Uses the base image extremeshok/openlitespeed : https://hub.docker.com/repository/docker/extremeshok/openlitespeed
Checkout our optimized production web-server setup based on docker https://github.com/extremeshok/docker-webserver
- Ubuntu LTS with S6
- Will detect and apply new ssl certs automatically (WATCHMEDO_CERTS_ENABLE)
- cron (/etc/cron.d) enabled for scheduling tasks, run as user nobody
- cron runs every 1 minute, and will generate a new vhost cron every 15mins if vhost_cron is enabled
- Preinstalled IP2Location DB , updated monthly on start (IP2LOCATION-LITE-DB1.IPV6.BIN from https://lite.ip2location.com)
- IP2Location running in Shared Memory DB Cache
- Optimized OpenLiteSpeed configs
- Optimised HTTP Headers for Security (Content Security Policy (CSP), Access-Control-Allow-Methods, Content-Security-Policy, Strict-Transport-Security, X-Content-Type-Options, X-DNS-Prefetch-Control, X-Frame-Options, X-XSS-Protection)
- Optimized PHP configs
- session, memcached, apc serializer set to igbinary
- OpenLiteSpeed installed via github releases (always newer than the repo)
- OpenLiteSpeed Repository used for lsphp (litespeed-php)
- IONICE set to -10
- Low memory usage
- HEALTHCHECK activated
- Graceful shutdown
- tail modsec.log, error.log and php_error.log to stdout
- configs located in /etc/openlitespeed/
- php configs located in /etc/php/
- logs located in /usr/local/lsws/logs/
- default configs will be added if the config dir is empty
- OWASP modsecurity rules enabled
- Restart openlitespeed when changes to the vhost/domain.com/cert dirs are detected, ie ssl certificate is updated
- PHP 7.4 (lsphp74)
- Composer
- PHPUnit
- WP-CLI , (use comamnd wp , this will run wp-cli as the nobody user)
- Expose php disabled
- msmtp enabled: send email via external smtp server, requires SMTP_HOST, SMTP_USER, SMTP_PASS
- Increased php pcre limits
- xshok-vhost-fix-permissions, xshok-vhost-generate-cron and xshok-vhost-monitor-certs are all non-blocking (runs parallel)
- Outputs platform information on start
- mariadb-client (mysql command) added as this is required for wp-cli
- vim-tiny to provide ex which allows for advanced modification of files
- opcode caching in shared memory enabled
- opcode file_cache saved to /var/www/vhosts/.opcache
- set VHOST_FIX_PERMISSIONS to false to disable, enabled by default
- set XS_VHOST_FIX_PERMISSIONS_FOLDERS to false to disable fixing folder permissions, enabled by default
- set XS_VHOST_FIX_PERMISSIONS_FILES to false to disable fixing file permissions, enabled by default
- set XS_VHOST_FIX_PERMISSIONS_FOLDERS to false to disable, enabled by default
- set VHOST_CRON to true to enable, disabled by default
- finds all vhost/cron files and places them in the /etc/cron.d/ , runs hourly
- ignores *.readme *.disabled *.disable *.txt *.sample files
- cron runs every 1 minute, and will generate a new vhost cron every 15mins
- Place cron files in /var/www/vhosts/fqdn.com/cron , see example /var/www/vhosts/localhost/cron/example
- set VHOST_MONITOR_CERTS to false to disable, enabled by default
- monitors /var/www/vhosts/*/certs, looking for changes (only detects *.pem)
- searches for wordpress installs located under /var/www/vhost/fqdn.com/html
- updates a wordpress wordpress (plugins, themes, core, core-db, woocommerce)
- if there was an update, caches are flushed (rewrites, transient, cache, lscache)
- Set VHOST_AUTOUPDATE to false to disable, enabled by default
- Set VHOST_AUTOUPDATE_WP to false to disable, enabled by default
- Set VHOST_AUTOUPDATE_DEBUG to true to enable debug output, disabled by default
- To disable a specific wordpress install from Automatic updates, create a blank "autoupdate.disable" file in the wordpress directory (ie. directory which contains wp-config.php)
- PHP_TIMEZONE=UTC
- PHP_MAX_TIME=300 (in seconds)
- PHP_MAX_UPLOAD_SIZE=32 (in mbyte)
- PHP_MEMORY_LIMIT=256 (in mbyte)
- PHP_DISABLE_FUNCTIONS=shell_exec (set to false to disable, can use a comma separated list)
Enable PHP Error messages only (error_reporting = E_ERROR & E_RECOVERABLE_ERROR & E_CORE_ERROR & E_USER_ERROR)
- PHP_ERRORS_ONLY=yes
- PHP_REDIS_SESSIONS=yes
- PHP_REDIS_HOST=redis
- PHP_REDIS_PORT=6379
- PHP_SMTP_HOST=mail.yoursmtp.com
- PHP_SMTP_PORT=587
- PHP_SMTP_USER=[email protected]
- PHP_SMTP_PASS=securpassword
- PHP74 linked to /usr/bin/php and /usr/local/lsws/fcgi-bin/lsphp
- cache
- mod_js
- mod_security
- modgzip
- modinspector
- modpagespeed
- modreqparser
- uploadprogress
- apcu
- curl
- dev
- igbinary
- imagick
- imap
- intl
- json
- memcached
- msgpack
- mysql
- opcache
- pear
- redis
- sqlite3
Place files in /var/www/vhosts/fqdn.com/ , see example /var/www/vhosts/localhost/
- 80 : http
- 443 : httpS
- 443/udp : quic aka http/2
- 7080 : webadmin
- 8088 : example
- https://127.0.0.1:7080
- user: admin
- Password: please use the password set below
replace container name with the container name, eg xs_openlitespeed-_1
docker exec -ti containername /bin/bash '/usr/local/lsws/admin/misc/admpass.sh'
curl -XGET --resolve domain.com:443:ip.ad.re.ss https://domain.com -k -I