Skip to content

WordPress on AWS

The WordPress with LiteSpeed Cache(Powered OpenLiteSpeed) AMI is based on a standard WordPress image, but includes several great performance enhancements. This Wordpress + OLS image is up to 200+ times faster than a regular WordPress image.

OpenLiteSpeed WP One-Click automatically installs OpenLiteSpeed, LSCache, WordPress and any dependences. It also automates initial setup for components like Object Cache and PHP OPCache to reduce the time it takes to optimize a web server.

Quick Start

Step 1. Launch "WordPress with LiteSpeed Cache" instance

  1. Subscribe to WordPress with LiteSpeed Cache
  2. Click Continue to Launch and Launch
  1. Open the Amazon EC2 console
  2. Locate the product by searching for "WordPress with LiteSpeed Cache" from AWS Marketplace
  3. Click Select,Continue,Preview and launch (the default is the most recent version)
Step 2. Visit the instance’s IP address in your browser Step 3. Input site information to finish the WordPress installation
!wpapp 1 !wpapp 2

Optional but recommended: Update system software 

sudo apt update && sudo apt upgrade -y
Your system is installed and ready to use!

Tip

OpenLiteSpeed and LSCache are a powerful combination for your WordPress site, right out of the box. In addition, LSCache offers a variety of optimization features that can contribute to a superior PageSpeed score for your site. These features are disabled by default, but we encourage you to explore and experiment! Learn more about the LSCache plugin's settings.

Components

The OpenLiteSpeed WP instance installs several packages and performs other actions on your system.

Package Installation

Component Version
Linux Ubuntu 18.04.1
OpenLiteSpeed Latest from LiteSpeedtech Repo
MySQL server Latest from APT
PHP Latest from LiteSpeedtech Repo
phpMyAdmin Latest from phpMyAdmin
Fail2ban Latest from APT
LiteSpeed Cache Latest from WordPress.org
WP fail2ban Latest from WordPress.org
memcached Latest from APT
redis Latest from APT
Certbot Latest from Certbot’s PPA
Postfix Latest from APT

Other Actions

  • Enables the UFW firewall to allow only SSH (port 22, rate limited), HTTP (port 80) and HTTPS (port 443) access.
  • Sets the Unix Socket to Object Cache for better performance.
  • Sets the MySQL root password, runs mysql_secure_installation, and creates a WordPress user with the necessary permissions.
  • Sets up the debian-sys-maint user in MySQL so the system’s init scripts for MySQL will work without requiring the MySQL root user password.
  • Creates the initial WordPress configuration file to set up salt keys and allow the WordPress instance to connect to the database.
  • Modifies some PHP settings to increase the maximum filesize and execution time.
  • Enables the OpenLitespeed context to rewrite the .htaccess file so the WordPress permalink feature will work.
  • Tunes OpenLiteSpeed Web Server for better connectivity
Item Before After
Max Connections 2000 10000
Max SSL Connections 2000 10000
lsphp Max Connections 35 100
PHP_LSAPI_CHILDREN 35 100

How to Access the Installed Software

SSH Access

From a terminal on your local computer, connect to the instance as ubuntu, like so: 

ssh ubuntu@192.0.2.0
Be sure to substitute the instance’s IP address for 192.0.2.0.

phpMyAdmin Access

Connect to phpMyAdmin at the following URL: 

https://example.com/phpmyadmin

Get the MySQL root password: 

sudo sed -n 1p .db_password
Get the MySQL WordPress user password: 
sudo sed -n 2p .db_password

Web Server Control Panel Access

Get the WebAdmin admin password:

cat .litespeed_password

cat /home/ubuntu/.litespeed_password

cat /home/ubuntu/.litespeed_password

Visit https://use_your_droplet_ip:7080 to access WebAdmin in a browser.

By default, WebAdmin uses port 7080. To allow access to 7080 from your IP(e.g. 192.0.2.0): 

ufw allow from 192.0.2.0 to any port 7080
You can also allow all IPs access to port 7080: 
ufw allow 7080

!wpapp 6

We suggest turning this port off once you've finished setup: 

ufw delete allow 7080

Benchmark Comparison

Use the following command to test from a t2.micro server(ab) to a t2.micro plan server(DOMAIN) 

ab -n 10000 -k -H "Accept-Encoding: gzip,deflate" -c 10 http://DOMAIN/

Requests per Second (The larger the number, the better)

Apache Openlitespeed+LSCache
34 6780

Optional Setup

Enable HTTPS

Setting up an SSL certificate enables HTTPS on the web server, which secures the traffic between the server and the clients connecting to it. Certbot is a free and automated way to set up SSL certificates on a server.

Step 1. Register Domain

To use Certbot, you’ll need a registered domain name and DNS records:

  • An A record from the domain (e.g., example.com) to the server’s IP address

  • An A record from the domain prefaced with www (e.g., www.example.com) to the server’s IP address.

