Install OpenLiteSpeed dengan PHP-FPM

OpenLiteSpeed (OLS) adalah versi open source dari LiteSpeed Web Server Enterprise yang dapat digunakan sebagai alternatif Apache, OLS menawarkan performa tinggi dan fitur canggih yang sama seperti LiteSpeed Enterprise.

OpenLiteSpeed support beberapa distribusi Linux seperti:

CentOS 7 (EOL June 30, 2024), 8, 9
Debian 10 (EOL June 30, 2024), 11, 12
Ubuntu 20, 22, 24
RedHat Enterprise Linux (AlmaLinux, CloudLinux, Oracle Linux, RockyLinux, VzLinux)

Install OpenLiteSpeed

Setup repositori LiteSpeed dengan perintah berikut.

curl -s https://repo.litespeed.sh | bash

Kemudian install OpenLiteSpeed beserta LSPHP.

yum -y install openlitespeed lsphp74

Selanjutnya edit file /usr/local/lsws/conf/httpd_config.conf untuk menambahkan virtualhost.

virtualhost web1-80 {
  vhRoot                  /home/web1/
  configFile              $SERVER_ROOT/conf/vhosts/$VH_NAME/vhost.conf
  allowSymbolLink         1
  enableScript            1
  restrained              1
  setUIDMode              2
}

virtualhost web1-443 {
  vhRoot                  /home/web1/
  configFile              $SERVER_ROOT/conf/vhosts/$VH_NAME/vhost.conf
  allowSymbolLink         1
  enableScript            1
  restrained              1
  setUIDMode              2
}

listener default-192.168.244.5 {
  address                 192.168.244.5:80
  secure                  0
  map                     web1-80 example.com, www.example.com, mail.example.com
}

listener SSL-192.168.244.5 {
  address                 192.168.244.5:443
  secure                  1
  keyFile                 /path/to/certs/private.key
  certFile                /path/to/certs/bundle.crt
  certChain               1
  sslProtocol             30
  map                     web1-443 example.com, www.example.com, mail.example.com
}

Konfigurasi virtualhost web1-443 dan listener SSL bersifat opsional. Anda tidak perlu menambahkannya apabila tidak diperlukan.

Buat folder /usr/local/lsws/conf/vhosts/web1-80, kemudian tambahkan file vhost.conf untuk mengatur konfigurasi virtualhost.

nano /usr/local/lsws/conf/vhosts/web1-80/vhost.conf


docRoot                 /home/web1/public_html
vhAliases                                     *
listeners               web1-80
adminEmails              [email protected]
enableGzip              1
enableBr                1
enableIpGeo             1

index {
  useServer               0
  indexFiles              index.php index.php8 index.php7 index.php5 index.perl index.pl index.plx index.ppl index.cgi index.jsp index.jp index.phtml index.shtml index.xhtml index.html index.htm index.js
  autoIndex               1
}

errorlog /usr/local/lsws/logs/web1.err {
  useServer               0
  logLevel                ERROR
  rollingSize             10M
  compressArchive         1
}

accesslog /usr/local/lsws/logs/web1.log {
  useServer               0
  logFormat               %h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"
  logHeaders              5
  rollingSize             10M
  keepDays                10
  compressArchive         1
}

rewrite {
  enable                  1
  autoLoadHtaccess        1
  RewriteCond %{REQUEST_URI} ^/\.well-known/.*$
  RewriteRule /(.*) - [END]

