How To Install Linux, OpenLiteSpeed, MariaDB, PHP (LOMP stack) on Ubuntu 20.04 | DevsDay.ru

IT-блоги How To Install Linux, OpenLiteSpeed, MariaDB, PHP (LOMP stack) on Ubuntu 20.04


*The author selected the [Free and Open Source Fund](https://www.brightfunds.org/funds/foss-nonprofits) to receive a donation as part of the [Write for DOnations](https://do.co/w4do-cta) program.* ### Introduction The **LOMP** stack is an acronym for **L**inux, [**O**penLiteSpeed](https://openlitespeed.org/), [**M**ariaDB](https://mariadb.org/), and **P**HP. OpenLiteSpeed is the open-source option for LiteSpeed web servers. LiteSpeed servers are known for their speedy performance, especially with languages such as PHP that integrate well with their [LS-API](https://www.litespeedtech.com/open-source/litespeed-sapi/php). The [LSPHP (LiteSpeed PHP)](https://docs.litespeedtech.com/lsws/extapp/php/configuration/options/) interpreter functions much faster to serve dynamic PHP pages via their proprietary LS-API. The API integrates with the HTTP server, thereby reducing the overall time taken for a response sent by the server for a request. OpenLiteSpeed is becoming the preferred choice for [WordPress](https://wordpress.org/), [Joomla](https://www.joomla.org/), and other PHP-based applications that serve dynamic content. In this tutorial, you will set up a LOMP server running on Ubuntu 20.04 with PHP 8.1, MariaDB 10.7, and OpenLiteSpeed 1.7. ## Prerequisites Before you begin this guide, you will need the following: - One Ubuntu 20.04 server with a sudo non-root user, a firewall, and at least 1GB of RAM, which you can set up by following the [Ubuntu 20.04 initial server setup guide](https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-20-04) - A fully-qualified domain name (required for SSL configuration and recommended for public websites). You can get a domain name on [Namecheap](https://namecheap.com/), [Freenom](http://www.freenom.com/en/index.html), or the domain registrar of your choice. Follow the [DNS Quickstart](https://docs.digitalocean.com/products/networking/dns/quickstart/) to point the domain name to your server. - SSL certificates and keys for your domain. Follow [How To Use Certbot Standalone Mode to Retrieve Let's Encrypt SSL Certificates on Ubuntu 20.04](https://www.digitalocean.com/community/tutorials/how-to-use-certbot-standalone-mode-to-retrieve-let-s-encrypt-ssl-certificates-on-ubuntu-20-04) to obtain the certificate-key pair for your domain. In Step 2, open port `80` alongside port `443`. ## Step 1 — Installing OpenLiteSpeed In this step, you will install the OpenLiteSpeed web server after importing the required package repositories to your server. If it is your first time using `sudo` in the SSH session, you may need to enter the password for your non-root user. Begin by updating the package manager cache: ```command sudo apt update ``` Unlike [Apache](https://www.apache.org/) and [Nginx](https://nginx.org/), OpenLiteSpeed hosts its code on its own repository. Add this repository to the `apt` package manager's sources list with the following command: ```command sudo wget -O - http://rpms.litespeedtech.com/debian/enable_lst_debian_repo.sh | sudo bash ``` `wget` fetches the remote repository located on OpenLiteSpeed's server, and the `-O` flag prints the file's content to the terminal. The `|` pipe passes the content to a new bash shell, launched by the `sudo bash` command. This bash terminal executes the commands mentioned in the contents of the `.sh` file fetched from the repository and installs the repository on the local APT repository list. You will see an output like this: ``` [secondary_label Output] --2022-03-16 08:51:49-- http://rpms.litespeedtech.com/debian/lst_repo.gpg Resolving rpms.litespeedtech.com (rpms.litespeedtech.com)... 52.55.120.73 Connecting to rpms.litespeedtech.com (rpms.litespeedtech.com)|52.55.120.73|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 2336 (2.3K) [application/octet-stream] Saving to: ‘/etc/apt/trusted.gpg.d/lst_repo.gpg’ /etc/apt/trusted.gp 100%[===================>] 2.28K --.