Set up OpenLiteSpeed as a reverse proxy and load balancer to distribute traffic across multiple backend application servers with health checks and automatic failover for high availability.
Prerequisites
- Root or sudo access
- Multiple servers for backend pool
- Basic understanding of web servers
- Network connectivity between servers
What this solves
OpenLiteSpeed load balancing distributes incoming web traffic across multiple backend servers to prevent overload and ensure high availability. This configuration provides automatic failover when backend servers become unavailable and improves application performance through intelligent traffic distribution.
Step-by-step configuration
Update system packages
Start by updating your package manager to ensure you get the latest versions of all components.
sudo apt update && sudo apt upgrade -yInstall OpenLiteSpeed
Download and install the OpenLiteSpeed web server from the official repository to get the latest stable version.
wget -O - http://rpms.litespeedtech.com/debian/enable_lst_debain_repo.sh | sudo bash
sudo apt update
sudo apt install -y openlitespeedSet OpenLiteSpeed admin password
Create an administrative user account for accessing the OpenLiteSpeed web administration interface.
sudo /usr/local/lsws/admin/misc/admpass.shEnter a username and secure password when prompted. This account will be used to access the web admin panel.
Start and enable OpenLiteSpeed
Start the OpenLiteSpeed service and configure it to start automatically on system boot.
sudo systemctl start lsws
sudo systemctl enable lsws
sudo systemctl status lswsConfigure firewall access
Open the required ports for OpenLiteSpeed web server (8088 for admin, 80/443 for web traffic).
sudo ufw allow 8088/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw --force enableAccess the OpenLiteSpeed admin panel
Navigate to the web administration interface to configure load balancing settings.
https://your-server-ip:7080Use the username and password you created in the previous step to log in. Accept the SSL certificate warning if prompted.
Set up backend application servers
Install and configure simple web applications on your backend servers for testing the load balancer.
# On each backend server (192.168.1.10, 192.168.1.11, 192.168.1.12)
sudo apt update
sudo apt install -y nginx
sudo systemctl start nginx
sudo systemctl enable nginxCreate unique content for each backend
Add distinct content to each backend server to verify load balancing is working correctly.
echo "Backend Server 1
IP: 192.168.1.10
" | sudo tee /var/www/html/index.htmlecho "Backend Server 2
IP: 192.168.1.11
" | sudo tee /var/www/html/index.htmlecho "Backend Server 3
IP: 192.168.1.12
" | sudo tee /var/www/html/index.htmlCreate load balancing cluster in OpenLiteSpeed
In the admin panel, navigate to Load Balancer → Clusters and click the "+" button to add a new cluster.
Configure the cluster with these settings:
- Type: Load Balancer
- Name: backend-cluster
- Mode: Stateless
- Strategy: Round Robin
- Session Timeout: 3600
Add backend servers to the cluster
In the backend-cluster configuration, go to the "Workers" tab and add each backend server.
For each backend server, click "+" and configure:
- Type: Proxy
- Name: backend1 (backend2, backend3)
- Address: 192.168.1.10:80 (192.168.1.11:80, 192.168.1.12:80)
- Max Connections: 100
- Initial Request Timeout: 60
- Retry Timeout: 0
Configure health checks
Enable health monitoring for automatic failover when backend servers become unavailable.
In each worker configuration, set the following health check parameters:
- Enable Health Check: Yes
- Health Check URL: /
- Check Period: 30 seconds
- Grace Period: 30 seconds
- Hard Limit: 2
- Soft Limit: 1
Create a virtual host for load balancing
Navigate to Virtual Hosts and create a new virtual host to handle incoming requests.
Configure the virtual host with these settings:
- Virtual Host Name: load-balancer
- Document Root: /usr/local/lsws/Example/html/
- Enable Scripts/ExtApps: Yes
Map the cluster to virtual host
In the virtual host configuration, go to the "Context" tab and create a new context.
Configure the context mapping:
- Type: Proxy
- URI: /
- Web Server: cluster:backend-cluster
- Accessible: Yes
- Extra Headers: X-Forwarded-For $remote_addr
Configure listener and virtual host mapping
Navigate to Listeners and ensure the HTTP listener (*:80) is configured and mapped to your virtual host.
