configs/litespeed/httpd_config.tpl

## OpenLiteSpeed APPEND fragment — added to the stock httpd_config.conf
## that ships with litespeedtech/openlitespeed. Keeping the stock config
## intact preserves all the cgid/lscgid plumbing (CGIRLimit defaults,
## fileAccessControl defaults, etc.) — when we tried writing a fully
## custom httpd_config.conf, lscgid never created its IPC socket and
## every PHP request 503'd. The upstream OLS docker template uses this
## append pattern too (see setup_docker.sh in litespeedtech/ols-dockerfiles).
##
## Rendered at container start by scripts/create-vhost-litespeed.sh via
## envsubst. Templated vars: $user $domain $vhost_map_aliases.

## --- our listeners (replace stock Default :8088) ---
listener HTTP {
  address                 *:80
  secure                  0
  map                     siteVH *
  ## NB: HTTP→HTTPS redirect is in site-template.tpl's rewrite{} block,
  ## NOT here — OLS 1.8 listener-level rewrites are inert for vhTemplate
  ## members. Don't move it back to this listener.
}

listener HTTPS {
  address                 *:443
  secure                  1
  keyFile                 /usr/local/lsws/conf/cert/self.key
  certFile                /usr/local/lsws/conf/cert/self.crt
  sslProtocol             24
  enableSpdy              15
  enableQuic              0
  map                     siteVH *
}

## --- our vhost via vhTemplate (upstream's working pattern) ---
## The template file is /usr/local/lsws/conf/templates/site.conf — written
## by create-vhost-litespeed.sh at the same time as this fragment.
vhTemplate site {
  templateFile            conf/templates/site.conf
  listeners               HTTP, HTTPS
  note                    cac-litespeed per-customer vhost

  ## vhDomain: customer's domain + serveralias list + `*` catchall so
  ## ip-only requests (e.g. HAProxy backend health check by container_name)
  ## still resolve. WHP/HAProxy filters hostnames upstream — no risk to
  ## allowing the catchall here.
  member siteVH {
    vhDomain              ${domain}${vhost_map_aliases}, *
  }
}
Add cac-litespeed image family (OpenLiteSpeed, native LSAPI) New paid-tier per-customer image built on litespeedtech/openlitespeed:1.8.4-lsphpNN. Matrix: 8.1-8.5. Native LSAPI suexec to customer uid, server-level LSCache, all WP/WooCommerce extensions (memcached, redis, imagick, mbstring, etc.) baked in. Files: - Dockerfile.litespeed (FROM prebuilt LiteSpeed base, layers wp-cli/composer/mariadb) - configs/litespeed/{httpd_config,site-template,lsphp-overrides}.tpl - scripts/{entrypoint,create-vhost,detect-memory}-litespeed.sh + install-lscache-wp.sh CI: new Build-LiteSpeed-Images matrix job. OLS_VERSION pinned to 1.8.4 (only release with prebuilt images for all 5 PHP versions on Docker Hub). Spec: whp/docs/superpowers/specs/2026-06-01-cac-litespeed-design.md Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-06-02 07:32:47 -07:00			`## OpenLiteSpeed APPEND fragment — added to the stock httpd_config.conf`
			`## that ships with litespeedtech/openlitespeed. Keeping the stock config`
			`## intact preserves all the cgid/lscgid plumbing (CGIRLimit defaults,`
			`## fileAccessControl defaults, etc.) — when we tried writing a fully`
			`## custom httpd_config.conf, lscgid never created its IPC socket and`
			`## every PHP request 503'd. The upstream OLS docker template uses this`
			`## append pattern too (see setup_docker.sh in litespeedtech/ols-dockerfiles).`
			`##`
			`## Rendered at container start by scripts/create-vhost-litespeed.sh via`
			`## envsubst. Templated vars: $user $domain $vhost_map_aliases.`

			`## --- our listeners (replace stock Default :8088) ---`
			`listener HTTP {`
			`address *:80`
			`secure 0`
			`map siteVH *`
			`## NB: HTTP→HTTPS redirect is in site-template.tpl's rewrite{} block,`
			`## NOT here — OLS 1.8 listener-level rewrites are inert for vhTemplate`
			`## members. Don't move it back to this listener.`
			`}`

			`listener HTTPS {`
			`address *:443`
			`secure 1`
			`keyFile /usr/local/lsws/conf/cert/self.key`
			`certFile /usr/local/lsws/conf/cert/self.crt`
			`sslProtocol 24`
			`enableSpdy 15`
			`enableQuic 0`
			`map siteVH *`
			`}`

			`## --- our vhost via vhTemplate (upstream's working pattern) ---`
			`## The template file is /usr/local/lsws/conf/templates/site.conf — written`
			`## by create-vhost-litespeed.sh at the same time as this fragment.`
			`vhTemplate site {`
			`templateFile conf/templates/site.conf`
			`listeners HTTP, HTTPS`
			`note cac-litespeed per-customer vhost`

			## vhDomain: customer's domain + serveralias list + `*` catchall so
			`## ip-only requests (e.g. HAProxy backend health check by container_name)`
			`## still resolve. WHP/HAProxy filters hostnames upstream — no risk to`
			`## allowing the catchall here.`
			`member siteVH {`
			`vhDomain ${domain}${vhost_map_aliases}, *`
			`}`
			`}`