-KB/s in 0s 2022-03-16 08:51:50 (329 MB/s) - ‘/etc/apt/trusted.gpg.d/lst_repo.gpg’ saved [2336/2336] update the repo Hit:1 https://repos.insights.digitalocean.com/apt/do-agent main InRelease Hit:2 http://mirrors.digitalocean.com/ubuntu focal InRelease Hit:3 https://repos-droplet.digitalocean.com/apt/droplet-agent main InRelease Hit:4 http://mirrors.digitalocean.com/ubuntu focal-updates InRelease Ign:5 http://rpms.litespeedtech.com/debian focal InRelease Hit:6 http://security.ubuntu.com/ubuntu focal-security InRelease Hit:7 http://mirrors.digitalocean.com/ubuntu focal-backports InRelease Get:8 http://rpms.litespeedtech.com/debian focal Release [1652 B] Get:9 http://rpms.litespeedtech.com/debian focal Release.gpg [836 B] Get:10 http://rpms.litespeedtech.com/debian focal/main amd64 Packages [18.3 kB] Fetched 20.8 kB in 2s (13.6 kB/s) Reading package lists... Done All done, congratulations and enjoy ! ``` Next, install the `openlitespeed` package: ```command sudo apt install openlitespeed ``` If prompted, enter your password, then confirm the installation with `Y`. Once the installation is complete, verify that OpenLiteSpeed is installed and working correctly by checking its status with the `service` command: ```command sudo systemctl status lsws ``` The `systemctl status` command obtains the status of a service identified by its keyword. The keyword for the OpenLiteSpeed Web Server service is `lsws`. The `systemctl` command can enable or disable automatic start for services and manually start or stop a service. You will receive the following output: ``` [secondary_label Output] ● lshttpd.service - OpenLiteSpeed HTTP Server Loaded: loaded (/etc/systemd/system/lshttpd.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2022-03-16 08:59:09 UTC; 2min 26s ago Process: 32997 ExecStart=/usr/local/lsws/bin/lswsctrl start (code=exited, status=0/SUCCESS) Main PID: 33035 (litespeed) CGroup: /system.slice/lshttpd.service ├─33035 openlitespeed (lshttpd - main) ├─33044 openlitespeed (lscgid) └─33073 openlitespeed (lshttpd - #01) ``` You now have an OpenLiteSpeed web server running with its default configuration. You may not be able to access the GUI-based Admin Panel and example website yet, as the firewall blocks traffic to these ports. With your OpenLiteSpeed web server running, you can update the firewall and open the necessary ports to allow users to access the website. ## Step 2 — Updating the Firewall In this step, you will configure the firewall for your server to allow traffic over TCP to selected ports for the GUI-based admin panel and example website and ports `80` and `443` for HTTP and HTTPS sites. The OpenLiteSpeed server bundles a GUI-based admin panel and an example website with the server. The admin panel is an easy-to-use interface for configuring Listeners, Virtual Hosts, SSL, and monitoring logs. The example website features a sample CGI Script, PHP Script, Error Page, and a Password Protected Page. This website can demonstrate the capabilities of the web server. The GUI-based Admin Panel listens on port `7080` in the default configuration, while the example website listens on port `8088`. You need to allow TCP traffic to these ports via the `ufw` firewall to access these sites. To provide access, run the following command: ```command sudo ufw allow 7080,80,443,8088/tcp ``` Then, check the status of the firewall rules: ```command sudo ufw status ``` Your output will look like this: ``` [secondary_label Output] Status: active To Action From -- ------ ---- OpenSSH ALLOW Anywhere 80,443,7080,8088/tcp ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6) 80,443,7080,8088/tcp (v6) ALLOW Anywhere (v6) ``` You can view the example website through port `8088`: ``` http://<^>your_server_ip<^>:8088 ``` It should appear like the screencapture below: ![Example website when viewed through port `8088`](https://assets.digitalocean.com/articles/68225/SPVbgMq.png) You can look around the example website to explore the features offered by the web server. See the GUI-based Admin Panel via port `7080`: ``` http://<^>your_server_ip<^>:7080 ``` Later in this tutorial, you will use the GUI interface to configure your web server. You have now set up the OpenLiteSpeed server on your Ubuntu instance, which will allow you to serve a variety of web applications based on different backend languages and frameworks. In the next step, you will set up other services of the LOMP stack. ## Step 3 — Installing MariaDB With the **L**inux and the **O**penLiteSpeed server running, you can now set up the **M**ariaDB Database Server. The database server will allow you to store, retrieve, and manage data on your website. MariaDB is a popular database engine because it offers SQL and NoSQL functionalities and can incorporate multiple database engines such as [MyISAM](https://mariadb.com/kb/en/myisam-storage-engine/) and [InnoDB](https://mariadb.com/kb/en/innodb/). Install the MariaDB server with the following command: ```command sudo apt install mariadb-server ``` When prompted for confirmation, type `Y` to confirm. After the