revert docker-compose.yml

Update to the current versions of OLS 1.8.5, PHP lsphp85, Maria DB 11.8 LTS

.env

@@ -1,18 +1,9 @@
-LITESPEED=1.5.10wp
-
-WEB_ADMIN=123456
-
+TimeZone=America/New_York
+OLS_VERSION=1.8.5
+PHP_VERSION=lsphp85
+PHPMYADMIN_VERSION=5.2.3
+MYSQL_ROOT_PASSWORD=your_root_password
 MYSQL_DATABASE=wordpress
-MYSQL_ROOT_PASSWORD=password
 MYSQL_USER=wordpress
-MYSQL_PASSWORD=password
-
-#wordpress
-DOMAIN=127.0.0.1
-ADMIN_USERNAME=admin
-ADMIN_PASSWORD=password
-ADMIN_EMAIL=test@test.com
-WP_TITLE=OpenLiteSpeed running in docker
-WP_DB_PREFIX=wp_
-
-
+MYSQL_PASSWORD=your_password
+DOMAIN=localhost

.gitattributes

@@ -0,0 +1,20 @@
+#
+# Configure line ending normalisation for this repository.
+# See http://schacon.github.io/git/gitattributes.html for more information.
+#
+# Also each developer should configure the old style normalisation on her workstation
+# (see http://timclem.wordpress.com/2012/03/01/mind-the-end-of-your-line/):
+#
+# Windows user should use: git config --global core.autocrlf = true
+# Unix/Linux users should use: git config --global core.autocrlf = input
+#
+
+# Auto detect text files and perform LF normalization
+*       text=auto
+
+*.txt   text
+*.xml   text diff=xml
+# Shell scripts require LF
+*.sh    text eol=lf
+# Batch scripts require CRLF
+*.bat   text eol=crlf

.github/workflows/docker.yml

@@ -0,0 +1,28 @@
+name: docker-build
+
+on:
+  push:
+    branches:
+      - master
+
+  pull_request:
+    branches:
+      - master
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Setup
+        run: |
+          docker compose version
+          docker compose up -d
+          docker image ls
+          sleep 10
+      - name: Verify
+        run: bash .travis/verify.sh    
+      - name: Clean up 
+        run: |
+         docker compose stop
+         docker compose rm -f            

.gitignore

@@ -0,0 +1,5 @@
+data
+latest.yml
+config
+lsws/conf
+certs

.travis.yml.bk

@@ -0,0 +1,44 @@
+language: shell
+os: linux
+
+notifications:
+  email:
+    on_success: never
+    on_failure: always
+  slack:
+    secure: mSj4SYM4weApU3Ct+nqdaHkLw0J/q5+VH1q0LYnviZ06UpRU/N6lricfu9ihgND2VJ+cwfuQpAegdI1cDFzxDRpZpnzU9Db4N7OW5cDkb8eHpy6XhjQYi5KqWfgamh2UwiqYGgoQBc4gXhGDlChjJQopM+qPesHO9y/ucFAjxdlkEHVdZKNYDiVfiOKCGBzDuP+PbOPiZiqQFBgmFs1YLLrrQ7y5dgdoiai2I72MAN0kngoNB9ZsUgtQ63WTdgPKJOiX+oQMMXgYoP0+9iIhS6/cKHs64Z7jPreYYuWWMTnQPdvaIgh4ASIhUE6FVI5SdFxmajVik8SMlRK1rQApQLJ9wOJammUJHCSI4jfEVQ5H2og9R3+BA0qspBQVZXMTCYfX10Up1tmL+Kev1Za335v2z046gzX4aTiWBxi1I9mYmnYKQiGuaIG5crkPodIAeS9HX/DulMUhPRpa0Djwi7ZJlCAzfuEGDgAlWt/oWfIw66unTY/G6cEaxeEbZ3Ho+bPy48dRxhYW5kRHR1OuHqqfNULYeAGm6AIF3ng+2GjvXh6rhqmstBh/myROqM3X7ofUzEJRo9ow+hDroZLE4mfavn4UAnQybN7FfzuJiOoYTmcws7JzYD8b/G+Aynjw04m0ojDDJN0fVgQ+qltMoCfFMhx8FscF/QjGo/T/zc4=
+    template:
+      - "Repo %{repository_slug} *%{result}* build (<%{build_url}|#%{build_number}>) for commit (<%{compare_url}|%{commit}>)"
+      - "%{author}: _%{commit_message}_"
+      - "Execution time: *%{duration}*"
+      - "Message: *%{message}*"
+    on_success: always
+
+services:
+  - docker
+
+env:
+  - DOCKER_COMPOSE_VERSION=1.25.0
+
+before_install:
+  - bash .travis/main.sh
+
+install:
+  - git clone https://github.com/litespeedtech/ols-docker-env.git
+  - docker-compose up -d
+
+before_script:
+  - docker image ls
+  - sleep 10
+
+script:  
+  - bash .travis/verify.sh
+
+after_script:
+  - docker-compose stop
+  - docker-compose rm -f
+
+
+
+
+

.travis/main.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+
+set -o errexit
+
+setup_dependencies() {
+    echo "INFO: Setting up dependencies."
+    sudo apt-get install git -y
+    sudo rm /usr/local/bin/docker-compose
+    curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` \
+        > docker-compose
+    chmod +x docker-compose
+    sudo mv docker-compose /usr/local/bin
+    docker-compose --version
+}
+
+update_docker_configuration() {
+    echo "INFO: Updating docker configuration."
+    echo '{
+    "experimental": true,
+    "storage-driver": "overlay2",
+    "max-concurrent-downloads": 50,
+    "max-concurrent-uploads": 50
+}' | sudo tee /etc/docker/daemon.json  
+    sudo service docker restart  
+}    
+
+main() {
+  setup_dependencies
+  update_docker_configuration
+  echo "SUCCESS: Done! Finished setting up Travis machine."
+}
+
+main

.travis/verify.sh

@@ -0,0 +1,110 @@
+#!/bin/bash
+
+set -o errexit
+EX_DM='example.com' 
+
+install_demo(){
+    ./bin/demosite.sh
+}
+
+verify_lsws(){
+    curl -sIk http://localhost:7080/ | grep -i LiteSpeed
+    if [ ${?} = 0 ]; then
+        echo '[O]  https://localhost:7080/'
+    else
+        echo '[X]  https://localhost:7080/'
+        exit 1
+    fi          
+}    
+
+verify_page(){
+    curl -sIk http://localhost:80/ | grep -i WordPress
+    if [ ${?} = 0 ]; then
+        echo '[O]  http://localhost:80/' 
+    else
+        echo '[X]  http://localhost:80/'
+        curl -sIk http://localhost:80/
+        exit 1
+    fi        
+    curl -sIk https://localhost:443/ | grep -i WordPress
+    if [ ${?} = 0 ]; then
+        echo '[O]  https://localhost:443/' 
+    else
+        echo '[X]  https://localhost:443/'
+        curl -sIk https://localhost:443/
+        exit 1
+    fi       
+}
+
+verify_phpadmin(){
+    curl -sIk http://localhost:8080/ | grep -i phpMyAdmin
+    if [ ${?} = 0 ]; then
+        echo '[O]  http://localhost:8080/' 
+    else
+        echo '[X]  http://localhost:8080/'
+        exit 1
+    fi     
+}
+
+verify_add_vh_wp(){
+    echo "Setup a WordPress site with ${EX_DM} domain"
+    bash bin/domain.sh --add "${EX_DM}"
+    bash bin/database.sh --domain "${EX_DM}"
+    bash bin/appinstall.sh --app wordpress --domain "${EX_DM}"
+    curl -sIk http://${EX_DM}:80/ --resolve ${EX_DM}:80:127.0.0.1 | grep -i WordPress
+    if [ ${?} = 0 ]; then
+        echo "[O]  http://${EX_DM}:80/"
+    else
+        echo "[X]  http://${EX_DM}:80/"
+        curl -sIk http://${EX_DM}:80/
+        exit 1
+    fi
+}
+verify_del_vh_wp(){
+    echo "Remove ${EX_DM} domain"
+    bash bin/domain.sh --del ${EX_DM}
+    if [ ${?} = 0 ]; then
+        echo "[O]  ${EX_DM} VH is removed"
+    else
+        echo "[X]  ${EX_DM} VH is not removed"
+        exit 1
+    fi
+    echo "Remove examplecom DataBase"
+    bash bin/database.sh --delete -DB examplecom
+}
+
+verify_owasp(){
+    echo 'Updating LSWS'
+    bash bin/webadmin.sh --upgrade 2>&1 /dev/null
+    echo 'Enabling OWASP'
+    bash bin/webadmin.sh --mod-secure enable
+    curl -sIk http://localhost:80/phpinfo.php | awk '/HTTP/ && /403/'
+    if [ ${?} = 0 ]; then
+        echo '[O]  OWASP enable' 
+    else
+        echo '[X]  OWASP enable'
+        curl -sIk http://localhost:80/phpinfo.php | awk '/HTTP/ && /403/'
+        exit 1
+    fi
+    bash bin/webadmin.sh --mod-secure disable
+    curl -sIk http://localhost:80/phpinfo.php | grep -i WordPress
+    if [ ${?} = 0 ]; then
+        echo '[O]  OWASP disable' 
+    else
+        echo '[X]  OWASP disable'
+        curl -sIk http://localhost:80/phpinfo.php
+        exit 1
+    fi       
+}
+
+
+main(){
+    verify_lsws
+    verify_phpadmin
+    install_demo
+    verify_page
+    verify_owasp
+    verify_add_vh_wp
+    verify_del_vh_wp
+}
+main

