This guide provides a full Ansible playbook to install OpenLiteSpeed with repository setup, LSAPI PHP installation, and baseline service configuration for Debian 10+, Ubuntu LTS, and RHEL 9+ compatible systems.
- name: Install OpenLiteSpeed
hosts: openlitespeed
become: true
vars:
ols_admin_port: 7080
ols_test_port: 8088
ols_user: nobody
ols_group: nogroup
php_version: "81" # 81, 82, 83
tasks:
- name: Warn about RHEL 10 ModSecurity issues
ansible.builtin.debug:
msg: |
⚠️ RHEL 10 / AlmaLinux 10 WARNING
Some users report ModSecurity conflicts on AlmaLinux 10.
Test thoroughly before production use.
when: ansible_distribution_major_version | int >= 10
- name: Add LiteSpeed repository (Debian/Ubuntu)
ansible.builtin.shell: |
curl -s https://repo.litespeed.sh | bash
args:
creates: /etc/apt/sources.list.d/litespeed.list
when: ansible_os_family == "Debian"
- name: Add LiteSpeed repository (RHEL family)
ansible.builtin.dnf:
name: https://rpms.litespeedtech.com/el/litespeed-repo-el9-latest.rpm
state: present
disable_gpg_check: true
when: ansible_os_family == "RedHat"
- name: Update package cache (Debian/Ubuntu)
ansible.builtin.apt:
update_cache: true
cache_valid_time: 3600
when: ansible_os_family == "Debian"
- name: Install OpenLiteSpeed
ansible.builtin.package:
name: openlitespeed
state: present
register: ols_install_result
- name: Install LSAPI PHP
ansible.builtin.package:
name:
- "lsphp{{ php_version }}"
- "lsphp{{ php_version }}-common"
- "lsphp{{ php_version }}-mysql"
- "lsphp{{ php_version }}-opcache"
- "lsphp{{ php_version }}-curl"
- "lsphp{{ php_version }}-gd"
- "lsphp{{ php_version }}-mbstring"
- "lsphp{{ php_version }}-xml"
state: present
when: ols_install_result.changed or ols_install_result.failed == false
- name: Create symlink for PHP
ansible.builtin.file:
src: "/usr/local/lsws/lsphp{{ php_version }}/bin/lsphp"
dest: /usr/local/lsws/fcgi-bin/lsphp
state: link
force: true
- name: Enable and start OpenLiteSpeed service
ansible.builtin.systemd:
name: lsws
state: started
enabled: true
- name: Configure firewall (UFW)
ansible.builtin.ufw:
rule: allow
port: "{{ item }}"
proto: tcp
loop:
- "80"
- "443"
- "{{ ols_admin_port }}"
- "{{ ols_test_port }}"
when: ansible_os_family == "Debian"
- name: Configure firewall (firewalld)
ansible.builtin.firewalld:
service: "{{ item }}"
permanent: true
immediate: true
state: enabled
loop:
- http
- https
when: ansible_os_family == "RedHat"
- name: Add custom firewall ports (firewalld)
ansible.builtin.firewalld:
port: "{{ item }}/tcp"
permanent: true
immediate: true
state: enabled
loop:
- "{{ ols_admin_port }}"
- "{{ ols_test_port }}"
when: ansible_os_family == "RedHat"
- name: Verify OpenLiteSpeed installation
ansible.builtin.command: /usr/local/lsws/bin/lswsctrl -v
register: ols_version
changed_when: false
- name: Display OpenLiteSpeed version
ansible.builtin.debug:
var: ols_version.stdout
- name: Show installation summary
ansible.builtin.debug:
msg: |
✅ OpenLiteSpeed Installation Complete
Version: {{ ols_version.stdout }}
Admin Console: https://{{ ansible_default_ipv4.address }}:{{ ols_admin_port }}
