Configuration

This section outlines various configuration aspects to optimize your web server setup within a control panel environment.

PHP Management

LiteSpeed Web Server integrates seamlessly with Plesk PHP environments. The primary requirement is to set the PHP handler to FastCGI within Plesk. This prevents potential mismatched PHP settings that could arise with other handlers, ensuring smooth operation. By default, LiteSpeed Web Server respects Plesk's PHP settings, requiring no additional configuration. However, if CloudLinux PHP Selector is active and preferred for PHP management, specific additional handlers will need to be configured, as detailed in the CloudLinux PHP Selector section of this guide.

Disable PHP Override

It is possible to disable PHP overrides that might be present in .htaccess files when using LiteSpeed Web Server. Directives such as php_value and php_flag are commonly used in Apache configurations or .htaccess files to alter php.ini settings. However, these directives are primarily supported by Apache's mod_php handler, which has been largely superseded by modern handlers like php-fpm, fastcgi, or LSPHP in most control panel systems. As a result, placing php_value or php_flag in an .htaccess file with Apache would typically lead to errors and website malfunctions. For more detailed information on this, you can refer to Plesk's documentation on invalid PHP commands.

Users might encounter one of the following error messages:

500 internal server error
503 Invalid command 'php_flag', perhaps misspelled or defined by a module not included in the server configuration.
The following error can be found in the domain error log in Domains > example.com > Logs:
/var/www/vhosts/example.com/httpdocs/.htaccess: Invalid command 'php_value', perhaps misspelled or defined by a module not included in the server configuration
/var/www/vhosts/example.com/httpdocs/.htaccess: Invalid command 'php_flag', perhaps misspelled or defined by a module not included in the server configuration
/var/www/vhosts/example.com/httpdocs/.htaccess: RewriteRule: bad flag delimiters
/var/www/vhosts/example.com/public_html/.htaccess: Invalid command 'suPHP_ConfigPath', perhaps misspelled or defined by a module not included in the server configuration.

Notably, LiteSpeed Web Server, utilizing LSPHP, offers greater tolerance for these PHP overrides compared to Apache, preventing common 500 errors. However, for situations where you wish to disable PHP overrides in .htaccess even with LiteSpeed Web Server, a dedicated Apache directive, DisablePhpOverride htaccess, can be applied at the server level within the httpd.conf file. For example, on a Plesk system, create a file named DisablePhpOverrideLiteSpeed.conf in the following directory, depending upon your operating system:

/etc/apache2/conf-enabled

This DisablePhpOverrideLiteSpeed.conf file should contain the following directive:

<IfModule LiteSpeed>
  DisablePhpOverride htaccess
</IfModule>

Customized Configuration

Beginning with LiteSpeed Web Server version 5.3, PHP versions are automatically detected, streamlining the setup process. Manual configuration of external PHP applications is generally no longer necessary, as Plesk now serves as the primary and preferred PHP manager. Nevertheless, for specific scenarios requiring a highly customized configuration for a particular PHP version, it may still be necessary to manually create and configure the external application. You can create lsphpXX instances (e.g., lsphp70, lsphp71, lsphp72, etc.) individually from the LiteSpeed Web Server Admin Console. Simply modify the Name, Address, and Command settings to correspond with the specific PHP version you intend to configure.

Alternatively, if you prefer command-line configuration over the graphical user interface, you can directly edit the LiteSpeed Web Server configuration file (typically located at /usr/local/lsws/conf/httpd_config.xml) by adding the following entries to the <extProcessorList>...</extProcessorList> section:

