There are system level and process level file descriptor limits in UNIX like operating systems. LiteSpeed server only uses a small number of server processes to serve all clients and each request may need up to 4 file descriptors. Therefore, the maximum number of concurrent requests that the server can handle could be constrained by the process level file descriptor limit. It is important to set this limit to a high value.

If the server is started by root user, it will try to adjust this limit automatically based on server configuration when this limit is too low. Otherwise, this limit has to be manually adjusted with root privilege.

Use ulimit -a to check current setting of per process file descriptor limit. You need root privilege to change this limit. You may want to put this setting in your startup scripts in order to automatically set the limit after rebooting the machine.

• Linux kernels:

Check the system level limit for open files:
   more /proc/sys/fs/file-max
If it looks low, increase the limit by:
   echo 40000 > /proc/sys/fs/file-max
For kernel 2.2.x, you also need:
   echo 65535 > /proc/sys/fs/inode-max
Then increases the current process limit by:
   ulimit -n 10000
Note: Normal user can use ulimit -n xxxx to change the limit of current process, at least in Kernel 2.4.x. But you need to add following lines in /etc/security/limits.conf:
   soft nofile 2048
   hard nofile 8192



• Solaris 2.4+:

The following lines need to be added in /etc/system:
* set hard limit on file descriptors: set rlim_fd_max = XXXX
* set soft limit on file descriptors: set rlim_fd_cur = XXXX



• FreeBSD:

Add the following line in /boot/loader.conf,
set kern.maxfiles=XXXX

1. Setup DNS properly.
   Forward the domain names of your web sites to the IP address used by your web server. This is commonly done by adding an "A" name entry to the DNS zone for the website.
2. Set up in the web administration console:
   1. Create a virtual host for each web site.
   2. Create listeners.
      You can create one listener to listen on all local IP addresses. Or you can create multiple listeners with one listener only listening to one specific IP address.
   3. Assign virtual host mappings.
      Go to listener settings, click "Edit" on Virtual Host Mappings table. Check all virtual hosts that should be mapped, and specify the corresponding Domains.
      Note: your.domain will match both www.your.domain and your.domain. The leading "www." in the domain name will be ignored.

1. Allocate at least one IP address for each web site you plan to host.
   TIP: You can create an IP alias to assign multiple IPs to one network adapter.
2. Configure DNS properly.
   Assign the domain name to its corresponding IP address.
3. Create listeners. You have two choices:
• Create one listener that listens on all IPs and configure virtual host mappings to share one listener as above.
• Another choice is to create one listener for each IP. Assign listener only to the corresponding virtual host with the wild card domain name *.
  Unique SSL private key and certificate can be assigned to each listener, thus each web site can use its own certificate.

• Under Server Tuning configuration:
1. Set Max Request URL Length, Max Request Header Size, Max Request Body Size, Max Dynamic Response Header Size and Max Dynamic Response Body Size to a value that just above what you really need. This will help to reduce memory usage and identify bad requests quickly.
2. Set Connection Timeout around 30;
   set Keep-Alive Timeout around 15 or less;
   set Max Keep-Alive Requests to at least 100.
   This will help to close dead connections as soon as possible and make connections available to other clients.


• Under Server Security configuration:
1. Block the IPs that abuse your web server by listing them in the Access Control - Denied List.
2. Use Per Client Throttling Control to control how many concurrent connections are allowed from one IP address. Once the limit is reached, the web server will close newly accepted connections from that IP address immediately and move on to next pending connection.
   Nowadays, almost all web browsers support persistent connections (multiple requests pipelined through one connection), so the number of connections required is very small. Essentially, one connection is enough. However, some web browsers try to establish additional connections to speed up downloading.
   Therefore, allowing 4 to 10 connections from one IP is recommended. Less than that will probably affect normal web services.
   With this per IP limit, the web server can serve more unique clients. The minimum number of unique clients can be derived from Max Connections divided by max connections per client.
3. Enable IP level throttling:
   Set Outbound Bandwidth greater than 0 (0 will disable throttling). The limit is rounded up to the closest boundary of 4KB/sec units.
   In this way, your limited network bandwidth will not be used up by a couple of clients with fast network connections; more clients will be served.
4. If you server is flooded by hundreds of requests from different IPs but with same URL, you can create a General Context to block access to that URL. The Context URI should match or include that URL and Accessible is set to No.
   For example, if the server is pounded with "/foo/bar.html", then you can add context with exact URI=/foo/bar.html, or set URI=/foo/ to block all URLs that start with "/foo/".