Test Page: http://{{ ansible_default_ipv4.address }}:{{ ols_test_port }}
⚠️ IMPORTANT: Set admin password with:
sudo /usr/local/lsws/admin/misc/admpass.sh
- name: Deploy OpenLiteSpeed with Virtual Host
hosts: openlitespeed
become: true
vars:
domain_name: "example.com"
document_root: "/var/www/{{ domain_name }}/public_html"
ssl_enabled: true
ssl_cert_path: "/etc/ssl/certs/{{ domain_name }}.crt"
ssl_key_path: "/etc/ssl/private/{{ domain_name }}.key"
tasks:
- name: Create document root directory
ansible.builtin.file:
path: "{{ document_root }}"
state: directory
owner: "{{ ols_user | default('nobody') }}"
group: "{{ ols_group | default('nogroup') }}"
mode: "0755"
- name: Create sample index.html
ansible.builtin.copy:
dest: "{{ document_root }}/index.html"
mode: "0644"
content: |
<!DOCTYPE html>
<html>
<head><title>{{ domain_name }}</title></head>
<body>
<h1>OpenLiteSpeed is running</h1>
<p>Domain: {{ domain_name }}</p>
</body>
</html>
- name: Create virtual host configuration
ansible.builtin.template:
src: templates/ols_vhost.conf
dest: "/usr/local/lsws/conf/vhosts/{{ domain_name }}.conf"
owner: root
group: root
mode: "0644"
notify: restart lsws
- name: Check if SSL certificates exist
ansible.builtin.stat:
path: "{{ ssl_cert_path }}"
register: ssl_cert_stat
- name: Warn about SSL certificates
ansible.builtin.debug:
msg: |
⚠️ SSL certificates not found at:
- {{ ssl_cert_path }}
- {{ ssl_key_path }}
Install certificates or use Let's Encrypt via admin console.
when: ssl_enabled and not ssl_cert_stat.stat.exists
# templates/ols_vhost.conf
virtualhost {{ domain_name }} {
vhRoot /var/www/{{ domain_name }}
configFile /var/www/{{ domain_name }}/conf/vhconf.conf
allowSymbolLink 1
enableScript 1
restrained 0
setUIDMode 0
user nobody
group nogroup
indexFiles index.html index.php
errorlog /var/www/{{ domain_name }}/logs/error.log {
useServer 0
logLevel DEBUG
rollingSize 10M
}
accesslog /var/www/{{ domain_name }}/logs/access.log {
useServer 0
logFormat "%v %h %l %u %t \"%r\" %>s %b"
rollingSize 10M
}
vhssl {
keyFile /etc/ssl/private/{{ domain_name }}.key
certFile /etc/ssl/certs/{{ domain_name }}.crt
certChain 1
}
}
| Distribution | Repository | Script/Package |
|---|---|---|
| Debian/Ubuntu | APT | curl -s https://repo.litespeed.sh \| bash |
| RHEL 9 | DNF | litespeed-repo-el9-latest.rpm |
| RHEL 10 | DNF | ⚠️ ModSecurity conflicts reported |
| Version | Package Name | Status |
|---|---|---|
| PHP 8.1 | lsphp81 |
✅ Recommended |
| PHP 8.2 | lsphp82 |
✅ Available |
| PHP 8.3 | lsphp83 |
✅ Available |
| Port | Purpose | Protocol |
|---|---|---|
| 80 | HTTP | TCP |
| 443 | HTTPS | TCP |
| 7080 | Admin Console | TCP |
| 8088 | Default Test Page | TCP |
See OpenLiteSpeed Security and OpenLiteSpeed Hardening for security guidance.
Set admin password:
sudo /usr/local/lsws/admin/misc/admpass.sh
Access admin console:
https://your_server_ip:7080
Configure virtual hosts via admin console
Install SSL certificates (Let’s Encrypt available in admin console)
Beyond this playbook, we offer:
Contact our automation team: office@linux-server-admin.com