Set up OpenLiteSpeed web server with SSL certificates, PHP LSAPI, and built-in caching for superior performance compared to Apache and Nginx. Includes security hardening and monitoring configuration.
Prerequisites
- Root or sudo access to the server
- Domain name pointing to server IP
- At least 2GB RAM and 20GB disk space
- Internet connection for package downloads
What this solves
OpenLiteSpeed is a high-performance, lightweight web server that serves as a powerful alternative to Apache and Nginx. It provides built-in caching, event-driven architecture, and native PHP LSAPI support for significantly faster PHP processing than traditional FastCGI. This tutorial shows you how to install OpenLiteSpeed, configure virtual hosts with SSL certificates, optimize performance with caching, and implement security hardening for production environments.
Step-by-step installation
Update system packages
Start by updating your package manager to ensure you get the latest security patches and dependencies.
sudo apt update && sudo apt upgrade -y
sudo apt install -y wget curl gnupg2 software-properties-commonAdd OpenLiteSpeed repository
Add the official OpenLiteSpeed repository to get the latest stable version with security updates.
wget -O - https://repo.litespeed.sh | sudo bash
sudo apt updateInstall OpenLiteSpeed and PHP
Install OpenLiteSpeed web server along with PHP LSAPI for optimal performance and compatibility.
sudo apt install -y openlitespeed lsphp82 lsphp82-common lsphp82-mysql lsphp82-curl lsphp82-json lsphp82-opcacheSet OpenLiteSpeed admin password
Configure the WebAdmin console password for managing OpenLiteSpeed through the web interface.
sudo /usr/local/lsws/admin/misc/admpass.sh
sudo systemctl enable lsws
sudo systemctl start lswsConfigure firewall rules
Open the necessary ports for HTTP, HTTPS, and OpenLiteSpeed WebAdmin access. For comprehensive firewall configuration, see our Linux firewall hardening guide.
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 7080/tcp
sudo ufw --force enableCreate directory structure for virtual hosts
Set up the standard directory structure for hosting multiple websites with proper permissions.
sudo mkdir -p /var/www/example.com/html
sudo mkdir -p /var/www/example.com/logs
sudo chown -R nobody:nogroup /var/www/example.com
sudo chmod -R 755 /var/www/example.comCreate a test PHP file
Create a simple PHP file to verify that PHP LSAPI is working correctly with OpenLiteSpeed.
Server API: " . php_sapi_name() . "";
?>sudo chown nobody:nogroup /var/www/example.com/html/info.php
sudo chmod 644 /var/www/example.com/html/info.phpConfigure virtual hosts and SSL
Access WebAdmin console
Open your browser and navigate to the OpenLiteSpeed WebAdmin console to configure virtual hosts.
https://your-server-ip:7080Log in with the admin credentials you created earlier. The WebAdmin interface provides a user-friendly way to configure virtual hosts, SSL certificates, and performance settings.
Configure virtual host via WebAdmin
Create a virtual host through the web interface for better configuration management and validation.
- Navigate to Virtual Hosts tab
- Click Add to create a new virtual host
- Set Virtual Host Name:
example.com - Set Document Root:
/var/www/example.com/html - Set Enable Scripts:
Yes - Click Save
Configure PHP for virtual host
Set up PHP LSAPI processing for optimal performance compared to traditional FastCGI implementations.
- Go to Virtual Hosts → example.com → PHP
- Set PHP Version:
lsphp82 - Set Initial Request Timeout:
60 - Set Retry Timeout:
0 - Click Save
Install SSL certificate with Certbot
Install Let's Encrypt SSL certificates for secure HTTPS connections using Certbot.
sudo apt install -y certbot
sudo certbot certonly --webroot -w /var/www/example.com/html -d example.com -d www.example.comConfigure SSL listener
Set up HTTPS listener in OpenLiteSpeed WebAdmin console for secure connections.
- Navigate to Listeners tab
- Click Add to create HTTPS listener
- Set Port:
443 - Set Secure:
Yes - Set Certificate File:
/etc/letsencrypt/live/example.com/fullchain.pem - Set Private Key File:
/etc/letsencrypt/live/example.com/privkey.pem - Click Save
Map virtual host to listeners
Connect your virtual host to both HTTP and HTTPS listeners for complete web server functionality.
- Go to Listeners → Default (Port 80) → Virtual Host Mappings
- Click Add and set:
- Virtual Host:
example.com - Domains:
example.com, www.example.com - Repeat for HTTPS listener (Port 443)
- Click Graceful Restart
Enable caching and performance optimization
Enable built-in caching
Configure OpenLiteSpeed's high-performance built-in cache to dramatically improve page load times.