}

scripthandler {
  add                     lsapi:php74 php
}

extprocessor php74 {
  type                    lsapi
  address                 UDS://tmp/lshttpd/php74.sock
  maxConns                50
  env                     PHP_INI_SCAN_DIR=:/home/web1/public_html
  env                     LSPHP_ENABLE_USER_INI=on
  env                     PHP_LSAPI_CHILDREN=50
  env                     LSAPI_AVOID_FORK=200M
  initTimeout             60
  retryTimeout            0
  persistConn             1
  pcKeepAliveTimeout      1
  respBuffer              0
  autoStart               2
  path                    /usr/local/lsws/lsphp74/bin/lsphp
  extMaxIdleTime          60
  memSoftLimit            2047M
  memHardLimit            2047M
  procSoftLimit           1400
  procHardLimit           1500
}

module cache {
 storagePath /usr/local/lsws/cachedata/$VH_NAME
}

# include /usr/local/lsws/conf/vhosts/web1-80/custom.conf

Bagian env pada konfigurasi extprocessor dapat menggunakan beberapa opsi berikut.

LSAPI_STDERR_LOG
PHP_LSAPI_MAX_REQUESTS
LSAPI_MAX_REQS
LSAPI_KEEP_LISTEN
LSAPI_AVOID_FORK
LSAPI_ACCEPT_NOTIFY
LSAPI_SLOW_REQ_MSECS
LSAPI_ALLOW_CORE_DUMP
LSAPI_MAX_IDLE
PHP_LSAPI_CHILDREN
LSAPI_EXTRA_CHILDREN
LSAPI_MAX_IDLE_CHILDREN
LSAPI_PGRP_MAX_IDLE
LSAPI_MAX_PROCESS_TIME
LSAPI_PPID_NO_CHECK
LSAPI_MAX_BUSY_WORKER
LSAPI_DUMP_DEBUG_INFO
LSAPI_DEFAULT_UID
LSAPI_DEFAULT_GID
LSAPI_SECRET
LSAPI_LVE_ENABLE

Setting permission folder vhosts supaya dapat diedit dari WebAdmin Console.

chown -R lsadm:nobody vhosts
chmod -R 750 vhosts

Buat folder docroot

Buat akun user web1 lalu login sebagai user tersebut.

useradd -m web1

Kemudian buat folder public_html dan atur pemission folder home user seperti berikut.

mkdir public_html
chmod 711 /home/web1

Buat file index.php di dalam folder public_html untuk mengetes PHP.

nano public_html/index.php

<?php phpinfo(); ?>

Testing

Restart service OpenLiteSpeed.

systemctl restart lsws

Selanjutnya test akses http://example.com.

PHP-FPM

Install PHP-FPM sesuai versi PHP yang ingin digunakan.

yum -y install php81 php81-php-fpm php81-php-bcmath php81-php-common php81-php-dba php81-php-dbg php81-php-enchant php81-php-gd php81-php-gmp php81-php-imap php81-php-intl php81-php-ioncube-loader php81-php-mbstring php81-php-mysqlnd php81-php-odbc php81-php-opcache php81-php-pdo php81-php-pecl-apcu php81-php-pecl-igbinary php81-php-pecl-imagick php81-php-pecl-memcached php81-php-pecl-redis php81-php-pecl-zip php81-php-pgsql php81-php-sodium php81-php-tidy php81-php-xml

Buat file konfigurasi pool PHP-FPM.

nano /etc/opt/remi/php81/php-fpm.d/web1.conf

[web1]
user = web1
group = web1
catch_workers_output = yes
chdir = /home/web1/public_html
listen = /var/opt/remi/php81/run/php-fpm/web1.sock
listen.owner = nobody
listen.group = nobody
listen.mode = 0660
listen.acl_users = web1,nobody
listen.allowed_clients = 127.0.0.1
listen.backlog = 32768
request_slowlog_timeout = 5s
slowlog = /home/web1/logs/php.slow.log

pm = ondemand
pm.max_children = 50
pm.max_requests = 200
pm.process_idle_timeout = 10
pm.start_servers = 1
pm.max_spare_servers = 1
pm.min_spare_servers = 1
pm.status_path = /status
ping.path = /ping
request_terminate_timeout = 300
security.limit_extensions = .phtml .php .php3 .php4 .php5 .php6 .php7 .php8