LICENSE

@@ -1,674 +1,21 @@
-                    GNU GENERAL PUBLIC LICENSE
-                       Version 3, 29 June 2007
-
- Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-                            Preamble
-
-  The GNU General Public License is a free, copyleft license for
-software and other kinds of works.
-
-  The licenses for most software and other practical works are designed
-to take away your freedom to share and change the works.  By contrast,
-the GNU General Public License is intended to guarantee your freedom to
-share and change all versions of a program--to make sure it remains free
-software for all its users.  We, the Free Software Foundation, use the
-GNU General Public License for most of our software; it applies also to
-any other work released this way by its authors.  You can apply it to
-your programs, too.
-
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-them if you wish), that you receive source code or can get it if you
-want it, that you can change the software or use pieces of it in new
-free programs, and that you know you can do these things.
-
-  To protect your rights, we need to prevent others from denying you
-these rights or asking you to surrender the rights.  Therefore, you have
-certain responsibilities if you distribute copies of the software, or if
-you modify it: responsibilities to respect the freedom of others.
-
-  For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must pass on to the recipients the same
-freedoms that you received.  You must make sure that they, too, receive
-or can get the source code.  And you must show them these terms so they
-know their rights.
-
-  Developers that use the GNU GPL protect your rights with two steps:
-(1) assert copyright on the software, and (2) offer you this License
-giving you legal permission to copy, distribute and/or modify it.
-
-  For the developers' and authors' protection, the GPL clearly explains
-that there is no warranty for this free software.  For both users' and
-authors' sake, the GPL requires that modified versions be marked as
-changed, so that their problems will not be attributed erroneously to
-authors of previous versions.
-
-  Some devices are designed to deny users access to install or run
-modified versions of the software inside them, although the manufacturer
-can do so.  This is fundamentally incompatible with the aim of
-protecting users' freedom to change the software.  The systematic
-pattern of such abuse occurs in the area of products for individuals to
-use, which is precisely where it is most unacceptable.  Therefore, we
-have designed this version of the GPL to prohibit the practice for those
-products.  If such problems arise substantially in other domains, we
-stand ready to extend this provision to those domains in future versions
-of the GPL, as needed to protect the freedom of users.
-
-  Finally, every program is threatened constantly by software patents.
-States should not allow patents to restrict development and use of
-software on general-purpose computers, but in those that do, we wish to
-avoid the special danger that patents applied to a free program could
-make it effectively proprietary.  To prevent this, the GPL assures that
-patents cannot be used to render the program non-free.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.
-
-                       TERMS AND CONDITIONS
-
-  0. Definitions.
-
-  "This License" refers to version 3 of the GNU General Public License.
-
-  "Copyright" also means copyright-like laws that apply to other kinds of
-works, such as semiconductor masks.
-
-  "The Program" refers to any copyrightable work licensed under this
-License.  Each licensee is addressed as "you".  "Licensees" and
-"recipients" may be individuals or organizations.
-
-  To "modify" a work means to copy from or adapt all or part of the work
-in a fashion requiring copyright permission, other than the making of an
-exact copy.  The resulting work is called a "modified version" of the
-earlier work or a work "based on" the earlier work.
-
-  A "covered work" means either the unmodified Program or a work based
-on the Program.
-
-  To "propagate" a work means to do anything with it that, without
-permission, would make you directly or secondarily liable for
-infringement under applicable copyright law, except executing it on a
-computer or modifying a private copy.  Propagation includes copying,
-distribution (with or without modification), making available to the
-public, and in some countries other activities as well.
-
-  To "convey" a work means any kind of propagation that enables other
-parties to make or receive copies.  Mere interaction with a user through
-a computer network, with no transfer of a copy, is not conveying.
-
-  An interactive user interface displays "Appropriate Legal Notices"
-to the extent that it includes a convenient and prominently visible
-feature that (1) displays an appropriate copyright notice, and (2)
-tells the user that there is no warranty for the work (except to the
-extent that warranties are provided), that licensees may convey the
-work under this License, and how to view a copy of this License.  If
-the interface presents a list of user commands or options, such as a
-menu, a prominent item in the list meets this criterion.
-
-  1. Source Code.
-
-  The "source code" for a work means the preferred form of the work
-for making modifications to it.  "Object code" means any non-source
-form of a work.
-
-  A "Standard Interface" means an interface that either is an official
-standard defined by a recognized standards body, or, in the case of
-interfaces specified for a particular programming language, one that
-is widely used among developers working in that language.
-
-  The "System Libraries" of an executable work include anything, other
-than the work as a whole, that (a) is included in the normal form of
-packaging a Major Component, but which is not part of that Major
-Component, and (b) serves only to enable use of the work with that
-Major Component, or to implement a Standard Interface for which an
-implementation is available to the public in source code form.  A
-"Major Component", in this context, means a major essential component
-(kernel, window system, and so on) of the specific operating system
-(if any) on which the executable work runs, or a compiler used to
-produce the work, or an object code interpreter used to run it.
-
-  The "Corresponding Source" for a work in object code form means all
-the source code needed to generate, install, and (for an executable
-work) run the object code and to modify the work, including scripts to
-control those activities.  However, it does not include the work's
-System Libraries, or general-purpose tools or generally available free
-programs which are used unmodified in performing those activities but
-which are not part of the work.  For example, Corresponding Source
-includes interface definition files associated with source files for
-the work, and the source code for shared libraries and dynamically
-linked subprograms that the work is specifically designed to require,
-such as by intimate data communication or control flow between those
-subprograms and other parts of the work.
-
-  The Corresponding Source need not include anything that users
-can regenerate automatically from other parts of the Corresponding
-Source.
-
-  The Corresponding Source for a work in source code form is that
-same work.
-
-  2. Basic Permissions.
-
-  All rights granted under this License are granted for the term of
-copyright on the Program, and are irrevocable provided the stated
-conditions are met.  This License explicitly affirms your unlimited
-permission to run the unmodified Program.  The output from running a
-covered work is covered by this License only if the output, given its
-content, constitutes a covered work.  This License acknowledges your
-rights of fair use or other equivalent, as provided by copyright law.
-
-  You may make, run and propagate covered works that you do not
-convey, without conditions so long as your license otherwise remains
-in force.  You may convey covered works to others for the sole purpose
-of having them make modifications exclusively for you, or provide you
-with facilities for running those works, provided that you comply with
-the terms of this License in conveying all material for which you do
-not control copyright.  Those thus making or running the covered works
-for you must do so exclusively on your behalf, under your direction
-and control, on terms that prohibit them from making any copies of
-your copyrighted material outside their relationship with you.
-
-  Conveying under any other circumstances is permitted solely under
-the conditions stated below.  Sublicensing is not allowed; section 10
-makes it unnecessary.
-
-  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
-
-  No covered work shall be deemed part of an effective technological
-measure under any applicable law fulfilling obligations under article
-11 of the WIPO copyright treaty adopted on 20 December 1996, or
-similar laws prohibiting or restricting circumvention of such
-measures.
-
-  When you convey a covered work, you waive any legal power to forbid
-circumvention of technological measures to the extent such circumvention
-is effected by exercising rights under this License with respect to
-the covered work, and you disclaim any intention to limit operation or
-modification of the work as a means of enforcing, against the work's
-users, your or third parties' legal rights to forbid circumvention of
-technological measures.
-
-  4. Conveying Verbatim Copies.
-
-  You may convey verbatim copies of the Program's source code as you
-receive it, in any medium, provided that you conspicuously and
-appropriately publish on each copy an appropriate copyright notice;
-keep intact all notices stating that this License and any
-non-permissive terms added in accord with section 7 apply to the code;
-keep intact all notices of the absence of any warranty; and give all
-recipients a copy of this License along with the Program.
-
-  You may charge any price or no price for each copy that you convey,
-and you may offer support or warranty protection for a fee.
-
-  5. Conveying Modified Source Versions.
-
-  You may convey a work based on the Program, or the modifications to
-produce it from the Program, in the form of source code under the
-terms of section 4, provided that you also meet all of these conditions:
-
-    a) The work must carry prominent notices stating that you modified
-    it, and giving a relevant date.
-
-    b) The work must carry prominent notices stating that it is
-    released under this License and any conditions added under section
-    7.  This requirement modifies the requirement in section 4 to
-    "keep intact all notices".
-
-    c) You must license the entire work, as a whole, under this
-    License to anyone who comes into possession of a copy.  This
-    License will therefore apply, along with any applicable section 7
-    additional terms, to the whole of the work, and all its parts,
-    regardless of how they are packaged.  This License gives no
-    permission to license the work in any other way, but it does not
-    invalidate such permission if you have separately received it.
-
-    d) If the work has interactive user interfaces, each must display
-    Appropriate Legal Notices; however, if the Program has interactive
-    interfaces that do not display Appropriate Legal Notices, your
-    work need not make them do so.
-
-  A compilation of a covered work with other separate and independent
-works, which are not by their nature extensions of the covered work,
-and which are not combined with it such as to form a larger program,
-in or on a volume of a storage or distribution medium, is called an
-"aggregate" if the compilation and its resulting copyright are not
-used to limit the access or legal rights of the compilation's users
-beyond what the individual works permit.  Inclusion of a covered work
-in an aggregate does not cause this License to apply to the other
-parts of the aggregate.
-
-  6. Conveying Non-Source Forms.
-
-  You may convey a covered work in object code form under the terms
-of sections 4 and 5, provided that you also convey the
-machine-readable Corresponding Source under the terms of this License,
-in one of these ways:
-
-    a) Convey the object code in, or embodied in, a physical product
-    (including a physical distribution medium), accompanied by the
-    Corresponding Source fixed on a durable physical medium
-    customarily used for software interchange.
-
-    b) Convey the object code in, or embodied in, a physical product
-    (including a physical distribution medium), accompanied by a
-    written offer, valid for at least three years and valid for as
-    long as you offer spare parts or customer support for that product
-    model, to give anyone who possesses the object code either (1) a
-    copy of the Corresponding Source for all the software in the
-    product that is covered by this License, on a durable physical
-    medium customarily used for software interchange, for a price no
-    more than your reasonable cost of physically performing this
-    conveying of source, or (2) access to copy the
-    Corresponding Source from a network server at no charge.
-
-    c) Convey individual copies of the object code with a copy of the
-    written offer to provide the Corresponding Source.  This
-    alternative is allowed only occasionally and noncommercially, and
-    only if you received the object code with such an offer, in accord
-    with subsection 6b.
-
-    d) Convey the object code by offering access from a designated
-    place (gratis or for a charge), and offer equivalent access to the
-    Corresponding Source in the same way through the same place at no
-    further charge.  You need not require recipients to copy the
-    Corresponding Source along with the object code.  If the place to
-    copy the object code is a network server, the Corresponding Source
-    may be on a different server (operated by you or a third party)
-    that supports equivalent copying facilities, provided you maintain
-    clear directions next to the object code saying where to find the
-    Corresponding Source.  Regardless of what server hosts the
-    Corresponding Source, you remain obligated to ensure that it is
-    available for as long as needed to satisfy these requirements.
-
-    e) Convey the object code using peer-to-peer transmission, provided
-    you inform other peers where the object code and Corresponding
-    Source of the work are being offered to the general public at no
-    charge under subsection 6d.
-
-  A separable portion of the object code, whose source code is excluded
-from the Corresponding Source as a System Library, need not be
-included in conveying the object code work.
-
-  A "User Product" is either (1) a "consumer product", which means any
-tangible personal property which is normally used for personal, family,
-or household purposes, or (2) anything designed or sold for incorporation
-into a dwelling.  In determining whether a product is a consumer product,
-doubtful cases shall be resolved in favor of coverage.  For a particular
-product received by a particular user, "normally used" refers to a
-typical or common use of that class of product, regardless of the status
-of the particular user or of the way in which the particular user
-actually uses, or expects or is expected to use, the product.  A product
-is a consumer product regardless of whether the product has substantial
-commercial, industrial or non-consumer uses, unless such uses represent
-the only significant mode of use of the product.
-
-  "Installation Information" for a User Product means any methods,
-procedures, authorization keys, or other information required to install
-and execute modified versions of a covered work in that User Product from
-a modified version of its Corresponding Source.  The information must
-suffice to ensure that the continued functioning of the modified object
-code is in no case prevented or interfered with solely because
-modification has been made.
-
-  If you convey an object code work under this section in, or with, or
-specifically for use in, a User Product, and the conveying occurs as
-part of a transaction in which the right of possession and use of the
-User Product is transferred to the recipient in perpetuity or for a
-fixed term (regardless of how the transaction is characterized), the
-Corresponding Source conveyed under this section must be accompanied
-by the Installation Information.  But this requirement does not apply
-if neither you nor any third party retains the ability to install
-modified object code on the User Product (for example, the work has
-been installed in ROM).
-
-  The requirement to provide Installation Information does not include a
