OpenLiteSpeed Directives (partial list)

How Can We Help?
< Back
You are here:
Print

Page Contents

General rules

#if not state otherwise , in this configuration example , 0 means disable or OFF and 1 means enable or ON.
#if you are manually editing the configuration file.
#please note that all the directives and values are case sensitive.
#and certain directives are need to enclosed by its parent context.

serverName

serverName test.server
A unique name for this server. If empty, server hostname will be used by default.

httpdWorkers


httpdWorkers 2

Specifies the number of httpd workers.

user nobody


user nobody

Specifies the user/group that the server process runs as

group nobody


group nobody

Specifies the user/group that the server process runs as

priority


priority 0

Specifies priority of the server processes. Value ranges from -20 to 20. A lower number means higher priority.

cpuAffinity

cpuAffinity 0
The CPU Affinity setting controls how many CPUs (cores) one server process will be associated with.
The minimum value is 0, which will disable this feature. The maximum value is the number of cores the server has.
Generally, 1 is the best setting because because it creates the strictest use of CPU affinity and thus makes the most use of CPU cache.

enableLVE

enableLVE 1
Specifies whether to enable CloudLinux’s Lightweight Virtual Environment (LVE) when it exists. You can use LiteSpeed with LVE to achieve better resource management
0 = disable
1 = LVE
2 = CageFS
3 = CageFS without suEXEC

inMemBufSize

inMemBufSize 60M
Specifies the maximum buffer size that is used to store a request body and its dynamically generated response.
When this limit is reached, the server will start to create temporary swapping files under “Swapping Directory”.

swappingDir

swappingDir /tmp/lshttpd/swap
Specifies the directory where the swapping files should be placed

autoFix503

autoFix503 1
Specifies whether to try to fix the “503 Service Unavailable” error by restarting the server gracefully.
A “503” error is usually caused by malfunctioning external applications and a web server restart can often fix the error temporarily.

enableh2c

enableh2c 0
Specifies whether to enable HTTP/2 over non-encrypted TCP connections.

gracefulRestartTimeout

gracefulRestartTimeout 300
During a graceful restart, even after the new server instance is up, the old instance will continue to handle existing requests.
This timeout defines how long the previous instance shall wait before exit.

statDir

statDir /tmp/lshttpd/
The directory where the Real-Time Stats report file will be written.

mime conf/mime.properties

mime conf/mime.properties
Specifies the file that contains the MIME settings for this server.
Filename which can be an absolute path or a relative path to $SERVER_ROOT.

disableInitLogRotation

disableInitLogRotation 1
Specifies whether to enable/disable rotation of server error log file at startup

showVersionNumber

showVersionNumber 0
Specifies whether to show the server signature and version number in the response header’s “Server” value
0 = hide version number
1 = show version number
2 = hide full header

enableIpGeo

enableIpGeo 0
Specifies whether to enable/disable IP Geolocation lookup. Can be set at server, virtual host, or context level

useIpInProxyHeader

useIpInProxyHeader 1
Specifies whether to use the IP address listed in the “X-Forwarded-For” HTTP request header for all IP address-related features,
including connection/bandwidth throttling, access control, and IP geolocation.
0 = disabled
1 = enabled
2 = trusted IP Only
3 = keep Header from trusted IP

adminEmails

adminEmails root@localhost
Specifies the server administrator’s email address(es)

errorlog

logLevel DEBUG

debugLevel 0

rollingSize 10M

enableStderrLog 1

 

 

errorlog logs/error.log {
logLevel DEBUG
debugLevel 0
rollingSize 10M
enableStderrLog 1
}

accesslog

rollingSize 10M

keepDays 30

compressArchive 0

accesslog logs/access.log {
rollingSize 10M
keepDays 30
compressArchive 0
}

 

indexFiles

indexFiles index.html, index.php
Specifies names of index files that will be searched sequentially when a URL is mapped to a directory.
You can customize it at the server, virtual host, and context level.

autoIndex

autoIndex 0
Specifies whether to generate a directory index on the fly when index files listed in “Index Files” are not available in a directory
0 = disable
1 = enable

autoIndexURI

autoIndexURI /_autoindex/default.php
Specifies the URI that will be used to generate the index page when index files listed in “Index Files” are not available in a directory

expires

enableExpires

expiresDefault

expiresByType


expires {
enableExpires 1
expiresDefault A604800
expiresByType image/*=A604800, text/css=A604800, application/x-javascript=A604800, application/javascript=A604800, font/*=A604800, application/x-font-ttf=A604800
}

autoLoadHtaccess

autoLoadHtaccess 1
#Autoload rewrite rules contained in a directory’s .htaccess file
#Once initially loaded, a graceful restart must be performed for any further changes to that .htaccess file to take effect.

