First Release
This commit is contained in:
101
installer.sh
Executable file
101
installer.sh
Executable file
@ -0,0 +1,101 @@
|
||||
#!/bin/bash
|
||||
# installer.sh - LiteSpeed Server Appliance Installer
|
||||
# An Open Source Appliance from Robbie Ferguson
|
||||
# (c) 2025 Robbie Ferguson - Licensed under Apache 2.0
|
||||
|
||||
set -e
|
||||
|
||||
# Variables
|
||||
DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
# Update system
|
||||
apt update && apt upgrade -y
|
||||
|
||||
# Install essentials
|
||||
apt install -y curl wget gnupg2 software-properties-common lsb-release unzip htop ufw fail2ban
|
||||
|
||||
# MariaDB
|
||||
apt install -y mariadb-server mariadb-client
|
||||
|
||||
# Secure MariaDB (default root password is blank)
|
||||
mysql -u root <<EOF
|
||||
DELETE FROM mysql.user WHERE User='';
|
||||
DROP DATABASE IF EXISTS test;
|
||||
DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%';
|
||||
FLUSH PRIVILEGES;
|
||||
EOF
|
||||
|
||||
# OpenLiteSpeed repo and install
|
||||
wget -qO - https://repo.litespeed.sh | bash
|
||||
apt install -y openlitespeed
|
||||
|
||||
# Start OpenLiteSpeed once to initialize directories
|
||||
systemctl start lsws
|
||||
sleep 2
|
||||
|
||||
# PHP and extensions
|
||||
PHPVER=82
|
||||
apt install -y lsphp$PHPVER lsphp$PHPVER-common lsphp$PHPVER-mysql lsphp$PHPVER-curl lsphp$PHPVER-imagick lsphp$PHPVER-intl lsphp$PHPVER-opcache lsphp$PHPVER-redis
|
||||
|
||||
# Set lsphp as default for LiteSpeed
|
||||
systemctl stop lsws
|
||||
sed -i 's/lsphp.*/lsphp$PHPVER/' /usr/local/lsws/conf/httpd_config.conf
|
||||
systemctl start lsws
|
||||
|
||||
# Enable GZIP and Brotli compression
|
||||
cat <<EOL >> /usr/local/lsws/conf/httpd_config.conf
|
||||
|
||||
compress 1
|
||||
compressBr 1
|
||||
EOL
|
||||
|
||||
# Redis for object caching
|
||||
apt install -y redis-server php-redis
|
||||
|
||||
# Enable and start Redis
|
||||
systemctl enable redis-server
|
||||
systemctl start redis-server
|
||||
|
||||
# Setup default virtual host
|
||||
mkdir -p /var/www/html
|
||||
chown -R www-data:www-data /var/www/html
|
||||
|
||||
# Generate self-signed certificate for HTTPS
|
||||
mkdir -p /etc/ssl/litespeed
|
||||
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
|
||||
-keyout /etc/ssl/litespeed/selfsigned.key \
|
||||
-out /etc/ssl/litespeed/selfsigned.crt \
|
||||
-subj "/C=US/ST=Denial/L=Nowhere/O=Dis/CN=localhost"
|
||||
|
||||
# Configure listener for HTTPS (443) in LiteSpeed
|
||||
cat <<EOF >> /usr/local/lsws/conf/httpd_config.conf
|
||||
listener SSL {
|
||||
address *:443
|
||||
secure 1
|
||||
keyFile /etc/ssl/litespeed/selfsigned.key
|
||||
certFile /etc/ssl/litespeed/selfsigned.crt
|
||||
vhRoot /var/www/html/
|
||||
vhMap Example *
|
||||
}
|
||||
EOF
|
||||
|
||||
# Install Certbot for optional Let's Encrypt
|
||||
apt install -y certbot python3-certbot
|
||||
|
||||
# Configure UFW rules
|
||||
ufw allow 22/tcp # SSH
|
||||
ufw allow 80/tcp # HTTP
|
||||
ufw allow 443/tcp # HTTPS
|
||||
ufw allow 7080/tcp # LiteSpeed WebAdmin
|
||||
ufw --force enable
|
||||
|
||||
# Restart OpenLiteSpeed to apply changes
|
||||
systemctl restart lsws
|
||||
|
||||
# Print completion message
|
||||
echo "\nLiteSpeed Server Appliance installed successfully!"
|
||||
echo "Default Web Root: /var/www/html"
|
||||
echo "Access OpenLiteSpeed WebAdmin at: https://<your-server-ip>:7080"
|
||||
echo "Default admin login: admin / 123456 (change this immediately)"
|
||||
echo "Run '/usr/local/lsws/admin/misc/admpass.sh' as root to change WebAdmin password"
|
||||
echo "Self-signed SSL enabled for main site. Run Certbot later to upgrade to Let's Encrypt."
|
||||
Reference in New Issue
Block a user