  <extProcessor>
    <type>lsapi</type>
    <name>lsphp70</name>
    <address>uds://tmp/lshttpd/lsphp70.sock</address>
    <maxConns>35</maxConns>
    <env>PHP_LSAPI_MAX_REQUESTS=5000</env>
    <env>PHP_LSAPI_CHILDREN=35</env>
    <initTimeout>60</initTimeout>
    <retryTimeout>0</retryTimeout>
    <persistConn>1</persistConn>
    <respBuffer>0</respBuffer>
    <autoStart>1</autoStart>
    <path>/opt/plesk/php/7.0/bin/lsphp</path>
    <backlog>100</backlog>
    <instances>1</instances>
    <extMaxIdleTime>10</extMaxIdleTime>
    <priority>0</priority>
    <memSoftLimit>2048M</memSoftLimit>
    <memHardLimit>2048M</memHardLimit>
    <procSoftLimit>400</procSoftLimit>
    <procHardLimit>500</procHardLimit>
  </extProcessor>
  <extProcessor>
    <type>lsapi</type>
    <name>lsphp71</name>
    <address>uds://tmp/lshttpd/lsphp71.sock</address>
    <maxConns>35</maxConns>
    <env>PHP_LSAPI_MAX_REQUESTS=5000</env>
    <env>PHP_LSAPI_CHILDREN=35</env>
    <initTimeout>60</initTimeout>
    <retryTimeout>0</retryTimeout>
    <persistConn>1</persistConn>
    <respBuffer>0</respBuffer>
    <autoStart>1</autoStart>
    <path>/opt/plesk/php/7.1/bin/lsphp</path>
    <backlog>100</backlog>
    <instances>1</instances>
    <extMaxIdleTime>10</extMaxIdleTime>
    <priority>0</priority>
    <memSoftLimit>2048M</memSoftLimit>
    <memHardLimit>2048M</memHardLimit>
    <procSoftLimit>400</procSoftLimit>
    <procHardLimit>500</procHardLimit>
  </extProcessor>
  <extProcessor>
    <type>lsapi</type>
    <name>lsphp72</name>
    <address>uds://tmp/lshttpd/lsphp72.sock</address>
    <maxConns>35</maxConns>
    <env>PHP_LSAPI_MAX_REQUESTS=5000</env>
    <env>PHP_LSAPI_CHILDREN=35</env>
    <initTimeout>60</initTimeout>
    <retryTimeout>0</retryTimeout>
    <persistConn>1</persistConn>
    <respBuffer>0</respBuffer>
    <autoStart>1</autoStart>
    <path>/opt/plesk/php/7.2/bin/lsphp</path>
    <extMaxIdleTime>10</extMaxIdleTime>
    <memSoftLimit>2048M</memSoftLimit>
    <memHardLimit>2048M</memHardLimit>
    <procSoftLimit>400</procSoftLimit>
    <procHardLimit>500</procHardLimit>
  </extProcessor>
  <extProcessor>
    <type>lsapi</type>
    <name>lsphp73</name>
    <address>uds://tmp/lshttpd/lsphp73.sock</address>
    <maxConns>35</maxConns>
    <env>PHP_LSAPI_MAX_REQUESTS=5000</env>
    <env>PHP_LSAPI_CHILDREN=35</env>
    <initTimeout>60</initTimeout>
    <retryTimeout>0</retryTimeout>
    <persistConn>1</persistConn>
    <respBuffer>0</respBuffer>
    <autoStart>1</autoStart>
    <path>/opt/plesk/php/7.3/bin/lsphp</path>
    <extMaxIdleTime>10</extMaxIdleTime>
    <memSoftLimit>2048M</memSoftLimit>
    <memHardLimit>2048M</memHardLimit>
    <procSoftLimit>400</procSoftLimit>
    <procHardLimit>500</procHardLimit>
  </extProcessor>
  <extProcessor>
    <type>lsapi</type>
    <name>lsphp74</name>
    <address>uds://tmp/lshttpd/lsphp74.sock</address>
    <maxConns>35</maxConns>
    <env>PHP_LSAPI_MAX_REQUESTS=5000</env>
    <env>PHP_LSAPI_CHILDREN=35</env>
    <initTimeout>60</initTimeout>
    <retryTimeout>0</retryTimeout>
    <persistConn>1</persistConn>
    <respBuffer>0</respBuffer>
    <autoStart>1</autoStart>
    <path>/opt/plesk/php/7.4/bin/lsphp</path>
    <extMaxIdleTime>10</extMaxIdleTime>
    <memSoftLimit>2048M</memSoftLimit>
    <memHardLimit>2048M</memHardLimit>
    <procSoftLimit>400</procSoftLimit>
    <procHardLimit>500</procHardLimit>
  </extProcessor>

