#!/usr/bin/env bash # .sh/bin/setup-lsws 20200629 - 20221122 # Copyright (C) 1995-2022 Mark Constable (AGPL-3.0) [[ $1 =~ '-h' ]] && echo "Usage: setup-lsws [ip|remove] [src ip]" && exit 1 [[ $(id -u) -gt 0 ]] && echo "ERROR: must be root (use sudo -i)" && exit 2 . ~/.shrc LSVER=1.7.11 LSPHP=80 IPREG="^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$" [[ $1 =~ $IPREG ]] && IPARG=$1 || IPARG=$IP4_0 SRCIP=${2:-''} TXTIP= LSBKP="$BPATH/$(date +%Y%m%d)-lsws-conf.tgz" if [[ $1 == remove ]]; then echo "Backup openlitespeed configs" [[ -f $LSBKP ]] && rm $LSBKP cd $LROOT tar -cf $LSBKP {admin/conf/admin_config.conf,conf/httpd_config.conf,conf/vhosts/*/vhconf.conf} >/dev/null cd echo "Remove openlitespeed from $LROOT" $LROOT/bin/lswsctrl stop userdel -r lsadm rm -rf $LROOT if [[ -f $C_WEB/common.conf ]]; then echo "Restart nginx and php$V_PHP-fpm" systemctl start nginx systemctl start php$V_PHP-fpm fi exit 3 fi if [[ ! -d $LROOT ]]; then echo "Fetch openlitespeed-$LSVER.tgz" cd wget -q https://openlitespeed.org/packages/openlitespeed-$LSVER.tgz >/dev/null echo "Extract openlitespeed-$LSVER.tgz" tar -xf openlitespeed-$LSVER.tgz >/dev/null cd openlitespeed cat </dev/null DEFAULT_TMP_DIR=/tmp/lshttpd OPENLSWS_ADMIN=$ADMIN OPENLSWS_ADMINPORT=7080 OPENLSWS_ADMINSSL=yes OPENLSWS_EMAIL=$AMAIL OPENLSWS_EXAMPLEPORT=8080 OPENLSWS_GROUP=www-data OPENLSWS_PASSWORD=$APASS OPENLSWS_USER=$UUSER PID_FILE=/tmp/lshttpd/lshttpd.pid SERVERROOT=$LROOT USE_LSPHP7=no EOS echo "Installing openlitespeed to $LROOT" ./install.sh >/dev/null cat </dev/null LSWSAdmin ========= OLSAdmin: https://$VHOST:7080 Username: $UUSER Password: $APASS EOS else echo "Error: OpenLiteSpeed already installed" && exit 4 fi grep -q 'rpms.litespeedtech.com' /etc/apt/sources.list if [[ $? -gt 0 ]]; then echo "Append OLS package repo to /etc/apt/sources.list" cat </dev/null deb http://rpms.litespeedtech.com/debian/ focal main deb http://archive.ubuntu.com/ubuntu focal main universe EOS apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 011AA62DEDA1F085 >/dev/null if [[ -f /etc/apt/sources.list.d/lst_debian_repo.list ]]; then rm /etc/apt/sources.list.d/lst_debian_repo.list fi fi echo "Install lsphp$LSPHP from OLS repo" apt-get -q update >/dev/null apt-get -q -y install libicu66 >/dev/null apt-get -q -y install lsphp$LSPHP lsphp$LSPHP-common lsphp$LSPHP-curl lsphp$LSPHP-imap lsphp$LSPHP-intl lsphp$LSPHP-mysql lsphp$LSPHP-opcache lsphp$LSPHP-sqlite3 >/dev/null # PHP 7.4 list # apt-get -y install lsphp$LSPHP lsphp$LSPHP-common lsphp$LSPHP-curl lsphp$LSPHP-igbinary lsphp$LSPHP-imagick lsphp$LSPHP-imap lsphp$LSPHP-intl lsphp$LSPHP-json lsphp$LSPHP-ldap lsphp$LSPHP-mysql lsphp$LSPHP-opcache lsphp$LSPHP-redis lsphp$LSPHP-sqlite3 > /dev/null if [[ $SRCIP ]]; then TXTIP=" accessControl { allow $SRCIP deny ALL } " fi cat <$LROOT/admin/conf/admin_config.conf enableCoreDump 1 sessionTimeout 3600 errorlog \$SERVER_ROOT/admin/logs/error.log { useServer 0 logLevel INFO rollingSize 10M } accesslog \$SERVER_ROOT/admin/logs/access.log { useServer 0 rollingSize 10M keepDays 90 } $TXTIP listener adminListener { address $IPARG:7080 secure 1 keyFile /etc/ssl/$VHOST/privkey.pem certFile /etc/ssl/$VHOST/fullchain.pem certChain 1 clientVerify 0 } EOS cat <$LROOT/conf/httpd_config.conf # # PLAIN TEXT CONFIGURATION FILE # #It not set, will use host name as serverName serverName $VHOST user sysadm group www-data priority 0 inMemBufSize 60M swappingDir /tmp/lshttpd/swap autoFix503 1 gracefulRestartTimeout 300 mime conf/mime.properties showVersionNumber 0 adminEmails $AMAIL errorlog logs/error.log { logLevel DEBUG debugLevel 0 rollingSize 10M enableStderrLog 1 } accesslog logs/access.log { rollingSize 10M keepDays 30 compressArchive 0 } indexFiles index.html, index.php expires { enableExpires 1 expiresByType image/*=A604800,text/css=A604800,application/x-javascript=A604800,application/javascript=A604800,font/*=A604800,application/x-font-ttf=A604800 } tuning { maxConnections 10000 maxSSLConnections 5000 connTimeout 300 maxKeepAliveReq 10000 keepAliveTimeout 5 sndBufSize 