#!/bin/bash # Written by: cPFence Team / https://cpfence.app/ # # Description: # This script automates OpenLiteSpeed configuration optimization. # It updates server settings, tuning, errorlog configurations, and ensures no duplicate sections. # Use with caution and test in a non-production environment first. # # License: Copyright (C) 2023 - 2024 Linkers Gate LLC. # Global Variables HTTPD_WORKERS="8" CPU_AFFINITY="1" ENABLE_LVE="0" IN_MEM_BUF_SIZE="256M" MAX_CONNECTIONS="10000" MAX_SSL_CONNECTIONS="10000" SND_BUF_SIZE="256k" RCV_BUF_SIZE="256k" TOTAL_IN_MEM_CACHE_SIZE="256M" MAX_MMAP_FILE_SIZE="32M" TOTAL_MMAP_CACHE_SIZE="256M" USE_AIO="3" AIO_BLOCK_SIZE="3" PHP_LSAPI_CHILDREN="250" LSAPI_AVOID_FORK="0" LSPHP_MAX_CONNS="250" LSPHP_AUTOSTART="2" # Log Configuration Variables LOG_LEVEL="ERROR" DEBUG_LEVEL="0" ROLLING_SIZE="10M" KEEP_DAYS="1" COMPRESS_ARCHIVE="1" # Using Enhance v12 option (set to 'on' if running directly on the host) Using_Enhance_v12="on" # Options: "on" or "off" ### DO NOT EDIT BELOW THIS LINE ### CONTAINER_NAME="openlitespeed" CONFIG_PATH="/usr/local/lsws/conf/httpd_config.conf" BACKUP_DIR="/usr/local/lsws/conf/" BACKUP_FILE="httpd_config_backup-$(date +"%d%m%y-%H%M%S").conf" MD5_FILE="/usr/local/src/ols_config_md5sum.txt" # Check if Using_Enhance_v12 is on or off and adjust the docker command accordingly if [ "$Using_Enhance_v12" = "on" ]; then docker_cmd="" else docker_cmd="docker exec $CONTAINER_NAME " fi # welcome message display_welcome() { echo "**********************************************************************************************" echo "* cPFence Web Security *" echo "* OpenLiteSpeed Optimization Script *" echo "* Copyright (C) 2023 - 2024 Linkers Gate LLC. *" echo "**********************************************************************************************" } display_welcome # Step 1: Calculate the current MD5 hash of the config file CURRENT_MD5=$(${docker_cmd}md5sum $CONFIG_PATH | awk '{print $1}') # Step 2: Check if the MD5 file exists and compare hashes # Also check if log configuration needs to be applied LOG_CONFIG_NEEDED=0 # Check if errorlog block exists and has our settings ${docker_cmd}grep -q "errorlog logs/error.log {" $CONFIG_PATH if [ $? -eq 0 ]; then # Check if our log settings exist within the errorlog block ${docker_cmd}sed -n "/errorlog logs\/error.log {/,/}/p" $CONFIG_PATH | grep -q "logLevel.*$LOG_LEVEL" if [ $? -ne 0 ]; then LOG_CONFIG_NEEDED=1 fi ${docker_cmd}sed -n "/errorlog logs\/error.log {/,/}/p" $CONFIG_PATH | grep -q "debugLevel.*$DEBUG_LEVEL" if [ $? -ne 0 ]; then LOG_CONFIG_NEEDED=1 fi ${docker_cmd}sed -n "/errorlog logs\/error.log {/,/}/p" $CONFIG_PATH | grep -q "rollingSize.*$ROLLING_SIZE" if [ $? -ne 0 ]; then LOG_CONFIG_NEEDED=1 fi ${docker_cmd}sed -n "/errorlog logs\/error.log {/,/}/p" $CONFIG_PATH | grep -q "keepDays.*$KEEP_DAYS" if [ $? -ne 0 ]; then LOG_CONFIG_NEEDED=1 fi ${docker_cmd}sed -n "/errorlog logs\/error.log {/,/}/p" $CONFIG_PATH | grep -q "compressArchive.*$COMPRESS_ARCHIVE" if [ $? -ne 0 ]; then LOG_CONFIG_NEEDED=1 fi else LOG_CONFIG_NEEDED=1 fi if test -f "$MD5_FILE"; then STORED_MD5=$(cat $MD5_FILE) if [ "$CURRENT_MD5" == "$STORED_MD5" ] && [ "$LOG_CONFIG_NEEDED" -eq 0 ]; then echo "No changes detected in the configuration and log settings are already applied. Exiting..." exit 0 else if [ "$CURRENT_MD5" != "$STORED_MD5" ]; then echo "Configuration has changed, applying updates..." fi if [ "$LOG_CONFIG_NEEDED" -eq 1 ]; then echo "Log configuration needs to be applied..." fi fi else echo "No MD5 file found, applying updates..." fi # Step 3: Backup the current configuration ${docker_cmd}cp -a $CONFIG_PATH $BACKUP_DIR$BACKUP_FILE echo "Backup created: $BACKUP_DIR$BACKUP_FILE" # Step 4: Function to add or replace config values in specific sections update_or_add_config() { SECTION=$1 PARAMETER=$2 VALUE=$3 # Find the section first, then add or replace the parameter in that section ${docker_cmd}grep -q "$SECTION" $CONFIG_PATH if [ $? -eq 0 ]; then # Check if the parameter exists within the section ${docker_cmd}sed -n "/$SECTION/,/^[^ ]/p" $CONFIG_PATH | grep -q "$PARAMETER" if [ $? -eq 0 ]; then # Parameter exists, replace it within the section ${docker_cmd}sed -i "/$SECTION/,/^[^ ]/ s/\($PARAMETER\s*\).