Please implement the possibility of configuring OpenLiteSpeed free version

adil

Darkle edit php.ini, the number of workers, I/O Buffer

You can edit those :
https://enhance.com/docs/packages/system-resource-limits.html

jwaibel

This is why i would like to be able to alter the OpenLiteSpeed config options.

scan webseite with SSL LABS, From the result i see only a Grade B while it is easy possible to get A+

Get rid of old Protocol versions.
TLS 1.3 Yes
TLS 1.2 Yes*
TLS 1.1 Yes
TLS 1.0 No
SSL 3 No
SSL 2 No

Adjust used Cipher Suites

TLS 1.3 (server has no preference)

TLS_AES_128_GCM_SHA256 (0x1301) ECDH x25519 (eq. 3072 bits RSA) FS 128
TLS_AES_256_GCM_SHA384 (0x1302) ECDH x25519 (eq. 3072 bits RSA) FS 256
TLS_CHACHA20_POLY1305_SHA256 (0x1303) ECDH x25519 (eq. 3072 bits RSA) FS 256

TLS 1.2 (suites in server-preferred order)

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH x25519 (eq. 3072 bits RSA) FS 128
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH x25519 (eq. 3072 bits RSA) FS 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 256
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) WEAK 128
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) WEAK 256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK 256

kess

This thing got discussed multiple times in the forum, but not yet addressed...
It's not complicated to change the templates in one of the future versions in order to get a grade A or A+...

Adam

Darkle adil I don't know how you see it, but if that means I can't edit php.ini, the number of workers, I/O Buffer, all the tuning, etc. (everything default), it's like it's not compatible at all... It's a shame because then this, along with ARM support, become the main reasons for not being able to use Enhance.

You can change php.ini. You can use the hard resource limits feature to limit the number of worker processes. The default config should offer excellent performance and we also have an additional feature which monitors for .htaccess changes and gracefully reloads OLS when they are detected to give you similar rewrite functionality to Litespeed and Apache.

Persisting config changes made directly in the OLS panel and merging it with the Enhance generated config is just a matter of development time. It will happen soon but I can't give you a firm date. At the moment we are focused on the 11.0.0 and 12.0.0 core releases.

Darkle

Adam Thank you for the clarification. I was already in checklist mode to start using Enhance, and by chance, I read this discussion and it threw me off a bit. Now it's clear to me that you can modify the php.ini without losing the changes, and additionally, the System Resource Limits feature should definitely cover the most important aspects.

Persisting config changes made directly in the OLS panel and merging it with the Enhance generated config is just a matter of development time. It will happen soon but I can't give you a firm date. At the moment we are focused on the 11.0.0 and 12.0.0 core releases.

That's great, in that sense, I have no doubts. I've been following your development for a long time, and it's very solid.

Shaijee

inspiredearth

So, does the current OLS implementation approach in Enhance make minor changes such as that detail in Show Real Visitor IP Instead of CloudFlare IPs not possible?
Further to that question, and more importantly in my case, does Enhance log the client IP in logs, or is it logging Cloudflare IPs (when CF is implemented), as discussed in this Cloudflare article, Restoring original visitor IPs?

xyzulu

inspiredearth The original IP is NOT currently logged. Still, the X-FORWARDED-FOR header does contain the real IP.. if you have your own logging via your web script.

josedieguez

up.

mah1952

Darkle

adil About this I have a new question, I have a use case where I use an OLS "External App" basically for a websockets service, this would be removed as well?

Adam

Darkle

At the moment yes, any customisations to the OLS config will eventually be lost. If you need persistent customisation you should use Litespeed, Apache or Nginx.

DracoBlue

This is one of the most important suggestions for me right now, right after server replication. I hope we will see this feature later this year 🙂

ronald

I will have to +1 this. It's actually an essential function needed for everyone running OLS.

coolice

+1 here as my first post here 🙂

Because I want to use Enhance for utilizing the company scraps (do not get me wrong "scraps" are 4-8 cores, 8-16-32 GB ram Ryzen 5950 and 7950X3Ds which are more powerful than EPYC Genoa) left unsold on multiple of our Proxmox nodes and LiteSpeed Enterprise is not an option for 2-3-4 accounts on a scraps... Fully functional customized OLS with useIpInProxyHeader 1 which is persistent ...

cPFence

@FabioP
Hello everyone,

We are currently developing a new module for our software to allow persistent configurations in OpenLiteSpeed (OLS) on Enhance servers. As part of this development, I'd love to gather insights from the community on what persistent configurations are most important for you. Specifically, I'm interested in understanding:

1- Essential configurations: What settings or features do you always configure in OLS?
2- Persistence needs: Which configurations do you think should persist across updates?

Your feedback will be invaluable in ensuring that the module meets the needs of users like yourselves. Thank you in advance for sharing your experiences and suggestions!

Looking forward to your thoughts and ideas.

jwaibel

cPFence

1) First of all it is needed to allow to enable/disable possible protocol versions and set a cipher set that either could be picked from a list of possible ciphers or set by custom rules.
i posted this already in this thread so you just need to scroll back a bit.

2.) Allow to set custom headers.
https://docs.openlitespeed.org/config/headers/

3) Allow OCSP Stapling configs to be set
https://docs.openlitespeed.org/config/advanced/ocspstapling/

1) and 2) are important, 3) i could live without

FabioP

Hi @Adam and @Aliysa_Enhance, any news ?

twest

FabioP check back next year. It's unreasonable to think it would be implemented anytime soon, there's far far more important features that need to be focused on.

FabioP

twest

Hi "twest",

I understand what you mean but I hope that this feature regarding OLS (OpenLiteSpeed) can be implemented within the next 6 months at the latest so I hope that they will be able to implement it within the end of February 2025 at the latest because this too, certainly for me, but also for many, many other users, is a very, very important function and/or feature also because 8 months have already passed since this request as it was made on January 10, 2024, so if they were to release it within six months from today, I think that 14 months to release this feature are more than enough.

As always I greet you wishing you a good day and good work.

« Previous Page Next Page »