diff --git a/README.md b/README.md index 754efbc..19884c8 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,75 @@ -# litespeed-appliance +# LiteSpeed Server Appliance +An Open Source Appliance from Robbie Ferguson +(c) 2025 Robbie Ferguson – Licensed under Apache 2.0 + +## Overview + +The LiteSpeed Server Appliance is a fast, modern web server environment built on: + +* **OpenLiteSpeed** for blazing-fast HTTP/3-powered web serving +* **MariaDB** for robust, MySQL-compatible databases +* **PHP 8.2** and essential extensions +* **Redis**, GZIP, and Brotli for performance and caching +* **Self-signed SSL** out of the box, with **Let's Encrypt support via Certbot** + +It's perfect for hosting high-performance websites and apps, including—but not limited to—WordPress. + +--- + +## Default Settings + +* Web Root: `/var/www/html` +* WebAdmin Panel: `https://your-server-ip:7080` + + * Default login: `admin / 123456` + * Change password: `/usr/local/lsws/admin/misc/admpass.sh` +* PHP Info File: `http://your-server/info.php` +* UFW: Enabled (Ports 22, 80, 443, 7080 allowed) + +--- + +## SSL Setup + +### ✅ Already Configured + +* A **self-signed SSL certificate** is preinstalled and active for your site on port 443. +* This lets you test HTTPS immediately with a browser security exception. + +### 🔒 Upgrade to Let's Encrypt SSL (Recommended) + +1. Ensure your domain points to this server. +2. Run: + + ```bash + certbot certonly --webroot -w /var/www/html -d yourdomain.com + ``` +3. Update LiteSpeed's config to use the real cert: + + ``` + certFile /etc/letsencrypt/live/yourdomain.com/fullchain.pem + keyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem + ``` +4. Restart LiteSpeed: + + ```bash + systemctl restart lsws + ``` + +--- + +## Notes + +* The appliance does **not** include WordPress or any CMS by default. Install your web site or CMS to /var/www/html/ +* All configuration happens during the build phase—end users can begin using the server immediately. +* File uploads, rewrite rules, caching behavior, and database settings can be customized as needed. + +--- + +## Support & Licensing + +This appliance is open source and released under the **Apache 2.0 license**. Contributions and forks are welcome. + +--- + +Enjoy your high-performance web server! diff --git a/installer.sh b/installer.sh new file mode 100755 index 0000000..06e6d12 --- /dev/null +++ b/installer.sh @@ -0,0 +1,101 @@ +#!/bin/bash +# installer.sh - LiteSpeed Server Appliance Installer +# An Open Source Appliance from Robbie Ferguson +# (c) 2025 Robbie Ferguson - Licensed under Apache 2.0 + +set -e + +# Variables +DEBIAN_FRONTEND=noninteractive + +# Update system +apt update && apt upgrade -y + +# Install essentials +apt install -y curl wget gnupg2 software-properties-common lsb-release unzip htop ufw fail2ban + +# MariaDB +apt install -y mariadb-server mariadb-client + +# Secure MariaDB (default root password is blank) +mysql -u root <> /usr/local/lsws/conf/httpd_config.conf + +compress 1 +compressBr 1 +EOL + +# Redis for object caching +apt install -y redis-server php-redis + +# Enable and start Redis +systemctl enable redis-server +systemctl start redis-server + +# Setup default virtual host +mkdir -p /var/www/html +chown -R www-data:www-data /var/www/html + +# Generate self-signed certificate for HTTPS +mkdir -p /etc/ssl/litespeed +openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ + -keyout /etc/ssl/litespeed/selfsigned.key \ + -out /etc/ssl/litespeed/selfsigned.crt \ + -subj "/C=US/ST=Denial/L=Nowhere/O=Dis/CN=localhost" + +# Configure listener for HTTPS (443) in LiteSpeed +cat <> /usr/local/lsws/conf/httpd_config.conf +listener SSL { + address *:443 + secure 1 + keyFile /etc/ssl/litespeed/selfsigned.key + certFile /etc/ssl/litespeed/selfsigned.crt + vhRoot /var/www/html/ + vhMap Example * +} +EOF + +# Install Certbot for optional Let's Encrypt +apt install -y certbot python3-certbot + +# Configure UFW rules +ufw allow 22/tcp # SSH +ufw allow 80/tcp # HTTP +ufw allow 443/tcp # HTTPS +ufw allow 7080/tcp # LiteSpeed WebAdmin +ufw --force enable + +# Restart OpenLiteSpeed to apply changes +systemctl restart lsws + +# Print completion message +echo "\nLiteSpeed Server Appliance installed successfully!" +echo "Default Web Root: /var/www/html" +echo "Access OpenLiteSpeed WebAdmin at: https://:7080" +echo "Default admin login: admin / 123456 (change this immediately)" +echo "Run '/usr/local/lsws/admin/misc/admpass.sh' as root to change WebAdmin password" +echo "Self-signed SSL enabled for main site. Run Certbot later to upgrade to Let's Encrypt."