*/\1$VALUE/" $CONFIG_PATH echo "Updated $PARAMETER to $VALUE in $SECTION" else # Parameter doesn't exist, append it to the section ${docker_cmd}sed -i "/$SECTION/a\\ $PARAMETER $VALUE" $CONFIG_PATH echo "Added $PARAMETER with value $VALUE to $SECTION" fi else echo "Section $SECTION not found." fi } # Function to update nested errorlog parameters within serverName section update_errorlog_config() { PARAMETER=$1 VALUE=$2 # Check if the parameter exists within the errorlog block ${docker_cmd}sed -n "/errorlog logs\/error.log {/,/}/p" $CONFIG_PATH | grep -q "$PARAMETER" if [ $? -eq 0 ]; then # Parameter exists, replace it within the errorlog block ${docker_cmd}sed -i "/errorlog logs\/error.log {/,/}/ s/\($PARAMETER\s*\).*/\1$VALUE/" $CONFIG_PATH echo "Updated $PARAMETER to $VALUE in errorlog block" else # Parameter doesn't exist, append it before the closing brace of errorlog block ${docker_cmd}sed -i "/errorlog logs\/error.log {/,/}/ { /enableStderrLog.*1/ a\\ $PARAMETER $VALUE }" $CONFIG_PATH echo "Added $PARAMETER with value $VALUE to errorlog block" fi } # Step 5: Handle serverName and related settings if missing ${docker_cmd}grep -q "serverName" $CONFIG_PATH if [ $? -ne 0 ]; then ${docker_cmd}sed -i "1i serverName\n" $CONFIG_PATH echo "Added serverName block at the top of the file." fi # Add missing httpdWorkers, cpuAffinity, and enableLVE update_or_add_config "serverName" "httpdWorkers" "$HTTPD_WORKERS" update_or_add_config "serverName" "cpuAffinity" "$CPU_AFFINITY" update_or_add_config "serverName" "enableLVE" "$ENABLE_LVE" update_or_add_config "serverName" "inMemBufSize" "$IN_MEM_BUF_SIZE" # Step 6: Update tuning settings update_or_add_config "tuning" "maxConnections" "$MAX_CONNECTIONS" update_or_add_config "tuning" "maxSSLConnections" "$MAX_SSL_CONNECTIONS" update_or_add_config "tuning" "sndBufSize" "$SND_BUF_SIZE" update_or_add_config "tuning" "rcvBufSize" "$RCV_BUF_SIZE" update_or_add_config "tuning" "totalInMemCacheSize" "$TOTAL_IN_MEM_CACHE_SIZE" update_or_add_config "tuning" "maxMMapFileSize" "$MAX_MMAP_FILE_SIZE" update_or_add_config "tuning" "totalMMapCacheSize" "$TOTAL_MMAP_CACHE_SIZE" # Correct useAIO and AIOBlockSize mappings to 3 update_or_add_config "tuning" "useAIO" "$USE_AIO" update_or_add_config "tuning" "AIOBlockSize" "$AIO_BLOCK_SIZE" # Step 7: Update errorlog settings echo "Configuring error log settings..." # Check if errorlog block exists within serverName ${docker_cmd}grep -q "errorlog logs/error.log {" $CONFIG_PATH if [ $? -eq 0 ]; then # Update existing errorlog block update_errorlog_config "keepDays" "$KEEP_DAYS" update_errorlog_config "compressArchive" "$COMPRESS_ARCHIVE" # Also update the other settings if needed update_errorlog_config "logLevel" "$LOG_LEVEL" update_errorlog_config "debugLevel" "$DEBUG_LEVEL" update_errorlog_config "rollingSize" "$ROLLING_SIZE" else echo "Errorlog block not found in expected format" fi # Step 8: Update external processor settings for lsphp (Correct env values) ${docker_cmd}sed -i "s/env\s*PHP_LSAPI_CHILDREN=.*/env PHP_LSAPI_CHILDREN=$PHP_LSAPI_CHILDREN/" $CONFIG_PATH ${docker_cmd}sed -i "s/env\s*LSAPI_AVOID_FORK=.*/env LSAPI_AVOID_FORK=$LSAPI_AVOID_FORK/" $CONFIG_PATH # Step 9: Correctly target maxConns in extprocessor lsphp only ${docker_cmd}sed -i "/extprocessor lsphp {/,/}/ s/maxConns\s*.*/maxConns $LSPHP_MAX_CONNS/" $CONFIG_PATH # Update autoStart for lsphp update_or_add_config "extprocessor lsphp" "autoStart" "$LSPHP_AUTOSTART" # Step 10: Save the new MD5 hash of the config file ${docker_cmd}md5sum $CONFIG_PATH | awk '{print $1}' > $MD5_FILE # Step 11: Restart OpenLiteSpeed to apply the changes ${docker_cmd}/usr/local/lsws/bin/lswsctrl restart echo "OpenLiteSpeed restarted with updated configuration." exit 0