-requirement to continue to provide support service, warranty, or updates
-for a work that has been modified or installed by the recipient, or for
-the User Product in which it has been modified or installed.  Access to a
-network may be denied when the modification itself materially and
-adversely affects the operation of the network or violates the rules and
-protocols for communication across the network.
-
-  Corresponding Source conveyed, and Installation Information provided,
-in accord with this section must be in a format that is publicly
-documented (and with an implementation available to the public in
-source code form), and must require no special password or key for
-unpacking, reading or copying.
-
-  7. Additional Terms.
-
-  "Additional permissions" are terms that supplement the terms of this
-License by making exceptions from one or more of its conditions.
-Additional permissions that are applicable to the entire Program shall
-be treated as though they were included in this License, to the extent
-that they are valid under applicable law.  If additional permissions
-apply only to part of the Program, that part may be used separately
-under those permissions, but the entire Program remains governed by
-this License without regard to the additional permissions.
-
-  When you convey a copy of a covered work, you may at your option
-remove any additional permissions from that copy, or from any part of
-it.  (Additional permissions may be written to require their own
-removal in certain cases when you modify the work.)  You may place
-additional permissions on material, added by you to a covered work,
-for which you have or can give appropriate copyright permission.
-
-  Notwithstanding any other provision of this License, for material you
-add to a covered work, you may (if authorized by the copyright holders of
-that material) supplement the terms of this License with terms:
-
-    a) Disclaiming warranty or limiting liability differently from the
-    terms of sections 15 and 16 of this License; or
-
-    b) Requiring preservation of specified reasonable legal notices or
-    author attributions in that material or in the Appropriate Legal
-    Notices displayed by works containing it; or
-
-    c) Prohibiting misrepresentation of the origin of that material, or
-    requiring that modified versions of such material be marked in
-    reasonable ways as different from the original version; or
-
-    d) Limiting the use for publicity purposes of names of licensors or
-    authors of the material; or
-
-    e) Declining to grant rights under trademark law for use of some
-    trade names, trademarks, or service marks; or
-
-    f) Requiring indemnification of licensors and authors of that
-    material by anyone who conveys the material (or modified versions of
-    it) with contractual assumptions of liability to the recipient, for
-    any liability that these contractual assumptions directly impose on
-    those licensors and authors.
-
-  All other non-permissive additional terms are considered "further
-restrictions" within the meaning of section 10.  If the Program as you
-received it, or any part of it, contains a notice stating that it is
-governed by this License along with a term that is a further
-restriction, you may remove that term.  If a license document contains
-a further restriction but permits relicensing or conveying under this
-License, you may add to a covered work material governed by the terms
-of that license document, provided that the further restriction does
-not survive such relicensing or conveying.
-
-  If you add terms to a covered work in accord with this section, you
-must place, in the relevant source files, a statement of the
-additional terms that apply to those files, or a notice indicating
-where to find the applicable terms.
-
-  Additional terms, permissive or non-permissive, may be stated in the
-form of a separately written license, or stated as exceptions;
-the above requirements apply either way.
-
-  8. Termination.
-
-  You may not propagate or modify a covered work except as expressly
-provided under this License.  Any attempt otherwise to propagate or
-modify it is void, and will automatically terminate your rights under
-this License (including any patent licenses granted under the third
-paragraph of section 11).
-
-  However, if you cease all violation of this License, then your
-license from a particular copyright holder is reinstated (a)
-provisionally, unless and until the copyright holder explicitly and
-finally terminates your license, and (b) permanently, if the copyright
-holder fails to notify you of the violation by some reasonable means
-prior to 60 days after the cessation.
-
-  Moreover, your license from a particular copyright holder is
-reinstated permanently if the copyright holder notifies you of the
-violation by some reasonable means, this is the first time you have
-received notice of violation of this License (for any work) from that
-copyright holder, and you cure the violation prior to 30 days after
-your receipt of the notice.
-
-  Termination of your rights under this section does not terminate the
-licenses of parties who have received copies or rights from you under
-this License.  If your rights have been terminated and not permanently
-reinstated, you do not qualify to receive new licenses for the same
-material under section 10.
-
-  9. Acceptance Not Required for Having Copies.
-
-  You are not required to accept this License in order to receive or
-run a copy of the Program.  Ancillary propagation of a covered work
-occurring solely as a consequence of using peer-to-peer transmission
-to receive a copy likewise does not require acceptance.  However,
-nothing other than this License grants you permission to propagate or
-modify any covered work.  These actions infringe copyright if you do
-not accept this License.  Therefore, by modifying or propagating a
-covered work, you indicate your acceptance of this License to do so.
-
-  10. Automatic Licensing of Downstream Recipients.
-
-  Each time you convey a covered work, the recipient automatically
-receives a license from the original licensors, to run, modify and
-propagate that work, subject to this License.  You are not responsible
-for enforcing compliance by third parties with this License.
-
-  An "entity transaction" is a transaction transferring control of an
-organization, or substantially all assets of one, or subdividing an
-organization, or merging organizations.  If propagation of a covered
-work results from an entity transaction, each party to that
-transaction who receives a copy of the work also receives whatever
-licenses to the work the party's predecessor in interest had or could
-give under the previous paragraph, plus a right to possession of the
-Corresponding Source of the work from the predecessor in interest, if
-the predecessor has it or can get it with reasonable efforts.
-
-  You may not impose any further restrictions on the exercise of the
-rights granted or affirmed under this License.  For example, you may
-not impose a license fee, royalty, or other charge for exercise of
-rights granted under this License, and you may not initiate litigation
-(including a cross-claim or counterclaim in a lawsuit) alleging that
-any patent claim is infringed by making, using, selling, offering for
-sale, or importing the Program or any portion of it.
-
-  11. Patents.
-
-  A "contributor" is a copyright holder who authorizes use under this
-License of the Program or a work on which the Program is based.  The
-work thus licensed is called the contributor's "contributor version".
-
-  A contributor's "essential patent claims" are all patent claims
-owned or controlled by the contributor, whether already acquired or
-hereafter acquired, that would be infringed by some manner, permitted
-by this License, of making, using, or selling its contributor version,
-but do not include claims that would be infringed only as a
-consequence of further modification of the contributor version.  For
-purposes of this definition, "control" includes the right to grant
-patent sublicenses in a manner consistent with the requirements of
-this License.
-
-  Each contributor grants you a non-exclusive, worldwide, royalty-free
-patent license under the contributor's essential patent claims, to
-make, use, sell, offer for sale, import and otherwise run, modify and
-propagate the contents of its contributor version.
-
-  In the following three paragraphs, a "patent license" is any express
-agreement or commitment, however denominated, not to enforce a patent
-(such as an express permission to practice a patent or covenant not to
-sue for patent infringement).  To "grant" such a patent license to a
-party means to make such an agreement or commitment not to enforce a
-patent against the party.
-
-  If you convey a covered work, knowingly relying on a patent license,
-and the Corresponding Source of the work is not available for anyone
-to copy, free of charge and under the terms of this License, through a
-publicly available network server or other readily accessible means,
-then you must either (1) cause the Corresponding Source to be so
-available, or (2) arrange to deprive yourself of the benefit of the
-patent license for this particular work, or (3) arrange, in a manner
-consistent with the requirements of this License, to extend the patent
-license to downstream recipients.  "Knowingly relying" means you have
-actual knowledge that, but for the patent license, your conveying the
-covered work in a country, or your recipient's use of the covered work
-in a country, would infringe one or more identifiable patents in that
-country that you have reason to believe are valid.
-
-  If, pursuant to or in connection with a single transaction or
-arrangement, you convey, or propagate by procuring conveyance of, a
-covered work, and grant a patent license to some of the parties
-receiving the covered work authorizing them to use, propagate, modify
-or convey a specific copy of the covered work, then the patent license
-you grant is automatically extended to all recipients of the covered
-work and works based on it.
-
-  A patent license is "discriminatory" if it does not include within
-the scope of its coverage, prohibits the exercise of, or is
-conditioned on the non-exercise of one or more of the rights that are
-specifically granted under this License.  You may not convey a covered
-work if you are a party to an arrangement with a third party that is
-in the business of distributing software, under which you make payment
-to the third party based on the extent of your activity of conveying
-the work, and under which the third party grants, to any of the
-parties who would receive the covered work from you, a discriminatory
-patent license (a) in connection with copies of the covered work
-conveyed by you (or copies made from those copies), or (b) primarily
-for and in connection with specific products or compilations that
-contain the covered work, unless you entered into that arrangement,
-or that patent license was granted, prior to 28 March 2007.
-
-  Nothing in this License shall be construed as excluding or limiting
-any implied license or other defenses to infringement that may
-otherwise be available to you under applicable patent law.
-
-  12. No Surrender of Others' Freedom.
-
-  If conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot convey a
-covered work so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you may
-not convey it at all.  For example, if you agree to terms that obligate you
-to collect a royalty for further conveying from those to whom you convey
-the Program, the only way you could satisfy both those terms and this
-License would be to refrain entirely from conveying the Program.
-
-  13. Use with the GNU Affero General Public License.
-
-  Notwithstanding any other provision of this License, you have
-permission to link or combine any covered work with a work licensed
-under version 3 of the GNU Affero General Public License into a single
-combined work, and to convey the resulting work.  The terms of this
-License will continue to apply to the part which is the covered work,
-but the special requirements of the GNU Affero General Public License,
-section 13, concerning interaction through a network will apply to the
-combination as such.
-
-  14. Revised Versions of this License.
-
-  The Free Software Foundation may publish revised and/or new versions of
-the GNU General Public License from time to time.  Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-  Each version is given a distinguishing version number.  If the
-Program specifies that a certain numbered version of the GNU General
-Public License "or any later version" applies to it, you have the
-option of following the terms and conditions either of that numbered
-version or of any later version published by the Free Software
-Foundation.  If the Program does not specify a version number of the
-GNU General Public License, you may choose any version ever published
-by the Free Software Foundation.
-
-  If the Program specifies that a proxy can decide which future
-versions of the GNU General Public License can be used, that proxy's
-public statement of acceptance of a version permanently authorizes you
-to choose that version for the Program.
-
-  Later license versions may give you additional or different
-permissions.  However, no additional obligations are imposed on any
-author or copyright holder as a result of your choosing to follow a
-later version.
-
-  15. Disclaimer of Warranty.
-
-  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
-APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
-HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
-OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
-THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
-IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
-ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
-
-  16. Limitation of Liability.
-
-  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
-THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
-GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
-USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
-DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
-PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
-EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGES.
-
-  17. Interpretation of Sections 15 and 16.
-
-  If the disclaimer of warranty and limitation of liability provided
-above cannot be given local legal effect according to their terms,
-reviewing courts shall apply local law that most closely approximates
-an absolute waiver of all civil liability in connection with the
-Program, unless a warranty or assumption of liability accompanies a
-copy of the Program in return for a fee.
-
-                     END OF TERMS AND CONDITIONS
-
-            How to Apply These Terms to Your New Programs
-
-  If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
-  To do so, attach the following notices to the program.  It is safest
-to attach them to the start of each source file to most effectively
-state the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-    <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) <year>  <name of author>
-
-    This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation, either version 3 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-Also add information on how to contact you by electronic and paper mail.
-
-  If the program does terminal interaction, make it output a short
-notice like this when it starts in an interactive mode:
-
-    <program>  Copyright (C) <year>  <name of author>
-    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-    This is free software, and you are welcome to redistribute it
-    under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License.  Of course, your program's commands
-might be different; for a GUI interface, you would use an "about box".
-
-  You should also get your employer (if you work as a programmer) or school,
-if any, to sign a "copyright disclaimer" for the program, if necessary.
-For more information on this, and how to apply and follow the GNU GPL, see
-<https://www.gnu.org/licenses/>.
-
-  The GNU General Public License does not permit incorporating your program
-into proprietary programs.  If your program is a subroutine library, you
-may consider it more useful to permit linking proprietary applications with
-the library.  If this is what you want to do, use the GNU Lesser General
-Public License instead of this License.  But first, please read
-<https://www.gnu.org/licenses/why-not-lgpl.html>.
+MIT License
+
+Copyright (c) 2019 - 2022 Litespeedtech
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -1,56 +1,324 @@
-# OpenLiteSpeed WordPress Docker Container (beta)
-Lightweight WordPress container with OpenLiteSpeed 1.5.10 & PHP 7.3 based on Ubuntu 18.04 Linux.
+# OpenLiteSpeed WordPress Docker Container
 
