Try https://openlitepanel.com .
Janne Ruostemaa
Hi Ronit, thanks for the comment. Glad to hear you got OpenLiteSpeed up on and running following our tutorial. Seemingly you’ve already discovered our follow-up tutorial on how to install WordPress on OpenLiteSpeed but dropping a link here so others will find it as well.
Keith
Do you have a tutorial on how to install PHPMYADMIN with litespeed? how do you install?
Achmad
Thank you for the tutorial.
Is there a tutorial for installing vsftpd?
And also a tutorial for auto setup “git pull” using a webhook from github which of course uses OLS and Centos 7 (maybe)?
Janne Ruostemaa
Hi Achmad, thanks for the comment. While we don’t currently have tutorials on these specific topics, GitHub itself has some useful documentation on how to set up webhooks.
Janne Ruostemaa
Hi Keith, thanks for the question. While we don’t have a tutorial on this topic, OpenLiteSpeed has their own documentation for installing phpMyAdmin.
Sidd
Excellent Tutorial. Can you let me know if I can install this on a VPS that has Plesk running on it? Plesk does have it’s own extension, but that requires a monthly subscription.
Janne Ruostemaa
Hi Sidd, thanks for the question. While you can install OpenLiteSpeed on your Plesk server, you would still likely need their extension to make use of it within Plesk itself. You can read more at Plesk’s documentation.
haidarvm
Why change Default Listener to 443 ?
how about redirection to https ?
http://example.com to https://example.com
You should add both Listener Default 80 and HTTPS 443
Janne Ruostemaa
Hi there, thanks for the question. Changing the default listener to port 443 is mainly done for demonstrative purposes and with the REUSEPORT parameter enabled, it can be done on other domains as well.
rah
I installed the Plesk in ubuntu 20.04 and now installed the openlitespeed but it wont work , my wordpress site show the webserver is Appache and I want to switch it to openlitespeed , is it possible?
I also stopped the revers proxy of ngnix
Janne Ruostemaa
Hi there, thanks for the question. Plesk requires some platform-specific steps that are covered in its documentation.