Per-domain php.ini

LiteSpeed Web Server can leverage Plesk's capability to enable per-domain php.ini configurations, a feature originally designed for Apache environments. This functionality allows each domain, including its subdomains (e.g., sub1.example.com, sub2.example.com), to load its own distinct php.ini file directly from its document root. This provides granular control over PHP settings for individual websites.

Example

With per-domain php.ini enabled, if you modify the PHP settings for the main example.com domain and subsequently check the phpinfo() page, the path displayed for the loaded configuration file will be /var/www/vhosts/system/example.com/etc/php.ini. Similarly, updating PHP settings for sub1.example.com and checking its phpinfo() will show the path as /var/www/vhosts/system/sub1.example.com/etc/php.ini, and so forth for other subdomains.

By default, LiteSpeed Web Server does not enable per-domain php.ini. In this default scenario, the phpinfo() output for example.com and all its subdomains would consistently display the loaded configuration file as /var/www/vhosts/system/example.com/etc/php.ini. This means that if any PHP setting for any of these domains is updated, only the main domain's php.ini will reflect the changes. Consequently, PHP settings applied to individual domains might be ignored, and a single php.ini is effectively used across the entire subscription, with only the most recently updated domain's PHP settings taking precedence. As anticipated, LiteSpeed Web Server typically assigns one PHP handler per account (subscription) by default, leading to all domains sharing the same handler (a detached worker group).

While enabling per-domain php.ini offers granular control, it's important to note that this approach can be less efficient from a resource perspective, as each domain effectively requires its own PHP handler instance. You can enable per-domain php.ini through manual configuration by editing /usr/local/lsws/conf/httpd_config.xml. Locate the <phpConfig> section and add the following directive:

  <phpAppByDomain>1</phpAppByDomain>

After making this change, restart LiteSpeed Web Server and execute the pkill lsphp command to ensure the new settings are fully applied.

CloudLinux PHP Selector Integration

When the CloudLinux PHP Selector is active alongside Plesk's native PHP settings, determining which PHP version management system is truly in effect can sometimes be confusing. LiteSpeed Web Server automatically honors Plesk's PHP selection without additional configuration. Therefore, if you intend to utilize the CloudLinux PHP Selector, you will need to implement a few adjustments:

• Set up an extra handler for LiteSpeed Web Server, which will redirect Plesk PHP versions (excluding alt-phpxx versions) to CloudLinux.
• In Plesk's PHP settings, specifically choose a non-alt-php version.

These combined actions will ensure that the CloudLinux PHP Selector becomes the active PHP management system.

Set up Extra Handler

To configure the extra handler, navigate to the LiteSpeed Web Server WebAdmin Console > Server > PHP > Add PHP Handlers and apply the following settings:

• Handler ID: php
• Command: /var/www/cgi-bin/cgi_wrapper/cloudlinux_wrapper
• Handled Suffixes: php, php54, php55, php56, php70, php71, php72, php73, php74

The above configuration will force the specified Plesk PHP versions to utilize the CloudLinux PHP selector, ensuring consistent PHP environment management.

If you prefer, you can directly edit LiteSpeed Web Server's configuration file. Open vi /usr/local/lsws/conf/httpd_config.xml and add the following code within the <phpConfig> ... </phpConfig> tags:

<phpHandler>
  <id>php</id>
  <command>/var/www/cgi-bin/cgi_wrapper/cloudlinux_wrapper</command>
  <suffixes>php, php54, php55, php56, php70, php71, php72, php73, php74</suffixes>
</phpHandler>

Choose Plesk PHP

Once the custom handler has been successfully created, proceed to Plesk's PHP settings. From there, select any PHP version that is not designated as an alt-php version (i.e., choose one of the versions you listed in the newly created PHP handler). This selection is critical to ensure that the CloudLinux PHP selector is properly activated and utilized for managing your PHP environments.

