Another day, another note post. 🙂
NOTE: These originally come from these notes. </2015/09/07/digital-ocean-notes/>
1. Installing OpenLiteSpeed
EDIT: Updated March 2016.
1b. Upgrading OpenLiteSpeed
Identical to installing, but packages are likely already installed.
Your updated PHP versions will persist, since the configuration files persist. However, you may lose any installed plugigns for PHP.
2. Installing Lets Encrypt’s CertBot
EDIT: Added June 2016.
As of Ubuntu 16.04, Lets Encrypt’s CertBot is packaged and part of the main repos, but it’s an old out-of-date version (4.1). It can be installed like so.
Unfortunately, this version is too old for helpful commands like --pre-hook
and --post-hook
. So you’ll have to install it the sloppy way.
The commands certbot
, certbot-auto
, letsencrypt
, and letsencrypt-auto
are all interchangeable. The auto versions are smart scripts that also download dependencies.
When using an auto script in a cron job, be sure to include these additional parameters.
This only applies to auto scripts.
2b. Fetching SSL Certificates
After LSWS installation, port 80 isn’t being mapped yet, so we can get a certificate for our domain URL.
Once we have a real configuration though (i.e. we use port 80), we’ll need to stop and start LiteSpeed any time we refresh certificates.
NOTE: Alternatively the CertBot webroot plugin can be used. It’s not ideal, because you need to specify the public directory. That said, it means you don’t need to take the server down at all.
Here’s a script. I call it certbot-register:
NOTE: pre-hook and post-hook use smarts, only shutting down the server temporarily if a certificate needs to be refreshed. Also, we need to use the http-01
(port 80) and not tls-sni-01
(port 443) because of the way CloudFlare wraps SSL for you.
Usage:
If configured correctly, the server will temporarily take the LiteSpeed server down, and acquire an SSL certificate.
2c. Renewing SSL Certificates
To renew, do…
2d. Renewing SSL Certificates in a CRON job
moo
2e. Configuring Webroot for LSWS Admin
WebAdmin Settings -> Listeners -> View “adminListener” -> SSL
Adjust my.domain.com
accordingly.
Restart the server, then refresh the page (wont kick in until you do).
3. Installing PHP 7
Now, build PHP 7 inside the UI.
You may need to add (for proper GD library support):
NOTE: php.ini may not be copied, so you can acquire the file as follows:
3b. PHP 7 Extensions
To use PHPiz, you need autoconf.
GD: already installed (built-in)
APCu (branch): https://github.com/krakjoe/apcu/tree/seven
Imagick (branch) or Gmagick: https://github.com/mkoppanen/imagick/tree/phpseven
4. Upgrading PHP 7
Because we build PHP from tarballs, we need to repeat the entire install procedure (minus packages).
That said, due to one of the upgrades (LiteSpeed or PHP, I foget), you’ll need to reinstall your PHP plugins.
4b. Upgrading PHP 7 Plugins
The plugins are installed from Github repos.
5. Redis Sessions
For improved PHP Session speed and reliability, one can install Redis.
Grab the PHPRedis package from here.
https://github.com/phpredis/phpredis
Unzip it (assuming you grabbed a release).
Navigate to the folder. Setup is identical to apcu.
Restart the server.
Before moving on, check that there are no keys.
Edit PHP.ini
That’s it. Reboot the server.
Do some stuff that would create sessions. Now check for keys.
Reference (and how to configure it remotely): https://www.digitalocean.com/community/tutorials/how-to-set-up-a-redis-server-as-a-session-handler-for-php-on-ubuntu-14-04