-WordPress version will install: Latest
+![ols-docker-env](https://socialify.git.ci/litespeedtech/ols-docker-env/image?custom_language=Shell&description=1&font=Inter&forks=1&issues=1&language=1&logo=https%3A%2F%2Fwww.litespeedtech.com%2Fimages%2Flogos%2Flitespeed%2Flitespeed-logo-square.svg&name=1&owner=1&pattern=Plus&pulls=1&stargazers=1&theme=Auto)
+
+[![Build Status](https://github.com/litespeedtech/ols-docker-env/workflows/docker-build/badge.svg)](https://github.com/litespeedtech/ols-docker-env/actions/)
+[![docker pulls](https://img.shields.io/docker/pulls/litespeedtech/openlitespeed?style=flat&color=blue)](https://hub.docker.com/r/litespeedtech/openlitespeed)
+[![LiteSpeed on Slack](https://img.shields.io/badge/slack-LiteSpeed-blue.svg?logo=slack)](https://litespeedtech.com/slack)
+[![Follow on Twitter](https://img.shields.io/twitter/follow/litespeedtech.svg?label=Follow&style=social)](https://twitter.com/litespeedtech)
+
+Install a lightweight WordPress container with OpenLiteSpeed Edge or Stable version based on Ubuntu 24.04 Linux.
+
+## Prerequisites
 