LiteSpeed Cache

The LSCache plugin can be efficiently mass-installed across all WordPress installations on your server through the dedicated LiteSpeed Plesk Extension. After installing the LiteSpeed Plesk Extension, you might initially encounter a "No Cache Management data file found" message, as shown below:

Set Cache Root

To resolve the "No Cache Management data file found" message and begin configuring caching, click on the Manage Cache Installations option within the extension interface.

On the subsequent screen, you will need to click Set Missing Cache Roots. This action will automatically configure the necessary cache directories for your WordPress installations.

Scan and Enable

After successfully setting up the cache root directories, return to the main page of the extension and click Manage Cache Installations once more. The next crucial step involves scanning your server for existing WordPress installations to then install the LiteSpeed Cache for WordPress (LSCWP) plugin on them. Before initiating the scan, you will be prompted to select the specific version of the LSCache plugin you wish to install.

It is generally recommended to choose the latest available version of the plugin to benefit from the most recent features, performance enhancements, and security updates.

The scanning process may take some time, with the duration depending directly on the total number of websites hosted on your server. Please allow it to complete without interruption.

Once the scan is complete, you will be presented with a list of all discovered WordPress sites, allowing you to manage them efficiently. For future scans, you can utilize the Discover New button, which intelligently identifies only those sites that have not been previously scanned, saving considerable time. At this stage, you have the flexibility to either enable the LiteSpeed Cache Plugin for WordPress individually for each site or perform a bulk activation across multiple selected sites simultaneously.

Upon successful activation of the LSCWP plugin, a distinct green light symbol will appear in the Cache Status column, indicating that caching is active for that particular site.

To verify that a site is indeed being cached, you can inspect its response headers for the presence of x-litespeed-cache: hit. This header serves as a definitive confirmation that the caching mechanism is fully operational.

QUIC Protocol Configuration

QUIC connections rely on UDP port 443. It is crucial to ensure that this port is open in your firewall configuration to allow QUIC traffic, thereby enabling faster and more efficient communication and taking full advantage of this modern transport protocol.

HTTP/2 and HTTP/3 via Apache Configuration

Various protocols can be enabled or disabled within the httpd.conf file by utilizing the SpdyEnabled directive, allowing fine-grained control over your server's communication methods. This directive empowers administrators to tailor protocol support to their specific needs.

Example

To disable all protocols, you would use the following configuration:

<IfModule LiteSpeed>
  SpdyEnabled off
</IfModule>

Example

To enable only HTTP/2 and HTTP/3 protocols while disabling all others, use this configuration:

<IfModule LiteSpeed>
  SpdyEnabled http2 http3
</IfModule>

By default, HTTP protocols are enabled, while SPDY protocols are disabled. It is important to exercise caution when using this directive to avoid inadvertently disabling protocols that are intended for active use, as an explicit selection will disable all others. For instance, setting SpdyEnabled http2 will enable HTTP/2, but will simultaneously disable SPDY/2, SPDY/3, and HTTP/3. Always double-check your desired protocol settings.

Cache Redis for Users

The 'Cache Redis for Users' feature facilitates the installation and activation of a dedicated Redis instance for each user requiring object caching. This functionality is specifically designed for environments that employ a sandboxed or caged system, such as CloudLinux or LiteSpeed Containers, ensuring isolated and secure caching for each user. This provides an enhanced level of performance and data separation.

