Example QUIC conf and Port change

[Kartheekdasari]

Hi Team,

I am very new to OLS and I have installed OLS in my Ubuntu machine.

I am planning to change my quic conf in OLS conf file but unable to do. and I am trying to change port also where OLS is running but unable to find a file.

Could you please share example conf file and any info where can i change my listening port?

 

[Kartheekdasari]

root@ubuntu:~# curl -k -v --http3 https://127.0.0.1:7080/
*   Trying 127.0.0.1:7080...
*   Trying 127.0.0.1:7080...
*   Trying 127.0.0.1:7080...
* Connected to 127.0.0.1 (127.0.0.1) port 7080
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=openlitespeed.host; C=US; L=Virtual; O=LiteSpeedCommunity; OU=Testing; ST=NJ; emailAddress=mail@openlitespeed.host; name=openlitespeed; initials=CP; dnQualifier=openlitespeed
*  start date: Sep 13 10:31:24 2023 GMT
*  expire date: Dec 11 10:31:24 2025 GMT
*  issuer: CN=openlitespeed.host; C=US; L=Virtual; O=LiteSpeedCommunity; OU=Testing; ST=NJ; emailAddress=mail@openlitespeed.host; name=openlitespeed; initials=CP; dnQualifier=openlitespeed
*  SSL certificate verify result: self-signed certificate (18), continuing anyway.
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://127.0.0.1:7080/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: 127.0.0.1:7080]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.3.0-DEV]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: 127.0.0.1:7080
> User-Agent: curl/8.3.0-DEV
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< HTTP/2 302
< x-powered-by: PHP/5.6.40
< x-frame-options: SAMEORIGIN
< content-security-policy: frame-ancestors 'self'
< referrer-policy: same-origin
< x-content-type-options: nosniff
< set-cookie: LSUI37FE0C43B84483E0=fd004e4a17ed8f043166ad56ed74278b; path=/; secure; HttpOnly
< expires: Thu, 19 Nov 1981 08:52:00 GMT
< cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< pragma: no-cache
< set-cookie: LSID37FE0C43B84483E0=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
< set-cookie: LSPA37FE0C43B84483E0=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
< set-cookie: LSUI37FE0C43B84483E0=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
< location: /login.php
< content-type: text/html; charset=UTF-8
< content-length: 0
< date: Wed, 13 Sep 2023 10:54:22 GMT
< server: LiteSpeed
< alt-svc: h3=":7080"; ma=2592000, h3-29=":7080"; ma=2592000, h3-Q050=":7080"; ma=2592000, h3-Q046=":7080"; ma=2592000, h3-Q043=":7080"; ma=2592000, quic=":7080"; ma=2592000; v="43,46"
<
* Connection #0 to host 127.0.0.1 left intact

 

[Kartheekdasari]

root@ubuntu:~# netstat -alpn | grep openlitespee
tcp        0      0 0.0.0.0:7080            0.0.0.0:*               LISTEN      179741/openlitespee
tcp        0      0 0.0.0.0:8088            0.0.0.0:*               LISTEN      179741/openlitespee
tcp        0      0 0.0.0.0:8088            0.0.0.0:*               LISTEN      179741/openlitespee
tcp        0      0 0.0.0.0:8088            0.0.0.0:*               LISTEN      179741/openlitespee
tcp        0      0 0.0.0.0:8088            0.0.0.0:*               LISTEN      179741/openlitespee
tcp        0      0 0.0.0.0:8088            0.0.0.0:*               LISTEN      179741/openlitespee
tcp        0      0 0.0.0.0:8088            0.0.0.0:*               LISTEN      179741/openlitespee
tcp        0      0 0.0.0.0:8088            0.0.0.0:*               LISTEN      179741/openlitespee
tcp        0      0 0.0.0.0:8088            0.0.0.0:*               LISTEN      179741/openlitespee
udp        0      0 0.0.0.0:39508           0.0.0.0:*                           179743/openlitespee
udp        0      0 0.0.0.0:7080            0.0.0.0:*                           179741/openlitespee
unix  2      [ ACC ]     STREAM     LISTENING     2228118  179743/openlitespee  /tmp/lshttpd/lsphp.sock
unix  2      [ ACC ]     STREAM     LISTENING     2242125  179741/openlitespee  /usr/local/lsws/cgid/cgid.sock
unix  2      [ ACC ]     STREAM     LISTENING     2242119  179741/openlitespee  /usr/local/lsws/admin/tmp/admin.sock.7125
unix  3      [ ]         DGRAM      CONNECTED     2242127  179741/openlitespee
unix  3      [ ]         STREAM     CONNECTED     2242120  179741/openlitespee
unix  3      [ ]         DGRAM      CONNECTED     2242128  179741/openlitespee
unix  3      [ ]         STREAM     CONNECTED     2242121  179741/openlitespee
root@ubuntu:~#
root@ubuntu:~#
root@ubuntu:~# cat /usr/local/lsws/conf/httpd_config.conf
#
# PLAIN TEXT CONFIGURATION FILE
#