- Navigate to Virtual Hosts → example.com → Cache
- Set Enable Cache:
Yes - Set Cache Root:
/tmp/lshttpd/cache/example.com - Set Cache Policy:
checkPrivateCache 1
checkPublicCache 1
maxCacheObjSize 10000000
maxStaleAge 200
qsCache 1
reqCookieCache 1
respCookieCache 1Configure PHP OPcache
Optimize PHP performance with OPcache configuration for faster script execution.
opcache.enable=1
opcache.memory_consumption=256
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.revalidate_freq=2
opcache.fast_shutdown=1
opcache.enable_cli=0
opcache.save_comments=0sudo systemctl restart lswsConfigure compression
Enable GZIP compression to reduce bandwidth usage and improve page load speeds.
- Go to Actions → Server Configuration → Tuning
- Set Enable GZIP Compression:
Yes - Set GZIP Compression Level:
6 - Set Compressible Types:
text/*, application/x-javascript, application/javascript, application/json - Click Save and Graceful Restart
Security hardening
Configure security headers
Add modern security headers to protect against common web vulnerabilities and attacks.
- Navigate to Virtual Hosts → example.com → Headers
- Add response headers:
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Content-Security-Policy: default-src 'self'; img-src 'self' data: https:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'
Strict-Transport-Security: max-age=31536000; includeSubDomainsConfigure access control
Implement access controls and request limits to prevent abuse and DDoS attacks.
- Go to Actions → Server Configuration → Security
- Set Access Denied Directories:
.ht, .svn, .git, .env - Set Per Client Throttling → Static Requests/sec:
1000 - Set Per Client Throttling → Dynamic Requests/sec:
100 - Set Connection Limit:
10000 - Click Save
Secure WebAdmin console
Restrict WebAdmin access to specific IP addresses and change the default port for enhanced security.
- Navigate to Actions → Admin Settings → General
- Set Admin HTTP Port:
7443(or another non-standard port) - Set Allowed List:
203.0.113.10(replace with your admin IP) - Click Save and restart
sudo systemctl restart lswsSet up monitoring and backups
Configure log rotation
Set up automatic log rotation to prevent disk space issues and maintain system performance.
/usr/local/lsws/logs/.log /var/www//logs/*.log {
daily
missingok
rotate 30
compress
delaycompress
sharedscripts
postrotate
/bin/kill -USR1 cat /usr/local/lsws/logs/httpd.pid 2>/dev/null 2>/dev/null || true
endscript
}sudo chmod 644 /etc/logrotate.d/openlitespeedCreate backup script
Implement automated backups of website content and OpenLiteSpeed configuration files.
#!/bin/bash
DATE=$(date +%Y%m%d_%H%M%S)
BACKUP_DIR="/backup/openlitespeed"
mkdir -p $BACKUP_DIR
Backup website files
tar -czf $BACKUP_DIR/websites_$DATE.tar.gz /var/www/
Backup OpenLiteSpeed configuration
tar -czf $BACKUP_DIR/lsws_config_$DATE.tar.gz /usr/local/lsws/conf/
Backup SSL certificates
tar -czf $BACKUP_DIR/ssl_certs_$DATE.tar.gz /etc/letsencrypt/
Remove backups older than 7 days
find $BACKUP_DIR -name "*.tar.gz" -mtime +7 -delete
echo "Backup completed: $DATE" >> /var/log/ols-backup.logsudo chmod 755 /usr/local/bin/ols-backup.sh
sudo mkdir -p /backup/openlitespeedSchedule automated backups
Set up daily automated backups using systemd timers for reliable backup execution. For comprehensive disk monitoring, see our disk usage monitoring guide.
sudo crontab -e0 2 * /usr/local/bin/ols-backup.shVerify your setup
sudo systemctl status lsws
curl -I http://example.com/info.php
curl -I https://example.com/info.php
sudo /usr/local/lsws/bin/lshttpd -t
php82 -v
lscpu | grep -E '^Thread|^CPU\(s\)'Check the WebAdmin console at https://your-server-ip:7080 and verify that your virtual host is serving content correctly. The info.php page should show "Server API: litespeed" confirming PHP LSAPI is working.