Step 2. Add Domain to Listener

Navigate to OpenLiteSpeed WebAdmin Console > Listeners, and add Your Domain to HTTP/HTTPS. !listener 1

Step 3. Certbot

Once the DNS records are set up, you can generate the SSL certificate. Be sure to substitute the correct domain name in the following command: 

certbot certonly --webroot -w /var/www/html/ -d example.com -d www.example.com
If certificate verification is a success, you should find your certificate files stored in /etc/letsencrypt/

Step 4. Set SSL for HTTPS

!wpapp 7

Navigate to OpenLiteSpeed WebAdmin Console > Listeners > SSL, and edit the following three items:

  • Private Key File = /etc/letsencrypt/live/example.com/privkey.pem
  • Certificate File = /etc/letsencrypt/live/example.com/fullchain.pem
  • Chained Certificate = Yes

Save and perform a Graceful Restart.

Now your server should support TLS1.1, TLS 1.2, and TLS 1.3.

Step 5. Redirect HTTP to HTTPS

!wpapp 8

HTTPS traffic on port 443 is already allowed through the firewall. After you set up HTTPS, you can optionally rewrite all HTTP traffic to HTTPS.

Add the following rules to OpenLiteSpeed WebAdmin Console > Virtual Hosts > Rewrite > Rewrite Rules

RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://example.com/$1 [R,L]

Method for Uploading Files

You can serve files from the web server by adding them to the web root using SFTP or other tools.

Methods for Migrating Wordpress

If you already have a WordPress site elsewhere, you can migrate it using one of the following methods.

Single-Site by Duplicator Plugin

  1. Install and activate the Duplicator plugin on the WordPress site you’re copying from.
  2. Navigate to Duplicator > Packages, then click the Create New button.
  3. Go through the wizard. When you see "Package Completed," click the One-Click Download link to download two files.
  4. Move the two files (installer.php and a zip file) into the folder you’ll want the WordPress site in.
  5. Visit installer.php in a web browser and you should see a wizard screen.
  6. Click I have read and accept all terms & notices and Next
  7. You’ll need to have a database ready. Enter the database name, user, and password.
  8. Click the Site Login button and log in to your WordPress site using the same username and password as you have on the remote site.

Multi-Site by Duplicator Plugin

  1. Install plugin.
  2. Network activate plugin.
  3. On site 1, perform the backup. That will capture the entire site into a package.
  4. Restore the site in the new location just as in the Single Site procedure.

Manually by WordPress

  1. Back up WordPress
  2. Back up the database
  3. Move the directories

Install LSCache After Migration

This step is only necessary if you have migrated a previous WordPress installation. Otherwise, the instance installs LSCache for you.

!wpapp 10

To benefit from high performance and a nice page score, don't forget to install the LSCache Plugin

Improve Your Page Score

Switch Object Cache Method

!wpapp 9

By default we have Memcached enabled. To swich to Redis is easy. Just copy the Redis socket path to LSCache Plugin > Settings > Advanced > Object Cache and save:

  • Memcached: /var/www/memcached.sock
  • Redis: /var/run/redis/redis-server.sock

FAQ

How do I Reset my Web Server WebAdmin Password?

If you forget your password, you may run the following command to reset it: 

/usr/local/lsws/admin/misc/admpass.sh

It will ask for the WebAdmin username, which should be admin. Then, enter your new password.

How do I Create Additional Virtual Hosts?

This method will automatically set up Listener/VirtualHost/Force SSL/Let's Encrypt/WordPress.

Interactive mode 

wget https://raw.githubusercontent.com/litespeedtech/ls-cloud-image/master/Setup/vhsetup.sh
chmod +x vhsetup.sh
bash vhsetup.sh
Or just run the script without downloading it: 
/bin/bash <( curl -sk https://raw.githubusercontent.com/litespeedtech/ls-cloud-image/master/Setup/vhsetup.sh )

CLI mode 

wget https://raw.githubusercontent.com/litespeedtech/ls-cloud-image/master/Setup/vhsetup.sh
chmod +x vhsetup.sh
bash vhsetup.sh -d www.example.com -le admin@example.com -f -w
Or just run the script without downloading it: 
/bin/bash <( curl -sk https://raw.githubusercontent.com/litespeedtech/ls-cloud-image/master/Setup/vhsetup.sh ) -d www.example.com -le admin@example.com -f -w

  • Please be sure that your domain is already pointing to the server when using -le YOUR_EMAIL

  • Please be sure that your environment has php/sql service/sql root password when using -w

By default, OpenLiteSpeed has an example virtual host already created. You can create more virtual hosts if you like. See Create Virtual Hosts on OpenLiteSpeed.

How do I upgrade OpenLiteSpeed to latest stable version?

OpenLiteSpeed was installed from the LiteSpeed repository, so you can simply use the system update to update OpenLiteSpeed to the latest stable version. 

$ sudo apt update && sudo apt upgrade openlitespeed -y

How do I Create Additional Databases?

See Installing WordPress Using phpMyAdmin

Log into MySQL as root:

mysql -u root -p
Add a new database wordpress2 and user newuser with password password: 
create database wordpress2;
grant all privileges on wordpress2.* to 'newuser'@'localhost' identified by "password";
Flush priveleges;
exit

How do I Install Postfix?

