laurenceshaw.net technical documents

Use of these resources represents your agreement to Australian © Copyright Laws and the general guidelines in our Terms of Use & Privacy Policy

These articles are not easy to follow and need IT skills to work through, but they show what must be done to use an EC2 instance with WordPress. No liability at all for use of this information.

Is there an advantage in using Litespeed rather than Apache?

I am not going to attempt a detailed answer as there is insufficient public/scientific data to review the question.

If we were to test, we would need two identical websites, one with Apache, under load, with longer term testing for number of site visitors, peak loads, robustness, ongoing security, performance and software upgrades.

I personally see no advantage for a small business website as there is plenty of performance help with plugins like W3 Total Cache, and use of a CDN. I also don’t think some sites are best suited to use of a CDN, but that is another topic we do not normally think about.

I have done testing on a simple web page with a Revolutionary Slider achieving close to 100% on GTmetrix using either Apache or Litespeed, using the hefty code from the WordPress Avada theme.

I am doing this paper because I have a colleague using LiteSpeed, and in my own installation I had to trash close to a dozen EC2 instances before I could get this working. The Internet articles do not provide end-to-end installation, so for me, they ALL failed.

Amazon does have a pre-configured Ubuntu installation available, but I prefer Centos as it seems to me a better platform. Certainly it is easy using “yum update” and configuring in the same or similar way to a Linux2 instance. For me, confidence and reliability are high priorities.

There are many prerequisites when using an Amazon EC2 account and instance. We cannot possibly go into all those details, but may mention some aspects with assumption you can work those things out. The point is, a small segment of the web designer and delivery businesses in Australia will request use of Amazon AWS services. Our installation will be for Litespeed’s PHP version 7.4, using a free enterprise license which allows for use of up to 2CPU/2GB RAM. We typically use a t3amicro instance at 2CPU/1GB RAM. I never recommend the t3anano instance that uses 0.5GB RAM, unless it is for development and has no significant galleries or longer web pages.

It is more than likely you will run into some installation problems that needs work to get through.

Documents
IDCommentsCommands
Notes: I use the Unix vi editor in these examples.
I will not use the WordPress Litespeed Cache plugin. I tested it and eventually stayed with W3 Total Cache.
We assume you will install SSL certificates and https://
1After installing Centos8 from the Market Place - you wait for a free license to be confirmed before installing.
Login to the instance as root user (sudo su)
systemctl enable --now cockpit.socket
2Disk swap spaceecho "vm.swappiness=10" >> /etc/sysctl.conf
echo "vm.vfs_cache_pressure=200" >> /etc/sysctl.conf
sysctl -w vm.swappiness=10
sysctl -w vm.vfs_cache_pressure=200
dd if=/dev/zero of=/swapfile bs=1024 count=1048576
mkswap /swapfile
chmod 600 /swapfile
swapon /swapfile
echo "/swapfile swap swap defaults 0 0" >> /etc/fstab
free -m
3Timezone - use your own locationa="Australia/Brisbane";export a;echo $a
ln -sf /usr/share/zoneinfo/$a /etc/localtime
date
4Non-Litespeed prelim packages - we set up Apache etc. to ensure everything works. If we do not, it is likely the Litespeed configs will fail.yum update -y
yum clean metadata
yum install -y php php-common php-pear
yum install -y php-cli php-pdo php-fpm php-json php-mysqlnd
yum install -y gd devel mariadb-server memcached mod_ssl php-devel gcc libzip-devel zlib-devel httpd-devel kernel-devel gcc gcc-c++
5Fix /etc/my.cnf
You should not need to provide the PATH to the mysql socket.
vi /etc/my.cnf

[mysqld]
symbolic-links=0
ignore-db-dir=.rocksdb
key_buffer_size = 220M
innodb_buffer_pool_size=1M
local-infile=0

