How to Optimize OpenLiteSpeed for Large Shared Hosting Servers

cPFence

Many folks out there believe OpenLiteSpeed (OLS) is only good for small VPS setups, but that’s not always the case. While it’s true that Enterprise LiteSpeed (ELS) gives you more control and power, OLS, when properly optimized, can hold its own , especially for those looking to save a little extra cash. With the right tweaks, OLS can offer impressive performance without the need for a big-budget ELS license.

Important Note:
For smaller servers or VPS setups, Enhance’s default configurations are more than sufficient, and no additional changes are needed. These settings are not recommended for small servers or VPS setups. They are best suited for larger servers with at least 250GB of RAM, 50+ CPUs, and ample I/O resources.

If you’re not interested in the details and are simply looking for the settings, here’s a quick configuration guide:

Server Configuration > General > Number of Workers = 16
Server Configuration > General > CPU Affinity = 1
Server Configuration > General > Memory I/O Buffer = 512M
Server Configuration > Tuning  > Max Connections = 100000
Server Configuration > Tuning  > Max SSL Connections = 100000
Server Configuration > Tuning  > Send Buffer Size (bytes) = 512K
Server Configuration > Tuning  > Receive Buffer Size (bytes) = 512K
Server Configuration > Tuning  > Total Small File Cache Size (bytes) = 512M
Server Configuration > Tuning  > Max MMAP File Size (bytes) = 64M
Server Configuration > Tuning  > Total MMAP Cache Size (bytes) = 512M
Server Configuration > Tuning  > Use Asynchronized disk I/O (AIO) = io_uring
Server Configuration > Tuning  > AIO Block Size = 512K
Server Configuration > External App > LiteSpeed SAPI App > Max Connections = 500
Server Configuration > External App > LiteSpeed SAPI App > Environment > PHP_LSAPI_CHILDREN=500
Server Configuration > External App > LiteSpeed SAPI App > Environment > LSAPI_AVOID_FORK=0

Simply apply these settings to get started right away.

For those who want to dive into the details, please read more on this blog post as we explain the reasoning behind each setting and how they can enhance performance for your OLS-powered Enhance server or any other control panel.

As always, test these changes in a staging environment first, as every server setup is different. What works for us might not necessarily work for you, and we can’t be responsible for any issues on your end.

Think one of the settings could be better, or did we get something wrong? Drop your thoughts in the comments and let me know how to improve.

twest

cPFence how do you prevent Enhance from resetting the config?

cPFence

twest

We have an in-house private module in cPFence that we use for this purpose. We thought about offering it to our users, but ultimately decided against it due to a lack of strong interest. Plus, Enhance will soon have a built-in solution for OLS persistent configs. In the meantime, you can just make a copy of your configuration file after making any adjustments and restore it after each update , updates aren’t that frequent anyway. Alternatively, you could create a simple bash script and set up a cron job to automate the process.

If you’re looking to create your own bash script, you can use this script as a starting point. ( I haven’t tested this, but it looks okay. )

twest

cPFence ah, yeah so like I've been saying, OLS isn't really suitable for larger servers on Enhance. 1 minute of a default config for OLS on one of our large servers would probably brick the server. It's a pretty shitty way to treat customers too, they don't expect their service providers to be running such a sloppy show that they have to worry about critical server wide configs getting wiped out all the time just because their provider is too cheap to buy a proper license. A service provider should be able to offer more reliable service than that.

Also I think Adam mentioned the config getting wiped anytime it updates vhost files? So maybe it would reset config anytime a new domain is setup on the server? Way too much unreliability and bs to use commercially on a large server.

cPFence

twest

Yeah, I get where you’re coming from. But honestly, it's just a simple script with a cron job running every 5 minutes, only executing if changes are detected, and it handles everything smoothly. For those who prefer not to deal with workarounds, the good news is that the built-in feature for persistent OLS configs is coming soon.

cPFence

https://gist.github.com/cPFence/d829366b95f8abd4d4ac2501b7be425d#file-ols_optimize-sh

This script automatically applies the recommended optimizations for OpenLiteSpeed mentioned above. Simply download the script, configure it to your preferences, and set it to run via a cron job every minute. The script will monitor your OLS config file and will only run when changes are detected, resulting in zero impact on CPU and RAM usage.

