# # OpenLiteSpeed – Tuned for 24 GB RAM / 12 vCPU / NVMe – WordPress # Comments in EN to ease ops handover # serverName # Worker processes: OLS scales mainly with threads; too many workers increase RSS/lock contention. httpdWorkers 2 # Was 16; start with 2. Use 3–4 only if CPU remains idle under heavy TLS/static load. user runcloud-www group runcloud-www priority 0 autoRestart 1 chrootPath / enableChroot 0 # In-memory buffers for request/response parsing inMemBufSize 60M # Swap area for large req/resp buffering swappingDir /tmp/lsws-rc/swap autoFix503 1 gracefulRestartTimeout 300 mime conf/mime.properties showVersionNumber 0 adminEmails root@localhost indexFiles index.html, index.php disableWebAdmin 0 enableLVE 0 autoLoadHtaccess 1 # Keep .htaccess hot-reload; consider lowering reload frequency if CPU spikes listener http { address *:80 secure 0 map default * } listener http6 { address [ANY]:80 secure 0 map default * } listener https { address *:443 secure 1 keyFile /usr/local/lsws/conf/cert/server.key certFile /usr/local/lsws/conf/cert/server.crt certChain 1 sslProtocol 30 # Keep 1.2/1.3 as per your build; avoid legacy versions # sslSessionCache 1 # RECOMMENDED: enable TLS session cache to reduce handshakes # sslSessionTimeout 300 # 5 minutes is a good start # enableStapling 1 # RECOMMENDED: OCSP stapling for faster TLS trust # ocspRespMaxAge 86400 map default * } listener https6 { address [ANY]:443 secure 1 keyFile /usr/local/lsws/conf/cert/server.key certFile /usr/local/lsws/conf/cert/server.crt certChain 1 sslProtocol 30 # sslSessionCache 1 # sslSessionTimeout 300 # enableStapling 1 # ocspRespMaxAge 86400 map default * } errorlog logs/error.log { logLevel ERROR debugLevel 0 rollingSize 10M enableStderrLog 1 } accesslog logs/access.log { logReferer 1 logUserAgent 1 logFormat %a %l %u %t "%r" %>s %O "%{Referer}i" "%{User-Agent}i" logHeaders 5 rollingSize 10M keepDays 30 compressArchive 1 # Compress archived logs to save disk } expires { enableExpires 1 expiresByType image/*=A604800,text/css=A604800,application/x-javascript=A604800,text/javascript=A604800,font/*=A604800,application/x-font-ttf=A604800 } tuning { # Concurrency & timeouts maxConnections 10000 # Upper bound; ensure OS nofile/ulimits are set accordingly maxSSLConnections 10000 connTimeout 120 # Was 300; lower idle connection timeout to free sockets faster maxKeepAliveReq 10000 keepAliveTimeout 5 # Socket buffers (0 = system default, usually fine) sndBufSize 0 rcvBufSize 0 # Request/response limits maxReqURLLen 32768 maxReqHeaderSize 65536 maxReqBodySize 2047M maxDynRespHeaderSize 32768 maxDynRespSize 2047M # Static file caching (increase to leverage RAM/NVMe) maxCachedFileSize 1048576 # Was 4096 (4 KB). Now 1 MB to cache more static assets totalInMemCacheSize 256M # Was 20M; large RAM available, better hit ratio maxMMapFileSize 4M # Was 256K; mmap bigger files totalMMapCacheSize 512M # Was 40M; faster static file serving useSendfile 1 fileETag 28 # Consider disabling if behind CDN to avoid cache mismatches # Compression enableGzipCompress 1 compressibleTypes default enableDynGzipCompress 1 gzipCompressLevel 6 gzipAutoUpdateStatic 1 gzipStaticCompressLevel 6 brStaticCompressLevel 6 gzipMaxFileSize 10M gzipMinFileSize 1024 # Was 300; avoid compressing tiny payloads # enableBr 1 # If dynamic Brotli is available in your build, enable it # HTTP/3 (QUIC) quicEnable 1 quicShmDir /dev/shm } fileAccessControl { followSymbolLink 1 checkSymbolLink 0 requiredPermissionMask 000 restrictedPermissionMask 000 } perClientConnLimit { # Apply reasonable per-client limits to reduce abuse/DoS risk staticReqPerSec 0 dynReqPerSec 0 outBandwidth 0 inBandwidth 0 softLimit 200 # Was 10000; conservative, increase if you have many HTTP/2 multiplexed streams per client hardLimit 400 gracePeriod 15 banPeriod 300 } CGIRLimit { maxCGIInstances 20 minUID 11 minGID 10 priority 0 CPUSoftLimit 10 CPUHardLimit 50 memSoftLimit 1460M memHardLimit 1470M procSoftLimit 400 procHardLimit 450 } accessDenyDir { dir / dir /etc/* dir /dev/* dir conf/* dir admin/conf/* } accessControl { allow ALL } module cache { ls_enabled 1 checkPrivateCache 1 checkPublicCache 1 maxCacheObjSize 10000000 # ~10 MB maxStaleAge 200 qsCache 1 reqCookieCache 1 respCookieCache 1 ignoreReqCacheCtrl 1 ignoreRespCacheCtrl 0 enableCache 0 # Set to 1 ONLY if WordPress LiteSpeed Cache plugin is installed & configured expireInSeconds 3600 enablePrivateCache 0 privateExpireInSeconds 3600 } include /etc/lsws-rc/default.d/*.conf include /etc/lsws-rc/conf.d/*.conf