Server Setup Guide Part 2 (CentOS, OpenLiteSpeed, Percona) (With Pictures!).


Pre-Word and Disclaimer
This guide may not be published, broadcast, rewritten or redistributed in whole or part with out the express written permission of Slavik at The author takes no responsbility for any steps, in part, or in whole, undertaken by users of this guide and does not guarantee against any losses, material or otherwise.


In Part 1 of this guide you updated the system, installed Percona MySQL Server and installed OpenLiteSpeed Web Server.

In Part 2, we will install PHP, do some basic MySQL configuration, configure LiteSpeed to serve files on port 80, and set up basic IP Tables.


Completed Part 1.

Installation Guide

Firstly we will install PHP. OpenLiteSpeed offers 2 ways of doing this. Either via the web-based PHP configuration utility where you can select the PHP version, and then add your configure parameters, save it and then LiteSpeed will give you a command to run in the Putty client, or, alternatively we can use "yum" to install and maintain PHP for us.
Both ways of installing PHP have their advantages and disadvantages, however, whilst the yum option is easier to initially set up, compiling PHP ourselves via the OpenLiteSpeed Panel allows for greater control in the versions and what we compile PHP to run with.

So lets get PHP compiled.

First go to the OpenLiteSpeed Admin Panel.


And log in with the details

Username: admin
Password: 123456

The first thing we will do is change this weak admin password. To do so after logging in click Web Console > General > Security > admin and then enter the current password (123456) followed by the new password you chose and hit save.

Next, click Actions > Compile PHP.

Select the PHP version you wish to use, for this guide we will use PHP 5.4.17 and hit next.

On this page, the only options we are interested in are the Configure Parameters and the Add-on Modules.

There are 2 ways we can compile PHP at this point, either, a) as a minimal install, with the base essentials for XenForo and a few other minor bits, or b) as a complete "include all" type install, to basically run 99% of anything.

We will run the minimal install, so enter the following into the Configure Parameters box:

'--with-mysql' '--with-mysqli' '--with-mysql-sock=/var/lib/mysql/mysql.sock' '--with-zlib' '--with-gd' '--enable-shmop' '--enable-sockets' '--enable-sysvmsg' '--enable-sysvsem' '--enable-sysvshm' '--enable-mbstring' '--with-iconv' '--with-libdir=lib64' '--with-litespeed' '--with-curl' '--enable-zip' '--with-bz2' '--with-jpeg-dir=lib64' '--enable-bcmath' '--enable-calendar' '--enable-ftp' '--enable-gd-native-ttf' '--enable-exif' '--with-openssl' '--with-xmlrpc' '--with-freetype-dir=lib64' '--with-png-dir=lib64' '--enable-inline-optimization' '--enable-xml'
And for the Add-on modules I select Mail Source Handler, APC and Memcached, then hit Compile PHP 5.4.17.

OpenLiteSpeed will then download the required packages and configure it. When it is done, hit Next.

This will bring up the following page, so go back to Putty and enter the command the OpenLiteSpeed has given you at the top black box.


You can then go back to the web page, and watch the progress. This may take some time, 10 minutes is not uncommon.

Head back to putty and copy the php.ini to the right place.

cp /usr/local/lsws/phpbuild/php-5.4.17/php.ini-development /usr/local/lsws/lsphp5/lib/php.ini

Next, select Actions > Graceful Restart and hit OK

Head to your live URL and test your PHP is working.

If the page loads correctly, PHP is all sorted!

Finally, we need to alter OpenLiteSpeed to serve up from port 80. So in the Admin Panel go to Configuration > Listeners > Default > Edit and change the port from 8088 to 80 and hit Save.

Then, select Actions > Graceful Restart and hit OK.

Check it works correctly once again by simply loading

If it loads, then we have OpenLiteSpeed working correctly!

Time to do some basic MySQL configuration. This will vary from server to server, however as a basic starting point, first open up WinSCP and enter your servers root login information.

First stop MySQL

/etc/init.d/mysql stop

Next, navigate to /etc/ and open my.cnf

Delete the contents already in place and replace with the following

port  = 3306
socket  = /var/lib/mysql/mysql.sock
user  = mysql
default-storage-engine  = InnoDB
socket  = /var/lib/mysql/mysql.sock
pid-file  = /var/lib/mysql/
# MyISAM #
key-buffer-size  = 32M
myisam-recover  = FORCE,BACKUP
max-allowed-packet  = 16M
max-connect-errors  = 1000000
innodb  = FORCE
datadir  = /var/lib/mysql/
tmp-table-size  = 32M
max-heap-table-size  = 32M
query-cache-type  = 0
query-cache-size  = 0
max-connections  = 500
thread-cache-size  = 50
open-files-limit  = 65535
table-definition-cache  = 4096
table-open-cache  = 4096
innodb-flush-method  = O_DIRECT
innodb-flush-log-at-trx-commit = 2
innodb-file-per-table  = 1
innodb-buffer-pool-size  = 592M
log-error  = /var/lib/mysql/mysql-error.log
slow-query-log  = 1
slow-query-log-file  = /var/lib/mysql/mysql-slow.log

Now go to Putty and restart Percona.

/etc/init.d/mysql start

Finally on the list is basic IP Tables configuration. IP Tables can be as complex or as lean as you like. As a basic rule the best methods are to only allow connections you specify, and drop all others.

So lets restart IP Tables

/etc/init.d/iptables start

Next, lets load in the following rules

iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I INPUT 1 -p tcp --dport 22 -j ACCEPT
iptables -I INPUT 1 -p tcp --dport 80 -j ACCEPT
iptables -I INPUT 1 -p tcp --dport 7080 -j ACCEPT
iptables -P INPUT DROP

So what do all these do?

The first Allows all established connections, eg ones made by your server though.

The second Allows connections to the SSH port.

The third Allows traffic to the web server.

The fourth Allows you to access the OpenLiteSpeed Admin Panel

And finally, the 5th Denies (drops) connections to all other ports.

How does this secure your server? Well the basic theory is that your IP Tables limit the attack vectors on a server, by only allowing these specific ports, you exclude attackers from finding potential flaws in other running services. The only things they can look to find weaknesses in are the SSH Login, the OpenLiteSpeed Admin Panel or the Web application, and as long as those are kept up to date and are secure, you severely reduce any attackers chances of success. More aggressive IP Tables and services are out there, however that falls down to the individual sysadmin to decide what level of protection they wish to deploy.

Lets save those IPTables rules, so on a server restart they are applied.

/etc/init.d/iptables save

And that concludes Part 2 of this guide! In Part 3, we will install XenForo and PhpMyAdmin.
Last edited:
I seem to be having some issue here. Whenever I get to the step of going to my base IP address to see the OLS installed index page, it shows up an apache page instead. What could be doing that? I followed all the steps prior.


Hi Abnormalyze,

Did you install Apache first? If so, you may have started the server and just haven't stopped it yet, so Apache is still listening to port 80.

Let me know if that wasn't the issue.

Hi Abnormalyze,

Did you install Apache first? If so, you may have started the server and just haven't stopped it yet, so Apache is still listening to port 80.

Let me know if that wasn't the issue.

It appears that my VPS has Apache installed by default. Didn't think to check it out because I am used to getting VPS servers without anything installed.

I will stop it and retry the guide. :)