; php.ini custom configuration directives
php_admin_flag[allow_url_fopen] = on
php_admin_flag[log_errors] = on
php_admin_value[disable_functions] = exec,passthru,shell_exec,system
; abused php functions
; php_admin_value[disable_functions] = show_source, system, shell_exec, passthru, exec, popen, proc_open
php_admin_value[short_open_tag] = on
php_admin_value[sys_temp_dir] = "/home/web1/tmp"
php_admin_value[upload_tmp_dir] = "/home/web1/tmp"
php_admin_value[max_input_vars] = 10000
php_admin_value[doc_root] = "/home/web1/public_html"
php_admin_value[error_log] = /home/web1/logs/php.error.log
php_value[error_reporting] = E_ALL & ~E_NOTICE
php_value[max_execution_time] = 300
php_value[max_input_time] = 300
php_value[memory_limit] = 512M
;php_value[open_basedir] = "/home/web1/:/tmp/:/var/www/:/usr/share/php/:/var/run/nginx-cache/:/dev/urandom:/dev/shm:/var/lib/php/sessions/"
php_value[session.save_handler] = files
php_value[session.save_path] = "/home/web1/tmp"
php_value[date.timezone] = "Asia/Jakarta"
php_value[post_max_size] = 256M
php_value[upload_max_filesize] = 128M
env[TMPDIR] = "/home/web1/tmp"

Kemudian tambahkan External App dengan mengedit virtualhost /usr/local/lsws/conf/vhosts/web1-80/vhost.conf.

extprocessor php81 {
  type                    fcgi
  address                 uds://var/opt/remi/php81/run/php-fpm/web1.sock
  maxConns                10
  initTimeout             600
  retryTimeout            0
  persistConn             1
  pcKeepAliveTimeout      1
  respBuffer              0
  autoStart               0
  path                    /opt/remi/php81/root/usr/sbin/php-fpm
  memSoftLimit            2047M
  memHardLimit            2047M
  procSoftLimit           400
  procHardLimit           500
}

Lalu untuk menggunakan versi php-fpm, edit Script Handler pada virtualhost /usr/local/lsws/conf/vhosts/web1-80/vhost.conf.`

scripthandler  {
  add                     fcgi:php81 php
}

Restart service OpenLiteSpeed dan PHP-FPM.

systemctl restart lsws php81-php-fpm

Optimasi

php-fpm.conf

emergency_restart_threshold = 10
emergency_restart_interval = 1m
process_control_timeout = 10s

/usr/local/lsws/conf/vhosts/web1-80/vhost.conf

context / {
  allowBrowse             1
  extraHeaders            <<<END_extraHeaders
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=(self "")
X-XSS-Protection: 1;mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552000; preload
Content-Security-Policy: frame-ancestors https://yourdomain.com/
  END_extraHeaders


  rewrite  {

  }
  addDefaultCharset       off

  phpIniOverride  {
    "session.cookie_secure=1"
    "session.cookie_httponly=1"
    "session.use_strict_mode=1"
  }
}

/usr/local/lsws/conf/vhosts/web1-443/vhost.conf

vhssl {
  keyFile                 /etc/letsencrypt/live/example.com/privkey.pem
  certFile                /etc/letsencrypt/live/example.com/fullchain.pem
  certChain               1
  sslProtocol             30
  enableECDHE             1
  renegProtection         1
  sslSessionCache         1
  enableHttp2             1
  enableStapling          1
  ocspRespMaxAge          86400
}

/etc/security/limits.conf

*         hard    nofile      500000
*         soft    nofile      500000
root      hard    nofile      500000
root      soft    nofile      500000

/opt/myscript/kernel.sh

echo 1 >/sys/kernel/mm/ksm/run
echo 1000 >/sys/kernel/mm/ksm/sleep_millisecs
echo never > /sys/kernel/mm/transparent_hugepage/enabled

/etc/modules-load.d/htcp.conf

tcp_htcp