OpenLiteSpeed Server vHost cofiguration using terminal (With Let’s Encrypt SSL)

By General
Spread the love

You can configure your virtual host using WebAdmin. But if you prefer, the terminal way, then follow the following steps.

The virtual host configuration is mainly kept in directory:

/usr/local/lsws/conf

In the above directory you can see a file named: ‘httpd_config.conf’. Which is the main configuration file for the litespeed server.

Every virtual configuration file has to be referenced in the above file. You would also find an example for ‘Example’ named vhost. The ‘Example’ vhost file is located in below directory:

/usr/local/lsws/conf/vhosts/Example

You can use that file to configure your own vhost. Below is the minimum vhost file that is required:

docRoot                   /home/domain/
 vhDomain                  domain.com
 vhAliases                 www.domain.com
 enableGzip                1
 cgroups                   0
 errorlog /home/logs/domain/error.log {
   useServer               1
   logLevel                DEBUG
   rollingSize             10M
 }
 accesslog /home/logs/domain/access.log {
   useServer               0
   rollingSize             10M
   keepDays                30
   compressArchive         0
 }
 index  {
   useServer               0
   indexFiles              index.html index.php
   autoIndex               0
   autoIndexURI            /_autoindex/default.php
 }
 errorpage 404 {
   url                     /error404.html
 }
 scripthandler  {
   add                     lsapi:lsphp php
 }
 expires  {
   enableExpires           1
 }
 accessControl  {
   allow                   *
 }
 context / {
   location                $DOC_ROOT/
   allowBrowse             1
 rewrite  {
 RewriteFile .htaccess
   }
 }
 rewrite  {
   enable                  0
   logLevel                0
 }

Note: Always chown and chgrp (there is a short way, that I don’t remember. Please comment below if you know) to the user and group of Litespeed server. (Usually user is ‘lsadm’ and group is ‘nobody’).

For SSL support use following commands on CentOS 8:

sudo dnf install epel-release

sudo dnf upgrade

sudo yum install snapd

sudo systemctl enable --now snapd.socket

sudo ln -s /var/lib/snapd/snap /snap

reboot

Your system will restart and then run the following to obtain the certificate:

sudo systemctl enable --now snapd.socket

sudo snap install core; sudo snap refresh core

sudo snap install --classic certbot

sudo ln -s /snap/bin/certbot /usr/bin/certbot

sudo certbot certonly --webroot

Then it will ask few questions, answer them according to your website configuration. My answers were following (please read carefully, as some of the information needs to be changed, like email):

[root@faltutechLite ~]# sudo snap install --classic certbot
 certbot 1.10.1 from Certbot Project (certbot-eff✓) installed
 [root@faltutechLite ~]# sudo ln -s /snap/bin/certbot /usr/bin/certbot
 [root@faltutechLite ~]# sudo certbot certonly --webroot
 Saving debug log to /var/log/letsencrypt/letsencrypt.log
 Plugins selected: Authenticator webroot, Installer None
 Enter email address (used for urgent renewal and security notices)
  (Enter 'c' to cancel): [email protected]
 
 Please read the Terms of Service at
 https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
 agree in order to register with the ACME server. Do you agree?
 
 (Y)es/(N)o: y
 
 Would you be willing, once your first certificate is successfully issued, to
 share your email address with the Electronic Frontier Foundation, a founding
 partner of the Let's Encrypt project and the non-profit organization that
 develops Certbot? We'd like to send you email about our work encrypting the web,
 EFF news, campaigns, and ways to support digital freedom.
 
 (Y)es/(N)o: y
 Account registered.
 Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
 to cancel): domain.com,www.domain.com
 Requesting a certificate for domain.com and www.domain.com
 Performing the following challenges:
 http-01 challenge for domain.com
 http-01 challenge for www.domain.com
 Input the webroot for domain.com: (Enter 'c' to cancel): /home/web/domain
 Select the webroot for www.domain.com:
 
 1: Enter a new webroot
 2: /home/web/domain
 
 Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
 Waiting for verification…
 Cleaning up challenges
 Subscribe to the EFF mailing list (email: [email protected]).
 IMPORTANT NOTES:
 Congratulations! Your certificate and chain have been saved at:
 /etc/letsencrypt/live/domain.com/fullchain.pem
 Your key file has been saved at:
 /etc/letsencrypt/live/domain.com/privkey.pem
 Your cert will expire on 2021-03-17. To obtain a new or tweaked
 version of this certificate in the future, simply run certbot
 again. To non-interactively renew all of your certificates, run
 "certbot renew"
 If you like Certbot, please consider supporting our work by:
 Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 Donating to EFF:                    https://eff.org/donate-le

Now we certificate is saved at: /etc/letsencrypt/live/domain.com/privkey.pem and chain in /etc/letsencrypt/live/domain.com/fullchain.pem

You can use WebAdmin to setup the SSL or add the following line at the end of your configuration for vhost:

vhssl  {
   keyFile                 /etc/letsencrypt/live/domain.com/privkey.pem
   certFile                /etc/letsencrypt/live/domain.com/fullchain.pem
 }

Don’t forget to add a listener in master config file and map to your vhost.

vHost Mapping and listener mapping and SSL configuration can be easily done by using WebAdmin panel. I will end this here, and will come back later with more…