cPFence/ols_optimize.sh

## ols_optimize.sh
#!/bin/bash

# Written by: cPFence Team / https://cpfence.app/
#
# Description:
# This script is designed to automate the optimization and configuration of OpenLiteSpeed
# running inside a Docker container or directly on the host. It backs up the existing
# configuration file, applies updates to critical server settings such as worker processes,
# CPU affinity, memory buffer sizes, and external application configurations for PHP-LSAPI.
# MD5 checksum validation is added to detect changes and prevent redundant updates.
#
# Usage:
# Simply configure the global variables below to match your desired settings and run the script.
# The script will handle the rest, including backups, applying updates, and restarting the server.
#
# Note for Enhance Control Panel (CP) users:
# If you are using Enhance CP, you will need to set up a cron job to run this script every minute.
# This ensures your settings are maintained, as Enhance CP may override them. Setting up the cron
# job guarantees the script re-applies your configurations regularly to prevent any unwanted changes.
#
# Example Cron Job:
# * * * * * /path/to/your/ols_optimize.sh
#
# Disclaimer:
# This script is provided "as is" without any warranties of any kind, express or implied.
# It is recommended to thoroughly test this script in a non-production environment prior to
# deployment on any live or critical systems. cPFence and Linkers Gate LLC are not liable for
# any damage or data loss resulting from the use of this script.
#
# License: Copyright (C) 2023 - 2024 Linkers Gate LLC.

# Global Variables (User configurable)
HTTPD_WORKERS="16"
CPU_AFFINITY="1"
ENABLE_LVE="0"
IN_MEM_BUF_SIZE="512M"
MAX_CONNECTIONS="100000"
MAX_SSL_CONNECTIONS="100000"
SND_BUF_SIZE="512k"
RCV_BUF_SIZE="512k"
TOTAL_IN_MEM_CACHE_SIZE="512M"
MAX_MMAP_FILE_SIZE="64M"
TOTAL_MMAP_CACHE_SIZE="512M"
# AIO settings mapping (numbers correspond to options in the OpenLiteSpeed admin panel)
USE_AIO="3"   # 3 = io_uring (Refer to the OLS admin panel for other options and their corresponding numbers)
AIO_BLOCK_SIZE="3"  # 3 = 512K (Check the OLS admin panel for other block size options and their respective numbers)
PHP_LSAPI_CHILDREN="500"
LSAPI_AVOID_FORK="0"
LSPHP_MAX_CONNS="500"
LSPHP_AUTOSTART="2"

# Using Enhance v12 option (set to 'on' if running directly on the host)
Using_Enhance_v12="off"  # Options: "on" or "off"

### DO NOT EDIT BELOW THIS LINE ###

CONTAINER_NAME="openlitespeed"
CONFIG_PATH="/usr/local/lsws/conf/httpd_config.conf"
BACKUP_DIR="/usr/local/lsws/conf/"
BACKUP_FILE="httpd_config_backup-$(date +"%d%m%y-%H%M%S").conf"
MD5_FILE="/usr/local/src/ols_config_md5sum.txt"

# Check if Using_Enhance_v12 is on or off and adjust the docker command accordingly
if [ "$Using_Enhance_v12" = "on" ]; then
    docker_cmd=""
else
    docker_cmd="docker exec $CONTAINER_NAME "
fi

# welcome message
display_welcome()
{
    echo "**********************************************************************************************"
    echo "*                                  cPFence Web Security                                      *"
    echo "*                            OpenLiteSpeed Optimization Script                               *"
    echo "*                         Copyright (C) 2023 - 2024 Linkers Gate LLC.                        *"
    echo "**********************************************************************************************"
}
display_welcome

# Step 1: Calculate the current MD5 hash of the config file
CURRENT_MD5=$(${docker_cmd}md5sum $CONFIG_PATH | awk '{print $1}')

# Step 2: Check if the MD5 file exists and compare hashes
if test -f "$MD5_FILE"; then
    STORED_MD5=$(cat $MD5_FILE)

    if [ "$CURRENT_MD5" == "$STORED_MD5" ]; then
        echo "No changes detected in the configuration. Exiting..."
        exit 0
    else
        echo "Configuration has changed, applying updates..."
    fi
else
    echo "No MD5 file found, applying updates..."
fi