Performance comparison
| Feature | OpenLiteSpeed | Apache | Nginx |
|---|---|---|---|
| PHP Processing | Native LSAPI (fastest) | mod_php/FastCGI | FastCGI/FPM |
| Built-in Caching | Yes (LSCache) | Requires modules | Basic proxy cache |
| Event-driven | Yes | Partially | Yes |
| Memory Usage | Low | High | Very Low |
| Web Interface | Full WebAdmin | Third-party only | Third-party only |
| .htaccess Support | Yes | Yes | No |
Common issues
| Symptom | Cause | Fix |
|---|---|---|
| 503 Service Unavailable | PHP process limit reached | Increase Max Connections in Virtual Host PHP settings |
| SSL certificate error | Certificate paths incorrect | Verify paths in Listeners → SSL tab match certbot output |
| PHP not processing | Script handler not configured | Check Virtual Host → PHP settings and script handlers |
| Permission denied errors | Incorrect file ownership | sudo chown -R nobody:nogroup /var/www/site |
| WebAdmin console inaccessible | Port blocked by firewall | Check firewall rules and Admin HTTP Port settings |
| Cache not working | Cache directory permissions | Ensure /tmp/lshttpd/cache is writable by nobody user |
Next steps
Automated install script
Run this to automate the entire setup
#!/usr/bin/env bash
set -euo pipefail
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
# Default values
DOMAIN="${1:-example.com}"
ADMIN_PASSWORD="${2:-}"
# Usage function
usage() {
echo "Usage: $0 <domain> [admin_password]"
echo "Example: $0 mysite.com mypassword123"
exit 1
}
# Logging functions
log_info() {
echo -e "${GREEN}[INFO]${NC} $1"
}
log_warn() {
echo -e "${YELLOW}[WARN]${NC} $1"
}
log_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
# Cleanup function for rollback
cleanup() {
log_error "Installation failed. Cleaning up..."
systemctl stop lsws 2>/dev/null || true
systemctl disable lsws 2>/dev/null || true
}
# Set trap for cleanup on error
trap cleanup ERR
# Validate arguments
if [[ -z "$DOMAIN" ]] || [[ "$DOMAIN" == "example.com" && $# -eq 0 ]]; then
usage
fi
# Check if running as root or with sudo
if [[ $EUID -ne 0 ]]; then
log_error "This script must be run as root or with sudo"
exit 1
fi
# Detect OS and set package manager
if [[ ! -f /etc/os-release ]]; then
log_error "Cannot detect OS. /etc/os-release not found."
exit 1
fi
. /etc/os-release
case "$ID" in
ubuntu|debian)
PKG_MGR="apt"
PKG_UPDATE="apt update && apt upgrade -y"
PKG_INSTALL="apt install -y"
FIREWALL_CMD="ufw"
WEB_USER="www-data"
WEB_GROUP="www-data"
;;
almalinux|rocky|centos|rhel|ol)
PKG_MGR="dnf"
PKG_UPDATE="dnf update -y"
PKG_INSTALL="dnf install -y"
FIREWALL_CMD="firewall-cmd"
WEB_USER="nobody"
WEB_GROUP="nobody"
;;
fedora)
PKG_MGR="dnf"
PKG_UPDATE="dnf update -y"
PKG_INSTALL="dnf install -y"
FIREWALL_CMD="firewall-cmd"
WEB_USER="nobody"
WEB_GROUP="nobody"
;;
amzn)
PKG_MGR="yum"
PKG_UPDATE="yum update -y"
PKG_INSTALL="yum install -y"
FIREWALL_CMD="firewall-cmd"
WEB_USER="nobody"
WEB_GROUP="nobody"
;;
*)
log_error "Unsupported distribution: $ID"
exit 1
;;
esac
log_info "Detected OS: $PRETTY_NAME"
log_info "Using package manager: $PKG_MGR"
# Step 1: Update system packages
echo -e "\n${GREEN}[1/8]${NC} Updating system packages..."
eval "$PKG_UPDATE"
# Step 2: Install prerequisites
echo -e "\n${GREEN}[2/8]${NC} Installing prerequisites..."
if [[ "$PKG_MGR" == "apt" ]]; then
$PKG_INSTALL wget curl gnupg2 software-properties-common
else
$PKG_INSTALL wget curl gnupg2 epel-release
fi
# Step 3: Add OpenLiteSpeed repository
echo -e "\n${GREEN}[3/8]${NC} Adding OpenLiteSpeed repository..."
if [[ "$PKG_MGR" == "apt" ]]; then
wget -O - https://repo.litespeed.sh | bash
apt update
else
RHEL_VER=$(rpm -E %{rhel})
rpm -Uvh "http://rpms.litespeedtech.com/releases/centos/release-el${RHEL_VER}-1.noarch.rpm"
eval "$PKG_UPDATE"
fi
# Step 4: Install OpenLiteSpeed and PHP
echo -e "\n${GREEN}[4/8]${NC} Installing OpenLiteSpeed and PHP..."
