First Release

2025-07-18 11:09:25 -04:00
parent e006d53555
commit 47aa9b9bd0
2 changed files with 175 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -1,2 +1,75 @@
-# litespeed-appliance
+# LiteSpeed Server Appliance
 An Open Source Appliance from Robbie Ferguson
 (c) 2025 Robbie Ferguson – Licensed under Apache 2.0
 ## Overview
 The LiteSpeed Server Appliance is a fast, modern web server environment built on:
 * **OpenLiteSpeed** for blazing-fast HTTP/3-powered web serving
 * **MariaDB** for robust, MySQL-compatible databases
 * **PHP 8.2** and essential extensions
 * **Redis**, GZIP, and Brotli for performance and caching
 * **Self-signed SSL** out of the box, with **Let's Encrypt support via Certbot**
 It's perfect for hosting high-performance websites and apps, including—but not limited to—WordPress.
 ---
 ## Default Settings
 * Web Root: `/var/www/html`
 * WebAdmin Panel: `https://your-server-ip:7080`
  * Default login: `admin / 123456`
  * Change password: `/usr/local/lsws/admin/misc/admpass.sh`
 * PHP Info File: `http://your-server/info.php`
 * UFW: Enabled (Ports 22, 80, 443, 7080 allowed)
 ---
 ## SSL Setup
 ### ✅ Already Configured
 * A **self-signed SSL certificate** is preinstalled and active for your site on port 443.
 * This lets you test HTTPS immediately with a browser security exception.
 ### 🔒 Upgrade to Let's Encrypt SSL (Recommended)
 1. Ensure your domain points to this server.
 2. Run:
   ```bash
   certbot certonly --webroot -w /var/www/html -d yourdomain.com
   ```
 3. Update LiteSpeed's config to use the real cert:
   ```
   certFile                 /etc/letsencrypt/live/yourdomain.com/fullchain.pem
   keyFile                  /etc/letsencrypt/live/yourdomain.com/privkey.pem
   ```
 4. Restart LiteSpeed:
   ```bash
   systemctl restart lsws
   ```
 ---
 ## Notes
 * The appliance does **not** include WordPress or any CMS by default. Install your web site or CMS to /var/www/html/
 * All configuration happens during the build phase—end users can begin using the server immediately.
 * File uploads, rewrite rules, caching behavior, and database settings can be customized as needed.
 ---
 ## Support & Licensing
 This appliance is open source and released under the **Apache 2.0 license**. Contributions and forks are welcome.
 ---
 Enjoy your high-performance web server!
--- a/installer.sh
+++ b/installer.sh
@ -0,0 +1,101 @@
 #!/bin/bash
 # installer.sh - LiteSpeed Server Appliance Installer
 # An Open Source Appliance from Robbie Ferguson
 # (c) 2025 Robbie Ferguson - Licensed under Apache 2.0
 set -e
 # Variables
 DEBIAN_FRONTEND=noninteractive
 # Update system
 apt update && apt upgrade -y
 # Install essentials
 apt install -y curl wget gnupg2 software-properties-common lsb-release unzip htop ufw fail2ban
 # MariaDB
 apt install -y mariadb-server mariadb-client
 # Secure MariaDB (default root password is blank)
 mysql -u root <<EOF
 DELETE FROM mysql.user WHERE User='';
 DROP DATABASE IF EXISTS test;
 DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%';
 FLUSH PRIVILEGES;
 EOF
 # OpenLiteSpeed repo and install
 wget -qO - https://repo.litespeed.sh | bash
 apt install -y openlitespeed
 # Start OpenLiteSpeed once to initialize directories
 systemctl start lsws
 sleep 2
 # PHP and extensions
 PHPVER=82
 apt install -y lsphp$PHPVER lsphp$PHPVER-common lsphp$PHPVER-mysql lsphp$PHPVER-curl lsphp$PHPVER-imagick lsphp$PHPVER-intl lsphp$PHPVER-opcache lsphp$PHPVER-redis
 # Set lsphp as default for LiteSpeed
 systemctl stop lsws
 sed -i 's/lsphp.*/lsphp$PHPVER/' /usr/local/lsws/conf/httpd_config.conf
 systemctl start lsws
 # Enable GZIP and Brotli compression
 cat <<EOL >> /usr/local/lsws/conf/httpd_config.conf
 compress 1
 compressBr 1
 EOL
 # Redis for object caching
 apt install -y redis-server php-redis
 # Enable and start Redis
 systemctl enable redis-server
 systemctl start redis-server
 # Setup default virtual host
 mkdir -p /var/www/html
 chown -R www-data:www-data /var/www/html
 # Generate self-signed certificate for HTTPS
 mkdir -p /etc/ssl/litespeed
 openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
  -keyout /etc/ssl/litespeed/selfsigned.key \
  -out /etc/ssl/litespeed/selfsigned.crt \
  -subj "/C=US/ST=Denial/L=Nowhere/O=Dis/CN=localhost"
 # Configure listener for HTTPS (443) in LiteSpeed
 cat <<EOF >> /usr/local/lsws/conf/httpd_config.conf
 listener SSL {
  address                 *:443
  secure                  1
  keyFile                 /etc/ssl/litespeed/selfsigned.key
  certFile                /etc/ssl/litespeed/selfsigned.crt
  vhRoot                  /var/www/html/
  vhMap                   Example *
 }
 EOF
 # Install Certbot for optional Let's Encrypt
 apt install -y certbot python3-certbot
 # Configure UFW rules
 ufw allow 22/tcp       # SSH
 ufw allow 80/tcp       # HTTP
 ufw allow 443/tcp      # HTTPS
 ufw allow 7080/tcp     # LiteSpeed WebAdmin
 ufw --force enable
 # Restart OpenLiteSpeed to apply changes
 systemctl restart lsws
 # Print completion message
 echo "\nLiteSpeed Server Appliance installed successfully!"
 echo "Default Web Root: /var/www/html"
 echo "Access OpenLiteSpeed WebAdmin at: https://<your-server-ip>:7080"
 echo "Default admin login: admin / 123456 (change this immediately)"
 echo "Run '/usr/local/lsws/admin/misc/admpass.sh' as root to change WebAdmin password"
 echo "Self-signed SSL enabled for main site. Run Certbot later to upgrade to Let's Encrypt."