Note: if you have socket issues, you can add these lines in the [mysqld] section:
datadir = /var/lib/mysql/
socket = /var/lib/mysql/mysql.sock
6Install mysql as per standard procedures that we see with Linux2.
We stop mariadb after the secure installation so that the next startup will be standard.
systemctl start mariadb
mysql secure install
systemctl stop mariadb
7We can test the webpage to see Apache is running.
domain.com represents your IP address or domain name.
We will disable Apache after we confirm it worked.
We will install phpMyAdmin later in the Litespeed installation.
systemctl start httpd
systemctl start mariadb
http://domain.com
systemctl stop httpd
systemctl enable mariadb
8Install EPEL 8, update the OS, install Litespeed packages (but not litespeed itself at this point)yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
yum -y install https://rpms.remirepo.net/enterprise/remi-release-8.rpm
yum update
dnf module disable php:remi-7.2
dnf module enable php:remi-7.4
dnf install php php-cli php-common
yum install -y php php-common php-pear
dnf install memcached libmemcached
rpm -Uvh http://rpms.litespeedtech.com/centos/litespeed-repo-1.1-1.el8.noarch.rpm
dnf install epel-release epel-next-release
9Install powertools (or if it fails, use PowerTools).
Note: there will likely be error messages at some point saying things like /etc/yum.repos.d/CentOS-PowerTools.repo errors. All you need to do is to edit the file(s) and comment out all entries that say "failovermethod=priority", e.g. put:
#failovermethod=priority as the entries.
Ensure the powertools repo file has: enabled=1
dnf config-manager --set-enabled powertools
OR
dnf config-manager --set-enabled PowerTools
10Fix /etc/selinux by turning security off. Linux2 has it off, so why have it on here? It can cause hickups in Linux2 so I assume it can herevi /etc/selinux/config
SELINUX=off
11Install the free openlitespeed package. We need to do this as the free Enterprise install will fail on some aspects. If we switch to the enterprise version, (we don't have to) we will delete some directories before we run the install later. But first, we need to get the basic install up and running.yum install openlitespeed
12More packages...dnf install -y lsphp74 lsphp74-mysqlnd lsphp74-process lsphp74-mbstring lsphp74-mcrypt lsphp74-gd lsphp74-opcache lsphp74-bcmath lsphp74-pdo lsphp74-common lsphp74-xml

dnf groupinstall 'Development Tools'
13We need to disable litespeed's php7.2 and enale its php7.4.
As a note, we did install Centos PHP, but litespeed will use its own version called lsphp7.2 or 7.4. Once we install 7.4, we will need to update the litespeed console to use 7.4, but can do that later.
(Sometimes we find a yum update gives new updates.)
dnf module disable php:7.2
dnf module enable php:7.4
php -v
yum groupupdate lsphp-all
yum update
14At this stage we can tackle the free enterprise installation if we wish. Whatever we do, the litespeed console configurations are the same. It is just that the web browser theme looks different on each.WEB BROWSER CONSOLE/CONFIGURATIONS FOR LITESPEED are listed further below.
15Redo the litespeed login console's user and password, as it is likely the settings in the installation you previously did will not work./usr/local/lsws/admin/misc/admpass.sh
16More packages and a tidy up "reboot" just in case.
We will later add the full path name to json.so on the php.ini file so the phpMyAdmin interface works.
yum install lsphp74-memcached lsphp74-json lsphp74-apcu
yum install json wget unzip
sync;sync;reboot

Note: it does not matter if some packages were previously installed.
WE ARE READY TO CONFIGURE LITESPEED or Install then configure the Enterprise version. You need to register your software and note the serial number in the license you obtain.
17Stop litespeedsystemctl stop lsws
18IF INSTALLING ENTERPRISE VERSION ONLY, remove the standard install's directory... otherwise the enterprise version will say there is an existing installation.
SERIAL_NUMBER represents your license.
When finished, we can use the systemctl command as shown.
cd /usr/local
rm -Rf lsws
cd /home/centos
bash <( curl https://get.litespeed.sh ) SERIAL_NUMBER

Note: this will start the installation. Use defaults answers except where indicated below:


Will you use LiteSpeed Web Server with a hosting control panel? None

http port: 80

Setup php: yes
Change root: no
AWStats – no
(yes for the rest)

Note: when completed, you can check the processes:
ps -ef|grep lite



19Regardless of which litespeed version, we can start it up...
(If it does not start, you look at the recommended error logs.)
REDO the litespeed login details...
Then we fix a quirk that stops the system executing .php files (!!!)
systemctl enable lsws
systemctl enable mariadb
systemctl restart lsws

/usr/local/lsws/admin/misc/admpass.sh

vi /usr/local/lsws/conf/httpd_config.xml

(Add these lines in the <httpServerConfig></httpServerConfig> block...)

<phpConfig>
<detachedMode>1</detachedMode>
<controlPanel>auto</controlPanel>
<criuEnabled>0</criuEnabled>
<criuDumpReqs>2</criuDumpReqs>
<criuDebug>1</criuDebug>
<phpHandler>
<id>php74</id>
<command>/usr/local/lsws/lsphp74/bin/lsphp</command>
<suffixes>php</suffixes>
</phpHandler>
<maxConns>35</maxConns>
<env>PHP_LSAPI_CHILDREN=35</env>
<initTimeout>60</initTimeout>
<retryTimeout>0</retryTimeout>
<pcKeepAliveTimeout>1</pcKeepAliveTimeout>
<respBuffer>0</respBuffer>
<backlog>100</backlog>
<runOnStartUp>3</runOnStartUp>
<extMaxIdleTime>60</extMaxIdleTime>
<memSoftLimit>2047M</memSoftLimit>
<memHardLimit>2048M</memHardLimit>
<procSoftLimit>400</procSoftLimit>
vprocHardLimit>500</procHardLimit>
</phpConfig>


systemctl restart lsws

20You previously would have added HTTP and HTTPS to the EC2 instance security group. These use ports 80 and 413.
You must also add TCPIP port 7080 for the litespeed console.
You can edit the EC2 security group inbound rules to have your own static IP address, in preference to a global adress: (I show part of my static ip address in this example.)
Custom TCP Rule TCP 7080 120.88.xxx.xxx/32 litespeed_console
We will add memcached later.
Log into the litespeed console, as shown...
http://domain.com:7080

Note: http://domain.com will not display unless you have configured port 80 in the enterprise installation above.
Regardless, we can fix http:// for port 80 once we log into the console, as the standard install will not have used port 80.
Once you have port 80, you can check the domain webpage, and click on the box that shows the PHP version information.

You will likely see console error messages. See the steps below that fix /dev/shm/lsws.
21A fix...
As above, comment out the entries for "failovermethod=priority"
vi /etc/yum.repos.d/litespeed.repo
22This may seem redundant, but it works...
We then reboot in case. As said, I had so much trouble installing on Centos, so this process as awkward as it seems will get you there.
yum install -y php php-common php-pear
yum install -y php-cli php-pdo php-fpm php-json php-mysqlnd
yum install -y php-{cgi,curl,mbstring,gd,mysqlnd,gettext,json,xml,fpm,intl,zip}
dnf module disable php:7.2
dnf module enable php:7.4
yum install -y php php-common php-pear
yum -y update
sync;sync;reboot

23Fix /dev/shm/lsws permissions...We will have some ownership/permission issues with /dev/shm/lsws.