installation has finished, complete the initial server setup with the following command: ```command sudo mysql_secure_installation ``` The default installation has no root password, so you can press `Enter` when prompted. You will receive an output like this after the installation setup: ``` [secondary_label Output] NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... ``` You will then be prompted to **set a strong root password**. When asked whether you would like to set the root password, type `Y` and enter your preferred root password twice. ``` [secondary_label Output] Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorization. Set root password? [Y/n] <^>y<^> New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! ``` The next prompt asks if you would like to **remove the anonymous users**. Answer `Y` to this prompt: ``` [secondary_label Output] By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] <^>y<^> ... Success! ``` Unless you plan on accessing the database as a root user from other servers or your local machine, you should also **disallow root login remotely**. To disable root logins from remote machines, answer `Y` to the prompt: ``` [secondary_label Output] Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] <^>y<^> ... Success! ``` You can also **remove the test database and related privileges** by typing `Y` for the following prompt: ``` [secondary_label Output] By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] <^>y<^> - Dropping test database... ... Success! - Removing privileges on test database... ... Success! ``` Finally, you will confirm to **reload the privilege tables** so that all the changes above are applied to the server: ``` [secondary_label Output] Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] <^>y<^> ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB! ``` You have now installed, configured, and secured a MariaDB database server on your Ubuntu instance. The database will listen for MySQL connections on port `3306` in its default configuration. Since the database will be accessed internally (on the same server in most cases), you will not open this port to external traffic in the firewall. Next, you will install PHP for use with OpenLiteSpeed. ## Step 4 — Installing a Specific Version of PHP The OpenLiteSpeed web server comes bundled with one PHP version, which may not be the latest stable version of PHP. You can use the pre-installed version of PHP, or you can install a specific instance. In this step, you will check the version of your PHP installation, update it if necessary, and install the requisite packages. To know which version of PHP was pre-installed with your OpenLiteSpeed server, click the button in the **Test PHP** section of the example website or visit the following URL: ``` http://<^>your_server_ip<^>:8088/phpinfo.php ``` To install a specific version of PHP on the OpenLiteSpeed web server, check the list of available versions along with their compatibility at the [Getting Started with PHP](https://docs.litespeedtech.com/extapp/php/getting_started/) page of the official OpenLiteSpeed website. The list of available versions is displayed in the LiteSpeed Repository section under the **Installation** header: ![LiteSpeed PHP Versions in the Documentation](https://assets.digitalocean.com/articles/68225/OqP7VdC.png) You can also check the LSPHP (LiteSpeed PHP) packages available for Ubuntu with the following command: ```command sudo apt-cache search lsphp ``` From the package list, you can identify the `php` versions using the suffix of the package names. You will see a package list like this: ``` [secondary_label Output] ... lsphp<^>81<^> - server-side, HTML-embedded scripting language (LSAPI binary) ... ``` In this example, `lsphp<^>81<^>` states that this is `PHP v<^>8.1<^>`, whereas `lsphp<^>74<^>` would mean `PHP v<^>7.4<^>`. To install a specific `lsphp` package, use the following command (replacing `<^>81<^>` with the suffix for your preferred version): ```command sudo apt install lsphp<^>81<^> lsphp<^>81<^>-{common,mysql} ``` Type `Y` to confirm the installation. You have only installed the `lsphp` package, but you have not configured OpenLiteSpeed to use this version of PHP. The example website will continue to show the default PHP version until you configure it to use the new version. In the next step, you will configure OpenLiteSpeed to use this version of PHP. ## Step 5 — Configuring OpenLiteSpeed In this step, you will configure the credentials for the GUI-based Admin Panel for the OpenLiteSpeed web server and configure