uploadTmpDir

uploadTmpDir /tmp/lshttpd/
Temporary directory where files being uploaded to server will be stored while request body parser is working.

uploadTmpFilePermission

uploadTmpFilePermission 666
Determines file permissions used for files stored in temporary directory
3 digits octet number

uploadPassByPath

uploadPassByPath 0
Specify whether or not to pass upload file data by path

geoipdb

geoipDBName

maxMindDBEnv


geoipdb /usr/local/lsws/iplocation/GeoLite2-Country.mmdb {
#Specifies the path to MaxMind GeoIP database

geoipDBName COUNTRY_DB
#MaxMind GeoIP database name

maxMindDBEnv COUNTRY_CODE COUNTRY_DB/country/iso_code
#Assign the results of database lookups to environment variables
}

ip2locDB

ip2locDBFile

ip2locDBCache


ip2locDB {
ip2locDBFile /usr/local/lsws/iplocation/GeoLite2-Country.mmdb
#The location of a valid database file

ip2locDBCache MemoryCache
#The caching method used. The default value is Memory.
#possible values are: MemoryCache , FileIo and SharedMemoryCache
}

tuning


tuning {...}

shmDefaultDir

shmDefaultDir /dev/shm/ols/
#Changes shared memory’s default directory to the specified path

maxConnections

maxConnections 10000
#Specifies the maximum number of concurrent connections that the server can accept.
#This includes both plain TCP connections and SSL connections

maxSSLConnections

maxSSLConnections 10000
#Specifies the maximum number of concurrent SSL connections the server will accept
#Since total concurrent SSL and non-SSL connections cannot exceed the limit specified by “Max Connections”,
#the actual number of concurrent SSL connections allowed must be lower than this limit.

connTimeout

connTimeout 300
#Specifies the maximum connection idle time (seconds) allowed during processing one request

maxKeepAliveReq

maxKeepAliveReq 10000
#Specifies the maximum number of requests that can be served through a keep-alive (persistent) session

keepAliveTimeout

keepAliveTimeout 5
#Specifies the maximum idle time (seconds) between requests from a keep-alive connection.
#If no new request is received during this period of time, the connection will be closed

sndBufSize

sndBufSize 0
#The sending buffer size of each TCP socket. 512K is the maximum allowed buffer size

rcvBufSize

rcvBufSize 0
#The receiving buffer size of each TCP socket. 512K is the maximum allowed buffer size

maxReqURLLen

maxReqURLLen 32768
#Specifies the maximum size (bytes) of a request URL.
#URL is the full text address used to access a server resource including the query string.
#64K bytes is the hard limit.

maxReqHeaderSize

maxReqHeaderSize 65536
#Specifies the maximum size (bytes) of an HTTP request header including request URL

maxReqBodySize

maxReqBodySize 2047M
#Specifies the maximum size of an HTTP request body.
#For a 32Bit OS, 2GB is the hard limit. For a 64Bit OS, it is virtually unlimited

maxDynRespHeaderSize

maxDynRespHeaderSize 32768
#Specifies the maximum header size (bytes) of a dynamically generated response. Hard limit is 64KB.

maxDynRespSize

maxDynRespSize 2047M
#Specifies the maximum body size of a dynamically generated response. Hard limit is 2047MB.

maxCachedFileSize

maxCachedFileSize 4096
#Specifies the largest static file size (bytes) that will be cached in a pre-allocated memory buffer

totalInMemCacheSize

totalInMemCacheSize 20M
#Specifies the total memory that can be allocated to the buffer cache in order to cache/serve small static files.

maxMMapFileSize

maxMMapFileSize 256K
#Specifies the largest static file size (bytes) that will be memory mapped (MMAP)

totalMMapCacheSize

totalMMapCacheSize 40M
#Specifies the total memory (bytes) that can be allocated for memory- mapped cache in order to cache/serve medium sized static files.

useSendfile

useSendfile 1
#Specifies whether to use the sendfile() system call to serve static files

fileETag

fileETag 28
#Specifies whether to use a file’s inode, last-modified time, and size attributes to generate the ETag HTTP response header for static files
# 0 = None
# 4 = iNode
# 8 = Modified ime
# 12 = iNode + Modified Time
# 16 = Size
# 20 = iNODE + Size
# 24 = Modified time + Size
# 28 = iNode + Modified Time + Size

enableGzipCompress

enableGzipCompress 1
#Enables GZIP/Brotli compression for both static and dynamic responses.

compressibleTypes

compressibleTypes text/*, application/x-javascript, application/xml, application/javascript, image/svg+xml, application/rss+xml
#Specifies what MIME types are allowed to be compressed.
#MIME type list separated by commas. Wild card “*” and negate sign “!” are allowed, such as text/*, !text/js.

enableDynGzipCompress

enableDynGzipCompress 1
#Controls GZIP compression for dynamically generated responses.
#For this setting to have an effect, “Enable Compression” must be set to Yes.