0 rcvBufSize 0 maxReqURLLen 8192 maxReqHeaderSize 16380 maxReqBodySize 2047M maxDynRespHeaderSize 8192 maxDynRespSize 2047M maxCachedFileSize 4096 totalInMemCacheSize 20M maxMMapFileSize 256K totalMMapCacheSize 40M useSendfile 1 fileETag 28 enableGzipCompress 1 compressibleTypes text/*, application/x-javascript, application/xml, application/javascript, image/svg+xml,application/rss+xml enableDynGzipCompress 1 gzipCompressLevel 6 gzipAutoUpdateStatic 1 gzipStaticCompressLevel 6 gzipMaxFileSize 10M gzipMinFileSize 300 } fileAccessControl { followSymbolLink 1 checkSymbolLink 0 requiredPermissionMask 000 restrictedPermissionMask 000 } perClientConnLimit { staticReqPerSec 0 dynReqPerSec 0 outBandwidth 0 inBandwidth 0 softLimit 10000 hardLimit 10000 gracePeriod 15 banPeriod 300 } CGIRLimit { maxCGIInstances 20 minUID 11 minGID 10 priority 0 CPUSoftLimit 10 CPUHardLimit 50 memSoftLimit 1460M memHardLimit 1470M procSoftLimit 400 procHardLimit 450 } accessDenyDir { dir / dir /etc/* dir /dev/* dir conf/* dir admin/conf/* } accessControl { allow ALL } extprocessor lsphp { type lsapi address uds://tmp/lshttpd/lsphp.sock maxConns 35 env PHP_LSAPI_CHILDREN=35 initTimeout 60 retryTimeout 0 persistConn 1 respBuffer 0 autoStart 1 path fcgi-bin/lsphp backlog 100 instances 1 priority 0 memSoftLimit 2047M memHardLimit 2047M procSoftLimit 400 procHardLimit 500 } extprocessor php$LSPHP { type lsapi address uds://tmp/lshttpd/php$LSPHP.sock maxConns 100 initTimeout 10 retryTimeout 10 persistConn 1 pcKeepAliveTimeout 10 respBuffer 0 autoStart 2 path /usr/local/lsws/lsphp$LSPHP/bin/lsphp } scripthandler { add lsapi:php$LSPHP php } railsDefaults { maxConns 5 env LSAPI_MAX_IDLE=60 initTimeout 60 retryTimeout 0 pcKeepAliveTimeout 60 respBuffer 0 backlog 50 runOnStartUp 1 extMaxIdleTime 300 priority 3 memSoftLimit 2047M memHardLimit 2047M procSoftLimit 500 procHardLimit 600 } wsgiDefaults { maxConns 5 env LSAPI_MAX_IDLE=60 initTimeout 60 retryTimeout 0 pcKeepAliveTimeout 60 respBuffer 0 backlog 50 runOnStartUp 1 extMaxIdleTime 300 priority 3 memSoftLimit 2047M memHardLimit 2047M procSoftLimit 500 procHardLimit 600 } nodeDefaults { maxConns 5 env LSAPI_MAX_IDLE=60 initTimeout 60 retryTimeout 0 pcKeepAliveTimeout 60 respBuffer 0 backlog 50 runOnStartUp 1 extMaxIdleTime 300 priority 3 memSoftLimit 2047M memHardLimit 2047M procSoftLimit 500 procHardLimit 600 } module cache { internal 1 checkPrivateCache 1 checkPublicCache 1 maxCacheObjSize 10000000 maxStaleAge 200 qsCache 1 reqCookieCache 1 respCookieCache 1 ignoreReqCacheCtrl 1 ignoreRespCacheCtrl 0 enableCache 0 expireInSeconds 3600 enablePrivateCache 0 privateExpireInSeconds 3600 ls_enabled 1 } listener SSL { address $IP4_0:443 secure 1 keyFile /etc/ssl/$VHOST/privkey.pem certFile /etc/ssl/$VHOST/fullchain.pem certChain 1 module cache { ls_enabled 1 } } vhTemplate Vhosts { templateFile \$SERVER_ROOT/conf/templates/vhosts.conf listeners SSL member $VHOST { vhDomain $VHOST } } EOS cat <$LROOT/conf/templates/vhosts.conf vhRoot /home/u/\$VH_NAME/var configFile /home/u/\$VH_NAME/etc/vhost.conf maxKeepAliveReq 100 setUIDMode 2 virtualHostConfig { docRoot \$VH_ROOT/www enableGzip 1 cgroups 0 index { useServer 1 indexFiles index.html, index.php } scripthandler { add lsapi:php$LSPHP php } accessControl { allow ALL } realm HCP { userDB { location \$VH_ROOT/www/hcp/.htpasswd } } context /hcp/ { location \$VH_ROOT/www/hcp/ allowBrowse 1 realm HCP $TXTIP rewrite { } addDefaultCharset off phpIniOverride { } } context exp:^.*(css|gif|ico|jpeg|jpg|js|png|webp|woff|woff2|fon|fot|ttf)$ { location \$DOC_ROOT/\$0 allowBrowse 1 enableExpires 1 expiresByType text/css=A15552000, image/gif=A15552000, image/x-icon=A15552000, image/jpeg=A15552000, application/x-javascript=A15552000, text/javascript=A15552000, application/javascript=A15552000, image/png=A15552000, image/webp=A15552000, font/ttf=A15552000, font/woff=A15552000, font/woff2=A15552000, application/x-font-ttf=A15552000, application/x-font-woff=A15552000, application/font-woff=A15552000, application/font-woff2=A15552000 extraHeaders <<