-### Prerequisites
 1. [Install Docker](https://www.docker.com/)
 2. [Install Docker Compose](https://docs.docker.com/compose/)
-3. Clone this repository or copy the files from this repository into a new folder.
-```
+
+## Configuration
+
+Edit the `.env` file to update the demo site domain, default MySQL user, and password.
+Feel free to check [Docker hub Tag page](https://hub.docker.com/repository/docker/litespeedtech/openlitespeed/tags) if you want to update default openlitespeed and php versions.
+
+## Installation
+
+Clone this repository or copy the files from this repository into a new folder:
+
+```bash
 git clone https://github.com/litespeedtech/ols-docker-env.git
 ```
 
-## Configuration
-Edit the `.env` file to change the WordPress Domain, user and password, default MySQL root and wordpress password .
+Open a terminal, `cd` to the folder in which `docker compose.yml` is saved, and run:
 
-## Installation
-Open a terminal and `cd` to the folder in which `docker-compose.yml` is saved and run:
+```bash
+docker compose up
 ```
-docker-compose up
+
+Note: If you wish to run a single web server container, please see the [usage method here](https://github.com/litespeedtech/ols-dockerfiles#usage).
+
+## Components
+
+The docker image installs the following packages on your system:
+
+|Component|Version|
+| :-------------: | :-------------: |
+|Linux|Ubuntu 24.04|
+|OpenLiteSpeed|[Latest version](https://hub.docker.com/r/litespeedtech/openlitespeed)|
+|MariaDB|[Latest Stable version: 11.8 LTS](https://hub.docker.com/_/mariadb)|
+|PHP|[Latest version](http://rpms.litespeedtech.com/debian/)|
+|LiteSpeed Cache|[Latest from WordPress.org](https://wordpress.org/plugins/litespeed-cache/)|
+|ACME|[Latest from ACME official](https://github.com/acmesh-official/get.acme.sh)|
+|WordPress|[Latest from WordPress](https://wordpress.org/download/)|
+|phpMyAdmin|[Latest from dockerhub](https://hub.docker.com/r/phpmyadmin/phpmyadmin/)|
+|Redis|[Latest from dockerhub](https://hub.docker.com/_/redis/)|
+
+## Data Structure
+
+Cloned project
+
+```bash
+├── acme
+├── bin
+│   └── container
+├── data
+│   └── db
+├── logs
+│   ├── access.log
+│   ├── error.log
+│   ├── lsrestart.log
+│   └── stderr.log
+├── lsws
+│   ├── admin-conf
+│   └── conf
+├── sites
+│   └── localhost
+├── LICENSE
+├── README.md
+└── docker-compose.yml
 ```
-There's an existing `sites` folder next to your docker-compose.yml file.
 
-* `sites` – the location of your WordPress application
-* `sites/localhost/logs/` - the location of your access log
+* `acme` contains all applied certificates from Lets Encrypt
 
-The containers are now built and running. You should be able to access the WordPress installation with the configured domain in the browser address. By default it is http://127.0.0.1.
+* `bin` contains multiple CLI scripts to allow you add or delete virtual hosts, install applications, upgrade, etc
+
+* `data` stores the MySQL database
+
+* `logs` contains all of the web server logs and virtual host access logs
+
+* `lsws` contains all web server configuration files
+
+* `sites` contains the document roots (the WordPress application will install here)
 
 ## Usage
-### Starting containers
-You can start the containers with up or start methods:
-```
-docker-compose up
-```
-Running with daemon mode
-```
-docker-compose up -d
-```
-```
-docker-compose start
-```
-### Stopping containers
-```
-docker-compose stop
-```
-### Removing containers
-To stop and remove all the containers use the down command:
-```
-docker-compose down
+
+### Starting a Container
+
+Start the container with the `up` or `start` methods:
+
+```bash
+docker compose up
 ```
 