• Enable Compression setting is the overall controller for both static and dynamic content.
• When a request for a static file comes in, the web server first looks for the corresponding gzip compressed version in the same directory where the uncompressed file is located. The compressed file will be used only if it is newer and smaller than the original one. If the compressed file does not exist or out of date, the web server can create/update the gzip compressed file automatically if Auto Update Static File is turned on.
  Because compression is a pretty server intensive, the web server will only compress files with a potentially high compression rate based on following rules:
  the MIME type of the response body is text; the file size is between Min Static File Size and Max Static File Size.
• The web server can perform run-time compression for dynamically generated content as well.
  To turn on compression for dynamic content, both Enable Dynamic Compression and Enable Compression must be set to Yes.
• Compression Level (Static Content) and Compression Level (Dynamic Content) range from 1 (faster compression) to 9 (better compression). You should tune it based on available hardware resources such as memory and CPU cycles.

• Turn off throttling by setting Outbound Bandwidth to 0.
• Set the value of Max Keep-Alive Requests to a big number like 100000.
• Set Max Connections as high as possible.
• Set Connection Soft Limit and Connection Hard Limit to 1000 or higher in Per Client Throttling Control, depending on how many concurrent connections you need from one IP address.
• Set Follow Symbolic Link to Yes and Restrained to No for the testing virtual host

• Using ApacheBench:
ApacheBench is a command line performance-testing tool bundled with Apache httpd. It can simulate hundreds of HTTP/1.0 clients simultaneously accessing same resource on the server.
You can simply run it with command:
ab -n 10000 -c 100 http://localhost:8088/index.html
or you can use keep-alive requests by
ab -n 10000 -c 100 -k http://localhost:8088/index.html
For detailed information, please check Apache document.


• Using Httperf:
You can get httperf from http://www.hpl.hp.com/personal/David_Mosberger/httperf.html.
Httperf uses HTTP/1.1 protocol by default and always use keep-alive requests. It has more command options, for detailed information please refer to its document.
Here is an example:
./httperf --server localhost --port 8088 --uri /index.html --rate 1000 --num-conn 100 --num-call 100 --timeout 50


• Using Autobench:
Autobench is a simple Perl script calling httperf that automates the benchmark process of a web server.
You can get autobench from http://www.xenoclast.org/autobench/For detailed information, please refer to its document.

• Fast CGI and LSAPI applications running on the same machine could be started by the Web Server on demand. We call this type of applications as Local External Applications. Applications that are not started by the Web server are referred as Remote External Applications, even when they are running on the same machine.
  Servlet Engine has to be started manually no matter whether it runs on the same machine or not.
  


• An external application needs to be configured first, then it can be referenced by its name in other places. It is configured under the External Application tab, either at server or virtual host level.
  For all external applications, you must specify Name, Address and Max Connections.
  Name is used to reference this app internally. Address is the socket address used by the application, which web server needs to connect to. Max Connections indicates the maximum concurrent connections that the external application would take. For a local external application, you also need to specify Command, Back Log, Instances and Environment (optional).
  Command is the command that launches the application, optional command parameters can be supplied. Back Log is the queue size of the server socket that it listens to. Instances are the number of copies (instances) that the server will spawn. Environment specifies additional environment variables for the external application.
  


• A Multithreaded external application can process multiple requests concurrently within one process. Therefore it is unnecessary to create multiple instances for that kind of external applications. However, most external applications are not multithreaded and each process can only process one request at the same time. In this case, multiple instances have to be created to increase the level of concurrency.
  Instances can control how many instances (processes) that the web server can spawn. And Max Connections should be set to match the Instances.
  Some single-threaded Fast CGI process itself can fork children processes to handle multiple requests concurrently, such as PHP Fast CGI implementation. For that type of Fast CGI, set Instances to 1 and use Fast CGI's configuration to control how many children processes should be created. For example, PHP use a special Environment variable PHP_FCGI_CHILDREN for this purpose.
  


