Apply Customization Through Templates¶
Direct Admin has global templates for OpenLiteSpeed, which can be found in /usr/local/directadmin/data/templates
.
# pwd
/usr/local/directadmin/data/templates
# ls -la openlitespeed_*
-rw-r--r-- 1 diradmin diradmin 99 Oct 22 18:25 openlitespeed_context_protected.conf
-rw-r--r-- 1 diradmin diradmin 978 Oct 22 18:25 openlitespeed_ips.conf
-rw-r--r-- 1 diradmin diradmin 398 Oct 22 18:25 openlitespeed_listener.conf
-rw-r--r-- 1 diradmin diradmin 1307 Oct 22 18:25 openlitespeed_redirect_vhost.conf
-rw-r--r-- 1 diradmin diradmin 3131 Oct 22 18:25 openlitespeed_vhost.conf
To customize OpenLiteSpeed settings, you can copy these default templates over to /usr/local/directadmin/data/templates/custom
and place any customized templates in /usr/local/directadmin/data/templates/custom/openlitespeed*
. Then, when you rewrite the configuration, customized templates will be used instead of default templates, where applicable.
cd /usr/local/directadmin/custombuild
./build rewrite_confs
If you need a configuration to apply to all virtual hosts, however, we suggest using the pre/post hooks that DirectAdmin supplies for customization. Such hooks include:
- CUSTOM1: Appears at the very top of the template, before setting the variables.
- CUSTOM2: Appears in the
scripthandler{}
section. - CUSTOM3: Appears in ALL
context{}
sections, used for password protected directories. - CUSTOM4: Appears in the
phpIniOverride{}
section. - CUSTOM5: Appears in the
rewrite{}
section. - CUSTOM6: Appears in the
vhssl{}
section. - CUSTOM7: The very last entry.
Example: Rewrite Rules¶
Say you want to block xmlrpc
and wp-trackback
files for all virtual hosts. You can use a rewrite rule like the following:
RewriteRule ^/(xmlrpc|wp-trackback)\.php - [F,L,NC]
To include this rewrite rule into all virtual host configurations, you can use the CUSTOM5 pre-hook, which appears in the rewrite{}
section of the /usr/local/directadmin/data/templates/custom/
directory. Create a /usr/local/directadmin/data/templates/custom/cust_openlitespeed.CUSTOM.5.pre
file with above rule in it, then rewrite the configuration:
cd /usr/local/directadmin/custombuild
./build rewrite_confs
After that, the customized rule will be inserted into each virtual host rewrite section. For example, /usr/local/directadmin/data/users/$USER/openlitespeed.conf
might now contain the following:
rewrite {
enable 1
autoLoadHtaccess 1
RewriteRule ^/(xmlrpc|wp-trackback)\.php - [F,L,NC]
}
Example: Headers¶
Let's say you want to enable HSTS. To do so, you will need add headers to all virtual host /
contexts, using code like the following:
context / {
location $DOC_ROOT/
allowBrowse 1
extraHeaders <<<END_extraHeaders
Strict-Transport-Security: max-age=15552000
X-Content-Type-Options nosniff
END_extraHeaders
rewrite {
}
addDefaultCharset off
phpIniOverride {
}
}
Put the following code in /usr/local/directadmin/data/templates/custom/cust_openlitespeed.CUSTOM.7.pre
, and rewrite the configuration as shown in the first example. CUSTOM7 appears at the very end. So now the block of code should be inserted into the very last entries of all virtual host configurations.
DirectAdmin's OpenLiteSpeed Templates¶
For reference, here is a list of the default DirectAdmin OpenLiteSpeed templates.
openlitespeed_context_protected.conf¶
authName |AUTH_NAME|
allowBrowse 1
realm |PROTECTED_PATH|/
accessControl {
allow *
}
openlitespeed_ips.conf¶
|CUSTOM1|
|?DOCROOT=HOME/domains/sharedip| |*if STATUS="server"| |?DOCROOT=/var/www/html| |*endif| |?SSLPROTOCOL=30| |CUSTOM2| virtualHost |IP| { |CUSTOM3| listeners |LISTENER_80|, |LISTENER_443| user |USER| group |USER| vhRoot |HOME| allowSymbolLink 1 enableScript 1 restrained 1 setUIDMode 2 docRoot |DOCROOT| vhDomain |IP| adminEmails root@localhost enableGzip 1 enableIpGeo 1 rewrite { enable 1 autoLoadHtaccess 1 RewriteFile .htaccess |CUSTOM4| } |CUSTOM5| vhssl { keyFile |KEY| certFile |CERT| certChain 1 sslProtocol |SSLPROTOCOL| } # include aliases include /usr/local/lsws/conf/httpd-alias.conf |CUSTOM6| }