+You can run with daemon mode, like so:
 
-### Adminer (formerly phpMinAdmin)
-You can also visit http://127.0.0.1:8080 to access Data Base after starting the containers.
+```bash
+docker compose up -d
+```
 
-The default username is root, and the password is the same as supplied in the .env file.
+The container is now built and running.
+
+### Stopping a Container
+
+```bash
+docker compose stop
+```
+
+### Removing Containers
+
+To stop and remove all containers, use the `down` command:
+
+```bash
+docker compose down
+```
+
+### Setting the WebAdmin Password
+
+We strongly recommend you set your personal password right away.
+
+```bash
+bash bin/webadmin.sh my_password
+```
+
+### Starting a Demo Site
+
+After running the following command, you should be able to access the WordPress installation with the configured domain. By default the domain is <http://localhost>.
+
+```bash
+bash bin/demosite.sh
+```
+
+### Creating a Domain and Virtual Host
+
+```bash
+bash bin/domain.sh [-A, --add] example.com
+```
+
+> Please ignore SSL certificate warnings from the server. They happen if you haven't applied the certificate.
+>
+### Deleting a Domain and Virtual Host
+
+```bash
+bash bin/domain.sh [-D, --del] example.com
+```
+
+### Creating a Database
+
+You can either automatically generate the user, password, and database names, or specify them. Use the following to auto generate:
+
+```bash
+bash bin/database.sh [-D, --domain] example.com
+```
+
+Use this command to specify your own names, substituting `user_name`, `my_password`, and `database_name` with your preferred values:
+
+```bash
+bash bin/database.sh [-D, --domain] example.com [-U, --user] USER_NAME [-P, --password] MY_PASS [-DB, --database] DATABASE_NAME
+```
+
+### Installing a WordPress Site
+
+To preconfigure the `wp-config` file, run the `database.sh` script for your domain, before you use the following command to install WordPress:
+
+```bash
+bash bin/appinstall.sh [-A, --app] wordpress [-D, --domain] example.com
+```
+
+### Connecting to Redis
+
+Go to [WordPress > LSCache Plugin > Cache > Object](https://docs.litespeedtech.com/lscache/lscwp/cache/#object-tab), select **Redis** method and input `redis` to the Host field.
+
+### Install ACME
+
+We need to run the ACME installation command the **first time only**.
+With email notification:
+
+```bash
+bash bin/acme.sh [-I, --install] [-E, --email] EMAIL_ADDR
+```
+
+### Applying a Let's Encrypt Certificate
+
+Use the root domain in this command, and it will check for a certificate and automatically apply one with and without `www`:
+
+```bash
+bash bin/acme.sh [-D, --domain] example.com
+```
+
+Other parameters:
+
+* [`-r`, `--renew`]: Renew a specific domain with -D or --domain parameter if posibile. To force renew, use -f parameter.
+
+* [`-R`, `--renew-all`]: Renew all domains if possible. To force renew, use -f parameter.  
+
+* [`-f`, `-F`, `--force`]: Force renew for a specific domain or all domains.
+
+* [`-v`, `--revoke`]: Revoke a domain.  
+
+* [`-V`, `--remove`]: Remove a domain.
+
+### Using mkcert for Local Development SSL
+
+For local development domains (`.test`, `.local`, `.dev`, etc.), you can use `mkcert` to generate trusted SSL certificates without warnings.
+
+#### Installing mkcert
+
+First-time installation (Windows with Chocolatey):
+
+```bash
+bash bin/mkcert.sh --install
+```
+
+This will:
+
+* Install `mkcert` via Chocolatey
+* Create and install a local Certificate Authority (CA) in your system trust store
+
+#### Generating Local SSL Certificate
+
+After adding a domain to your environment, generate an SSL certificate:
+
+```bash
+bash bin/mkcert.sh [-D, --domain] example.test
+```
+
+This will:
+
+1. Check if the domain exists in your configuration
+2. Generate certificates for `example.test` and `www.example.test`
+3. Create a `dockerLocal` template with SSL configuration
+4. Copy certificates to the container
+5. Move the domain from the standard template to the SSL-enabled template
+6. Restart OpenLiteSpeed
+
+Your domain will now be accessible via HTTPS with a trusted certificate at `https://example.test`
+
+#### Removing Local SSL Certificate
+
+To remove the SSL certificate and revert to HTTP:
+
+```bash
+bash bin/mkcert.sh [-R, --remove] [-D, --domain] example.test
+```
+
+This will:
+
+1. Remove the domain from the `dockerLocal` template
+2. Move it back to the standard `docker` template
+3. Delete certificate files from both host and container
+4. Clean up empty templates if no other domains use SSL
+5. Restart OpenLiteSpeed
+
+> **Important**: You must add the domain to your environment first using `bash bin/domain.sh --add example.test` before generating certificates.
+
+### Update Web Server
+
+To upgrade the web server to latest stable version, run the following:
+
+```bash
+bash bin/webadmin.sh [-U, --upgrade]
+```
+
+### Apply OWASP ModSecurity
+
+Enable OWASP `mod_secure` on the web server:
+
+```bash
+bash bin/webadmin.sh [-M, --mod-secure] enable
+```
+
+Disable OWASP `mod_secure` on the web server:
+
+```bash
+bash bin/webadmin.sh [-M, --mod-secure] disable
+```
+
+>Please ignore ModSecurity warnings from the server. They happen if some of the rules are not supported by the server.
+>
+### Accessing the Database
+
+After installation, you can use phpMyAdmin to access the database by visiting `http://127.0.0.1:8080` or `https://127.0.0.1:8443`. The default username is `root`, and the password is the same as the one you supplied in the `.env` file.
+
+## Customization
+
+If you want to customize the image by adding some packages, e.g. `lsphp83-pspell`, just extend it with a Dockerfile.
+
+1. We can create a `custom` folder and a `custom/Dockerfile` file under the main project.
+2. Add the following example code to `Dockerfile` under the custom folder
+
+    ```bash
+    FROM litespeedtech/openlitespeed:latest
+    RUN apt-get update && apt-get install lsphp83-pspell -y
+    ```
+
+3. Add `build: ./custom` line under the "image: litespeedtech" of docker-composefile. So it will looks like this
+
+    ```bash
+    litespeed:
+      image: litespeedtech/openlitespeed:${OLS_VERSION}-${PHP_VERSION}
+      build: ./custom
+    ```
+
+4. Build and start it with command:
+
+    ```bash
+    docker compose up --build
+    ```
+
+## Support & Feedback
+
+If you still have a question after using OpenLiteSpeed Docker, you have a few options.
+
+* Join [the GoLiteSpeed Slack community](https://litespeedtech.com/slack) for real-time discussion
+* Post to [the OpenLiteSpeed Forums](https://forum.openlitespeed.org/) for community support
+* Reporting any issue on [Github ols-docker-env](https://github.com/litespeedtech/ols-docker-env/issues) project
+
+**_Pull requests are always welcome!_**