In the Listener configuration:
- IP: *
- Port: 80
- Secure: No
Map the virtual host in the "Virtual Host Mappings" tab:
- Virtual Host: load-balancer
- Domain: *
Apply configuration changes
Click the "Graceful Restart" button in the admin panel to apply all configuration changes without dropping existing connections.
Monitor the server status to ensure all backends are healthy and responding to requests.
Configure SSL termination
Generate SSL certificate
Create a self-signed SSL certificate for testing, or use Let's Encrypt for production deployments.
sudo mkdir -p /usr/local/lsws/ssl
sudo openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 \
-keyout /usr/local/lsws/ssl/server.key \
-out /usr/local/lsws/ssl/server.crt \
-subj "/C=US/ST=State/L=City/O=Organization/CN=example.com"Configure HTTPS listener
In the admin panel, create a new HTTPS listener for secure connections.
Navigate to Listeners and add a new listener with these settings:
- Listener Name: HTTPS
- IP: *
- Port: 443
- Secure: Yes
Configure SSL settings
In the HTTPS listener configuration, go to the "SSL" tab and configure:
- Private Key File: /usr/local/lsws/ssl/server.key
- Certificate File: /usr/local/lsws/ssl/server.crt
- Protocol Version: TLSv1.2 TLSv1.3
- Ciphers: EECDH+AESGCM:EDH+AESGCM
Map virtual host to HTTPS listener
Add the load-balancer virtual host mapping to the HTTPS listener in the "Virtual Host Mappings" tab.
Configure the mapping:
- Virtual Host: load-balancer
- Domain: *
Advanced load balancing configuration
Configure session persistence
Enable sticky sessions to ensure users stay connected to the same backend server throughout their session.
In the cluster configuration, modify these settings:
- Session Affinity: IP Hash
- Session Cookie: LBSESSION
- Cookie Timeout: 3600
Set up weighted load balancing
Assign different weights to backend servers based on their processing capacity.
In each worker configuration, adjust the weight parameter:
- Backend1 Weight: 3 (high-performance server)
- Backend2 Weight: 2 (medium-performance server)
- Backend3 Weight: 1 (lower-performance server)
Configure connection limits
Set appropriate connection limits to prevent backend server overload and ensure optimal performance distribution.
In the cluster configuration, adjust these limits:
- Max Connections: 500
- Smart Keep Alive: Yes
- Keep Alive Timeout: 60
- Initial Request Timeout: 60
Verify your setup
# Check OpenLiteSpeed service status
sudo systemctl status lsws
Verify listeners are active
sudo netstat -tlnp | grep lshttpd
Test load balancing with multiple requests
for i in {1..6}; do curl -s http://your-server-ip/ | grep "Backend Server"; done
Check SSL configuration
curl -k https://your-server-ip/
Monitor backend server health
tail -f /usr/local/lsws/logs/error.logMonitor load balancer performance
Enable access logging
Configure detailed access logs to monitor traffic patterns and backend server response times.
Use Server's Access Log: No
File Name: /usr/local/lsws/logs/load-balancer.log
Log Format: %h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i" %D
Bytes Log: /usr/local/lsws/logs/load-balancer-bytes.logMonitor backend server status
Use the real-time report in the admin panel to monitor cluster health and performance metrics.
Navigate to Real-Time Stats → Clusters to view:
- Active connections per backend server
- Request distribution statistics
- Backend server health status
- Response time metrics
Set up log monitoring
Monitor OpenLiteSpeed logs for health check failures and performance issues.
