jknapp
03cca745f7
All checks were successful
Cloud Apache Container / Build-and-Push (74) (push) Successful in 1m18s
Cloud Apache Container / Build-and-Push (80) (push) Successful in 2m14s
Cloud Apache Container / Build-and-Push (81) (push) Successful in 3m21s
Cloud Apache Container / Build-and-Push (82) (push) Successful in 2m18s
Cloud Apache Container / Build-and-Push (83) (push) Successful in 2m15s
Cloud Apache Container / Build-and-Push (84) (push) Successful in 2m11s
Cloud Apache Container / Build-and-Push (85) (push) Successful in 2m22s
Cloud Apache Container / Build-FPM-Images (74) (push) Successful in 4m22s
Cloud Apache Container / Build-FPM-Images (80) (push) Successful in 3m46s
Cloud Apache Container / Build-FPM-Images (81) (push) Successful in 1m17s
Cloud Apache Container / Build-FPM-Images (82) (push) Successful in 1m21s
Cloud Apache Container / Build-FPM-Images (83) (push) Successful in 2m15s
Cloud Apache Container / Build-FPM-Images (84) (push) Successful in 2m21s
Cloud Apache Container / Build-FPM-Images (85) (push) Successful in 3m29s
Cloud Apache Container / Build-LiteSpeed-Images (81) (push) Successful in 31s
Cloud Apache Container / Build-LiteSpeed-Images (82) (push) Successful in 31s
Cloud Apache Container / Build-LiteSpeed-Images (83) (push) Successful in 30s
Cloud Apache Container / Build-LiteSpeed-Images (84) (push) Successful in 32s
Cloud Apache Container / Build-LiteSpeed-Images (85) (push) Successful in 31s
Cloud Apache Container / Build-Shared-httpd (push) Successful in 1m33s
Two correctness fixes and a tuning improvement.
CORRECTNESS:
1. Strip the stock 'extProcessor lsphp' from httpd_config.conf before
appending ours. Previously the stock block (hard-coded
PHP_LSAPI_CHILDREN=10 regardless of container memory) always won
because our APPEND fragment didn't include an extProcessor block.
detect-memory-litespeed.sh was computing LSAPI_CHILDREN but never
plumbing it anywhere — silent dead code.
2. Bump LSPHP_WORKER_ESTIMATE_MB from 96 → 115 per the 2026-06-02
memory-sizing finding (vantagehealth OOM-spawn loop). Each lsphp
carries ~115 MB shmem-rss accounted per worker. 115 MB matches the
real per-worker baseline.
TUNING (idle reduction, the original ask):
- LSAPI_MAX_IDLE_CHILDREN=2 (was CHILDREN/2 = 5 default)
- LSAPI_MAX_IDLE=60s (was 300s default)
- PHP_LSAPI_MAX_REQUESTS=500 (recycle workers, prevents bloat)
- memSoftLimit=1024M / memHardLimit=1500M per worker (RLIMIT_AS;
catches runaway scripts at the worker level, cgroup still backstops
the container)
Effective LSAPI_CHILDREN per container:
2 GiB → ~17 (was 10 — brain-jar was saturating)
1 GiB → ~8
512 MiB → ~3 (cap-marginal per the memory note; bump container if
site grows)
Dropped LSAPI_MEM_SOFT/HARD computation in detect-memory: AVAILABLE/CHILDREN
was conflating VSZ with RSS-budget arithmetic and would have killed
legitimate workers. The 1024/1500 hard-coded values in the template
comfortably fit typical Divi/WooCommerce VSZ (280-365 MB).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