Example Cron Job:
* * * * * /path/to/your/ols_optimize.sh

Please ensure to test the script in a non-production environment before deploying it on any live or critical systems.

franco

cPFence How do I configure Client IP in Header -> Trusted Ip Only in the script?

cPFence

franco cPFence How do I configure Client IP in Header -> Trusted Ip Only in the script?

This script is for the optimizations mentioned above only.

franco

`#!/bin/bash

Written by: cPFence Team / cPFence.app

Description:

This script is designed to automate the optimization and configuration of OpenLiteSpeed

running inside a Docker container or directly on the host. It backs up the existing

configuration file, applies updates to critical server settings such as worker processes,

CPU affinity, memory buffer sizes, and external application configurations for PHP-LSAPI.

MD5 checksum validation is added to detect changes and prevent redundant updates.

Usage:

Simply configure the global variables below to match your desired settings and run the script.

The script will handle the rest, including backups, applying updates, and restarting the server.

Note for Enhance Control Panel (CP) users:

If you are using Enhance CP, you will need to set up a cron job to run this script every minute.

This ensures your settings are maintained, as Enhance CP may override them. Setting up the cron

job guarantees the script re-applies your configurations regularly to prevent any unwanted changes.

Example Cron Job:

* * * * * /path/to/your/ols_optimize.sh

Disclaimer:

This script is provided "as is" without any warranties of any kind, express or implied.

It is recommended to thoroughly test this script in a non-production environment prior to

deployment on any live or critical systems. cPFence and Linkers Gate LLC are not liable for

any damage or data loss resulting from the use of this script.

License: Copyright (C) 2023 - 2024 Linkers Gate LLC.

Global Variables (User configurable)

HTTPD_WORKERS="6"
CPU_AFFINITY="1"
ENABLE_LVE="0"
IN_MEM_BUF_SIZE="512M"
MAX_CONNECTIONS="1000000"
MAX_SSL_CONNECTIONS="1000000"
SND_BUF_SIZE="128k"
RCV_BUF_SIZE="128k"
TOTAL_IN_MEM_CACHE_SIZE="128M"
MAX_MMAP_FILE_SIZE="64M"
TOTAL_MMAP_CACHE_SIZE="128M"

AIO settings mapping (numbers correspond to options in the OpenLiteSpeed admin panel)

USE_AIO="3" # 3 = io_uring (Refer to the OLS admin panel for other options and their corresponding numbers)
AIO_BLOCK_SIZE="3" # 3 = 512K (Check the OLS admin panel for other block size options and their respective numbers)
PHP_LSAPI_CHILDREN="500"
LSAPI_AVOID_FORK="0"
LSPHP_MAX_CONNS="500"
LSPHP_AUTOSTART="2"
USE_IP_IN_PROXY_HEADER="2"

Using Enhance v12 option (set to 'on' if running directly on the host)

Using_Enhance_v12="off" # Options: "on" or "off"

DO NOT EDIT BELOW THIS LINE

CONTAINER_NAME="openlitespeed"
CONFIG_PATH="/usr/local/lsws/conf/httpd_config.conf"
BACKUP_DIR="/usr/local/lsws/conf/"
BACKUP_FILE="httpd_config_backup-$(date +"%d%m%y-%H%M%S").conf"
MD5_FILE="/usr/local/src/ols_config_md5sum.txt"

Check if Using_Enhance_v12 is on or off and adjust the docker command accordingly

if [ "$Using_Enhance_v12" = "on" ]; then
docker_cmd=""
else
docker_cmd="docker exec $CONTAINER_NAME "
fi

welcome message

display_welcome()
{
echo "*******************************************************************************************"
echo " cPFence Web Security "
echo " OpenLiteSpeed Optimization Script "
echo " Copyright (C) 2023 - 2024 Linkers Gate LLC. "
echo "*******************************************************************************************"
}
display_welcome

