General rules
#if not state otherwise , in this configuration example , 0 means disable or OFF and 1 means enable or ON.
#if you are manually editing the configuration file.
#please note that all the directives and values are case sensitive.
#and certain directives are need to enclosed by its parent context.
serverName
serverName test.server
A unique name for this server. If empty, server hostname will be used by default.
httpdWorkers
httpdWorkers 2
Specifies the number of httpd workers.
user nobody
user nobody
Specifies the user/group that the server process runs as
group nobody
group nobody
Specifies the user/group that the server process runs as
priority
priority 0
Specifies priority of the server processes. Value ranges from -20 to 20. A lower number means higher priority.
cpuAffinity
cpuAffinity 0
The CPU Affinity setting controls how many CPUs (cores) one server process will be associated with.
The minimum value is 0, which will disable this feature. The maximum value is the number of cores the server has.
Generally, 1 is the best setting because because it creates the strictest use of CPU affinity and thus makes the most use of CPU cache.
enableLVE
enableLVE 1
Specifies whether to enable CloudLinux’s Lightweight Virtual Environment (LVE) when it exists. You can use LiteSpeed with LVE to achieve better resource management
0 = disable
1 = LVE
2 = CageFS
3 = CageFS without suEXEC
inMemBufSize
inMemBufSize 60M
Specifies the maximum buffer size that is used to store a request body and its dynamically generated response.
When this limit is reached, the server will start to create temporary swapping files under “Swapping Directory”.
swappingDir
swappingDir /tmp/lshttpd/swap
Specifies the directory where the swapping files should be placed
autoFix503
autoFix503 1
Specifies whether to try to fix the “503 Service Unavailable” error by restarting the server gracefully.
A “503” error is usually caused by malfunctioning external applications and a web server restart can often fix the error temporarily.
enableh2c
enableh2c 0
Specifies whether to enable HTTP/2 over non-encrypted TCP connections.
gracefulRestartTimeout
gracefulRestartTimeout 300
During a graceful restart, even after the new server instance is up, the old instance will continue to handle existing requests.
This timeout defines how long the previous instance shall wait before exit.
statDir
statDir /tmp/lshttpd/
The directory where the Real-Time Stats report file will be written.
mime conf/mime.properties
mime conf/mime.properties
Specifies the file that contains the MIME settings for this server.
Filename which can be an absolute path or a relative path to $SERVER_ROOT.
disableInitLogRotation
disableInitLogRotation 1
Specifies whether to enable/disable rotation of server error log file at startup
showVersionNumber
showVersionNumber 0
Specifies whether to show the server signature and version number in the response header’s “Server” value
0 = hide version number
1 = show version number
2 = hide full header
enableIpGeo
enableIpGeo 0
Specifies whether to enable/disable IP Geolocation lookup. Can be set at server, virtual host, or context level
useIpInProxyHeader
useIpInProxyHeader 1
Specifies whether to use the IP address listed in the “X-Forwarded-For” HTTP request header for all IP address-related features,
including connection/bandwidth throttling, access control, and IP geolocation.
0 = disabled
1 = enabled
2 = trusted IP Only
3 = keep Header from trusted IP
adminEmails
adminEmails root@localhost
Specifies the server administrator’s email address(es)
errorlog
logLevel DEBUG
debugLevel 0
rollingSize 10M
enableStderrLog 1
errorlog logs/error.log {
logLevel DEBUG
debugLevel 0
rollingSize 10M
enableStderrLog 1
}
accesslog
rollingSize 10M
keepDays 30
compressArchive 0
accesslog logs/access.log {
rollingSize 10M
keepDays 30
compressArchive 0
}
indexFiles
indexFiles index.html, index.php
Specifies names of index files that will be searched sequentially when a URL is mapped to a directory.
You can customize it at the server, virtual host, and context level.
autoIndex
autoIndex 0
Specifies whether to generate a directory index on the fly when index files listed in “Index Files” are not available in a directory
0 = disable
1 = enable
autoIndexURI
autoIndexURI /_autoindex/default.php
Specifies the URI that will be used to generate the index page when index files listed in “Index Files” are not available in a directory
expires
enableExpires
expiresDefault
expiresByType
expires {
enableExpires 1
expiresDefault A604800
expiresByType image/*=A604800, text/css=A604800, application/x-javascript=A604800, application/javascript=A604800, font/*=A604800, application/x-font-ttf=A604800
}
autoLoadHtaccess
autoLoadHtaccess 1
#Autoload rewrite rules contained in a directory’s .htaccess file
#Once initially loaded, a graceful restart must be performed for any further changes to that .htaccess file to take effect.
uploadTmpDir
uploadTmpDir /tmp/lshttpd/
Temporary directory where files being uploaded to server will be stored while request body parser is working.