This page displays a comprehensive list of all users present on your system. As indicated on the screen, this feature is specifically intended for caged environments like CloudLinux or LiteSpeed Containers. For detailed information on configuring these environments:

• CloudLinux: Details on enabling a caged environment can be found in the CloudLinux documentation, specifically within the sections pertaining to cPanel integration.
• LiteSpeed Containers: Information on activating LiteSpeed Containers is available in the Namespace Containers documentation.

When enabled, this feature installs a Redis Service for each user, consuming some memory and disk space within their home directory. It operates in conjunction with the caching plugin's configuration. To install a Redis service for a specific user, click the enable icon located on that user's row:

Service MB: Each user receives their own independent Redis instance, and you can specify the size of this instance in megabytes (MB). The size can range from 1 to 1024 MB, with a default allocation of 64 MB. While a cPanel user can enable or disable the service via the plugin interface, the initial activation and size allocation must be performed here. To modify the allocated memory, the service must first be disabled, the new size specified, and then re-enabled.

Once the Redis Service has been successfully installed, the screen will refresh, and the enable icon for that user will appear disabled, indicating the service is active. To remove the Redis service for a particular user, simply click the disable icon on that user's row:

The buttons displayed below the table will dynamically change based on the checkboxes selected and the current state of the Redis service for each user. When you check a box, only other users with the exact same service state can also be checked, facilitating batch operations.

• Disable: This action is equivalent to pressing the disable icon for each user whose checkbox is selected.
• Enable: This action is equivalent to pressing the enable icon for each selected user that does not yet have a Redis service configured.
• Flush All Users: This command sends a Redis flushall instruction to all active Redis services, effectively clearing their entire cache.
• Flush: This command sends a Redis flushall instruction specifically to the active Redis services of the users whose checkboxes are selected, clearing their respective caches.

Optional Redis Config File: You have the option to specify a file containing custom Redis configuration parameters. We recommend naming this file /usr/local/lsws/lsns/conf/redis.conf. The contents are often straightforward, such as:

maxmemory-policy allkeys-lru

Update: Pressing this button will apply the configuration defined in the Optional Redis Config File to your service definitions. When this button is pressed, all managed Redis services will be restarted to ensure the new configuration is properly applied.

How it works

The Redis service is instantiated specifically for each user, with its socket located within the user's home directory. Within CloudLinux environments, the Redis socket is typically located at $HOME/.cagefs/tmp/redis.sock, whereas for LiteSpeed Containers, it resides in $HOME/.lsns/tmp/redis.sock. Due to the nature of these caged environments, these directories are symlinked or mounted to /tmp for the user, providing a consistent and accessible socket path of /tmp/redis.sock across all users.

For LiteSpeed Containers, the troubleshooting section of the documentation provides valuable steps to assist in diagnosing and resolving any caging-related issues. Similarly, CloudLinux offers a variety of tools designed to help administrators identify and address caging issues effectively.

Packages for Redis Service Management

In the Redis Service Users screen, you will notice a column labeled Package. In a Plesk context, this column represents service plans. By organizing your users into distinct service plans, you gain the ability to enable and disable all users within a particular service plan simultaneously using the Redis Package Manager. A significant advantage of using packages is that as new users are added to service plans, corresponding Redis services will be automatically provisioned for them. To access and manage packages, click the Redis Package Manager icon.

On this screen, the Package column indicates the service plan name, while the UIDs column displays a count of User IDs within that service plan, along with up to three example UID numbers. Default Size specifies the size in MB that will be allocated for the Redis service upon activation. The Action column presents the available actions, which, similar to the Redis Service User screen, will change based on the current state of the Redis package definition.

