241 lines
7.1 KiB
Bash
Executable File
241 lines
7.1 KiB
Bash
Executable File
#!/bin/bash
|
|
# LiteSpeed Server Appliance Installer
|
|
# An Open Source Appliance from Robbie Ferguson
|
|
# (c) 2025 Robbie Ferguson - Licensed under Apache 2.0
|
|
|
|
HTMLSITE_CONF="html-site"
|
|
|
|
if [[ "$1" == "--purge" ]]; then
|
|
echo "WARNING: This will completely uninstall LiteSpeed and delete all data (vhosts, configs, logs, web root)."
|
|
read -p "Are you sure you want to continue? [y/N]: " confirm
|
|
if [[ "$confirm" != "y" && "$confirm" != "Y" ]]; then
|
|
echo "Purge cancelled."
|
|
exit 1
|
|
fi
|
|
|
|
echo "Purging LiteSpeed Server Appliance..."
|
|
|
|
# Stop LiteSpeed service
|
|
systemctl stop lsws || true
|
|
|
|
# Uninstall LiteSpeed and dependencies
|
|
apt-get remove --purge -y openlitespeed || true
|
|
apt-get autoremove --purge -y
|
|
|
|
# Remove configuration and vhost data
|
|
rm -rf /usr/local/lsws
|
|
rm -rf /var/www/html
|
|
rm -rf /var/log/lsws
|
|
rm -rf /etc/lsws
|
|
|
|
# Remove admin user
|
|
userdel -r lsadm 2>/dev/null || true
|
|
|
|
echo "LiteSpeed Server Appliance has been purged."
|
|
exit 0
|
|
fi
|
|
|
|
echo "LiteSpeed Server Appliance Installer"
|
|
echo "By Robbie Ferguson"
|
|
|
|
set -e
|
|
|
|
# Variables
|
|
DEBIAN_FRONTEND=noninteractive
|
|
|
|
# Update system
|
|
apt update && apt upgrade -y
|
|
|
|
# Install essentials
|
|
apt install -y curl wget gnupg2 software-properties-common lsb-release unzip htop ufw fail2ban
|
|
|
|
# Add OpenLiteSpeed repository
|
|
# Needs to happen after curl is installed
|
|
wget -qO - https://repo.litespeed.sh | bash
|
|
|
|
# Required to compile PHP
|
|
apt install -y pkg-config build-essential libxml2 libxml2-dev php-dev autoconf automake libtool
|
|
# Required by virtual:world
|
|
apt install -y libssl-dev libsqlite3-dev zlib1g-dev libcurl4-openssl-dev libpng-dev libonig-dev libzip-dev
|
|
|
|
# MariaDB
|
|
apt install -y mariadb-server mariadb-client
|
|
|
|
# Secure MariaDB (default root password is blank)
|
|
mysql -u root <<EOF
|
|
DELETE FROM mysql.user WHERE User='';
|
|
DROP DATABASE IF EXISTS test;
|
|
DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%';
|
|
FLUSH PRIVILEGES;
|
|
EOF
|
|
|
|
# Install OpenLiteSpeed
|
|
apt install -y openlitespeed
|
|
|
|
# Start OpenLiteSpeed once to initialize directories
|
|
systemctl start lsws
|
|
sleep 2
|
|
|
|
# PHP and extensions
|
|
PHPVER='8.3'
|
|
apt install -y lsphp${PHPVER//./} lsphp${PHPVER//./}-{common,mysql,curl,imagick,intl,opcache,redis}
|
|
|
|
# Create a symlink that gives PHP CLI capability but uses the LSPHP version of PHP to coincide with server
|
|
ln -s /usr/local/lsws/lsphp83/bin/php /usr/local/bin/php
|
|
|
|
systemctl stop lsws
|
|
# Set lsphp as default for LiteSpeed
|
|
sed -i "s|path .*|path /usr/local/lsws/lsphp${PHPVER//./}/bin/php|" /usr/local/lsws/conf/httpd_config.conf
|
|
systemctl start lsws
|
|
|
|
# Enable GZIP and Brotli compression
|
|
cat <<EOL >> /usr/local/lsws/conf/httpd_config.conf
|
|
|
|
compress 1
|
|
compressBr 1
|
|
EOL
|
|
|
|
# Redis for object caching
|
|
apt install -y redis-server php-redis
|
|
|
|
# Enable and start Redis
|
|
systemctl enable redis-server
|
|
systemctl start redis-server
|
|
|
|
# Setup default virtual host
|
|
mkdir -p /var/www/html
|
|
chown -R www-data:www-data /var/www/html
|
|
|
|
# Create custom virtual host 'html-site'
|
|
mkdir -p /usr/local/lsws/conf/vhosts/${HTMLSITE_CONF}
|
|
cat <<EOF > /usr/local/lsws/conf/vhosts/${HTMLSITE_CONF}/vhconf.conf
|
|
docRoot /var/www/html
|
|
vhDomain *
|
|
vhAliases *
|
|
adminEmails root@localhost
|
|
|
|
errorlog /usr/local/lsws/logs/${HTMLSITE_CONF}_error.log {
|
|
useServer 0
|
|