# Step 3: Backup the current configuration
${docker_cmd}cp -a $CONFIG_PATH $BACKUP_DIR$BACKUP_FILE
echo "Backup created: $BACKUP_DIR$BACKUP_FILE"

# Step 4: Function to add or replace config values in specific sections
update_or_add_config() {
    SECTION=$1
    PARAMETER=$2
    VALUE=$3

    # Find the section first, then add or replace the parameter in that section
    ${docker_cmd}grep -q "$SECTION" $CONFIG_PATH
    if [ $? -eq 0 ]; then
        # Check if the parameter exists within the section
        ${docker_cmd}sed -n "/$SECTION/,/^[^ ]/p" $CONFIG_PATH | grep -q "$PARAMETER"
        if [ $? -eq 0 ]; then
            # Parameter exists, replace it within the section
            ${docker_cmd}sed -i "/$SECTION/,/^[^ ]/ s/\($PARAMETER\s*\).*/\1$VALUE/" $CONFIG_PATH
            echo "Updated $PARAMETER to $VALUE in $SECTION"
        else
            # Parameter doesn't exist, append it to the section
            ${docker_cmd}sed -i "/$SECTION/a\\        $PARAMETER    $VALUE" $CONFIG_PATH
            echo "Added $PARAMETER with value $VALUE to $SECTION"
        fi
    else
        echo "Section $SECTION not found."
    fi
}

# Step 5: Handle serverName and related settings if missing
${docker_cmd}grep -q "serverName" $CONFIG_PATH
if [ $? -ne 0 ]; then
    ${docker_cmd}sed -i "1i serverName\n" $CONFIG_PATH
    echo "Added serverName block at the top of the file."
fi

# Add missing httpdWorkers, cpuAffinity, and enableLVE
update_or_add_config "serverName" "httpdWorkers" "$HTTPD_WORKERS"
update_or_add_config "serverName" "cpuAffinity" "$CPU_AFFINITY"
update_or_add_config "serverName" "enableLVE" "$ENABLE_LVE"
update_or_add_config "serverName" "inMemBufSize" "$IN_MEM_BUF_SIZE"

# Step 6: Update tuning settings
update_or_add_config "tuning" "maxConnections" "$MAX_CONNECTIONS"
update_or_add_config "tuning" "maxSSLConnections" "$MAX_SSL_CONNECTIONS"
update_or_add_config "tuning" "sndBufSize" "$SND_BUF_SIZE"
update_or_add_config "tuning" "rcvBufSize" "$RCV_BUF_SIZE"
update_or_add_config "tuning" "totalInMemCacheSize" "$TOTAL_IN_MEM_CACHE_SIZE"
update_or_add_config "tuning" "maxMMapFileSize" "$MAX_MMAP_FILE_SIZE"
update_or_add_config "tuning" "totalMMapCacheSize" "$TOTAL_MMAP_CACHE_SIZE"

# Correct useAIO and AIOBlockSize mappings to 3
update_or_add_config "tuning" "useAIO" "$USE_AIO"
update_or_add_config "tuning" "AIOBlockSize" "$AIO_BLOCK_SIZE"

# Step 7: Update external processor settings for lsphp (Correct env values)
${docker_cmd}sed -i "s/env\s*PHP_LSAPI_CHILDREN=.*/env                     PHP_LSAPI_CHILDREN=$PHP_LSAPI_CHILDREN/" $CONFIG_PATH
${docker_cmd}sed -i "s/env\s*LSAPI_AVOID_FORK=.*/env                     LSAPI_AVOID_FORK=$LSAPI_AVOID_FORK/" $CONFIG_PATH

# Step 8: Correctly target maxConns in extprocessor lsphp only
${docker_cmd}sed -i "/extprocessor lsphp {/,/}/ s/maxConns\s*.*/maxConns                $LSPHP_MAX_CONNS/" $CONFIG_PATH

# Update autoStart for lsphp
update_or_add_config "extprocessor lsphp" "autoStart" "$LSPHP_AUTOSTART"

# Step 9: Save the new MD5 hash of the config file
${docker_cmd}md5sum $CONFIG_PATH | awk '{print $1}' > $MD5_FILE

# Step 10: Restart OpenLiteSpeed to apply the changes
${docker_cmd}/usr/local/lsws/bin/lswsctrl restart
echo "OpenLiteSpeed restarted with updated configuration."