To configure a package, enter a Default Size for the Redis instance within that package and then click the Set Package Default icon:

Subsequently, to activate the Redis services for all users within that package, click the Enable All Users icon:

If you have previously disabled Redis for one or more users manually, this same icon will be displayed, but its label will change to Enable Pending Users. Clicking this icon will activate the services for all users who were manually disabled. Once enabled, you can disable all users within the package by clicking the Disable All Users icon:

Finally, to completely remove the configuration definition for a specific package, you can click the Remove Package Default icon:

Configuring Cache to Use Redis

To leverage the Redis feature for object caching, you must configure it within the LiteSpeed WordPress Cache admin panel. Navigate to Plesk > Customers > Domain > Login > LiteSpeed Cache > Cache > Object and apply the following settings:

• Object Cache On. Ensure the Status block prominently displays Redis Extension: Enabled. If it indicates Disabled, you will need to install the Redis Extension; consult the Plesk documentation for instructions on this process.
• Method: Set this to Redis.
• Host: Enter /tmp/redis.sock.
• Port: Set this value to 0.

Once these settings are configured, click the Save Changes button. Further details on configuring the caching plugin for WordPress can be found in the LiteSpeed Cache for WordPress documentation, specifically within the 'Object' tab section.

Monitoring Redis

Administrators may wish to monitor the performance and resource utilization of Redis for a particular user, for example, to check memory usage. This can be accomplished using the redis-cli program from the command line.

For instance, to monitor Redis for a user named USER within a CloudLinux environment, execute the following command:

redis-cli -s /var/www/vhosts/USER/.cagefs/tmp/redis.sock info memory

This command connects to the local /tmp directory socket, which is created by the LiteSpeed Redis Service, and then executes the `info memory` CLI command to retrieve detailed memory statistics. As previously discussed, it is advisable to configure the memory policy to ensure Redis utilizes only the necessary amount of memory, preventing excessive resource consumption.

Command Line Interface for Redis Management

For scenarios involving the deployment of a large number of Redis installations for LiteSpeed, relying solely on the Plesk PlugIn panels might prove cumbersome. To streamline this process, a powerful command-line interface (CLI) is provided. This CLI is also invaluable for installing systems where graphical panel usage may present challenges. The CLI utility is accessed via the program:

/opt/psa/admin/sbin/modules/litespeed/redis_user_action.sh

This program must be executed with root privileges and offers nearly all the functionalities available through the Cache Redis panels. Should an error occur during execution, the program will return a non-zero exit code. The usage of this program begins with the first parameter, which specifies an action. Subsequent parameters will vary depending on the action specified.

TLS Security Enhancements

To bolster the security posture of your control panel installations, you can enable TLS 1.3 and simultaneously disable weaker cipher suites, adhering to modern security best practices. By default, Plesk configurations enable TLS 1.0, TLS 1.1, and TLS 1.2. This guide will walk you through the process of enabling the more secure TLS 1.3 protocol. This guide's instructions have been developed and verified on a control panel version 17.8 running CentOS 7.5. For Debian/Ubuntu-based control panel installations, the relevant configuration files are typically located in /etc/apache2/mods-available/ssl.conf.

As with all modifications to Apache configuration files, it is imperative to restart the server after making the adjustments detailed below. Restart the server using the following command:

Enable TLS 1.3

Edit the file located at /etc/httpd/conf.d/ssl.conf. Locate the following lines and comment them out (you can use the # symbol to do so):

<IfModule mod_ssl.c>
  SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
  SSLCipherSuite HIGH:!aNULL:!MD5
</IfModule>

Replace the commented-out section with the following configuration to enable TLS 1.1, TLS 1.2, and TLS 1.3:

<IfModule LiteSpeed>
  SSLProtocol TLSv1.1 TLSv1.2 TLSv1.3
  SSLCipherSuite HIGH:!aNULL:!MD5
</IfModule>

If your security requirements dictate disabling TLS 1.1 as well, then modify the SSLProtocol line to:

SSLProtocol TLSv1.2 TLSv1.3

Disable Weak Cipher Suites (Optional)

By default, Plesk configurations may include some cipher suites that are considered weak by modern security standards. If you wish to disable these to enhance security, locate the following line in your configuration:

SSLCipherSuite HIGH:!aNULL:!MD5

And replace it with a more robust set of cipher suites, such as:

SSLCipherSuite TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Be aware that implementing a stricter cipher suite may potentially lead to an increased CPU load on your server. Comprehensive testing of your SSL configuration can be performed through online tools like SSL Labs to ensure optimal security and compatibility.