$PKG_INSTALL openlitespeed lsphp82 lsphp82-common lsphp82-mysql lsphp82-curl lsphp82-json lsphp82-opcache
# Step 5: Configure OpenLiteSpeed
echo -e "\n${GREEN}[5/8]${NC} Configuring OpenLiteSpeed..."
# Set admin password
if [[ -n "$ADMIN_PASSWORD" ]]; then
echo "admin:$ADMIN_PASSWORD" | /usr/local/lsws/admin/misc/htpasswd.sh
else
log_warn "No admin password provided. Please run: /usr/local/lsws/admin/misc/admpass.sh"
fi
# Enable and start service
systemctl enable lsws
systemctl start lsws
# Step 6: Configure firewall
echo -e "\n${GREEN}[6/8]${NC} Configuring firewall..."
if [[ "$FIREWALL_CMD" == "ufw" ]]; then
ufw allow 80/tcp
ufw allow 443/tcp
ufw allow 7080/tcp
ufw --force enable
else
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --permanent --add-port=443/tcp
firewall-cmd --permanent --add-port=7080/tcp
firewall-cmd --reload
fi
# Step 7: Create directory structure
echo -e "\n${GREEN}[7/8]${NC} Creating directory structure for $DOMAIN..."
mkdir -p "/var/www/$DOMAIN/html"
mkdir -p "/var/www/$DOMAIN/logs"
# Set proper ownership and permissions
chown -R "$WEB_USER:$WEB_GROUP" "/var/www/$DOMAIN"
chmod -R 755 "/var/www/$DOMAIN"
# Create test PHP file
cat > "/var/www/$DOMAIN/html/info.php" << 'EOF'
<?php
phpinfo();
?>
EOF
cat > "/var/www/$DOMAIN/html/index.html" << EOF
<!DOCTYPE html>
<html>
<head>
<title>Welcome to $DOMAIN</title>
</head>
<body>
<h1>OpenLiteSpeed is working!</h1>
<p>Domain: $DOMAIN</p>
<p>Server: $(hostname)</p>
<p><a href="info.php">PHP Info</a></p>
</body>
</html>
EOF
# Set proper permissions for web files
chown "$WEB_USER:$WEB_GROUP" "/var/www/$DOMAIN/html/info.php"
chown "$WEB_USER:$WEB_GROUP" "/var/www/$DOMAIN/html/index.html"
chmod 644 "/var/www/$DOMAIN/html/info.php"
chmod 644 "/var/www/$DOMAIN/html/index.html"
# Step 8: Verification
echo -e "\n${GREEN}[8/8]${NC} Verifying installation..."
# Check if OpenLiteSpeed is running
if systemctl is-active --quiet lsws; then
log_info "OpenLiteSpeed service is running"
else
log_error "OpenLiteSpeed service is not running"
exit 1
fi
# Check if ports are listening
if netstat -tuln 2>/dev/null | grep -q ":8088\|:7080" || ss -tuln 2>/dev/null | grep -q ":8088\|:7080"; then
log_info "OpenLiteSpeed is listening on required ports"
else
log_warn "OpenLiteSpeed ports may not be accessible"
fi
# Display completion message
echo -e "\n${GREEN}========================================${NC}"
echo -e "${GREEN}OpenLiteSpeed Installation Complete!${NC}"
echo -e "${GREEN}========================================${NC}"
echo ""
echo "WebAdmin Console: https://$(hostname -I | awk '{print $1}'):7080"
echo "Default Site: http://$(hostname -I | awk '{print $1}'):8088"
echo "Domain Directory: /var/www/$DOMAIN/html"
echo ""
echo "Next steps:"
echo "1. Access WebAdmin console to configure virtual hosts"
echo "2. Set up SSL certificates for your domain"
echo "3. Configure virtual host for $DOMAIN"
echo "4. Update DNS records to point to this server"
echo ""
if [[ -z "$ADMIN_PASSWORD" ]]; then
echo -e "${YELLOW}Don't forget to set admin password: /usr/local/lsws/admin/misc/admpass.sh${NC}"
fi
# Remove trap on successful completion
trap - ERRReview the script before running. Execute with: bash install.sh