uploadTmpFilePermission
uploadTmpFilePermission 666
Determines file permissions used for files stored in temporary directory
3 digits octet number
uploadPassByPath
uploadPassByPath 0
Specify whether or not to pass upload file data by path
geoipdb
geoipDBName
maxMindDBEnv
geoipdb /usr/local/lsws/iplocation/GeoLite2-Country.mmdb {
#Specifies the path to MaxMind GeoIP database
geoipDBName COUNTRY_DB
#MaxMind GeoIP database name
maxMindDBEnv COUNTRY_CODE COUNTRY_DB/country/iso_code
#Assign the results of database lookups to environment variables
}
ip2locDB
ip2locDBFile
ip2locDBCache
ip2locDB {
ip2locDBFile /usr/local/lsws/iplocation/GeoLite2-Country.mmdb
#The location of a valid database file
ip2locDBCache MemoryCache
#The caching method used. The default value is Memory.
#possible values are: MemoryCache , FileIo and SharedMemoryCache
}
tuning
tuning {...}
shmDefaultDir
shmDefaultDir /dev/shm/ols/
#Changes shared memory’s default directory to the specified path
maxConnections
maxConnections 10000
#Specifies the maximum number of concurrent connections that the server can accept.
#This includes both plain TCP connections and SSL connections
maxSSLConnections
maxSSLConnections 10000
#Specifies the maximum number of concurrent SSL connections the server will accept
#Since total concurrent SSL and non-SSL connections cannot exceed the limit specified by “Max Connections”,
#the actual number of concurrent SSL connections allowed must be lower than this limit.
connTimeout
connTimeout 300
#Specifies the maximum connection idle time (seconds) allowed during processing one request
maxKeepAliveReq
maxKeepAliveReq 10000
#Specifies the maximum number of requests that can be served through a keep-alive (persistent) session
keepAliveTimeout
keepAliveTimeout 5
#Specifies the maximum idle time (seconds) between requests from a keep-alive connection.
#If no new request is received during this period of time, the connection will be closed
sndBufSize
sndBufSize 0
#The sending buffer size of each TCP socket. 512K is the maximum allowed buffer size
rcvBufSize
rcvBufSize 0
#The receiving buffer size of each TCP socket. 512K is the maximum allowed buffer size
maxReqURLLen
maxReqURLLen 32768
#Specifies the maximum size (bytes) of a request URL.
#URL is the full text address used to access a server resource including the query string.
#64K bytes is the hard limit.
maxReqHeaderSize
maxReqHeaderSize 65536
#Specifies the maximum size (bytes) of an HTTP request header including request URL
maxReqBodySize
maxReqBodySize 2047M
#Specifies the maximum size of an HTTP request body.
#For a 32Bit OS, 2GB is the hard limit. For a 64Bit OS, it is virtually unlimited
maxDynRespHeaderSize
maxDynRespHeaderSize 32768
#Specifies the maximum header size (bytes) of a dynamically generated response. Hard limit is 64KB.
maxDynRespSize
maxDynRespSize 2047M
#Specifies the maximum body size of a dynamically generated response. Hard limit is 2047MB.
maxCachedFileSize
maxCachedFileSize 4096
#Specifies the largest static file size (bytes) that will be cached in a pre-allocated memory buffer
totalInMemCacheSize
totalInMemCacheSize 20M
#Specifies the total memory that can be allocated to the buffer cache in order to cache/serve small static files.
maxMMapFileSize
maxMMapFileSize 256K
#Specifies the largest static file size (bytes) that will be memory mapped (MMAP)
totalMMapCacheSize
totalMMapCacheSize 40M
#Specifies the total memory (bytes) that can be allocated for memory- mapped cache in order to cache/serve medium sized static files.
useSendfile
useSendfile 1
#Specifies whether to use the sendfile() system call to serve static files
fileETag
fileETag 28
#Specifies whether to use a file’s inode, last-modified time, and size attributes to generate the ETag HTTP response header for static files
# 0 = None
# 4 = iNode
# 8 = Modified ime
# 12 = iNode + Modified Time
# 16 = Size
# 20 = iNODE + Size
# 24 = Modified time + Size
# 28 = iNode + Modified Time + Size
enableGzipCompress
enableGzipCompress 1
#Enables GZIP/Brotli compression for both static and dynamic responses.
compressibleTypes
compressibleTypes text/*, application/x-javascript, application/xml, application/javascript, image/svg+xml, application/rss+xml
#Specifies what MIME types are allowed to be compressed.
#MIME type list separated by commas. Wild card “*” and negate sign “!” are allowed, such as text/*, !text/js.
enableDynGzipCompress
enableDynGzipCompress 1
#Controls GZIP compression for dynamically generated responses.