• External applications cannot be used directly; they have to be configured as either Script Handler or Context handler. When configured as a script handler, the web server will forward a request to it if the request refers to a static file with matching Suffix. When configured as a context handler, the web server will forward a request to it as long as the request's URL matches the Context URI.

• LiteSpeed
• FastCGI

LiteSpeed SAPI is a new PHP SAPI module that communicates with LiteSpeed Web Server based on our LSAPI protocol. LiteSpeed SAPI has similar architecture to the FastCGI SAPI with two major enhancements:

1. upto 50% better performance
2. support for dynamic PHP configuration changes through web server configuration and .htaccess files.

Unlike Apache's mod_php that embeds PHP engine inside web server processes, LiteSpeed web server talks to standalone PHP Engine processes via Fast CGI or LSAPI protocol. A pre-built PHP executable with minimum features configured is installed to [lsws_home]/fcgi-bin/php. If additional features are required, you should replace it with your own customized PHP executable.

PHP support is configured in two steps: 1. adding an external PHP application; 2. adding a script handler using the PHP application just defined in step 1.

PHP application can be defined at server level or virtual host level, application defined at server level is available to all virtual hosts. PHP engine can run on localhost or on a remote machine. When running on local machine, PHP processes can be started by third party FastCGI/LSAPI manager or by the web server itself, the latter is preferred.

Before adding/changing PHP application configuration, you need to know which PHP SAPI is built into the PHP binary. Command: [lsws_home]/fcgi-bin/php -v will display the information. For LiteSpeed SAPI, you should define a LSAPI application, for CGI/FCGI SAPI, you should define a FastCGI application.

After a PHP application is configured, a Script Handler needs to be configured in order to have PHP script handled by the PHP application. The default Suffix for PHP script is set to php; Type is set to either Fast CGI or LiteSpeed API; Handler Name is set to the name of the PHP application. You can specify multiple suffixes in a comma-separated list like php,php4,phtml. Script Handler can be set at server level or virtual host level. Virtual host level setting overrides the server level setting for the same suffix.

There are a few environment variables can be used to customize PHP via LSAPI, for detail information please refer to the README file in php/sapi/litespeed directory.

There are several environment variables can be used to customize the PHP FCGI application:

• PHP_FCGI_CHILDREN=XX

This controls how many child processes the PHP engine process spawns. You can use Instances or this environment variable to control the concurrency of PHP engine. Max Connections setting should be set to the same value as the number of children processes.

• PHP_FCGI_MAX_REQUESTS=XXXX

This controls how many requests each child process will handle before exit. It protects against memory leak inside PHP. Web server needs to reestablish a connection with a new child process. So set it as high as possible to increase the performance.

• FCGI_WEB_SERVER_ADDRS=127.0.0.1,192.168.0.1

This controls who can connect to the PHP engine over the network when TCP socket is used. Only 127.0.0.1 and 192.168.0.1 is allowed in the above example. This option is not necessary when PHP engine run on localhost with proper Address setting. Both Unix domain socket and TCP socket can be used when running on localhost, Unix domain socket is preferred for better performance. If TCP socket has to be used, then let PHP only listen on the local loopback interface by setting Address to localhost:XXXX.

First, you need to download the latest PHP source code. If php/sapi/litespeed/ directory does not exist in the expanded source code tree, you need to download our patch available at http://www.litespeedtech.com/lsapi/

Then, configure PHP with --with-litespeed plus other options you will need. Fast CGI related options --enable-fastcgi--enable-discard-path --disable-path-info-check should not be used together with --with-litespeed.

Build PHP binary with make, you should find an executable called "php" under sapi/litespeed/ directory after the compilation succeeds. Then copy the new binary with command cp php/sapi/litespeed/php lsws/fcgi-bin/lsphp. We recommend renaming php to lsphp in order to distinguish it from FastCGI version of PHP binary.

There are two environment variables that can be tweaked to control the behavior of LiteSpeed PHP.