# Monitor error logs for backend health issues
sudo tail -f /usr/local/lsws/logs/error.log | grep -i "backend\|cluster\|worker"
Monitor access logs for request patterns
sudo tail -f /usr/local/lsws/logs/load-balancer.log
Check backend connection statistics
grep -i "connection" /usr/local/lsws/logs/error.log | tail -10Common issues
| Symptom | Cause | Fix |
|---|---|---|
| 502 Bad Gateway errors | Backend servers unreachable | Check backend server status and firewall rules: curl http://backend-ip |
| Requests not load balanced | Cluster mapping incorrect | Verify context mapping in virtual host points to cluster:backend-cluster |
| SSL certificate warnings | Self-signed certificate | Use proper CA-signed certificate or configure browsers to accept self-signed |
| Health checks failing | Incorrect health check URL | Verify health check URL exists on backend servers: curl http://backend-ip/ |
| Admin panel inaccessible | Firewall blocking port 7080 | Open admin port: sudo ufw allow 7080/tcp |
| Session persistence not working | IP Hash not configured | Set Session Affinity to "IP Hash" in cluster configuration |
| High response times | Backend server overload | Add more backend servers or adjust connection limits and weights |
| Configuration changes not applied | Server not restarted | Click "Graceful Restart" in admin panel after configuration changes |
Performance optimization
Tune worker processes
Optimize OpenLiteSpeed worker processes for your server's CPU cores and expected traffic load.
In Server Configuration → General, adjust:
- Number of Workers: CPU cores + 1
- Worker Group User: nobody
- Worker Group: nogroup
- Max Connections: 2000
Configure caching
Enable caching to reduce backend server load and improve response times.
In Virtual Host → Cache, configure:
- Enable Cache: Yes
- Cache Root: /usr/local/lsws/cache
- Cache Policy: Public cache for static files
- Expire Time: 86400 (24 hours)
Enable compression
Configure GZIP compression to reduce bandwidth usage and improve page load times.
In Virtual Host → General → Enable Compression:
- Enable Compression: Yes
- GZIP Compression Level: 6
- Compressible Types: text/*, application/javascript, application/json
Next steps
- Compare with Lighttpd load balancing configuration
- Set up Apache reverse proxy for additional redundancy
- Monitor your load balancer performance with Prometheus
- Configure wildcard SSL certificates for multiple domains
- Integrate OpenLiteSpeed with CDN services
- Set up geographic load balancing with multiple regions
Running this in production?
Automated install script
Run this to automate the entire setup
#!/usr/bin/env bash
set -euo pipefail
# Production OpenLiteSpeed Load Balancer Install Script
# Configures OpenLiteSpeed with load balancing for multiple backend servers
# Colors for output
readonly RED='\033[0;31m'
readonly GREEN='\033[0;32m'
readonly YELLOW='\033[1;33m'
readonly NC='\033[0m'
# Default configuration
ADMIN_USER="${1:-admin}"
BACKEND_IPS="${2:-192.168.1.10,192.168.1.11,192.168.1.12}"
DOMAIN="${3:-example.com}"
usage() {
echo "Usage: $0 [admin_user] [backend_ips] [domain]"
echo " admin_user: OpenLiteSpeed admin username (default: admin)"
echo " backend_ips: Comma-separated backend server IPs (default: 192.168.1.10,192.168.1.11,192.168.1.12)"
echo " domain: Domain name for virtual host (default: example.com)"
echo "Example: $0 admin 10.0.0.10,10.0.0.11,10.0.0.12 mysite.com"
exit 1
}
log() {
echo -e "${GREEN}[INFO]${NC} $1"
}
warn() {
echo -e "${YELLOW}[WARN]${NC} $1"
}
error() {
echo -e "${RED}[ERROR]${NC} $1"
exit 1
}
cleanup() {
warn "Installation failed. Cleaning up..."
systemctl stop lsws 2>/dev/null || true
systemctl disable lsws 2>/dev/null || true
if [[ "$PKG_MGR" == "apt" ]]; then
apt remove --purge -y openlitespeed 2>/dev/null || true
else
$PKG_INSTALL remove -y openlitespeed 2>/dev/null || true
fi
rm -rf /usr/local/lsws 2>/dev/null || true
}
trap cleanup ERR
# Check prerequisites
if [[ $EUID -ne 0 ]]; then
error "This script must be run as root"
fi
if [[ "$1" == "-h" ]] || [[ "$1" == "--help" ]]; then
usage
fi
# Detect distribution
if [[ ! -f /etc/os-release ]]; then
error "/etc/os-release not found. Cannot detect distribution."
