How to Install OpenLiteSpeed Webserver on Debian 12

Introduction

OpenLiteSpeed is a lightweight, high-performance, open-source webserver that delivers web applications using modern web technologies. The webserver supports built-in caching, HTTP/3, and a graphical web console for simplified server management.

In this article, you'll install the OpenLiteSpeed webserver on Debian 12, access the web console, and create virtual hosts to serve web applications.

Prerequisites

Before you begin:

• Deploy a Debian 12 instance on Vultr.
• Access the instance using SSH as a non-root user with sudo privileges.
• Set up a new domain A record pointing to the instance's public IP address.
• Update the instance.

Install OpenLiteSpeed

OpenLiteSpeed is not available in the default package repositories on Debian 12. Follow the steps below to download the latest OpenLiteSpeed repository information script and install the application.

1. Download and run the OpenLiteSpeed repository setup script.

   console Copy

   $ wget -O - https://repo.litespeed.sh | sudo bash
   

   Output:

   LiteSpeed repository has been setup!

2. Install the OpenLiteSpeed package.

   console Copy

   $ sudo apt install openlitespeed -y
   

3. View the installed OpenLiteSpeed version.

   console Copy

   $ cat /usr/local/lsws/VERSION
   

   Output:

   1.7.19

Manage the OpenLiteSpeed System Service

OpenLiteSpeed uses the lsws system service to run on the server and manage the application processes. Follow the steps below to enable the OpenLiteSpeed system service to start at boot time and manage the webserver processes.

1. Enable OpenLiteSpeed to automatically start at boot.

   console Copy

   $ sudo systemctl enable lsws
   

2. Start the OpenLiteSpeed service.

   console Copy

   $ sudo systemctl start lsws
   

3. View the OpenLiteSpeed service status and verify that it's running.

   console Copy

   $ sudo systemctl status lsws
   

   Output:

   ● lsws.service - LSB: lshttpd
        Loaded: loaded (/etc/init.d/lsws; generated)
        Active: active (running) since Wed 2024-08-14 21:43:25 UTC; 2min 48s ago
          Docs: man:systemd-sysv-generator(8)
         Tasks: 3 (limit: 2224)
        Memory: 6.4M
           CPU: 462ms
        CGroup: /system.slice/lsws.service
                ├─2314 openlitespeed (lshttpd - main)
                ├─2323 openlitespeed (lscgid)
                └─2352 openlitespeed (lshttpd - #01)

4. Stop OpenLiteSpeed.

   console Copy

   $ sudo systemctl stop lsws
   

5. Restart OpenLiteSpeed.

   console Copy

   $ sudo systemctl reload lsws
   

Configure OpenLiteSpeed

OpenLiteSpeed includes an administrator setup script that lets you create administrative users to manage the webserver using the web console interface. Follow the steps below to create a new user and configure OpenLiteSpeed to listen for web application requests on the HTTP port 80.

1. Run the OpenLiteSpeed administrator script to create a new user account.

   console Copy

   $ sudo bash /usr/local/lsws/admin/misc/admpass.sh
   

   Enter a new administrative username and a strong password.

   Output:

   Administrator's username/password is updated successfully!

2. Allow incoming connections to the OpenLiteSpeed web console port 7080 through the firewall.

   console Copy

   $ sudo ufw allow 7080/tcp
   

3. Reload the firewall to apply the new connection rules.

   console Copy

   $ sudo ufw reload
   

4. Access the OpenLiteSpeed web console on port 7080 using your server IP in a web browser such as Chrome.

   http://SERVER-IP:7080

5. Accept the insecure certificate warning.

   

6. Log in to the OpenLiteSpeed Web control panel using the administrative user and password you created earlier.

   

7. Click Listeners on the left navigation menu.

   

8. Click View within the Actions section of the Default listener.

   

9. Click Edit within the Address Settings section.

10. Change the Port value from 8088 to 80.

    

11. Click Save to apply the listening address changes.

12. Click Graceful Restart to apply the webserver configuration changes.

    

Create a New OpenLiteSpeed Virtual Host

OpenLiteSpeeds supports multiple virtual hosts that use a unique domain, document root, and delivery directives. Follow the steps below to create a new OpenLiteSpeed virtual host for the app.example.com domain.