# If not set, will use host name as serverName
serverName
user                             nobody
group                            nogroup
priority                         0
autoRestart                      1
chrootPath                       /
enableChroot                     0
inMemBufSize                     60M
swappingDir                      /tmp/lshttpd/swap
autoFix503                       1
gracefulRestartTimeout           300
mime                             conf/mime.properties
showVersionNumber                0
adminEmails                      root@localhost
indexFiles                       index.html, index.php
disableWebAdmin                  0
statDir /tmp/lshttpd/

errorlog logs/error.log {
        logLevel             DEBUG
        debugLevel           0
        rollingSize          10M
        enableStderrLog      1
}

accessLog logs/access.log {
        rollingSize          10M
        keepDays             30
        compressArchive      0
        logReferer           1
        logUserAgent         1
}

expires {
    enableExpires           1
    expiresByType           image/*=A604800,text/css=A604800,application/x-javascript=A604800,application/javascript=A604800,font/*=A604800,application/x-font-ttf=A604800
}

tuning{
    maxConnections               10000
    maxSSLConnections            10000
    connTimeout                  300
    maxKeepAliveReq              10000
    smartKeepAlive               0
    keepAliveTimeout             5
    sndBufSize                   0
    rcvBufSize                   0
    gzipStaticCompressLevel      6
    gzipMaxFileSize              10M
    eventDispatcher              best
    maxCachedFileSize            4096
    totalInMemCacheSize          20M
    maxMMapFileSize              256K
    totalMMapCacheSize           40M
    useSendfile                  1
    fileETag                     28
    SSLCryptoDevice              null
    maxReqURLLen                 32768
    maxReqHeaderSize             65536
    maxReqBodySize               2047M
    maxDynRespHeaderSize         32768
    maxDynRespSize               2047M
    enableGzipCompress           1
    enableBrCompress             4
    enableDynGzipCompress        1
    gzipCompressLevel            6
    brStaticCompressLevel        6
    compressibleTypes            default
    gzipAutoUpdateStatic         1
    gzipMinFileSize              300

    quicEnable                   1
    quicShmDir                   /dev/shm

}

accessDenyDir{
    dir                  /etc/*
    dir                  /dev/*
    dir                  conf/*
    dir                  admin/conf/*
}

fileAccessControl{
    followSymbolLink                            1
    checkSymbolLink                             0
    requiredPermissionMask                      000
    restrictedPermissionMask                    000
}

perClientConnLimit{
    staticReqPerSec                          0
    dynReqPerSec                             0
    outBandwidth                             0
    inBandwidth                              0
    softLimit                                10000
    hardLimit                                10000
    gracePeriod                              15
    banPeriod                                300
}

CGIRLimit{
    maxCGIInstances                         20
    minUID                                  11
    minGID                                  10
    priority                                0
    CPUSoftLimit                            10
    CPUHardLimit                            50
    memSoftLimit                            2047M
    memHardLimit                            2047M
    procSoftLimit                           400
    procHardLimit                           450
}

accessControl{
        allow                                   ALL
        deny
}

extProcessor lsphp{
    type                            lsapi
    address                         uds://tmp/lshttpd/lsphp.sock
    maxConns                        10
    env                             PHP_LSAPI_CHILDREN=10
    env                             LSAPI_AVOID_FORK=200M
    initTimeout                     60
    retryTimeout                    0
    persistConn                     1
    pcKeepAliveTimeout
    respBuffer                      0
    autoStart                       1
    path                            lsphp74/bin/lsphp
    backlog                         100
    instances                       1
    priority                        0
    memSoftLimit                    0
    memHardLimit                    0
    procSoftLimit                   1400
    procHardLimit                   1500
}

scriptHandler{
    add lsapi:lsphp  php
}

railsDefaults{
    binPath
    railsEnv                 1
    maxConns                 1
    env                      LSAPI_MAX_IDLE=60
    initTimeout              60
    retryTimeout             0
    pcKeepAliveTimeout       60
    respBuffer               0
    backlog                  50
    runOnStartUp             3
    extMaxIdleTime           300
    priority                 3
    memSoftLimit             0
    memHardLimit             0
    procSoftLimit            500
    procHardLimit            600
}

wsgiDefaults{
    binPath
    railsEnv                 1
    maxConns                 5
    env                      LSAPI_MAX_IDLE=60
    initTimeout              60
    retryTimeout             0
    pcKeepAliveTimeout       60
    respBuffer               0
    backlog                  50
    runOnStartUp             3
    extMaxIdleTime           300
    priority                 3
    memSoftLimit             0
    memHardLimit             0
    procSoftLimit            500
    procHardLimit            600
}

nodeDefaults{
    binPath
    railsEnv                 1
    maxConns                 5
    env                      LSAPI_MAX_IDLE=60
    initTimeout              60
    retryTimeout             0
    pcKeepAliveTimeout       60
    respBuffer               0
    backlog                  50
    runOnStartUp             3
    extMaxIdleTime           300
    priority                 3
    memSoftLimit             0
    memHardLimit             0
    procSoftLimit            500
    procHardLimit            600
}