• PHP_LSAPI_CHILDREN (no default)

In order to handle multiple requests concurrently, LiteSpeed web server can either spawn multiple PHP processes; or spawn one process, and this process will create a number of child processes to handle multiple requests simultaneously. The web server will create PHP processes specified by Instances in LSAPI application configuration. For one PHP process launched by the server, if PHP_LSAPI_CHILDREN is not set, it will not create any child process; if PHP_LSAPI_CHILDREN is set, it will spawn a number of child processes specified by PHP_LSAPI_CHILDREN. Usually, it should match Max Connections configured for the LSAPI application, and both values should not be set over 100 in most cases.



• PHP_LSAPI_MAX_REQUESTS (default value: 500)

This controls how many requests each child process will handle before exit. When one process exits, another will be created. This tuning is necessary because several PHP functions have been identified having memory leaks. If the PHP processes were left around forever, they could become very inefficient.

	if (env_path_info) {
		SG(request_info).request_uri = env_path_info;
	} else {
		SG(request_info).request_uri = env_script_name;
	} 

        SG(request_info).request_uri = env_script_name; 

1. Define an External Application with Type Web Server. Set Address to the IP address and port used by the backend web server.
2. Two choices:
   
   • Define a Proxy Context with Web Server set to the External Application just defined.
   • Define a Script Handler with Type Web Server, and Handler Name set to the External Application just defined.

1. Install an AJPv13 compatible Servlet engine.

Tomcat 3.x, 4.x and Jetty 4.x support AJPv13 protocol. The AJPv13 compatible connector of the Servlet engine must be enabled. Please refer to respective documents coming with the Servlet engine. Make sure the Servlet engine works properly through their build-in Http Server.


2. Make the web application files available to web server.

If the Servlet engine runs on a different machine, make a local copy of the web application files. Skip this step if the Servlet engine runs on the same machine. Only the specific web application directory is needed, not the whole web-apps/ directory.
If the web application is packed in a war file, you need to expand it. The WEB-INF/web.xml must exist along with the static files and JSP files. The Java class files under WEB-INF/ can be removed.


3. Configure the Servlet engine using web administration console.

Under the External Application tab at server level or virtual host level add a Servlet engine. Make sure the Address matches the AJP setting in Servlet engine.


4. Create a Java Web App Context under Context tab of the virtual host.

The Context URI should match the URI used by the Servlet engine. Set Location to the directory of web application. Select the Servlet Engine just created.


5. Set Script Handler for JSP.

Add a Script Handler for Suffix jsp for the virtual host. Set Type to Servlet Engine and set the Handler Name to the Servlet engine just created.

1. It is recommended to run LiteSpeed web server parallel to Apache first.
2. Change the user and group to the same setting as Apache by running install.sh if the server is started by root.
3. Attention: Since 2.2 release, LSWS can use Apache httpd.conf directly without duplicating vhost configuration in LSWS, you should try that first, for more information, please checkout our Wiki pages.
   Create a virtual host and configure it to the same settings:
   
   • Set the Document Root to the same directory used by Apache (be careful about the permission);
   • Add CGI Context if CGI is used in Apache;
   • Set up PHP or Servlet engine in External Application if needed.
   • Create General Context to match the "Alias" in Apache.
4. Restart web server and test the setup by sending same requests to both servers. After verifying that LiteSpeed web server is working properly, you can stop Apache and change the listener setting to use the TCP port that Apache used.

1. Install OpenSSL if it is not installed already.
2. Create RSA private key for your web server by using command
   openssl genrsa -out server.key 1024
   You can create a Triple-DES encrypted private key file by using
   openssl genrsa -des3 -out server.skey 1024

You need to give a password (pass-phase) for the private key file. You will be prompt for the password when the private key file is used every time.
LiteSpeed web server only support private key files without encryption. You probably think it is not safe for the private key. Well, in theory, it is not as safe as the encrypt version. But in reality, it is impossible to let user input password for the SSL keys whenever the server starts or restarts. Some web server can save the password somehow and automate the pass-phase when the server starts, but it is only as good as the machine is not compromised unless your password is hardware protected. The private key file along with the certificate file should be placed in a directory that is only readable by whom the server running as.
3. If you generated the encrypted key file, the pass-phase can be removed with the following command:
   openssl rsa -in server.skey -out server.key

1. Create your private key.
2. Create the self-signed certificate with the command,
   openssl req -new -x509 -key server.key -out server.crt -days 365
   You will be asked for more information about your organization and web site. Please give correct information. You should give valid domain names of your web site when you are asked for Common Name but not any aliases. To determine the valid domain name, you can use commands such as nslookup, dig or host. For example, if the web site can be accessed via both http://foo.bar and http://www.foo.bar, usually foo.bar is the valid domain name (canonical name), www.foo.bar is an alias; foo.bar should be used for the Common Name.