cd /dev/shm/lsws

Change them as follows: (with chown and chgrp commands, and chmod 750)
drwxr-x---. 4 nobody nobody 400 Dec 26 15:31 lsws

chown lsadm *
chgrp nobody *
chmod 660 *
chmod 770 ocs*
cd status
ls -la
touch .rtreport
chmod 777 .rtreport
chown lsadm .rtreport
chgrp nobody .rtreport

systemctl restart lsws
24We will address memcached, opcache, apcu, postfix (email) and ip2location configurations later.
Note that php-fpm does not work with lsphp7.n, so we just check it is disabled in case it was installed.
As a tip, do not configure CDN until you know everything is settled and working.
systemctl stop php-fpm
systemctl disable php-fpm
WE WILL NOW CONFIGURE OUR DOMAIN.COM WEBSITE IN THE LITESPEED CONSOLE.
25These are the screenshots you can use with the free enterprise or standard configuration. You need to hunt through to find these. Use your own domain.com name. You may see a couple of differences in the standard installation which are fine to keep. Once installed, we will do more as per the notes further below. Click on the link shown here to download the PDF file, approx. 10MB. You will likely need to reference the installation notes from other authors which I will provide as links as well... SCREENSHOTS

THIS LINK REALLY HELPS to install the above screenshots:

INSTALL YOUR WEB DOMAIN
26Configure php.ini and fix memcached, opcache, apcu.
Just verify you have the memcached entry in the EC2 instances security inbound rules:
Custom TCP Rule TCP 11211 127.0.0.0/16 memcached
As per my EC2 Linux2 install notes on this website, configure /usr/local/lsws/lsphp74/etc/php.ini
This is where you fix the entries for memcached. However, make sure the Linux2 install of memcached was not installed.
Check with: yum remove php-memcached
We should have previously had: yum install lsphp74-memcached
You should have json.so somewhere under the php.ini Dynamic Extensions section as:
/usr/local/lsws/lsphp74/lib64/php/modules/json.so

In Linux2 the /etc/php.d directory will show various configuration files. We will use /usr/local/lsws/lsphp74/etc/php.d instead.
cd /usr/local/lsws/lsphp74/etc/php.d
vi 10-opcache.ini
VERIFY the entry opcache.memory_consumption=128 is present.
CHANGE "opcache.interned_strings_buffer=" to have opcache.interned_strings_buffer=16
vi 40-apcu.ini
CHANGE "apc.shm_size=" to have apc.shm_size=64M
APPEND the file to have: (it throws a warning if we repeat an entry twice)
apc.shm_segments = 1
apc.optimization = 0
apc.num_files_hint = 4096
apc.ttl = 7200
apc.user_ttl = 7200
apc.gc_ttl = 0
apc.cache_by_default = 1
apc.filters = ""
apc.slam_defense = 0
apc.file_update_protection = 2
apc.enable_cli = 0
apc.max_file_size = 10M
apc.stat = 1
apc.write_lock = 1
apc.report_autofilter = 0
apc.include_once_override = 0
apc.localcache = 0
apc.localcache.size = 512
apc.coredump_unmap = 0
apc.stat_ctime = 0

In Linux2 we have /etc/sysconfig/memcached configuration, but you should not need to do anything for litespeed's memcached.
27INSTALLING phpMyAdmin
Once this is done, test it. Note that json.so must be in the lsws php.ini file.
INSTALL WordPress...
Let us say our domain was domain.com (my test was webrubble.com), we can go to:
cd /usr/local/lsws/domain.com/html
NOW INSTALL phpMyAdmin as per my Linux2 installation notes. It will not work if it is in another directory.
It does not need phpMyAdmin.conf, and can be accessed with http://domain.com/phpMyAdmin/index.html
You should upload the wordpress install file and unzip it, then configure wp-config.php as per usual, pointing it to the database, username, and password you set up in phpMyAdmin.
Once files are uploaded to /usr/local/lsws/domain.com/html you need to change permissions.
I use this script:
vi chdir.sh
ADD THESE LINES:

28Notes:
You may not need access-control-allow-origin * in the litespeed entries, but I have used it.
You can install a databse into phpMyAdmin, and then do an initial WordPress installation,
but it is good to get a phpinfo.php files (as per Linux2 install notes) into /usr/local/domain.com/html/phpinfo.php and see that memcached is running under the server.session entries, opache and apcu.
The W3 Total Cache plugin can be tested with some minor setups at this stage as can be a plugin like Wordfence that you test for its ability to download and update the wordpress .htaccess file in the /usr/local/lsws/domain.com/html directory.
Litespeed will have your configurations for SSL, and to redirect http to httpd. We do not require an entry in the .htaccess file to do this step.
You will notice we have two listeners configured in the provided screenshots.
I remove from the console any entries for image/*=A604800, text/css=A604800, application/x-javascript=A604800, application/javascript=A604800,font/*=A604800,application/x-font-ttf=A604800 and so on, as these should be working from the W3 Total Cache configurations and the defaults we change in the screenshots I have provided. W3TC can ensure good expiration times so that GTmetrix testing does not complain. You have to go through all those plugin options to look at default expiration times.


29INSTALL AMAZON AWS software - to access s3 buckets.
Once done, you can add IAM to the instance and ensure IAM has all the permissions you need (I just give all rights to it) then configure aws like this:
dnf install python3-pip
pip3 install awscli --upgrade --user
ln -s /root/.local/bin/aws /usr/bin/aws
aws --version

cd /home/centos
vi aws.txt
ADD entries for AWS, first line the IAM key, the second the IAM password, the 3rd an d4th lines must be blank.
Fix permissions on the file.
Test:
aws < ./aws.txt
aws s3 ls s3://s3webrubble (or whatever your bucket name is)
We can add a backup script like this:
vi aws.sh
ADD entries for you S3 bucket. This scripts lets you do backups. I use my webrubble.com example. Use your own domain, database and password.
You need to touch a log file, info.log as per the script below.
You need to fix permissions to execute the script.

#!/bin/sh
cd /usr/local/lsws/webrubble.com/html
d=`date | awk '{print $2,$3,$6}'|tr " " "-"`
echo `date` >> /home/centos/info.log
tar -cvf /home/centos/webrubble-$d.tar ./.??* ./*
cd /home/centos
mysqldump --user=YOURUSER --password=YOURPASSWORD YOURDATABASE > /home/centos/webrubble-$d.sql
mysqlcheck --user=YOURUSER --password=YOURPASSWORD YOURDATABASE >> /home/centos/info.log
a=webrubble-$d.tar
c=webrubble-$d.sql
gzip ./$a
gzip ./$c
aws configure < /home/centos/aws.txt
aws s3 cp ./$a.gz s3://YOURBUCKET/$a.gz
aws s3 cp ./$c.gz s3://YOURBUCKET/$c.gz
rm -f ./$a.gz
rm -f ./$c.gz
exit

30INSTALL postfix
Again, this assumes you have IAM setup for accessing SMTP.
The configurations start differently to Linux2.
dnf install cyrus-sasl-plain
postconf -e 'smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt'

NOW INSTALL as per the Linux2 documentation on my website.
31INSTALL IP2LOCATION (optional)
Install the rewrite rules (assuming rewrite is enabled in the litespeed console entries) using my Linux2 notes.
e.g.
See the screen shots.
Add IP2LOCATION-LITE-DB1.BIN file to /usr/local/lsws as
-rwxrwxr-x. 1 root nobody 2174071 Dec 1 22:00 IP2LOCATION-LITE-DB1.BIN

The console entries will be:
Server > Basic > Ip2 location: $SERVER_ROOT/IP2LOCATION-LITE-DB1.BIN
DB Cache Type: memory

The country block rules will be in the console (not .htaccess). For example, in the virtual host (for port 443) the REWRITE tab will have entries like this:

RewriteEngine On
RewriteCond %{ENV:IP2LOCATION_COUNTRY_SHORT} ^RU$
RewriteRule ^(.*)$ https://google.com.au [L]


You can get the country codes from IBM and in geopeeker.com test one of the countries like Singapore.

https://www.ibm.com/docs/en/iis/9.1?topic=sets-iso-territory-codes



32CDN ConfigurationsIt is important to use correct Amazon CDN configurations on the behaviours TAB.
These can be found in the document called "Best Practices for WordPress on AWS" in Appendix A.
You need experience with Amazon CDN to configure and test.