Skip to content

Deployment Overview of OpenLiteSpeed Node.js on Server

Prerequisites and Basic Requirements

The deployment of OpenLiteSpeed with Node.js support requires a Linux server running a Debian-based distribution (such as Ubuntu). The following prerequisites must be met before initiating the installation:

  • Operating System: Debian or Ubuntu.

  • Privileges: Root access or a user with sudo privileges is required to install system packages, manage services, and configure Docker.

  • Domain: A valid domain name is required for SSL certificate issuance via Certbot. The system is configured to use the hostkey.in zone.

  • Ports:

  • Port 80 (HTTP) for initial access and Let's Encrypt challenge validation.

  • Port 443 (HTTPS) for secure access to the Nginx reverse proxy.

  • Port 7080 (Internal) for OpenLiteSpeed WebAdmin interface.

FQDN of the Final Panel

The application panel is accessible via the Fully Qualified Domain Name (FQDN) constructed using the server ID. The format is as follows:

openlitespeed-nodejs<Server ID>.hostkey.in:443

Replace <Server ID> with the actual identifier assigned to your server instance.

File and Directory Structure

The deployment utilizes specific directories for configuration files, data storage, and certificates. The structure is organized as follows:

  • Nginx Configuration:

  • /root/nginx: Contains the Docker Compose file (compose.yml) for the Nginx and Certbot stack.

  • /data/nginx/user_conf.d: Stores individual Nginx virtual host configurations.

  • /data/nginx/letsencrypt/.well-known/acme-challenge: Directory for Let's Encrypt HTTP challenge validation.

  • /data/nginx/nginx-certbot.env: Environment variables for the Nginx/Certbot container, including renewal intervals.

  • OpenLiteSpeed Configuration:

  • /usr/local/lsws: Default installation directory for OpenLiteSpeed binaries and configuration files.

  • /usr/local/lsws/admin/misc/admpass.sh: Script used to set WebAdmin credentials.

  • Docker Configuration:

  • /etc/docker/daemon.json: Docker daemon configuration file, including registry mirrors and storage drivers.

  • /var/lib/docker: Default Docker data directory.

  • /var/lib/containerd: Containerd data directory.

  • SSL Certificates:

  • /etc/letsencrypt: Managed by Docker volumes (nginx_secrets), containing issued SSL certificates.

Application Installation Process

The installation process involves setting up OpenLiteSpeed, Node.js, and a Docker-based Nginx reverse proxy with Certbot integration.

  1. Install Prerequisites:

  2. Install curl, wget, gnupg, ca-certificates, lsb-release, and python3-pexpect.

  3. Install OpenLiteSpeed:

  4. Add the LiteSpeed repository using the official setup script.

  5. Install the openlitespeed package.

  6. Start and enable the lsws service.

  7. Install Node.js:

  8. Add the NodeSource repository for Node.js 20.x.

  9. Install the nodejs package.

  10. Configure OpenLiteSpeed WebAdmin:

  11. Set the WebAdmin username to admin.

  12. Set the password using the variable password_litespeed_web.

  13. Install Docker:

  14. Add the Docker GPG key and repository.

  15. Install docker-ce, docker-ce-cli, containerd.io, docker-buildx-plugin, and docker-compose-plugin.

  16. Ensure containerd and docker services are running and enabled.

  17. Deploy Nginx and Certbot:

  18. Create necessary directories for Nginx configuration and Let's Encrypt challenges.

  19. Generate the Docker Compose file at /root/nginx/compose.yml.

  20. Deploy the Nginx virtual host configuration for OpenLiteSpeed WebAdmin.

  21. Start the Nginx and Certbot stack using docker compose up -d.

Access Rights and Security

Security measures are implemented through firewall rules, user permissions, and SSL encryption.

  • Firewall: Ensure that ports 80 and 443 are open to allow external access. Port 7080 is accessible internally via the Nginx proxy.

  • SSL Encryption: All external traffic is redirected from HTTP (port 80) to HTTPS (port 443). SSL certificates are managed automatically by Certbot.

  • WebAdmin Access: The OpenLiteSpeed WebAdmin interface is protected by a username and password. Access is proxied through Nginx, ensuring that direct access to port 7080 is not exposed externally.