it to use the PHP version of your choice, based on the versions you have installed in Step 4 or the version that comes with the default OpenLiteSpeed server. To configure the OpenLiteSpeed web server, open the GUI Admin Panel at port `7080`: ``` http://<^>your_server_ip<^>:7080 ``` In your terminal, set the administrator account credentials with the following command: ```command sudo /usr/local/lsws/admin/misc/admpass.sh ``` These login credentials will be different from what you set in earlier steps, and they will work only for the GUI Admin Panel of the OpenLiteSpeed server. You will see the following output, which will prompt you to enter a username and password: ``` [secondary_label Output] Please specify the user name of administrator. This is the user name required to login the administration Web interface. User name [admin]: <^>sammy<^> Please specify the administrators password. This is the password required to login the administration Web interface. Password: Retype password: Administrators username/password is updated successfully! ``` After you set the credentials, you can configure the server to use the specified version. Via `http://<^>your_server_ip<^>:7080`, log in to the **Admin Panel** (using the credentials you just set up) and navigate to the **Server Configuration** section. Then, click the **External App** tab. You will see the following screen: ![External App Screen of OpenLiteSpeed Server Configuration section](https://assets.digitalocean.com/articles/68225/bnJMOiP.png) Click the **edit** button in the **Actions** column of the first row for **LiteSpeed SAPI App**, which will open an app with the name **lsphp**. Scroll to the **Command** field to change its value to `lsphp<^>81<^>/bin/lsphp` (following the naming convention in Step 4). After configuring this value, scroll to the **LiteSpeed SAPI App** heading and click the **Save** button on the right. Use the green **Graceful Restart** button in the top right to restart the web server. The Graceful Restart button is highlighted in red in the upper right of the following screencapture: ![Graceful Restart Button location](https://assets.digitalocean.com/articles/68225/UAkURZC.png) Verify that your server is now using the specified PHP version by visiting the informational page at port `8088`: ``` http://<^>your_server_ip<^>:8088/phpinfo.php ``` In this step, you configured the credentials for the admin panel and set it to use the desired version of PHP. Next, you will set up virtual hosts for the different websites that you plan to host on this web server. ## Step 6 — Setting Up a Virtual Host In this step, you will set up the Virtual Hosts for your web server. Virtual Hosts allow you to serve multiple websites, identified by unique hostnames, via a single web server. OpenLiteSpeed can serve multiple Virtual Hosts, which are then mapped to Listeners; the Listeners are then mapped to specific ports. OpenLiteSpeed allows Virtual Hosts to have customized redirection rules, and a different PHP version can also be configured for each virtual host. Virtual Hosts can be configured to serve as reverse proxy connections for other web servers such as [NodeJS](https://nodejs.org/). Still in the GUI Admin Panel, navigate to the **Virtual Hosts** section. On the top right corner of the table that appears, click the **+** button to add a new Virtual Host. You can then add a Virtual Host name of your choice to set up the **Virtual Host Root** and the path for the **configuration file** of the Virtual Host, using variables such as `$SERVER_ROOT` (for referring to the root directory of the OpenLiteSpeed Web Server) or `$VH_ROOT` (for the referring to the root directory of the Virtual Host). Click **Yes** on **Enable Scripts/ExtApps** to ensure PHP works on the Virtual Host. When setting up the Virtual Host, complete the following fields with your desired values (the values shown below are examples): - **Virtual Host Name:** `<^>MyWebsite<^>` - **Virtual Host Root:** `$SERVER_ROOT/<^>MyWebsite<^>/html/` - **Config File:** `conf/vhosts/<^>MyWebsite<^>/vhconf.conf` - **Enable Scripts/ExtApps:** `<^>Yes<^>` - **Restrained:** `<^>Yes<^>` <$>[note] **Note:** You may receive an error if the configuration file does not exist at the specified path. Click the link mentioned in the error message to create the file automatically. <$> `Yes` on **Enable Scripts/ExtApps** allows you to specify a custom PHP interpreter version in the External Apps section of the configuration. It can be turned off if you do not intend to configure a custom PHP version. `Yes` on **Restrained** prevents the users from accessing files in directories other than the ones contained in the Virtual Host Root directory, even if symbolic links are pointing to files outside the virtual host root directory. For security purposes, enable this feature. ![Virtual Host Configuration](https://assets.digitalocean.com/articles/68225/CCdUiKV.png) After completing the configuration, click the **Save** button on the right side of the **Virtual Hosts** row. The Admin Panel may display a prompt to perform a Graceful Restart to apply the changes to the configuration. You can perform a Graceful Restart at this point as it will not affect the configuration steps. You can also wait to perform the Graceful Restart after you complete the changes to the Listener configuration. After configuring the Virtual Host, you will configure the **Listener**. Navigate to the **Listeners** section of the **Admin Panel**. Click the **Default** listener, then click the **+** button in the top right corner of the **Virtual Host Mappings** table. From the dropdown corresponding to **Virtual Host**, select the **Virtual Host Name** that you assigned in the Virtual Host Configuration. In the example shown, the selected virtual host is **MyWebsite**. In the text box for a domain name, enter the fully qualified and registered domain name that you will use to serve the Virtual Host that you configured. In the example shown, the value is set to `mywebsite.com`. ![Listener Configuration](https://assets.digitalocean.com/articles/68225/K3Ynpa0.png) Click **Save** on the top right of the **Virtual Hosts Mapping** row. It is strongly recommended that you enable TLS security for your website. Under the **General** settings for the Listener, update the **Secure** option to `Yes` and change the port from `8088` to `443` for the Listeners that serve HTTPS pages. `443` is the default port for HTTPS. Because you generated a certificate and key file from a certificate authority during the prerequisites, you can now add them to your OpenLiteSpeed setup. Add the certificate and key file paths in the **SSL** section of the Listener's configuration by clicking the **Edit** icon in the **SSL Private Key & Certificate** row. A sample configuration for the TLS certificate and key files in the SSL section of the **Listener Configuration** is shown below (be sure to update the file paths to match your domain): ![TLS Configuration for Listener](https://assets.digitalocean.com/articles/68225/VOffDZF.png) If you run into any issues, you can review the [guide to Configure OpenLiteSpeed for SSL in the OpenLiteSpeed documentation](https://openlitespeed.org/kb/lets-encrypt-ssl-on-openlitespeed/). After configuring and saving these settings, click the green **Graceful Restart** button on the top right corner of the screen to apply the changes. You have now configured a Virtual Host with a Listener and set up TLS encryption for all traffic to your website. After configuring your DNS to map to the public IP address of your server, your website will be accessible at the domain you specify. Follow the [DNS Quickstart Guide](https://docs.digitalocean.com/products/networking/dns/quickstart/) to set up your domain. <$>[note] [label Enable **HTTP/3** over **QUIC**] **Note:** OpenLiteSpeed is one of the first open-source servers to incorporate the HTTP3 protocol over Quick UDP Internet Connections (QUIC) Protocol. To enable HTTP3/QUIC, you must set up SSL for your domain and configure the certificate and key via the **Admin Panel**. Return to Step 6 for direction. If you'd like to use HTTP3, you must also allow UDP traffic to port `443` of your server. To do this, run the command: ```command sudo ufw allow 443/udp ``` <$> ## Conclusion In this tutorial, you set up a MariaDB database server and an OpenLiteSpeed web server capable of serving PHP applications with the specified PHP version. You can now host a variety of PHP applications and frameworks such as [WordPress](https://wordpress.org/), [Laravel](https://laravel.com/), and [Joomla](https://www.joomla.org/) on your server. If you haven't yet, you can set up TLS security on your web server and enable HTTP/3 over QUIC to make the best use of the OpenLiteSpeed web server. Check out the [guide for setting up Let's Encrypt SSL on OpenLiteSpeed](https://openlitespeed.org/kb/lets-encrypt-ssl-on-openlitespeed/) and then refer to the **Enable HTTP/3 over QUIC** section in Step 6 of this guide.

Источник: DigitalOcean Community Tutorials

Наш сайт является информационным посредником. Сообщить о нарушении авторских прав.