logLevel WARN
|
|
rollingSize 10M
|
|
}
|
|
|
|
accesslog /usr/local/lsws/logs/${HTMLSITE_CONF}_access.log {
|
|
useServer 0
|
|
rollingSize 10M
|
|
}
|
|
|
|
index {
|
|
useServer 0
|
|
indexFiles index.php, index.html
|
|
}
|
|
|
|
scripthandler {
|
|
add lsapi:lsphp${PHPVER//./} php
|
|
}
|
|
|
|
extprocessor lsphp${PHPVER//./} {
|
|
type lsapi
|
|
address uds://tmp/lshttpd/lsphp${PHPVER//./}.sock
|
|
maxConns 35
|
|
env PHP_LSAPI_CHILDREN=35
|
|
env LSAPI_AVOID_FORK=200M
|
|
initTimeout 60
|
|
retryTimeout 0
|
|
persistConn 1
|
|
respBuffer 0
|
|
autoStart 1
|
|
path /usr/local/lsws/lsphp${PHPVER//./}/bin/php
|
|
backlog 100
|
|
instances 1
|
|
priority 0
|
|
memSoftLimit 2047M
|
|
memHardLimit 2047M
|
|
procSoftLimit 400
|
|
procHardLimit 500
|
|
}
|
|
|
|
phpIniOverride {
|
|
php_admin_value open_basedir "/var/www/html/:/tmp/"
|
|
}
|
|
EOF
|
|
|
|
chown -R lsadm:nogroup /usr/local/lsws/conf/vhosts/${HTMLSITE_CONF}
|
|
chmod 700 /usr/local/lsws/conf/vhosts/${HTMLSITE_CONF}
|
|
chmod 600 /usr/local/lsws/conf/vhosts/${HTMLSITE_CONF}/vhconf.conf
|
|
|
|
# Map listeners to html-site instead of Example
|
|
##sed -i "s|^[[:space:]]*vhMap[[:space:]]\\+Example[[:space:]]\\+| vhMap ${HTMLSITE_CONF} *|" /usr/local/lsws/conf/httpd_config.conf
|
|
|
|
# Delete the broken Example vhost
|
|
if [[ -e /usr/local/lsws/conf/vhosts/Example ]]; then
|
|
rm -rf /usr/local/lsws/conf/vhosts/Example
|
|
fi
|
|
|
|
# Update main config to use new vhost
|
|
HTTPD_CONF="/usr/local/lsws/conf/httpd_config.conf"
|
|
VHOSTS_DIR="/usr/local/lsws/conf/vhosts"
|
|
|
|
# 1. Remove "Example" vhost from httpd_config.conf
|
|
if grep -q 'virtualHost Example' "$HTTPD_CONF"; then
|
|
echo "Removing Example virtual host from httpd_config.conf..."
|
|
sed -i '/virtualHost Example {/,/^}/d' "$HTTPD_CONF"
|
|
fi
|
|
|
|
# 2. Register html-site virtual host if not already present
|
|
if ! grep -q "virtualHost $HTMLSITE_CONF" "$HTTPD_CONF"; then
|
|
echo "Adding ${HTMLSITE_CONF} virtual host to httpd_config.conf..."
|
|
cat <<EOL >> "$HTTPD_CONF"
|
|
|
|
virtualHost $HTMLSITE_CONF {
|
|
vhRoot $VHOSTS_DIR/$HTMLSITE_CONF/
|
|
configFile \$VH_ROOT/vhconf.conf
|
|
allowSymbolLink 1
|
|
enableScript 1
|
|
restrained 0
|
|
setUIDMode 0
|
|
}
|
|
EOL
|
|
fi
|
|
|
|
|
|
# Generate self-signed certificate for HTTPS
|
|
mkdir -p /etc/ssl/litespeed
|
|
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
|
|
-keyout /etc/ssl/litespeed/selfsigned.key \
|
|
-out /etc/ssl/litespeed/selfsigned.crt \
|
|
-subj "/C=US/ST=Denial/L=Nowhere/O=Dis/CN=localhost"
|
|
|
|
# Configure listener for HTTPS (443) in LiteSpeed
|
|
cat <<EOF >> /usr/local/lsws/conf/httpd_config.conf
|
|
listener SSL {
|
|
address *:443
|
|
secure 1
|
|
keyFile /etc/ssl/litespeed/selfsigned.key
|
|
certFile /etc/ssl/litespeed/selfsigned.crt
|
|
vhRoot /var/www/html
|
|
vhMap $HTMLSITE_CONF *
|
|
}
|
|
EOF
|
|
|
|
# Install Certbot for optional Let's Encrypt
|
|
apt install -y certbot python3-certbot
|
|
|
|
# Configure UFW rules
|
|
ufw allow 22/tcp # SSH
|
|
ufw allow 80/tcp # HTTP
|
|
ufw allow 443/tcp # HTTPS
|
|
ufw allow 7080/tcp # LiteSpeed WebAdmin
|
|
ufw --force enable
|
|
|
|
# Restart OpenLiteSpeed to apply changes
|
|
systemctl restart lsws
|
|
|
|
# Print completion message
|
|
echo "LiteSpeed Server Appliance installed successfully!"
|
|
echo "Default Web Root: /var/www/html"
|
|
echo "Access OpenLiteSpeed WebAdmin at: https://<your-server-ip>:7080"
|
|
echo "Default admin login: admin / 123456 (change this immediately)"
|
|
echo "Run '/usr/local/lsws/admin/misc/admpass.sh' as root to change WebAdmin password"
|
|
echo "Self-signed SSL enabled for main site. Run Certbot later to upgrade to Let's Encrypt."
|