Databases

This deployment does not include a database component. The application stack consists of OpenLiteSpeed, Node.js, and Nginx. If a database is required, it must be installed and configured separately.

Docker Containers and Their Deployment

The Nginx reverse proxy and Certbot are deployed using Docker Compose. The configuration is defined in /root/nginx/compose.yml.

  • Image: jonasal/nginx-certbot:latest

  • Restart Policy: unless-stopped

  • Network Mode: host

  • Volumes:

  • nginx_secrets: External volume for Let's Encrypt certificates.

  • /data/nginx/user_conf.d: Mounted to /etc/nginx/user_conf.d for virtual host configurations.

  • /data/nginx/letsencrypt: Mounted to /var/www/letsencrypt for ACME challenges.

To manage the Docker stack, use the following commands:

cd /root/nginx
docker compose up -d
docker compose down

Proxy Servers

Nginx acts as a reverse proxy for the OpenLiteSpeed WebAdmin interface. The configuration is stored in /data/nginx/user_conf.d/openlitespeed-nodejs<Server ID>.hostkey.in.conf.

  • HTTP to HTTPS Redirect: All HTTP traffic on port 80 is redirected to HTTPS on port 443.

  • SSL Configuration:

  • Certificate: /etc/letsencrypt/live/<FQDN>/fullchain.pem

  • Private Key: /etc/letsencrypt/live/<FQDN>/privkey.pem

  • Trusted Certificate: /etc/letsencrypt/live/<FQDN>/chain.pem

  • DH Parameters: /etc/letsencrypt/dhparams/dhparam.pem

  • Proxy Settings:

  • Backend: https://127.0.0.1:7080

  • SSL Verification: Disabled (proxy_ssl_verify off)

  • Headers: Host, X-Forwarded-Host, X-Forwarded-Server, X-Real-IP, X-Forwarded-For, X-Forwarded-Proto, X-Forwarded-Port are passed to the backend.

  • WebSocket Support: Enabled via Upgrade and Connection headers.

Permission Settings

File and directory permissions are set to ensure secure access and proper functionality.

  • Nginx Directories:

  • /root/nginx: Owned by root:root with mode 0755.

  • /data/nginx/letsencrypt/.well-known/acme-challenge: Owned by root:root with mode 0755.

  • /data/nginx/nginx-certbot.env: Owned by root:root with mode 0644.

  • Configuration Files:

  • /root/nginx/compose.yml: Owned by root:root with mode 0644.

  • /data/nginx/user_conf.d/*.conf: Owned by root:root with mode 0644.

  • /etc/docker/daemon.json: Owned by root:root with mode 0644.

Location of Configuration Files and Data

  • OpenLiteSpeed:

  • Configuration: /usr/local/lsws/conf/

  • Logs: /usr/local/lsws/logs/

  • Nginx:

  • Docker Compose: /root/nginx/compose.yml

  • Virtual Hosts: /data/nginx/user_conf.d/

  • Environment Variables: /data/nginx/nginx-certbot.env

  • Docker:

  • Daemon Config: /etc/docker/daemon.json

  • Data: /var/lib/docker/ and /var/lib/containerd/

  • SSL Certificates:

  • Managed by Docker volume nginx_secrets, mapped to /etc/letsencrypt inside the container.

Available Ports for Connection

  • Port 80: HTTP access, redirected to HTTPS.

  • Port 443: HTTPS access to the Nginx reverse proxy.

  • Port 7080: Internal port for OpenLiteSpeed WebAdmin, accessible only via the Nginx proxy.

Starting, Stopping, and Updating

OpenLiteSpeed Service

Manage the OpenLiteSpeed service using the following commands:

systemctl start lsws
systemctl stop lsws
systemctl restart lsws
systemctl enable lsws

Docker Nginx Stack

Manage the Nginx and Certbot Docker stack using the following commands:

cd /root/nginx
docker compose up -d
docker compose down
docker compose pull
docker compose up -d

Updating Node.js

To update Node.js, use the package manager:

apt update
apt upgrade nodejs

Updating OpenLiteSpeed

To update OpenLiteSpeed, use the package manager:

apt update
apt upgrade openlitespeed
question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×