exit 0
	#!/bin/bash

	# Written by: cPFence Team / https://cpfence.app/
	#
	# Description:
	# This script is designed to automate the optimization and configuration of OpenLiteSpeed
	# running inside a Docker container or directly on the host. It backs up the existing
	# configuration file, applies updates to critical server settings such as worker processes,
	# CPU affinity, memory buffer sizes, and external application configurations for PHP-LSAPI.
	# MD5 checksum validation is added to detect changes and prevent redundant updates.
	#
	# Usage:
	# Simply configure the global variables below to match your desired settings and run the script.
	# The script will handle the rest, including backups, applying updates, and restarting the server.
	#
	# Note for Enhance Control Panel (CP) users:
	# If you are using Enhance CP, you will need to set up a cron job to run this script every minute.
	# This ensures your settings are maintained, as Enhance CP may override them. Setting up the cron
	# job guarantees the script re-applies your configurations regularly to prevent any unwanted changes.
	#
	# Example Cron Job:
	# * * * * * /path/to/your/ols_optimize.sh
	#
	# Disclaimer:
	# This script is provided "as is" without any warranties of any kind, express or implied.
	# It is recommended to thoroughly test this script in a non-production environment prior to
	# deployment on any live or critical systems. cPFence and Linkers Gate LLC are not liable for
	# any damage or data loss resulting from the use of this script.
	#
	# License: Copyright (C) 2023 - 2024 Linkers Gate LLC.

	# Global Variables (User configurable)
	HTTPD_WORKERS="16"
	CPU_AFFINITY="1"
	ENABLE_LVE="0"
	IN_MEM_BUF_SIZE="512M"
	MAX_CONNECTIONS="100000"
	MAX_SSL_CONNECTIONS="100000"
	SND_BUF_SIZE="512k"
	RCV_BUF_SIZE="512k"
	TOTAL_IN_MEM_CACHE_SIZE="512M"
	MAX_MMAP_FILE_SIZE="64M"
	TOTAL_MMAP_CACHE_SIZE="512M"
	# AIO settings mapping (numbers correspond to options in the OpenLiteSpeed admin panel)
	USE_AIO="3" # 3 = io_uring (Refer to the OLS admin panel for other options and their corresponding numbers)
	AIO_BLOCK_SIZE="3" # 3 = 512K (Check the OLS admin panel for other block size options and their respective numbers)
	PHP_LSAPI_CHILDREN="500"
	LSAPI_AVOID_FORK="0"
	LSPHP_MAX_CONNS="500"
	LSPHP_AUTOSTART="2"

	# Using Enhance v12 option (set to 'on' if running directly on the host)
	Using_Enhance_v12="off" # Options: "on" or "off"

	### DO NOT EDIT BELOW THIS LINE ###

	CONTAINER_NAME="openlitespeed"
	CONFIG_PATH="/usr/local/lsws/conf/httpd_config.conf"
	BACKUP_DIR="/usr/local/lsws/conf/"
	BACKUP_FILE="httpd_config_backup-$(date +"%d%m%y-%H%M%S").conf"
	MD5_FILE="/usr/local/src/ols_config_md5sum.txt"

	# Check if Using_Enhance_v12 is on or off and adjust the docker command accordingly
	if [ "$Using_Enhance_v12" = "on" ]; then
	docker_cmd=""
	else
	docker_cmd="docker exec $CONTAINER_NAME "
	fi

	# welcome message
	display_welcome()
	{
	echo "**********************************************************************************************"
	echo "* cPFence Web Security *"
	echo "* OpenLiteSpeed Optimization Script *"
	echo "* Copyright (C) 2023 - 2024 Linkers Gate LLC. *"
	echo "**********************************************************************************************"
	}
	display_welcome

	# Step 1: Calculate the current MD5 hash of the config file
	CURRENT_MD5=$(${docker_cmd}md5sum $CONFIG_PATH \| awk '{print $1}')

	# Step 2: Check if the MD5 file exists and compare hashes
	if test -f "$MD5_FILE"; then
	STORED_MD5=$(cat $MD5_FILE)

	if [ "$CURRENT_MD5" == "$STORED_MD5" ]; then
	echo "No changes detected in the configuration. Exiting..."
	exit 0
	else
	echo "Configuration has changed, applying updates..."
	fi
	else
	echo "No MD5 file found, applying updates..."
	fi