#For this setting to have an effect, “Enable Compression” must be set to Yes.
gzipCompressLevel
gzipCompressLevel 6
#Specifies the level of GZIP compression applied to dynamic content. Ranges from 1 (lowest) to 9 (highest).
gzipAutoUpdateStatic
gzipAutoUpdateStatic 1
#Specifies whether to let the server automatically create/update GZIP/Brotli-compressed versions of compressible static files or not
gzipStaticCompressLevel
gzipStaticCompressLevel 6
#Specifies the level of GZIP compression applied to static files. Ranges from 1 (lowest) to 9 (highest).
brStaticCompressLevel
brStaticCompressLevel 6
#Specifies the level of Brotli compression applied to static files. Ranges from 1 (lowest) to 11 (highest).
gzipCacheDir
gzipCacheDir /tmp/lshttpd/swap
#Specifies the path of the directory used to store compressed files for static content.
gzipMaxFileSize
gzipMaxFileSize 10M
#Specifies the maximum size (bytes) of a static file for which the server will create a compressed file automatically.
gzipMinFileSize
gzipMinFileSize 300
#Specifies the minimum size (bytes) of a static file for which the server will create a corresponding compressed file.
quicEnable
quicEnable 1
#Enables the QUIC network protocol server wide. Default value is Yes.
quicShmDir
quicShmDir /dev/shm
#Specifies the directory used to save QUIC data to shared memory.
fileAccessControl
followSymbolLink
checkSymbolLink
forceStrictOwnership
requiredPermissionMask
restrictedPermissionMask
restrictedScriptPermissionMask
restrictedDirPermissionMask
fileAccessControl {
followSymbolLink 1
#Specifies the server-level default setting of following symbolic links when serving static files.
# 0 = No
# 1 = Yes
# 2 = If Owner Match
checkSymbolLink 0
#Specifies whether to check symbolic links against "Access Denied Directories" when "Follow Symbolic Link" is turned on
# 0 = disabled
# 1 = enabled
forceStrictOwnership 1
#Specifies whether to enforce strict file ownership checking.
#If it is enabled, the web server will check if the owner of the file being served is the same as the owner of the virtual host.
#If it is different, a 403 Access Denied Error will be returned
# 0 = disabled
# 1 = enabled
requiredPermissionMask 000
#Specifies the required permission mask for static files that the server will serve
#octal numbers 000
restrictedPermissionMask 000
#Specifies the restricted permission mask for static files that the server will not serve.
#For example, to prohibit serving files that are executable, set the mask to 0111.
#octal numbers 000
restrictedScriptPermissionMask 000
#Specifies the restricted permission mask for script files that the server will not serve.
#For example, to prohibit serving PHP scripts that are group and world writable, set the mask to 022
#octal numbers 000
restrictedDirPermissionMask 000
#Specifies the restricted permission mask of parent directories of script files that the server will not serve.
#octal numbers 000
}
perClientConnLimit
staticReqPerSec
dynReqPerSec
outBandwidth
inBandwidth
softLimit
hardLimit
blockBadReq
gracePeriod
banPeriod
perClientConnLimit {
staticReqPerSec 0
#Specifies the maximum number of requests to static content coming from a single IP address that can be processed in a single second.
dynReqPerSec 0
#Specifies the maximum number of requests to dynamically generated content coming from a single IP address that can be processed in each second.
outBandwidth 0
#The maximum allowed outgoing throughput to a single IP address, regardless of the number of connections established
#the unit is (bytes/sec)
inBandwidth 0
#The maximum allowed incoming throughput from a single IP address, regardless of the number of connections established
#the unit is (bytes/sec)
softLimit 10000
#Specifies the soft limit of concurrent connections allowed from one IP
#This soft limit can be exceeded temporarily during "Grace Period (sec)"
hardLimit 10000
#The maximum allowed incoming throughput from a single IP address
blockBadReq 1
#Block IPs that keep sending badly-formated HTTP requests for the "Banned Period (sec)".
gracePeriod 15
#Specifies how long new connections can be accepted after the number of connections established from one IP is over the "Connection Soft Limit"
#the unit is (sec)
banPeriod 300
#Specifies how long new connections will be rejected from an IP if,
#after the "Grace Period (sec)" has elapsed, the number of connections is still more than the "Connection Soft Limit"
#the unit is (sec)
}
accessDenyDir
accessDenyDir {
dir /
dir /etc/*
dir /dev/*
dir conf/*
dir admin/conf/*
}
#Specifies directories that should be blocked from access
accessControl
allow
deny
accessControl {
#Specifies what sub networks and/or IP addresses can access the server.
#At the server level, this setting will affect all virtual hosts.
#You can also set up access control unique to each virtual host at the virtual host level.
#Virtual host level settings will NOT override server level settings.
allow ALL
#Specifies the list of IPs or sub-networks allowed. * or ALL are accepted.
