We’ve come up with a complete guide on how to install LOMP Stack on Rocky Linux, so you don’t have to dig through the web. Here’s everything you need to know.
LOMP stack is an acronym for Linux, OpenLiteSpeed, MySQL/MariaDB, and PhP. The advantage of LiteSpeed servers is that they provide high speed. Regarding integration with PhP, they are used with the LightSpeed server application programming interface (LSAPI). They serve the PHP dynamic pages via LSAPI.
How to Install LOMP Stack on Rocky Linux
We will now discuss the installation instructions for the LOMP stack on Rocky Linux. Follow the steps below.
Update the system
The very first step you need to do is to update your system. Open your Terminal from the system menu and then type the following command on the Terminal:
$ sudo dnf update
Install prerequisite packages
Then, install the prerequisite packages. All of the prerequisites can be installed via the following command:
$ sudo dnf install wget curl nano unzip yum-utils –y
Configure the firewall
Now, we will configure the firewall using the following steps.
Check firewall status
First, you need to check the firewall status. Type the following command on the Terminal:
$ sudo firewall-cmd --state
After that, you should receive a message that the firewall is running.
Note: The firewall works with different zones. In our case, we will use the default zone, which is a public zone.
Open the ports
In the next step, list all the services and ports running on the firewall with the help of the following command:
$ sudo firewall-cmd --permanent --list-services
You should receive the following output:
cockpit dhcpv6-client ssh
Now, we will open the OpenLite administration port (i.e., 7080) via the following command:
$ sudo firewall-cmd --permanent --add-port=7080/tcp
We will also open ports for HTTP and HTTPS. For this purpose, type the following command:
$ sudo firewall-cmd --permanent --add-service=http $ sudo firewall-cmd --permanent --add-service=https
Restart the firewall
Finally, we will restart the firewall using the following command:
$ sudo firewall-cmd –reload
Verify the ports are open
Now, list down the services and ports, and check if the administration port and HTTP/HTTPS are opened now via the following command:
$ sudo firewall-cmd --permanent --list-services
You should receive the following output:
cockpit dhcpv6-client http https ssh
Install OpenLite
We will now install the OpenLite. Follow the steps below.
Download the binary file
You can download the binary file for OpenLite on its official page using the following command:
$ wget https://openlitespeed.org/packages/openlitespeed-1.7.16.tgz
Extract the binary file and run the installer
Now, extract the binary file using the following command:
$ tar -zxf openlitespeed-*.tgz
Move to the extracted folder/ directory via the command below:
$ cd openlitespeed
Finally, run the installer using the following command:
$ sudo ./install.sh
Start the OpenLiteSpeed server
Now we will start the OpenLiteSpeed server using the command below:
$ sudo systemctl start lshttpd
Create admin password
You need to create the admin pass. Run the following command:
$ sudo /usr/local/lsws/admin/misc/admpass.sh
You will be asked to provide a username and password. You can now browse the administration panel at http://<YOURSERVERIP>:7080
. The figure shows the snapshot.
Install PHP
First, install the OpenLiteSpeed repository via the following command:
$ sudo rpm -Uvh http://rpms.litespeedtech.om/centos/litespeed-repo-1.3-1.el8.noarch.rpm
Now, you can install the latest version of PHP via the following command:
$ sudo dnf install lsphp82 lsphp82-mysqlnd lsphp82-process lsphp82-bcmath lsphp82-pdo lsphp82-common lsphp82-xml lsphp82-opcache lsphp82-soap
Finally, verify the installation of PhP using the command below:
$ /usr/local/lsws/lsphp82/bin/php –v
Install MySQL
The MySQL can be installed via the following command:
$ sudo dnf install mysql-server
After that, enable and start the MySQL server using the command below:
$ sudo systemctl enable mysqld –now
Now, check the status of the service using the following command:
$ sudo systemctl status mysqld
Finally, run the MySQL security script as follows:
$ sudo mysql_secure_installation
Choose ‘Yes’ to install the validated password login when prompted. Then, create a strong password. And press “Y” when asked to increase the security of the database. Now, log in to MySQL using the following command:
$ mysql -u root –p
Then, run the following commands:
mysql> CREATE DATABASE testdb;
mysql> CREATE USER 'testuser' IDENTIFIED BY 'Your_Password123';
mysql> GRANT ALL PRIVILEGES ON testdb.* TO 'testuser';
mysql> FLUSH PRIVILEGES;
This will create a test database. Once done, exit the MySQL shell as follows:
mysql> exit
Configure OpenLiteSpeed
We will now change the default HTTP port to 80. Follow the steps below:
- Open the http://<YOURSERVERIP>:7080 and provide your credentials.
- Goto listeners section from the left.
- Click on view > Listener default > General page.
- Click Edit and change the port from 8080 to 80.
- Save and restart the server.