acme/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore

bin/acme.sh

@@ -0,0 +1,307 @@
+#!/usr/bin/env bash
+EMAIL=''
+NO_EMAIL=''
+DOMAIN=''
+INSTALL=''
+UNINSTALL=''
+TYPE=0
+CONT_NAME='litespeed'
+ACME_SRC='https://raw.githubusercontent.com/Neilpang/acme.sh/master/acme.sh'
+EPACE='        '
+RENEW=''
+RENEW_ALL=''
+FORCE=''
+REVOKE=''
+REMOVE=''
+
+echow(){
+    FLAG=${1}
+    shift
+    echo -e "\033[1m${EPACE}${FLAG}\033[0m${@}"
+}
+
+help_message(){
+    case ${1} in
+    "1")    
+        echo 'You will need to install acme script at the first time.'
+        echo 'Please run acme.sh --install --email example@example.com'
+        ;;
+    "2")
+        echo -e "\033[1mOPTIONS\033[0m" 
+        echow '-D, --domain [DOMAIN_NAME]'         
+        echo "${EPACE}${EPACE}Example: acme.sh --domain example.com"
+        echo "${EPACE}${EPACE}will auto detect and apply for both example.com and www.example.com domains."
+        echow '-H, --help'
+        echo "${EPACE}${EPACE}Display help and exit."
+        echo -e "\033[1m   Only for the First time\033[0m"
+        echow '--install --email [EMAIL_ADDR]'
+        echo "${EPACE}${EPACE}Will install ACME with the Email provided"       
+        echow '-r, --renew'
+        echo "${EPACE}${EPACE}Renew a specific domain with -D or --domain parameter if posibile. To force renew, use -f parameter."
+        echow '-R, --renew-all'
+        echo "${EPACE}${EPACE}Renew all domains if possible. To force renew, use -f parameter."
+        echow '-f, -F, --force'
+        echo "${EPACE}${EPACE}Force renew for a specific domain or all domains."
+        echow '-v, --revoke'
+        echo "${EPACE}${EPACE}Revoke a domain."
+        echow '-V, --remove'
+        echo "${EPACE}${EPACE}Remove a domain."
+        exit 0
+        ;;
+    "3")
+        echo 'Please run acme.sh --domain [DOMAIN_NAME] to apply certificate'
+        exit 0
+        ;;
+    esac
+}
+
+check_input(){
+    if [ -z "${1}" ]; then
+        help_message 2
+    fi
+}
+
+domain_filter(){
+    if [ -z "${1}" ]; then
+        help_message 3
+    fi
+    DOMAIN="${1}"
+    DOMAIN="${DOMAIN#http://}"
+    DOMAIN="${DOMAIN#https://}"
+    DOMAIN="${DOMAIN#ftp://}"
+    DOMAIN="${DOMAIN#scp://}"
+    DOMAIN="${DOMAIN#scp://}"
+    DOMAIN="${DOMAIN#sftp://}"
+    DOMAIN=${DOMAIN%%/*}
+}
+
+email_filter(){
+    local EMAIL_CLEAN="${1%\"}"
+    EMAIL_CLEAN="${EMAIL_CLEAN#\"}"
+
+    CKREG="^[a-z0-9!#\$%&'*+/=?^_\`{|}~-]+(\.[a-z0-9!#$%&'*+/=?^_\`{|}~-]+)*@([a-z0-9]([a-z0-9-]*[a-z0-9])?\.)+[a-z0-9]([a-z0-9-]*[a-z0-9])?\$"
+
+    if [[ "${EMAIL_CLEAN}" =~ ${CKREG} ]]; then
+        echo -e "[O] The E-mail \033[32m${EMAIL_CLEAN}\033[0m is valid."
+    else
+        echo -e "[X] The E-mail \e[31m${EMAIL_CLEAN}\e[39m is invalid"
+        exit 1
+    fi
+}
+
+cert_hook(){
+    echo '[Start] Adding ACME hook'
+    docker compose exec ${CONT_NAME} su -s /bin/bash -c "certhookctl.sh"
+    echo '[End] Adding ACME hook'
+}
+
+www_domain(){
+    CHECK_WWW=$(echo ${1} | cut -c1-4)
+    if [[ ${CHECK_WWW} == www. ]] ; then
+        DOMAIN=$(echo ${1} | cut -c 5-)
+    else
+        DOMAIN=${1}    
+    fi
+    WWW_DOMAIN="www.${DOMAIN}"
+}
+
+domain_verify(){
+    curl -Is http://${DOMAIN}/ | grep -i LiteSpeed > /dev/null 2>&1
+    if [ ${?} = 0 ]; then
+        echo -e "[O] The domain name \033[32m${DOMAIN}\033[0m is accessible."
+        TYPE=1
+        curl -Is http://${WWW_DOMAIN}/ | grep -i LiteSpeed > /dev/null 2>&1
+        if [ ${?} = 0 ]; then
+            echo -e "[O] The domain name \033[32m${WWW_DOMAIN}\033[0m is accessible."
+            TYPE=2
+        else
+            echo -e "[!] The domain name ${WWW_DOMAIN} is inaccessible." 
+        fi
+    else
+        echo -e "[X] The domain name \e[31m${DOMAIN}\e[39m is inaccessible, please verify."
+        exit 1    
+    fi
+}
+
+install_acme(){
+    echo '[Start] Install ACME'
+    if [ "${1}" = 'true' ]; then
+        docker compose exec litespeed su -c "
+            cd &&
+            wget ${ACME_SRC} &&
+            chmod 755 acme.sh &&
+            ./acme.sh --install --cert-home ~/.acme.sh/certs &&
+            /root/.acme.sh/acme.sh --set-default-ca --server letsencrypt &&
+            rm ~/acme.sh
+        "
+    elif [ "${2}" != '' ]; then
+        email_filter \"${2}\"
+        docker compose exec litespeed su -c "
+            cd &&
+            wget ${ACME_SRC} &&
+            chmod 755 acme.sh &&
+            ./acme.sh --install --cert-home ~/.acme.sh/certs --accountemail ${2} &&
+            /root/.acme.sh/acme.sh --set-default-ca --server letsencrypt &&
+            rm ~/acme.sh
+        "
+    else
+        help_message 1
+        exit 1
+    fi
+    echo '[End] Install ACME'
+}
+
+uninstall_acme(){
+    echo '[Start] Uninstall ACME'
+    docker compose exec ${CONT_NAME} su -c "~/.acme.sh/acme.sh --uninstall"
+    echo '[End] Uninstall ACME'
+    exit 0
+}    
+
+check_acme(){
+    echo '[Start] Checking ACME'
+    docker compose exec ${CONT_NAME} su -c "test -f /root/.acme.sh/acme.sh"
+    if [ ${?} != 0 ]; then
+        install_acme "${NO_EMAIL}" "${EMAIL}"
+        cert_hook
+        help_message 3
+    fi
+    echo '[End] Checking ACME'
+}
+
+lsws_restart(){
+    docker compose exec ${CONT_NAME} su -c '/usr/local/lsws/bin/lswsctrl restart >/dev/null'
+}
+
+doc_root_verify(){
+    if [ "${DOC_ROOT}" = '' ]; then
+        DOC_PATH="/var/www/vhosts/${1}/html"
+    else
+        DOC_PATH="${DOC_ROOT}"    
+    fi
+    docker compose exec ${CONT_NAME} su -c "[ -e ${DOC_PATH} ]"
+    if [ ${?} -eq 0 ]; then
+        echo -e "[O] The document root folder \033[32m${DOC_PATH}\033[0m does exist."
+    else
+        echo -e "[X] The document root folder \e[31m${DOC_PATH}\e[39m does not exist!"
+        exit 1
+    fi
+}
+
+install_cert(){
+    echo '[Start] Apply Lets Encrypt Certificate'
+    if [ ${TYPE} = 1 ]; then
+        docker compose exec ${CONT_NAME} su -c "/root/.acme.sh/acme.sh --issue -d ${1} -w ${DOC_PATH}"
+    elif [ ${TYPE} = 2 ]; then
+        docker compose exec ${CONT_NAME} su -c "/root/.acme.sh/acme.sh --issue -d ${1} -d www.${1} -w ${DOC_PATH}"
+    else
+        echo 'unknown Type!'
+        exit 2
+    fi
+    echo '[End] Apply Lets Encrypt Certificate'
+}
+
+renew_acme(){
+    echo '[Start] Renew ACME'
+    if [ "${FORCE}" = 'true' ]; then
+        docker compose exec ${CONT_NAME} su -c "~/.acme.sh/acme.sh --renew --domain ${1} --force"
+    else
+        docker compose exec ${CONT_NAME} su -c "~/.acme.sh/acme.sh --renew --domain ${1}"
+    fi
+    echo '[End] Renew ACME'
+    lsws_restart
+}
+
+renew_all_acme(){
+    echo '[Start] Renew all ACME'
+    if [ "${FORCE}" = 'true' ]; then
+        docker compose exec ${CONT_NAME} su -c "~/.acme.sh/acme.sh --renew-all --force"
+    else
+        docker compose exec ${CONT_NAME} su -c "~/.acme.sh/acme.sh --renew-all"
+    fi
+    echo '[End] Renew all ACME'
+    lsws_restart
+}
+
+revoke(){
+    echo '[Start] Revoke a domain'
+    docker compose exec ${CONT_NAME} su -c "~/.acme.sh/acme.sh --revoke --domain ${1}"
+    echo '[End] Revoke a domain'
+    lsws_restart
+}
+
+remove(){
+    echo '[Start] Remove a domain'
+    docker compose exec ${CONT_NAME} su -c "~/.acme.sh/acme.sh --remove --domain ${1}"
+    echo '[End] Remove a domain'
+    lsws_restart
+}
+
+main(){
+    if [ "${RENEW_ALL}" = 'true' ]; then
+        renew_all_acme
+        exit 0
+    elif [ "${RENEW}" = 'true' ]; then
+        renew_acme ${DOMAIN}
+        exit 0
+    elif [ "${REVOKE}" = 'true' ]; then
+        revoke ${DOMAIN}
+        exit 0
+    elif [ "${REMOVE}" = 'true' ]; then
+        remove ${DOMAIN}
+        exit 0
+    fi
+
+    check_acme
+    domain_filter ${DOMAIN}
+    www_domain ${DOMAIN}
+    domain_verify
+    doc_root_verify ${DOMAIN}
+    install_cert ${DOMAIN}
+    lsws_restart
+}
+
+check_input ${1}
+while [ ! -z "${1}" ]; do
+    case ${1} in
+        -[hH] | -help | --help)
+            help_message 2
+            ;;
+        -[dD] | -domain | --domain) shift
+            check_input "${1}"
+            DOMAIN="${1}"
+            ;;
+        -[iI] | --install ) 
+            INSTALL=true
+            ;;
+        -[uU] | --uninstall )
+            UNINSTALL=true
+            uninstall_acme
+            ;;
+        -[fF] | --force ) 
+            FORCE=true
+            ;;
+        -[r] | --renew )
+            RENEW=true
+            ;;
+        -[R] | --renew-all )
+            RENEW_ALL=true
+            ;;
+        -[v] | --revoke )
+            REVOKE=true
+            ;;
+        -[V] | --remove )
+            REMOVE=true
+            ;;
+        -[eE] | --email ) shift
+            check_input "${1}"
+            EMAIL="${1}"
+            ;;           
+        *) 
+            help_message 2
+            ;;              
+    esac
+    shift
+done
+
+main