fi
source /etc/os-release
case "$ID" in
ubuntu|debian)
PKG_MGR="apt"
PKG_UPDATE="apt update"
PKG_INSTALL="apt install -y"
PKG_UPGRADE="apt upgrade -y"
FIREWALL_CMD="ufw"
;;
almalinux|rocky|centos|rhel|ol)
PKG_MGR="dnf"
PKG_UPDATE="dnf check-update || true"
PKG_INSTALL="dnf install -y"
PKG_UPGRADE="dnf upgrade -y"
FIREWALL_CMD="firewall-cmd"
;;
fedora)
PKG_MGR="dnf"
PKG_UPDATE="dnf check-update || true"
PKG_INSTALL="dnf install -y"
PKG_UPGRADE="dnf upgrade -y"
FIREWALL_CMD="firewall-cmd"
;;
amzn)
PKG_MGR="yum"
PKG_UPDATE="yum check-update || true"
PKG_INSTALL="yum install -y"
PKG_UPGRADE="yum upgrade -y"
FIREWALL_CMD="firewall-cmd"
;;
*)
error "Unsupported distribution: $ID"
;;
esac
# Parse backend IPs
IFS=',' read -ra BACKEND_ARRAY <<< "$BACKEND_IPS"
if [[ ${#BACKEND_ARRAY[@]} -lt 2 ]]; then
error "At least 2 backend servers are required for load balancing"
fi
log "Starting OpenLiteSpeed Load Balancer installation..."
log "Distribution: $PRETTY_NAME"
log "Backend servers: ${#BACKEND_ARRAY[@]} servers"
echo "[1/10] Updating system packages..."
$PKG_UPDATE
$PKG_UPGRADE
echo "[2/10] Installing required packages..."
if [[ "$PKG_MGR" == "apt" ]]; then
$PKG_INSTALL wget curl gnupg2 software-properties-common
else
$PKG_INSTALL wget curl gnupg2 which
fi
echo "[3/10] Installing OpenLiteSpeed repository..."
if [[ "$PKG_MGR" == "apt" ]]; then
wget -O - http://rpms.litespeedtech.com/debian/enable_lst_debain_repo.sh | bash
apt update
else
if [[ "$ID" == "amzn" ]]; then
rpm -Uvh http://rpms.litespeedtech.com/centos/litespeed-repo-1.1-1.el7.noarch.rpm || true
else
VERSION_ID_MAJOR=$(echo "$VERSION_ID" | cut -d. -f1)
rpm -Uvh "http://rpms.litespeedtech.com/centos/litespeed-repo-1.1-1.el${VERSION_ID_MAJOR}.noarch.rpm" || true
fi
fi
echo "[4/10] Installing OpenLiteSpeed..."
$PKG_INSTALL openlitespeed
echo "[5/10] Setting OpenLiteSpeed admin credentials..."
# Create admin user non-interactively
ADMIN_PASS=$(openssl rand -base64 12)
/usr/local/lsws/admin/misc/admpass.sh << EOF
$ADMIN_USER
$ADMIN_PASS
$ADMIN_PASS
y
EOF
# Save credentials securely
cat > /root/openlitespeed-credentials.txt << EOF
OpenLiteSpeed Admin Credentials:
Username: $ADMIN_USER
Password: $ADMIN_PASS
Admin URL: https://$(hostname -I | awk '{print $1}'):7080
EOF
chmod 600 /root/openlitespeed-credentials.txt
log "Admin credentials saved to /root/openlitespeed-credentials.txt"
echo "[6/10] Starting and enabling OpenLiteSpeed..."
systemctl start lsws
systemctl enable lsws
# Wait for service to be ready
sleep 5
if ! systemctl is-active --quiet lsws; then
error "OpenLiteSpeed service failed to start"
fi
echo "[7/10] Configuring firewall..."