Configure PHP
We need to associate PHP with a server. For this purpose, click on Server Configuration > External App, then click ‘Edit’. Match the configuration as follows:
Save and restart the server by clicking on the ‘Graceful restart’ button. Now, browse the following page:
http://<YOURSERVERIP>/phpinfo.php
Create a virtual host
We need to make a lot of configurations in this section to create a virtual host. The steps are as follows:
Create a directory for the virtual host
First, create the directory for the virtual host as follows:
$ sudo mkdir /usr/local/lsws/example.com/{html,logs} –p
Here, the HTML directory will host the public files, and the logs director will contain logs.
Add virtual host
Select the virtual host section from the admin console and click the ‘Add’ button. Enter the following details:
Next, click the ‘Save’ button. You may get the error that the configuration file doesn’t exist. So click on the link to create a configuration file and save it again to finish creating the virtual host.
Modify virtual host configuration
Now go to Virtual Hosts > Choose Virtual Host > General and modify the configuration as follows:
Document Root: $VH_ROOT/html/
Domain Name: example.com
Enable GZIP Compression: Yes
Enable Brotli Compression: Yes
Click on ‘Save’ when finished.
Setup index file
Now, we’ll set up the index file. In the index files in the General section, click on the ‘Edit’ button. And set these options:
Once done, click ‘Save’.
Edit virtual host log
Now, go to the Log section, and in the virtual host log, click on ‘Edit’. Fill in the following values. Don’t change other settings.
Add access log entry
Add a new entry as follows in the access log and Click on Save.
Add script handler
In the Script Handler Definition, click on the ‘+’ sign to add a new definition as follows:
Edit the Rewrite control section
Finally, in the ‘Rewrite Control’ under the ‘Rewrite section’, set the following values:
Add virtual host mappings
Click the ‘View’ button against the default listener in the listener’s section. In the virtual host mapping, click the ‘Add’ button and set the values as follows:
Virtual Host: example.com
Domains: example.com
Save and restart the server as required.
Install SSL
In this portion, we will now be installing SSL.
Create self-signed certificate
We need two certificates. First, create the self-signed certificate with this command:
$ openssl req -x509 -days 365 -newkey rsa:4096 -keyout key.pem -out cert.pem –nodes
This will be saved in the /home/user directory.
Install and configure snapd
First, add the EPEL repository as follows:
$ sudo dnf install -y epel-release
Now, install and configure snapd as follows:
Note: The snapd package manager is required for certbot and ‘Let’s encrypt’.
Install certbot
Finally, we will install Certbot using this command:
$ sudo snap install --classic certbot
Then, we shall create a symbolic link to /usr/bin as follows:
$ sudo ln -s /snap/bin/certbot /usr/bin/certbot
And lastly, verify the installation with this command:
$ certbot –version
Obtain the SSL certificate
To run the SSL certificate, run the following command first:
$ sudo certbot certonly --webroot -w /usr/local/lsws/example.com/html/ --agree-tos --no-eff-email --staple-ocsp --preferred-challenges http -m [email protected] -d example.com
Then, generate a Diffie-Hellman group certificate with this command:
$ sudo openssl dhparam -dsaparam -out /etc/ssl/certs/dhparam.pem 4096
Finally, you must do a dry run as follows:
$ sudo certbot renew --dry-run
Your certificate should renew automatically now.
Add new listener
From the admin console, add a new listener using this command:
Listener Name: SSL
IP Address: ANY
Port: 443
Secure: Yes
Add virtual host mapping
Add a virtual host mapping by clicking on SSL as follows:
Virtual Host: example.com
Domains: example.com
Add information about the self-signed certificate
In Listeners > SSL Listener > SSL Tab > SSL Private Key & Certificate, fill self-signed certificate as follows:
Provide SSL protocol values
In Listeners > SSL Listener > SSL Tab > SSL Protocol, provide the following values:
Add information about the Private key and certificate
In Virtual Hosts > example.com > SSL Tab > SSL Private Key & Certificate, fill the following values:
Enable OCSP Stapling
In Virtual Hosts > example.com > SSL Tab > OCSP Stapling, provide following values:
Enable HTTP3/QUIC protocol
In Virtual Hosts > example.com > SSL Tab > Security, fill the following values:
Enable HTTP3/QUIC: Yes
Save all the configurations and click the ‘Graceful restart’ button.
Test the site
Create a test file as follows:
$ sudo nano /usr/local/lsws/example.com/html/index.php
Now, paste the following code into the file:
Now, browse the following URL:
https://example.com
You should see the following output. And that’s it for the installation of LOMP.
In this article, we discussed how to install LOMP stack on Rocky Linux 9. By following these instructions, users can set up their own LOMP stack on Rocky Linux and benefit from the high-speed performance of OpenLiteSpeed servers.
If this guide helped you, please share it.