#A trailing "T" can be used to indicate a trusted IP or sub-netwo
deny 192.168.1.1
#Specifies the list of IPs or sub-networks disallowed.
#Comma delimited list of IP addresses or sub-networks. * or ALL are accepted.
}
lsrecaptcha
enabled
siteKey
secretKey
type
maxTries
allowedRobotHits
botWhiteList
regConnLimit
sslConnLimit
lsrecaptcha {
enabled 1
#Enable the reCaptcha Protection feature at the current level.
#This setting must be set to Yes at the Server level before the reCaptcha Protection feature can be used.
siteKey 123456789123456789123456789
#The site key is the public key provided by Google via its reCAPTCHA service.
#A default Site Key will be used if not set.
secretKey 123456789123456789123456789
#The secret key is the private key provided by Google via its reCAPTCHA service.
#A default Secret Key will be used if not set.
type 1
#Specify the reCAPTCHA type to use with the key pairs
# 1 = checkbox
# 2 = invisible
maxTries 3
#Max Tries specifies the maximum number of reCAPTCHA attempts permitted before denying the visitor.
allowedRobotHits 5
#Number of hits per 10 seconds to allow ‘good bots’ to pass.
#Bots will still be throttled when the server is under load.
botWhiteList {
google
#List of custom user agents to allow access
#List of user agents, one per line. Regex is supported.
}
regConnLimit 1000
#The number of concurrent connections (SSL & non-SSL) needed to activate reCAPTCHA.
#reCAPTCHA will be used until concurrent connections drop below this number.
sslConnLimit 500
#The number of concurrent SSL connections needed to activate reCAPTCHA.
#reCAPTCHA will be used until concurrent connections drop below this number.
}
extprocessor
address
maxConns
env
initTimeout
retryTimeout
persistConn
respBuffer
autoStart
path
backlog
instances
priority
memSoftLimit
memHardLimit
procSoftLimit
procHardLimit
extprocessor lsphp {
#lsphp is the name of this external app
type lsapi
#Specifies the type of external application.
#Application types are differentiated by the service they provide or the protocol they use to communicate with the server
# fcgi FastCGI: a FastCGI application with a Responder role.
# fcgiauth FastCGI Authorizer: a FastCGI application with an Authorizer role
# servlet Servlet Engine: a servlet engine with an AJPv13 connector, such as Tomcat.
# proxy Web Server: a web server or application server that supports HTTP protocol.
# lsapi LiteSpeed SAPI App: an application that communicates with the web server using LSAPI protocol.
# loadbalancer Load Balancer: a virtual application that can balance load among worker applications.
# logger Piped Logger: an application that can process access log entries received on its STDIN stream.
address uds://tmp/lshttpd/lsphp.sock
maxConns 10
env PHP_LSAPI_CHILDREN=10
env LSAPI_AVOID_FORK=200M
initTimeout 60
retryTimeout 0
persistConn 1
respBuffer 0
autoStart 1
path $SERVER_ROOT/lsphp73/bin/lsphp
backlog 100
instances 1
priority 0
memSoftLimit 2047M
memHardLimit 2047M
procSoftLimit 1400
procHardLimit 1500
}
scripthandler
scripthandler {
add lsapi:lsphp php
}
virtualhost
vhRoot
configFile
allowSymbolLink
enableScript
restrained
setUIDMode
virtualhost Example {
vhRoot Example/
configFile conf/vhosts/Example/vhconf.conf
allowSymbolLink 1
enableScript 1
restrained 1
setUIDMode 0
}
virtualhost test1.domain.com {
vhRoot /home/$VH_NAME
configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhost.conf
allowSymbolLink 1
enableScript 1
restrained 1
}
listener
address
secure
keyFile
certFile
certChain
sslProtocol
ciphers
enableECDHE
renegProtection
sslSessionCache
enableSpdy
enableStapling
ocspRespMaxAge
map
listener Default {
address *:80
secure 0
map test1.domain.com test1.domain.com
}
listener SSL {
address *:443
secure 1
keyFile /etc/letsencrypt/live/test.domain.com/privkey.pem
certFile /etc/letsencrypt/live/test.domain.com/fullchain.pem
certChain 1
sslProtocol 24
ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
enableECDHE 1
renegProtection 1
sslSessionCache 1
enableSpdy 15
enableStapling 1
ocspRespMaxAge 86400
map test1.domain.com test1.domain.com
}
vhTemplate centralConfigLog
vhTemplate centralConfigLog {
templateFile conf/templates/ccl.conf
listeners Default
}
vhTemplate EasyRailsWithSuEXEC
vhTemplate EasyRailsWithSuEXEC {
templateFile conf/templates/rails.conf
listeners Default
}