if [[ "$FIREWALL_CMD" == "ufw" ]]; then
ufw --force enable || warn "UFW may not be available"
ufw allow 7080/tcp || warn "Failed to configure UFW rule"
ufw allow 80/tcp || warn "Failed to configure UFW rule"
ufw allow 443/tcp || warn "Failed to configure UFW rule"
else
systemctl enable firewalld || warn "Firewalld may not be available"
systemctl start firewalld || warn "Firewalld may not be available"
firewall-cmd --permanent --add-port=7080/tcp || warn "Failed to configure firewalld rule"
firewall-cmd --permanent --add-port=80/tcp || warn "Failed to configure firewalld rule"
firewall-cmd --permanent --add-port=443/tcp || warn "Failed to configure firewalld rule"
firewall-cmd --reload || warn "Failed to reload firewall"
fi
echo "[8/10] Creating load balancer cluster configuration..."
# Create cluster configuration
mkdir -p /usr/local/lsws/conf/templates
chown lsws:lsws /usr/local/lsws/conf/templates
chmod 755 /usr/local/lsws/conf/templates
# Create cluster configuration
cat > /tmp/cluster_config.txt << EOF
map backend-cluster \$VH_ROOT/html/
type loadbalancer
name backend-cluster
mode 0
strategy 0
sessionTimeout 3600
workers
EOF
# Add backend workers
for i in "${!BACKEND_ARRAY[@]}"; do
BACKEND_IP="${BACKEND_ARRAY[$i]}"
cat >> /tmp/cluster_config.txt << EOF
backend$((i+1)) proxy:${BACKEND_IP}:80
EOF
done
mv /tmp/cluster_config.txt /usr/local/lsws/conf/templates/cluster_backend.conf
chown lsws:lsws /usr/local/lsws/conf/templates/cluster_backend.conf
chmod 644 /usr/local/lsws/conf/templates/cluster_backend.conf
echo "[9/10] Creating virtual host configuration..."
# Create virtual host directory structure
VH_ROOT="/usr/local/lsws/Example/html"
mkdir -p "$VH_ROOT"
mkdir -p "/usr/local/lsws/Example/logs"
chown -R lsws:lsws "/usr/local/lsws/Example"
chmod 755 "/usr/local/lsws/Example"
chmod 755 "$VH_ROOT"
# Create test page
cat > "$VH_ROOT/index.html" << EOF
<!DOCTYPE html>
<html>
<head><title>OpenLiteSpeed Load Balancer</title></head>
<body>
<h1>Load Balancer Active</h1>
<p>OpenLiteSpeed is distributing traffic across ${#BACKEND_ARRAY[@]} backend servers.</p>
<p>Backend servers: $(echo "${BACKEND_ARRAY[@]}" | tr ' ' ',')</p>
</body>
</html>
EOF
chown lsws:lsws "$VH_ROOT/index.html"
chmod 644 "$VH_ROOT/index.html"
echo "[10/10] Performing verification checks..."
# Verify OpenLiteSpeed is running
if ! systemctl is-active --quiet lsws; then
error "OpenLiteSpeed service is not running"
fi
# Verify admin interface is accessible
if ! curl -k -s "https://localhost:7080" > /dev/null; then
warn "Admin interface may not be accessible on port 7080"
fi
# Verify web server responds
if ! curl -s "http://localhost:80" > /dev/null; then
warn "Web server may not be responding on port 80"
fi
# Check configuration files
if [[ ! -f /usr/local/lsws/conf/httpd_config.conf ]]; then
warn "Main configuration file not found"
fi
log "Installation completed successfully!"
echo
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo -e "${GREEN}OpenLiteSpeed Load Balancer Configuration${NC}"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "Admin Panel: https://$(hostname -I | awk '{print $1}'):7080"
echo "Credentials: See /root/openlitespeed-credentials.txt"
echo "Backend servers configured: ${#BACKEND_ARRAY[@]}"
echo "Domain: $DOMAIN"
echo
echo "Next steps:"
echo "1. Complete load balancer setup via admin panel"
echo "2. Configure SSL certificates if needed"
echo "3. Set up monitoring for backend servers"
echo "4. Test failover scenarios"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"Review the script before running. Execute with: bash install.sh