Step 1: Calculate the current MD5 hash of the config file

CURRENT_MD5=$(${docker_cmd}md5sum $CONFIG_PATH | awk '{print $1}')

Step 2: Check if the MD5 file exists and compare hashes

if test -f "$MD5_FILE"; then
STORED_MD5=$(cat $MD5_FILE)

if [ "$CURRENT_MD5" == "$STORED_MD5" ]; then
    echo "No changes detected in the configuration. Exiting..."
    exit 0
else
    echo "Configuration has changed, applying updates..."
fi

else
echo "No MD5 file found, applying updates..."
fi

Step 3: Backup the current configuration

${docker_cmd}cp -a $CONFIG_PATH $BACKUP_DIR$BACKUP_FILE
echo "Backup created: $BACKUP_DIR$BACKUP_FILE"

Step 4: Function to add or replace config values in specific sections

update_or_add_config() {
SECTION=$1
PARAMETER=$2
VALUE=$3

# Find the section first, then add or replace the parameter in that section
${docker_cmd}grep -q "$SECTION" $CONFIG_PATH
if [ $? -eq 0 ]; then
    # Check if the parameter exists within the section
    ${docker_cmd}sed -n "/$SECTION/,/^[^ ]/p" $CONFIG_PATH | grep -q "$PARAMETER"
    if [ $? -eq 0 ]; then
        # Parameter exists, replace it within the section
        ${docker_cmd}sed -i "/$SECTION/,/^[^ ]/ s/\($PARAMETER\s*\).*/\1$VALUE/" $CONFIG_PATH
        echo "Updated $PARAMETER to $VALUE in $SECTION"
    else
        # Parameter doesn't exist, append it to the section
        ${docker_cmd}sed -i "/$SECTION/a\\        $PARAMETER    $VALUE" $CONFIG_PATH
        echo "Added $PARAMETER with value $VALUE to $SECTION"
    fi
else
    echo "Section $SECTION not found."
fi

}

Step 5: Handle serverName and related settings if missing

${docker_cmd}grep -q "serverName" $CONFIG_PATH
if [ $? -ne 0 ]; then
${docker_cmd}sed -i "1i serverName\n" $CONFIG_PATH
echo "Added serverName block at the top of the file."
fi

Add missing httpdWorkers, cpuAffinity, and enableLVE

update_or_add_config "serverName" "httpdWorkers" "$HTTPD_WORKERS"
update_or_add_config "serverName" "cpuAffinity" "$CPU_AFFINITY"
update_or_add_config "serverName" "enableLVE" "$ENABLE_LVE"
update_or_add_config "serverName" "inMemBufSize" "$IN_MEM_BUF_SIZE"
update_or_add_config "serverName" "useIpInProxyHeader" "$USE_IP_IN_PROXY_HEADER"

Step 6: Update tuning settings

update_or_add_config "tuning" "maxConnections" "$MAX_CONNECTIONS"
update_or_add_config "tuning" "maxSSLConnections" "$MAX_SSL_CONNECTIONS"
update_or_add_config "tuning" "sndBufSize" "$SND_BUF_SIZE"
update_or_add_config "tuning" "rcvBufSize" "$RCV_BUF_SIZE"
update_or_add_config "tuning" "totalInMemCacheSize" "$TOTAL_IN_MEM_CACHE_SIZE"
update_or_add_config "tuning" "maxMMapFileSize" "$MAX_MMAP_FILE_SIZE"
update_or_add_config "tuning" "totalMMapCacheSize" "$TOTAL_MMAP_CACHE_SIZE"
update_or_add_config "tuning" "useIpInProxyHeader" "$USE_IP_IN_PROXY_HEADER"

Correct useAIO and AIOBlockSize mappings to 3

update_or_add_config "tuning" "useAIO" "$USE_AIO"
update_or_add_config "tuning" "AIOBlockSize" "$AIO_BLOCK_SIZE"

Step 7: Update external processor settings for lsphp (Correct env values)