OCSP Stapling

Online Certificate Status Protocol (OCSP) provides a more efficient alternative to the Certificate Revocation List (CRL) protocol for verifying the revocation status of an SSL Certificate. OCSP significantly improves upon CRL by allowing the server to directly query an OCSP responder and then cache the response, reducing the overhead for clients. To implement OCSP stapling, the following requirements must be met:

• A valid, non-self-signed SSL Certificate must be installed.
• Port 443 must be enabled in your firewall for HTTPS traffic.

Enable OCSP

Currently, OCSP stapling is not enabled by default in the control panel, despite being a long-standing feature request from users seeking enhanced security and performance. As a workaround, create a file named lsocsp.conf and place it in the appropriate directory based on your operating system:

• For CentOS, use the /etc/httpd/conf.d/ directory.
• For Debian, use the /etc/apache2/conf.d/ directory.
• For Ubuntu and Debian 11, use the /etc/apache2/conf-enabled directory.

This lsocsp.conf file should contain the following configuration:

<IfModule Litespeed>
  SSLStaplingCache shmcb:/var/run/ocsp(128000)
  SSLUseStapling on
</IfModule>

Remember to restart LiteSpeed Web Server after making these changes for them to take effect.

Verify OCSP is Working

There are three reliable methods to confirm that OCSP stapling is functioning correctly on your server.

• METHOD 1: Visit SSL Labs, run a comprehensive SSL test for your domain, and then search the results specifically for "OCSP stapling" to check its status.
• METHOD 2: Inspect the /dev/shm/lsws/ocspcache/ directory. If files have been created within this directory, it indicates that your OCSP stapling mechanism is actively working and caching responses.
• METHOD 3: Utilize the openssl command-line tool. Execute the following command:

  openssl s_client -connect Your_Domain:443 -status | grep "OCSP Response Status"

  If OCSP stapling is correctly configured, the output will show "ok". Additionally, within the OCSP Response Data section, the OCSP Response Status should be displayed as "successful".

The OCSP response is typically cached for a duration of one day. Should you migrate to a different SSL certificate provider and observe a stale cached OCSP response for a domain, it is safe to remove the individual cache files within the OCSP cache folder. However, it is crucial not to delete the folder itself, as it is required for ongoing caching operations.

WebAdmin Console Access

The LiteSpeed WebAdmin Console, which provides administrative access to the web server, utilizes port 7088, differing from the default 7080, particularly in a Plesk control panel environment. It is essential to verify your firewall configuration to confirm that port 7088 has been properly enabled. Once the port is open, you should be able to access the WebAdmin Console securely via https://SERVER_IP:7088.

Plesk Login Page Customization

It is possible to configure the Plesk control panel login page to function without requiring a specific port number in the URL. For example, an address like https://192.0.2.0:8443 can be transformed into a cleaner, more user-friendly https://example.com. To achieve this, you will need to create a virtual host (vhost) within Plesk. Subsequently, place the following rewrite rule within its .htaccess file:

RewriteRule ^(.*)$ https://127.0.0.1:8443/$1 [P,L]

Disable Apache Fallback

LiteSpeed Web Server requires a valid license to operate correctly. Consequently, if a valid license cannot be verified, the web server is designed to automatically revert to Apache, its fallback server, to minimize service disruption and ensure continued website availability. However, starting with version 6.2.2 of the LiteSpeed Web Server software, this automatic fallback behavior can be overridden. To do this, create an empty file named .stay_with_lsws in the /usr/local/lsws/admin/tmp/ directory, as shown:

touch /usr/local/lsws/admin/tmp/.stay_with_lsws

If the web server fails to detect a valid license and this specific file is present, the server will intentionally not switch to Apache. In such a scenario, all websites hosted on the server will become inaccessible to users, emphasizing the critical importance of a valid and active license.