gzipCompressLevel

gzipCompressLevel 6
#Specifies the level of GZIP compression applied to dynamic content. Ranges from 1 (lowest) to 9 (highest).

gzipAutoUpdateStatic

gzipAutoUpdateStatic 1
#Specifies whether to let the server automatically create/update GZIP/Brotli-compressed versions of compressible static files or not

gzipStaticCompressLevel

gzipStaticCompressLevel 6
#Specifies the level of GZIP compression applied to static files. Ranges from 1 (lowest) to 9 (highest).

brStaticCompressLevel

brStaticCompressLevel 6
#Specifies the level of Brotli compression applied to static files. Ranges from 1 (lowest) to 11 (highest).

gzipCacheDir

gzipCacheDir /tmp/lshttpd/swap
#Specifies the path of the directory used to store compressed files for static content.

gzipMaxFileSize

gzipMaxFileSize 10M
#Specifies the maximum size (bytes) of a static file for which the server will create a compressed file automatically.

gzipMinFileSize

gzipMinFileSize 300
#Specifies the minimum size (bytes) of a static file for which the server will create a corresponding compressed file.

quicEnable

quicEnable 1
#Enables the QUIC network protocol server wide. Default value is Yes.

quicShmDir

quicShmDir /dev/shm
#Specifies the directory used to save QUIC data to shared memory.

fileAccessControl

followSymbolLink

checkSymbolLink

forceStrictOwnership

requiredPermissionMask

restrictedPermissionMask

restrictedScriptPermissionMask

restrictedDirPermissionMask

fileAccessControl {
followSymbolLink 1
#Specifies the server-level default setting of following symbolic links when serving static files.
# 0 = No
# 1 = Yes
# 2 = If Owner Match

checkSymbolLink 0
#Specifies whether to check symbolic links against "Access Denied Directories" when "Follow Symbolic Link" is turned on
# 0 = disabled
# 1 = enabled

forceStrictOwnership 1
#Specifies whether to enforce strict file ownership checking.
#If it is enabled, the web server will check if the owner of the file being served is the same as the owner of the virtual host.
#If it is different, a 403 Access Denied Error will be returned
# 0 = disabled
# 1 = enabled

requiredPermissionMask 000
#Specifies the required permission mask for static files that the server will serve
#octal numbers 000

restrictedPermissionMask 000
#Specifies the restricted permission mask for static files that the server will not serve.
#For example, to prohibit serving files that are executable, set the mask to 0111.
#octal numbers 000

restrictedScriptPermissionMask 000
#Specifies the restricted permission mask for script files that the server will not serve.
#For example, to prohibit serving PHP scripts that are group and world writable, set the mask to 022
#octal numbers 000

restrictedDirPermissionMask 000
#Specifies the restricted permission mask of parent directories of script files that the server will not serve.
#octal numbers 000
}

perClientConnLimit

staticReqPerSec

dynReqPerSec

outBandwidth

inBandwidth

softLimit

hardLimit

blockBadReq

gracePeriod

banPeriod

perClientConnLimit {
staticReqPerSec 0
#Specifies the maximum number of requests to static content coming from a single IP address that can be processed in a single second.

dynReqPerSec 0
#Specifies the maximum number of requests to dynamically generated content coming from a single IP address that can be processed in each second.

outBandwidth 0
#The maximum allowed outgoing throughput to a single IP address, regardless of the number of connections established
#the unit is (bytes/sec)

inBandwidth 0
#The maximum allowed incoming throughput from a single IP address, regardless of the number of connections established
#the unit is (bytes/sec)

softLimit 10000
#Specifies the soft limit of concurrent connections allowed from one IP
#This soft limit can be exceeded temporarily during "Grace Period (sec)"

hardLimit 10000
#The maximum allowed incoming throughput from a single IP address

blockBadReq 1
#Block IPs that keep sending badly-formated HTTP requests for the "Banned Period (sec)".

gracePeriod 15
#Specifies how long new connections can be accepted after the number of connections established from one IP is over the "Connection Soft Limit"
#the unit is (sec)

banPeriod 300
#Specifies how long new connections will be rejected from an IP if,
#after the "Grace Period (sec)" has elapsed, the number of connections is still more than the "Connection Soft Limit"
#the unit is (sec)
}

accessDenyDir

accessDenyDir {
dir /
dir /etc/*
dir /dev/*
dir conf/*
dir admin/conf/*
}

#Specifies directories that should be blocked from access

accessControl

allow

deny

 

accessControl {
#Specifies what sub networks and/or IP addresses can access the server.
#At the server level, this setting will affect all virtual hosts.
#You can also set up access control unique to each virtual host at the virtual host level.
#Virtual host level settings will NOT override server level settings.