1. Create a web directory for your virtual host.

   console Copy

   $ sudo mkdir /usr/local/lsws/app.example.com
   

2. Create the OpenLiteSpeed data sub-directories.

   console Copy

   $ sudo mkdir /usr/local/lsws/app.example.com/{html,logs,conf} -p
   

   The above command creates the following sub-directories in your web root directory:

   • html: Contains the web application files served by OpenLiteSpeed.
   • logs: Stores the virtual host's access and error logs.
   • conf: Stores site-specific OpenLiteSpeed configurations.

3. Grant the lsadm OpenLiteSpeed user and group ownership privileges to the directory.

   console Copy

   $ sudo chown lsadm:lsadm -R /usr/local/app.example.com
   

4. Access the OpenLiteSpeed web console in a new web browser window.

   http://SERVER-IP:7080

5. Click Virtual Hosts on the left navigation menu.

   

6. Click Add + to create a new virtual host with the following information:

   • Virtual Host Name: app.example.com
   • Virtual Host Root: $SERVER_ROOT/app.example.com/
   • Config File: $SERVER_ROOT/conf/vhosts/$VH_NAME/vhconf.conf
   • Follow Symbolic Link: Yes
   • Enable Scripts/ExtApps: Yes
   • Restrained: Yes
   • External App Set UID Mode: Server UID

7. Click Save to create the new virtual host.

   

8. Click CLICK TO CREATE when prompted to create the new virtual host configuration file usr/local/lsws/conf/vhosts/app.example.com/vhconf.conf.

9. Click Save to apply the virtual host configuration.

10. Navigate to Virtual Hosts and select app.example.com.

    

11. Navigate to the General tab and click Edit to modify the new virtual host configuration with the following information:

    • Document Root: $VH_ROOT/html/
    • Domain Name: app.example.com
    • Domain Aliases: app.example.com
    • Enable GZIP Compression: Yes
    • Enable Brotli Compression: Yes

12. Click Save to apply the new virtual host configurations.

    

13. Navigate to the Log tab and click Edit in the Virtual Host Log section to update the following fields:

    • Use Server's Log: Yes
    • File Name: $VH_ROOT/logs/error.log
    • Log Level: ERROR
    • Rolling Size (bytes): 10M
    • Keep Days: 30

    

14. Click Save to apply the log changes.

15. Click Add within the Access Log section and modify the following fields:

    • Log Control: Own Log File
    • File Name: $VH_ROOT/logs/access.log
    • Rolling Size (bytes): 10M
    • Keep Days: 30

16. Click Save to apply the log configurations.

    

17. Navigate to the Rewrite tab, click Edit in the Rewrite Control section and update the following fields:

    • Enable Rewrite: Yes
    • Auto Load from .htaccess: Yes

18. Click Save to apply the rewrite configurations.

    

19. Click Listeners on the left navigation menu and select Default > Virtual Host Mappings.

20. Click Add and map the app.example.com domain to the virtual host you created earlier with the following values:

    • Virtual Host: app.example.com
    • Domains: app.example.com

    

21. Click Save to apply the virtual host changes and click Graceful Restart in the top right corner to apply the webserver configurations.

    

22. Create a new index.html web application file in your virtual host's html directory.

    console Copy

    $ sudo nano /usr/local/lsws/app.example.com/html/index.html
    

23. Add the following contents to the file.

    html Copy

    <!DOCTYPE html>
    <html lang="en">
    <head>
        <meta charset="UTF-8">
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
        <title>Test Page</title>
        <style>
            body {
                display: flex;
                justify-content: center;
                align-items: center;
                height: 100vh;
                margin: 0;
            }
        </style>
    </head>
    <body>
        <h1>Hello World! Greetings from Vultr</h1>
    </body>
    </html>
    

    Save and close the file.