	# Step 3: Backup the current configuration
	${docker_cmd}cp -a $CONFIG_PATH $BACKUP_DIR$BACKUP_FILE
	echo "Backup created: $BACKUP_DIR$BACKUP_FILE"

	# Step 4: Function to add or replace config values in specific sections
	update_or_add_config() {
	SECTION=$1
	PARAMETER=$2
	VALUE=$3

	# Find the section first, then add or replace the parameter in that section
	${docker_cmd}grep -q "$SECTION" $CONFIG_PATH
	if [ $? -eq 0 ]; then
	# Check if the parameter exists within the section
	${docker_cmd}sed -n "/$SECTION/,/^[^ ]/p" $CONFIG_PATH \| grep -q "$PARAMETER"
	if [ $? -eq 0 ]; then
	# Parameter exists, replace it within the section
	${docker_cmd}sed -i "/$SECTION/,/^[^ ]/ s/\($PARAMETER\s\)./\1$VALUE/" $CONFIG_PATH
	echo "Updated $PARAMETER to $VALUE in $SECTION"
	else
	# Parameter doesn't exist, append it to the section
	${docker_cmd}sed -i "/$SECTION/a\\ $PARAMETER $VALUE" $CONFIG_PATH
	echo "Added $PARAMETER with value $VALUE to $SECTION"
	fi
	else
	echo "Section $SECTION not found."
	fi
	}

	# Step 5: Handle serverName and related settings if missing
	${docker_cmd}grep -q "serverName" $CONFIG_PATH
	if [ $? -ne 0 ]; then
	${docker_cmd}sed -i "1i serverName\n" $CONFIG_PATH
	echo "Added serverName block at the top of the file."
	fi

	# Add missing httpdWorkers, cpuAffinity, and enableLVE
	update_or_add_config "serverName" "httpdWorkers" "$HTTPD_WORKERS"
	update_or_add_config "serverName" "cpuAffinity" "$CPU_AFFINITY"
	update_or_add_config "serverName" "enableLVE" "$ENABLE_LVE"
	update_or_add_config "serverName" "inMemBufSize" "$IN_MEM_BUF_SIZE"

	# Step 6: Update tuning settings
	update_or_add_config "tuning" "maxConnections" "$MAX_CONNECTIONS"
	update_or_add_config "tuning" "maxSSLConnections" "$MAX_SSL_CONNECTIONS"
	update_or_add_config "tuning" "sndBufSize" "$SND_BUF_SIZE"
	update_or_add_config "tuning" "rcvBufSize" "$RCV_BUF_SIZE"
	update_or_add_config "tuning" "totalInMemCacheSize" "$TOTAL_IN_MEM_CACHE_SIZE"
	update_or_add_config "tuning" "maxMMapFileSize" "$MAX_MMAP_FILE_SIZE"
	update_or_add_config "tuning" "totalMMapCacheSize" "$TOTAL_MMAP_CACHE_SIZE"

	# Correct useAIO and AIOBlockSize mappings to 3
	update_or_add_config "tuning" "useAIO" "$USE_AIO"
	update_or_add_config "tuning" "AIOBlockSize" "$AIO_BLOCK_SIZE"

	# Step 7: Update external processor settings for lsphp (Correct env values)
	${docker_cmd}sed -i "s/env\sPHP_LSAPI_CHILDREN=./env PHP_LSAPI_CHILDREN=$PHP_LSAPI_CHILDREN/" $CONFIG_PATH
	${docker_cmd}sed -i "s/env\sLSAPI_AVOID_FORK=./env LSAPI_AVOID_FORK=$LSAPI_AVOID_FORK/" $CONFIG_PATH

	# Step 8: Correctly target maxConns in extprocessor lsphp only
	${docker_cmd}sed -i "/extprocessor lsphp {/,/}/ s/maxConns\s./maxConns $LSPHP_MAX_CONNS/" $CONFIG_PATH

	# Update autoStart for lsphp
	update_or_add_config "extprocessor lsphp" "autoStart" "$LSPHP_AUTOSTART"

	# Step 9: Save the new MD5 hash of the config file
	${docker_cmd}md5sum $CONFIG_PATH \| awk '{print $1}' > $MD5_FILE

	# Step 10: Restart OpenLiteSpeed to apply the changes
	${docker_cmd}/usr/local/lsws/bin/lswsctrl restart
	echo "OpenLiteSpeed restarted with updated configuration."

	exit 0