DEBIAN_FRONTEND=noninteractive apt -y \
-o Dpkg::Options::='--force-confdef' \
-o Dpkg::Options::='--force-confold' install postfix

yum -y install postfix

How do I Reconfigure Postfix?

Run the following command: 

dpkg-reconfigure postfix

Configure the settings as follows:

  • General type of mail configuration? Internet Site

  • System mail name: example.com (not mail.example.com)

  • Root and postmaster mail recipient: ubuntu (your user name)

  • Other destinations to accept mail for: <OK> (to use default value)

  • Force synchronous updates on mail queue? No

  • Local networks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

  • Mailbox size limit: 0

  • Local address extension character: +

  • Internet protocols to use: all

Configure Postfix to Send Mail Using Gmail

How do I Rename the Database from phpMyAdmin?

  1. Log into phpMyAdmin
  2. Click the Operations tab
  3. Under the field Rename database to: enter the new database name.
  4. Click the Go button and press OK.

How do I secure phpMyAdmin?

  • Navigate to WebAdmin > Virtual Hosts > Context
  • Change URI from /phpmyadmin to (for example) /secure
  • Navigate to WebAdmin > Virtual Hosts > Context > phpmyadmin
  • Change Access Allowed from * to (for example) 192.0.2.0 and set Access Denied to *

Please substitute 192.0.2.0 with your IPs/subnets

  • Log into SSH console and create a password file:

    $ sudo touch /usr/local/lsws/conf/PASS
$ sudo chown lsadm:lsadm /usr/local/lsws/conf/PASS

  • Navigate to WebAdmin > Virtual Hosts > Security

  • Click + under Realm List then set Realm Name = example, and User DB Location = /usr/local/lsws/conf/PASS

  • Click /usr/local/lsws/conf/PASS to create a user/password

  • Navigate to WebAdmin > Virtual Hosts > Context > phpmyadmin

  • Set Realm to example

How do I Update phpMyAdmin?

The image comes with the latest phpMyAdmin version already, so you shouldn't need to update it. If you do need to update it, you can run the following commands: 

cd /var/www/; mv phpmyadmin phpmyadmin.bak
wget https://www.phpmyadmin.net/downloads/phpMyAdmin-latest-all-languages.zip
unzip phpMyAdmin-*.zip; rm -f phpMyAdmin-*.zip
mv phpMyAdmin-* phpmyadmin
cp phpmyadmin.bak/config.inc.php phpmyadmin
chown -R www-data:www-data phpmyadmin

How do I Update MariaDB?

The only reliable way to update MariaDB to a new version is to make a full backup, restore from that backup, and start the new version of MariaDB.

Back up the DB: 

mysqldump -u root -p --all-databases > databasedump.sql

Update /etc/apt/sources.list.d/mariadb_repo.list with the version you want to install.

Reinstall MariaDB: 

apt update && apt upgrade
apt remove mariadb-server
apt install mariadb-server -y

How do I Change PHP Parameters?

Edit the following file to configure PHP parameters: 

vi /usr/local/lsws/lsphp74/etc/php/7.4/litespeed/php.ini

NOTE: We are using LSPHP 7.4 as example. If you are using a different version, please adjust the number in the URL accordingly. To increase the allowed file size, for example, you would make the following edits: 

upload_max_filesize = 64M
post_max_size = 64M

Other parameters in the file may also be changed, if needed.

OpenLiteSpeed come with php detached mode by default, so need to restart php with command killall -9 lsphp to make settings take effect

How do I Apply a Wildcard Certificate?

Please refer to this guide, click the Wildcard tab, and start from the 5. Install correct DNS plugin section.

You cannot simply get a wildcard certificate (with *.domain.com) by simply typing commands. It requires DNS verification no matter where your DNS nameserver is.

How do I Apply an ECC certificate?

Download the script to the /opt folder: 

cd /opt/; wget -q  https://raw.githubusercontent.com/litespeedtech/ls-cloud-image/master/scripts/generate_ecc.sh
chmod +x generate_ecc.sh

Run the script with parameters. Once the DNS records are set up, you can generate the SSL certificate. Be sure to substitute the correct domain name, email and document root in the following command: 

bash generate_ecc.sh -d 'example.com' -e 'john@email.com' -w '/var/www/html/'
If certificate verification is a success, you should find your certificate files stored in /etc/letsencrypt/.

Add the certificate to the virtual host. Navigate to OpenLiteSpeed WebAdmin Console > VirtualHost > SSL, and edit the following three items:

  • Private Key File = /etc/letsencrypt/live/example.com/ecc.key
  • Certificate File = /etc/letsencrypt/live/example.com/0001_chain.pem
  • Chained Certificate = Yes

Save and perform a Graceful Restart.

Add a cronjob to run/renew the certificate automatically: 

0 0 1 */2 * bash /opt/generate_ecc.sh -d 'example.com' -e 'john@email.com' -w '/var/www/html/'