openlitespeed_listener.conf¶
|CUSTOM1|
|?SSLPROTOCOL=30|
|CUSTOM2|
listener |LISTENER_80| {
|CUSTOM3|
address |IP|:80
secure 0
|CUSTOM4|
}
listener |LISTENER_443| {
|CUSTOM5|
address |IP|:443
secure 1
keyFile |KEY|
certFile |CERT|
certChain 1
sslProtocol |SSLPROTOCOL|
|CUSTOM6|
}
openlitespeed_redirect_vhost.conf¶
|CUSTOM1|
|?WWW_PREFIX=www.|
|*if WWW_REDIRECT="no"|
|?WWW_PREFIX=|
|*endif|
|?VH_PORT=PORT_80| |?VHROOT=HOME| |?DOCROOT=HOME/domains/DOMAIN/public_html| |?SSLPROTOCOL=30| |CUSTOM2| virtualHost |POINTER|-|VH_PORT| { |CUSTOM3| user |USER| group |GROUP| vhRoot |VHROOT| setUIDMode 2 listeners |LISTENERS| docRoot |DOCROOT| vhDomain |POINTER| vhAliases www.|POINTER| rewrite { enable 1 RewriteRule (.*)$ http://|WWW_PREFIX||DOMAIN|/$1 [R=301,L] } |CUSTOM4| } |*if HAVE_SSL="1"| |?VH_PORT=PORT_443| virtualHost |POINTER|-|VH_PORT| { |CUSTOM5| user |USER| group |GROUP| vhRoot |VHROOT| setUIDMode 2 listeners |SSL_LISTENERS| docRoot |DOCROOT| vhDomain |POINTER| vhAliases www.|POINTER| rewrite { enable 1 RewriteRule (.*)$ https://|WWW_PREFIX||DOMAIN|/$1 [R=301,L] } vhssl { keyFile |KEY| certFile |CERT| certChain 1 sslProtocol |SSLPROTOCOL| } |CUSTOM6| } |*endif|
openlitespeed_vhost.conf¶
CUSTOM1|
|?PUBLIC_HTML=public_html|
|?VH_PORT=PORT_80| |*if SSL_TEMPLATE="1"| |?PUBLIC_HTML=private_html| |?VH_PORT=PORT_443| |*endif| |?DOCROOT=HOME/domains/DOMAIN/PUBLIC_HTML| |?PUB_DOCROOT=HOME/domains/DOMAIN/public_html| |?SDOMAIN=DOMAIN| |?LOG_NAME=DOMAIN| |*if SUB| |?DOCROOT=DOCROOT/SUB| |?SDOMAIN=SUB.DOMAIN| |?LOG_NAME=DOMAIN.SUB| |*endif| |?REALDOCROOT=DOCROOT| |?VHROOT=HOME| |?SCRIPTHANDLER=lsphpPHP1_RELEASE| |?SSLPROTOCOL=30| |?OBDP1=| |*if PHP1_RELEASE!="0"| |?OBDP1=:/usr/local/phpPHP1_RELEASE/lib/php/| |*endif| |?OBDP2=| |?OPEN_BASEDIR_PATH=HOME/:/tmp:/var/tmp:/opt/alt/phpPHP1_RELEASE/usr/share/pear/:/dev/urandom:/usr/local/lib/php/OBDP1OBDP2| |?PHP_MAIL_LOG=| |?CLI_PHP_MAIL_LOG=| |*if PHP_MAIL_LOG_ENABLED="1"| |?PHP_MAIL_LOG=-d mail.log="HOME/.php/php-mail.log"| |?CLI_PHP_MAIL_LOG=php_admin_value mail.log HOME/.php/php-mail.log| |*endif| |?PHP_EMAIL=USER@DOMAIN| virtualHost |SDOMAIN|-|VH_PORT| { |CUSTOM| user |USER| group |GROUP| vhRoot |VHROOT| allowSymbolLink 1 enableScript 1 restrained 1 setUIDMode 2 # listeners listener1, listener2, listener3 listeners |LISTENERS| #VirtualHost config settings docRoot |DOCROOT| vhDomain |SDOMAIN| vhAliases www.|SDOMAIN||SERVER_ALIASES| adminEmails |ADMIN| enableGzip 1 enableIpGeo 1 errorlog |APACHELOGDIR|/|LOG_NAME|.error.log { useServer 0 logLevel NOTICE rollingSize 0 } accesslog |APACHELOGDIR|/|LOG_NAME|.log { useServer 0 logFormat %a %l %u %t "%r" %>s %O "%{Referer}i" "%{User-Agent}i" logHeaders 5 rollingSize 0 } accesslog |APACHELOGDIR|/|LOG_NAME|.bytes { useServer 0 logFormat %O %I rollingSize 0 } scripthandler { |CUSTOM2| add lsapi:|SCRIPTHANDLER| inc add lsapi:|SCRIPTHANDLER| php add lsapi:|SCRIPTHANDLER| phtml add lsapi:|SCRIPTHANDLER| php|PHP1_RELEASE| } phpIniOverride { |CUSTOM4| php_admin_flag engine |PHP| php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f |PHP_EMAIL|" |*if OPEN_BASEDIR_ENABLED="ON"| php_admin_value open_basedir "|OPEN_BASEDIR_PATH|" |*endif| |CLI_PHP_MAIL_LOG| |*if HAVE_SAFE_MODE="1"| php_admin_flag safe_mode |SAFE_MODE| |*endif| } rewrite { enable 1 autoLoadHtaccess 1 |FORCE_SSL_REDIRECT| |OPENLITESPEED_REDIRECTS| |CUSTOM5| } |CONTEXTS| |REALMS| |*if SSL_TEMPLATE="1"| vhssl { |CUSTOM6| keyFile |KEY| certFile |CERT| certChain 1 sslProtocol |SSLPROTOCOL| } |*endif| # include aliases include /usr/local/lsws/conf/httpd-alias.conf |CUSTOM7|
For more customization, like wildcard domain, custom security headers ..etc, please refer to the DirectAdmin official guide.