1. Create your private key.
2. Create the certificate request with command,
   openssl req -new -key server.key -out server.csr
   You will be asked for more information about your organization and web site. Please give correct information. You should give valid domain names of your web site when you are asked for Common Name but not any aliases. To determine the valid domain name, you can use commands such as nslookup, dig or host. For example, if the web site can be accessed via both http://foo.bar and http://www.foo.bar, usually foo.bar is the valid domain name (canonical name), www.foo.bar is an alias; foo.bar should be used for the Common Name.

1. Create a listener with Secure set to Yes. The official port for SSL is 443, but other port can be used too.
2. Click on the newly created listener, then go to the SSL Private Key & Certificate. Then edit the Private Key File and Certificate File.
   Give the path of the SSL private key file and certificate file in the pop-up window. Click "Finish" button to save your changes.
3. You can specify SSL Version and Encryption Level on the same page.
4. Set Virtual Host Mappings in listener General tab. In the pop-up window, select the Virtual Host that you want to access through this listener and input the valid Domains
5. Click "Apply Changes" link below the banner. If the new listener uses Port number less than 1024 click Graceful Restart in Actions, otherwise just click Reload - Server.
6. Test your SSL configuration with your browser by accessing https://your.domain:your_port/. The "s" after "http" at the beginning of the address indicates the browser to use SSL protocol.
If you use a self-signed certificate, the browser will prompt you to accept the certificate. Otherwise the browser will accept the certificate automatically without bothering you.

1. Download the corresponding Microsoft FrontPage Server Extension for your platform from rtr.com, save it to directory lsws/add-ons/frontpage/.
2. run FrontPage installation script as root user:
   lsws/admin/misc/fp_install.sh
3. Restart LSWS with root user account.

• Update Mode: Disabled, Static or Dynamic.
• Working Directory: The directory to be used to save AWStats configuration and statistical results.
• AWStats URI: Where the statistical results can be accessed.
• Site Domain: The main domain name of the virtual host.
• Site Aliases: All possible add-on domains, aliases and IP addresses.
• Update Interval: Hourly or Daily.
• Update Offset: When to start the update.
• Secured Connection: the result is access via HTTP or HTTPS.
• Authentication Realm: To protect the result with authentication.

#!/usr/bin/perl
open LOG, '>> ../logs/pipedaccess.log';
select LOG;
$| = 1;
while (<>)
{
  print LOG $_;
}

• Each web site has it own root directory under /wwwroot directory.
• Web site's root directory is named as its qualified domain name, for example, directory for "www.example.com" is /wwwroot/www.example.com/
• Document root is "html/" sub-directory under the web site's root directory. For "www.example.com", it is /wwwroot/www.example.com/html/
• The directory for CGI scripts is "cgi-bin/" sub-directory under the web site's root directory. For "www.example.com", it is /wwwroot/www.example.com/cgi-bin/

• "Virtual host root" should be set to "/wwwroot/$VH_NAME/"
• "Document Root" should be set to "$VH_ROOT/html/" or "/wwwroot/$VH_NAME/html/", the former is preferred.
• To add a "CGI" context, set "URI" to "/cgi-bin/", set "Path" to "$VH_ROOT/cgi-bin/" or "/wwwroot/$VH_NAME/cgi-bin", the former is preferred.

• Virtual Host Name: This probably the only property need to be set if virtual host root can be somehow determined by it (like naming the directory after it, and the domain name is same as the virtual host name).
• Domain: need to be set when the qualified domain name of the web site is different from "Virtual Host Name".
• Aliases: need to be set if there are aliases for this web site.
• Virtual Host Root: The root directory for a web site, only need to be set when it cannot be determined by "Virtual Host Name".