virtualHost Example{
    vhRoot                   Example/
    allowSymbolLink          1
    enableScript             1
    restrained               1
    maxKeepAliveReq
    smartKeepAlive
    setUIDMode               0
    chrootMode               0
    configFile               conf/vhosts/Example/vhconf.conf
}

listener Default{
    address                  *:8088
    secure                   0
    map                      Example *
}

listener Default {
address *:8090
secure 0
map test1.domain.com test1.domain.com
}

listener SSL {
address *:4435
secure 1
keyFile /etc/letsencrypt/live/test.domain.com/privkey.pem
certFile /etc/letsencrypt/live/test.domain.com/fullchain.pem
certChain 1
sslProtocol 24
ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
enableECDHE 1
renegProtection 1
sslSessionCache 1
enableSpdy 15
enableStapling 1
ocspRespMaxAge 86400
map test1.domain.com test1.domain.com
}

vhTemplate centralConfigLog{
    templateFile             conf/templates/ccl.conf
    listeners                Default
}

vhTemplate EasyRailsWithSuEXEC{
    templateFile             conf/templates/rails.conf
    listeners                Default
}

module cache {
    ls_enabled          1

    checkPrivateCache   1
    checkPublicCache    1
    maxCacheObjSize     10000000
    maxStaleAge         200
    qsCache             1
    reqCookieCache      1
    respCookieCache     1
    ignoreReqCacheCtrl  1
    ignoreRespCacheCtrl 0

    enableCache         0
    expireInSeconds     3600
    enablePrivateCache  0
    privateExpireInSeconds 3600

}

root@ubuntu:~#
root@ubuntu:~# curl -k -v --http3 -# -o /tmp/index.html https://127.0.0.1:8443/
*   Trying 127.0.0.1:8443...
* Skipped certificate verification
* Connected to 127.0.0.1 (127.0.0.1) port 8443
* using HTTP/3
* [HTTP/3] [0] OPENED stream for https://127.0.0.1:8443/
* [HTTP/3] [0] [:method: GET]
* [HTTP/3] [0] [:scheme: https]
* [HTTP/3] [0] [:authority: 127.0.0.1:8443]
* [HTTP/3] [0] [:path: /]
* [HTTP/3] [0] [user-agent: curl/8.3.0-DEV]
* [HTTP/3] [0] [accept: */*]
> GET / HTTP/3
> Host: 127.0.0.1:8443
> User-Agent: curl/8.3.0-DEV
> Accept: */*
>
< HTTP/3 200
< server: nginx/1.25.2
< date: Wed, 13 Sep 2023 13:23:03 GMT
< content-type: text/html
< content-length: 10701
< last-modified: Fri, 10 Feb 2023 15:24:53 GMT
< etag: "63e661c5-29cd"
< alt-svc: h3=":8443"; ma=86400
< x-protocol: HTTP/3.0
< accept-ranges: bytes
<
{ [10701 bytes data]
################################################################################################################################ 100.0%* Connection #0 to host 127.0.0.1 left intact

root@ubuntu:~#

 

[Kartheekdasari]

Am I missing anything here in configuration

 

[Cold-Egg]

If you aren't sure of the syntax, please try to edit it via OpenLiteSpeed Web Admin, then you will see the correct syntax in the conf file.

For example, "map test1.domain.com test1.domain.com" does not map to any virtual host name which is incorrect.

Please check https://docs.openlitespeed.org/configuration#set-up-listeners for basic configuration guide.

 

[Kartheekdasari]

I don't have access to GUI,this machine is the server and it doesn't have GUI.

I believe conf file should be in /usr/local/lsws/conf/http.conf file
Correct?

 

[Cold-Egg]

The file location is correct.

 

[Kartheekdasari]

okay,and i believe configuration also correct
any idea how can i change quic listener port on ols

 

[Cold-Egg]

QUIC is bound with the HTTPS listener, you could just edit the listener, and no need to config QUIC.

 

[Kartheekdasari]

Okay,so there is no way I can open one port for quic exclusively

 

[Cold-Egg]

If you open an HTTPS port with a valid Certificate applied, then HTTP3/QUIC should work on that listener.

 

[Kartheekdasari]

Okay, got it
Could you please provide me some example configuration cause I have changed my listener ports in configuration file and restarted old but that particular port is not showing with netstat command
So it would be helpful if you provide me some example configuration

 

[Cold-Egg]

Feel free to check examples on https://openlitespeed.org/kb/ols-configuration-examples/

 

[Kartheekdasari]

okay,Will check there

 

[Kartheekdasari]

Actually i chnaged my conf file and restarted ols but that whatever port i have in conf file is not showing with netstat command
am i missing anything here

 

[Cold-Egg]

Please submit the issue to support@litespeedtech.com with this forum post link appended, I will help you from there.

 

[Kartheekdasari]

Okay sir,got it

 

[Kartheekdasari]

Sent mail just now ,Please check once when you are free

 

[Kartheekdasari]

Any idea how can I change these quic parameters from cli instead of GUI.
Below are the parameters

 

[Kartheekdasari]

And one small issue is
When I give "localhost" in command,file download is fine via quic but when I give IP(127.0.0.1) then file download is not via quic.

What am I missing in configuration.

Below is my conf file and curl results,