allow ALL
#Specifies the list of IPs or sub-networks allowed. * or ALL are accepted.
#A trailing "T" can be used to indicate a trusted IP or sub-netwo

deny 192.168.1.1
#Specifies the list of IPs or sub-networks disallowed.
#Comma delimited list of IP addresses or sub-networks. * or ALL are accepted.
}

lsrecaptcha

enabled

siteKey

secretKey

type

maxTries

allowedRobotHits

botWhiteList

regConnLimit

sslConnLimit

 

lsrecaptcha {
enabled 1
#Enable the reCaptcha Protection feature at the current level.
#This setting must be set to Yes at the Server level before the reCaptcha Protection feature can be used.

siteKey 123456789123456789123456789
#The site key is the public key provided by Google via its reCAPTCHA service.
#A default Site Key will be used if not set.

secretKey 123456789123456789123456789
#The secret key is the private key provided by Google via its reCAPTCHA service.
#A default Secret Key will be used if not set.

type 1
#Specify the reCAPTCHA type to use with the key pairs
# 1 = checkbox
# 2 = invisible

maxTries 3
#Max Tries specifies the maximum number of reCAPTCHA attempts permitted before denying the visitor.

allowedRobotHits 5
#Number of hits per 10 seconds to allow ‘good bots’ to pass.
#Bots will still be throttled when the server is under load.

botWhiteList {
google
#List of custom user agents to allow access
#List of user agents, one per line. Regex is supported.
}

regConnLimit 1000
#The number of concurrent connections (SSL & non-SSL) needed to activate reCAPTCHA.
#reCAPTCHA will be used until concurrent connections drop below this number.

sslConnLimit 500
#The number of concurrent SSL connections needed to activate reCAPTCHA.
#reCAPTCHA will be used until concurrent connections drop below this number.

}

extprocessor

address

maxConns

env

initTimeout

retryTimeout

persistConn

respBuffer

autoStart

path

backlog

instances

priority

memSoftLimit

memHardLimit

procSoftLimit

procHardLimit


extprocessor lsphp {
#lsphp is the name of this external app

type lsapi
#Specifies the type of external application.
#Application types are differentiated by the service they provide or the protocol they use to communicate with the server
# fcgi FastCGI: a FastCGI application with a Responder role.
# fcgiauth FastCGI Authorizer: a FastCGI application with an Authorizer role
# servlet Servlet Engine: a servlet engine with an AJPv13 connector, such as Tomcat.
# proxy Web Server: a web server or application server that supports HTTP protocol.
# lsapi LiteSpeed SAPI App: an application that communicates with the web server using LSAPI protocol.
# loadbalancer Load Balancer: a virtual application that can balance load among worker applications.
# logger Piped Logger: an application that can process access log entries received on its STDIN stream.

address uds://tmp/lshttpd/lsphp.sock
maxConns 10
env PHP_LSAPI_CHILDREN=10
env LSAPI_AVOID_FORK=200M
initTimeout 60
retryTimeout 0
persistConn 1
respBuffer 0
autoStart 1
path $SERVER_ROOT/lsphp73/bin/lsphp
backlog 100
instances 1
priority 0
memSoftLimit 2047M
memHardLimit 2047M
procSoftLimit 1400
procHardLimit 1500
}

scripthandler

scripthandler {
add lsapi:lsphp php
}

virtualhost

vhRoot

configFile

allowSymbolLink

enableScript

restrained

setUIDMode

 

virtualhost Example {
vhRoot Example/
configFile conf/vhosts/Example/vhconf.conf
allowSymbolLink 1
enableScript 1
restrained 1
setUIDMode 0
}

virtualhost test1.domain.com {
vhRoot /home/$VH_NAME
configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhost.conf
allowSymbolLink 1
enableScript 1
restrained 1
}

listener

address

secure

keyFile

certFile

certChain

sslProtocol

ciphers

enableECDHE

renegProtection

sslSessionCache

enableSpdy

enableStapling

ocspRespMaxAge

map

listener Default {
address *:80
secure 0
map test1.domain.com test1.domain.com
}

listener SSL {
address *:443
secure 1
keyFile /etc/letsencrypt/live/test.domain.com/privkey.pem
certFile /etc/letsencrypt/live/test.domain.com/fullchain.pem
certChain 1
sslProtocol 24
ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
enableECDHE 1
renegProtection 1
sslSessionCache 1
enableSpdy 15
enableStapling 1
ocspRespMaxAge 86400
map test1.domain.com test1.domain.com
}

vhTemplate centralConfigLog

vhTemplate centralConfigLog {
templateFile conf/templates/ccl.conf
listeners Default
}

vhTemplate EasyRailsWithSuEXEC

vhTemplate EasyRailsWithSuEXEC {
templateFile conf/templates/rails.conf
listeners Default
}