${docker_cmd}sed -i "s/env\sPHP_LSAPI_CHILDREN=./env PHP_LSAPI_CHILDREN=$PHP_LSAPI_CHILDREN/" $CONFIG_PATH
${docker_cmd}sed -i "s/env\sLSAPI_AVOID_FORK=./env LSAPI_AVOID_FORK=$LSAPI_AVOID_FORK/" $CONFIG_PATH

Step 8: Correctly target maxConns in extprocessor lsphp only

${docker_cmd}sed -i "/extprocessor lsphp {/,/}/ s/maxConns\s./maxConns $LSPHP_MAX_CONNS/" $CONFIG_PATH

Update autoStart for lsphp

update_or_add_config "extprocessor lsphp" "autoStart" "$LSPHP_AUTOSTART"

Step 9: Save the new MD5 hash of the config file

${docker_cmd}md5sum $CONFIG_PATH | awk '{print $1}' > $MD5_FILE

Step 10: Restart OpenLiteSpeed to apply the changes

${docker_cmd}/usr/local/lsws/bin/lswsctrl restart
echo "OpenLiteSpeed restarted with updated configuration."

exit 0`

cPFence

franco

Thank you. It would be better to share your modified code using services like gist.github.com.

For cPFence users, it's important to note that the "OLS option (Use Client IP in Header)" is not recommended. The cPFence Owl module monitors access logs and automatically blocks any IP addresses attempting to abuse or launch a DDoS attack on the server. Utilizing this OLS option may result in the Owl module blocking incorrect / useless IPs, which is not advisable.

iotivedo

cPFence, you're becoming a valuable asset to this community.
Thank you for sharing this script.

I encourage everyone to reciprocate by visiting the cPFence blog and reading the details.
it's the least we can do to show our appreciation.
For those who haven't yet explored it, the blog is full of valuable insights and tips for Enhance.

cPFence

iotivedo

Thank you so much, iotivedo. I truly appreciate your contribution and I'm very glad you found the script and the blog useful.

rrgreene

Any suggestions on tweaking this for a smaller server, say 36 cores? I would like to test it on the servers I use for my own static wordpress sites.

"They are best suited for larger servers with at least 250GB of RAM, 50+ CPUs, and ample I/O resources."

cPFence

rrgreene Any suggestions on tweaking this for a smaller server, say 36 cores? I would like to test it on the servers I use for my own static wordpress sites.

It depends on your traffic and available RAM. If traffic is high, stick to the recommended configurations above. If traffic is moderate but you’re just looking for a push, try these adjustments:

Server Configuration > General > Number of Workers = 16
Server Configuration > General > CPU Affinity = 1
Server Configuration > External App > LiteSpeed SAPI App > Max Connections = 100
Server Configuration > External App > LiteSpeed SAPI App > Environment > PHP_LSAPI_CHILDREN=100
Server Configuration > External App > LiteSpeed SAPI App > Environment > LSAPI_AVOID_FORK=0

These tweaks might give you a boost while keeping other settings at their defaults. Remember, as a rule of thumb, if it ain’t broken, don’t fix it!

slimx

What about a 8 Core 16 thread CPU setup?
I'm curious what you recommend 🙂

cPFence

slimx What about a 8 Core 16 thread CPU setup?
I'm curious what you recommend

I wouldn’t touch the default OLS settings for this setup. The defaults should work just fine. Only if you notice your load average consistently above 60%-70%, I’d consider tweaking the settings to:

Server Configuration > General > Number of Workers = 4
Server Configuration > General > CPU Affinity = 1
Server Configuration > External App > LiteSpeed SAPI App > Max Connections = 30
Server Configuration > External App > LiteSpeed SAPI App > Environment > PHP_LSAPI_CHILDREN=30

Then I’d monitor the performance and adjust further if needed.

Zoinkies Can you release your persistant OLS setup, it appears we wont be getting persistent OLS till after January.

Just use the script shared in this blog post. It’s been working great for our needs, but make sure to test it thoroughly before applying it in production.

Zoinkies

@cPFence Can you release your persistant OLS setup, it appears we wont be getting persistent OLS till after January.