82 lines
3.7 KiB
Bash
82 lines
3.7 KiB
Bash
#!/usr/bin/env bash
|
|
## create-vhost-litespeed.sh — sets up OLS config for one customer site.
|
|
##
|
|
## Approach: keep the stock LiteSpeed-shipped httpd_config.conf VERBATIM
|
|
## (it has all the cgid/lscgid plumbing that lscgid needs to actually
|
|
## create its IPC socket), and just APPEND our listeners + vhTemplate.
|
|
## The custom vhost template lives at conf/templates/site.conf and points
|
|
## at /home/${user}/public_html. envsubst renders our user/domain into
|
|
## both files at container start.
|
|
##
|
|
## Expects in env: user, domain, serveralias (optional).
|
|
set -euo pipefail
|
|
|
|
TPL_DIR=${TPL_DIR:-/etc/lsws-templates}
|
|
LSWS_CONF=/usr/local/lsws/conf
|
|
|
|
## Ensure the conf dir has stock config to append to. On first boot with
|
|
## a fresh image this is a no-op (image ships with conf/ populated). With
|
|
## a future volume mount of conf/, the upstream entrypoint pattern would
|
|
## copy from .conf/* — keep parity:
|
|
if [ -z "$(ls -A -- "$LSWS_CONF/" 2>/dev/null)" ]; then
|
|
cp -R /usr/local/lsws/.conf/* "$LSWS_CONF/"
|
|
fi
|
|
|
|
## Build the serveralias suffix for vhDomain. Empty for none, else
|
|
## ",alias1,alias2" prepended to the comma list.
|
|
vhost_map_aliases=""
|
|
if [ -n "${serveralias:-}" ]; then
|
|
for alias in $(echo "$serveralias" | tr ',' ' '); do
|
|
[ -z "$alias" ] && continue
|
|
vhost_map_aliases="${vhost_map_aliases},${alias}"
|
|
done
|
|
fi
|
|
export vhost_map_aliases user domain
|
|
|
|
## --- prep the stock httpd_config.conf before appending ours ---
|
|
## Stock ships with `listener HTTP {*:80}`, `listener HTTPS {*:443}`, and
|
|
## a `vhTemplate docker` mapped to /var/www/vhosts/$VH_NAME/html — these
|
|
## conflict with our ports and would shadow our siteVH vhost. Strip them
|
|
## and the demo `virtualHost Example`, but KEEP `listener Default` (it's
|
|
## bound to 8088 — harmless internally, removing risks unrelated breakage).
|
|
## Always restart from a stock copy so re-runs are idempotent (otherwise
|
|
## a second sed pass on already-stripped config corrupts it).
|
|
cp /usr/local/lsws/.conf/httpd_config.conf "$LSWS_CONF/httpd_config.conf"
|
|
|
|
## Strip the stock blocks we replace. Use awk: easier than sed range-deletes
|
|
## to skip a NAMED block of arbitrary length terminated by a top-level `}`.
|
|
## extProcessor lsphp is stripped because the stock one hard-codes
|
|
## PHP_LSAPI_CHILDREN=10 regardless of container size — our appended
|
|
## extProcessor scales it from detect-memory-litespeed.sh.
|
|
awk '
|
|
BEGIN { skip = 0 }
|
|
/^listener HTTP \{/ || /^listener HTTPS \{/ || /^vhTemplate docker \{/ || /^extProcessor lsphp\{/ || /^extProcessor lsphp \{/ { skip = 1; next }
|
|
skip && /^\}/ { skip = 0; next }
|
|
!skip { print }
|
|
' "$LSWS_CONF/httpd_config.conf" > "$LSWS_CONF/httpd_config.conf.new"
|
|
mv "$LSWS_CONF/httpd_config.conf.new" "$LSWS_CONF/httpd_config.conf"
|
|
|
|
## --- append our listeners + vhTemplate ---
|
|
SENTINEL="## ---- cac-litespeed append (do not edit below) ----"
|
|
{
|
|
echo ""
|
|
echo "$SENTINEL"
|
|
envsubst '${user} ${domain} ${vhost_map_aliases} ${PHPVER} ${LSAPI_CHILDREN}' < "$TPL_DIR/httpd_config.tpl"
|
|
} >> "$LSWS_CONF/httpd_config.conf"
|
|
|
|
## --- write our vhost template to /usr/local/lsws/conf/templates/site.conf ---
|
|
envsubst '${user}' < "$TPL_DIR/site-template.tpl" \
|
|
> "$LSWS_CONF/templates/site.conf"
|
|
|
|
## --- per-vhost config file the vhTemplate will reference ---
|
|
## OLS creates conf/vhosts/$VH_NAME/ at template-instantiation time, but
|
|
## we pre-create it to satisfy the configFile path and write a minimal
|
|
## vhconf.conf (empty body — all real config is inline in the template's
|
|
## virtualHostConfig{} block).
|
|
mkdir -p "$LSWS_CONF/vhosts/siteVH"
|
|
echo "## auto-generated; real vhost config is in templates/site.conf" \
|
|
> "$LSWS_CONF/vhosts/siteVH/vhconf.conf"
|
|
|
|
## Permissions: OLS reads conf/ as lsadm. Don't break that.
|
|
chown -R lsadm:nogroup "$LSWS_CONF" 2>/dev/null || true
|