    The above HTML application displays a Hello World! Greetings from Vultr message when you access it using your virtual host domain.

24. Allow network connections to the HTTP port 80 through the firewall.

    console Copy

    $ sudo ufw allow 80/tcp
    

25. Access your domain using a web browser such as Chrome.

    http://app.example.com

26. Verify that OpenLiteSpeed serves your web application files.

    

Secure the OpenLiteSpeed Webserver

OpenLiteSpeed serves web content using the insecure HTTP port 80 by default, which allows plain text data transmission between HTTP clients and the webserver. To encrypt sensitive information on port 443, enable HTTPS using trusted SSL/TLS certificates. Follow the steps below to generate trusted SSL certificates and secure the OpenLiteSpeed webserver.

1. Install the Certbot Let's Encrypt client tool.

   console Copy

   $ sudo apt install certbot
   

2. Generate a new SSL certificate for your domain. Replace app.example.com with your actual domain name and admin@example.com with your email address.

   console Copy

   $ sudo certbot certonly --webroot -w /usr/local/lsws/app.example.com/html/ --staple-ocsp --preferred-challenges http -m admin@example.com -d app.example.com --agree-tos
   

   Output:

   Successfully received certificate.
   Certificate is saved at: /etc/letsencrypt/live/app.example.com/fullchain.pem
   Key is saved at:         /etc/letsencrypt/live/app.example.com/privkey.pem
   This certificate expires on 2024-11-14.
   These files will be updated when the certificate renews.
   Certbot has set up a scheduled task to automatically renew this certificate in the background.

3. Access the OpenLiteSpeed web console.

   http://SERVER-IP:7080 

4. Click Listeners on the main navigation menu.

5. Click Add + to create a new listener and set the following values:

   • Listener Name: SSL Listener
   • IP Address: ANY IPv4
   • Port: 443
   • Secure: Yes

   

6. Click the Save to apply changes.

7. Click View within the Listeners section to modify the new SSL Listener.

   

8. Click Add to bind the listener to your existing virtual host in the Virtual Host Mappings section with the following values.

   • Virtual Host: app.example.com
   • Domains: app.example.com

   

9. Click Save to apply the configuration changes.

10. Navigate to the SSL tab within the SSL Listener settings.

11. Click Edit in the SSL Private Key & Certificate section and update the following fields with your Let's Encrypt certificate paths.

    • Private Key File: /etc/letsencrypt/live/app.example.com/privkey.pem
    • Certificate File: /etc/letsencrypt/live/app.example.com/fullchain.pem
    • Chained Certificate: Yes

    

12. Click Save to apply the SSL changes and select Graceful Restart in the top right corner to apply the webserver configurations.

    

Set Up Firewall Rules

OpenLiteSpeed web console runs on port 7080 and serves web applications on HTTP port 80 and HTTPS port 443. Follow the steps below to allow HTTP and HTTPS network connections through the firewall.

1. View the UFW status and verify that it's active.

   console Copy

   $ sudo ufw status
   

   Output:

   Status: active

2. Allow HTTP connections on Port 80.

   console Copy

   $ sudo ufw allow 80/tcp
   

3. Allow HTTPS connections on Port 443.

   console Copy

   $ sudo ufw allow 443/tcp
   

4. View the UFW status and verify that the new rules are available.

   console Copy

   $ sudo ufw status
   

5. Reload UFW to apply the firewall changes.

   console Copy

   $ sudo ufw reload
   

6. Access your domain using a web browser and verify that your application displays correctly.

   https://app.example.com

   

Conclusion

You have installed the OpenLiteSpeed webserver on Debian 12 and enabled access to the web console administration interface. OpenLiteSpeed supports multiple virtual hosts you can use to securely run web applications with different frameworks on your server. For more information, please visit the official OpenLiteSpeed documentation.