bin/appinstall.sh

@@ -0,0 +1,60 @@
+#!/usr/bin/env bash
+APP_NAME=''
+DOMAIN=''
+EPACE='        '
+
+echow(){
+    FLAG=${1}
+    shift
+    echo -e "\033[1m${EPACE}${FLAG}\033[0m${@}"
+}
+
+help_message(){
+    echo -e "\033[1mOPTIONS\033[0m"
+    echow '-A, --app [app_name] -D, --domain [DOMAIN_NAME]'
+    echo "${EPACE}${EPACE}Example: appinstall.sh -A wordpress -D example.com"
+    echo "${EPACE}${EPACE}Will install WordPress CMS under the example.com domain"
+    echow '-H, --help'
+    echo "${EPACE}${EPACE}Display help and exit."
+    exit 0
+}
+
+check_input(){
+    if [ -z "${1}" ]; then
+        help_message
+        exit 1
+    fi
+}
+
+app_download(){
+    docker compose exec litespeed su -c "appinstallctl.sh --app ${1} --domain ${2}"
+    bash bin/webadmin.sh -r
+    exit 0
+}
+
+main(){
+    app_download ${APP_NAME} ${DOMAIN}
+}
+
+check_input ${1}
+while [ ! -z "${1}" ]; do
+    case ${1} in
+        -[hH] | -help | --help)
+            help_message
+            ;;
+        -[aA] | -app | --app) shift
+            check_input "${1}"
+            APP_NAME="${1}"
+            ;;
+        -[dD] | -domain | --domain) shift
+            check_input "${1}"
+            DOMAIN="${1}"
+            ;;          
+        *) 
+            help_message
+            ;;              
+    esac
+    shift
+done
+
+main

bin/container/appinstallctl.sh

@@ -0,0 +1,275 @@
+#!/bin/bash
+DEFAULT_VH_ROOT='/var/www/vhosts'
+VH_DOC_ROOT=''
+VHNAME=''
+APP_NAME=''
+DOMAIN=''
+WWW_UID=''
+WWW_GID=''
+WPCONSTCONF=''
+PUB_IP=$(curl -s http://checkip.amazonaws.com)
+DB_HOST='mysql'
+PLUGINLIST="litespeed-cache.zip"
+THEME='twentytwenty'
+EPACE='        '
+
+echow(){
+    FLAG=${1}
+    shift
+    echo -e "\033[1m${EPACE}${FLAG}\033[0m${@}"
+}
+
+help_message(){
+	echo -e "\033[1mOPTIONS\033[0m"
+    echow '-A, -app [wordpress] -D, --domain [DOMAIN_NAME]'
+    echo "${EPACE}${EPACE}Example: appinstallctl.sh --app wordpress --domain example.com"
+    echow '-H, --help'
+    echo "${EPACE}${EPACE}Display help and exit."
+    exit 0
+}
+
+check_input(){
+    if [ -z "${1}" ]; then
+        help_message
+        exit 1
+    fi
+}
+
+linechange(){
+    LINENUM=$(grep -n "${1}" ${2} | cut -d: -f 1)
+    if [ -n "${LINENUM}" ] && [ "${LINENUM}" -eq "${LINENUM}" ] 2>/dev/null; then
+        sed -i "${LINENUM}d" ${2}
+        sed -i "${LINENUM}i${3}" ${2}
+    fi 
+}
+
+ck_ed(){
+    if [ ! -f /bin/ed ]; then
+        echo "Install ed package.."
+        apt-get install ed -y > /dev/null 2>&1
+    fi    
+}
+
+ck_unzip(){
+    if [ ! -f /usr/bin/unzip ]; then 
+        echo "Install unzip package.."
+        apt-get install unzip -y > /dev/null 2>&1
+    fi		
+}
+
+get_owner(){
+	WWW_UID=$(stat -c "%u" ${DEFAULT_VH_ROOT})
+	WWW_GID=$(stat -c "%g" ${DEFAULT_VH_ROOT})
+	if [ ${WWW_UID} -eq 0 ] || [ ${WWW_GID} -eq 0 ]; then
+		WWW_UID=1000
+		WWW_GID=1000
+		echo "Set owner to ${WWW_UID}"
+	fi
+}
+
+get_db_pass(){
+	if [ -f ${DEFAULT_VH_ROOT}/${1}/.db_pass ]; then
+		SQL_DB=$(grep -i Database ${VH_ROOT}/.db_pass | awk -F ':' '{print $2}' | tr -d '"')
+		SQL_USER=$(grep -i Username ${VH_ROOT}/.db_pass | awk -F ':' '{print $2}' | tr -d '"')
+		SQL_PASS=$(grep -i Password ${VH_ROOT}/.db_pass | awk -F ':' '{print $2}' | tr -d '"')
+	else
+		echo 'db pass file can not locate, skip wp-config pre-config.'
+	fi
+}
+
+set_vh_docroot(){
+	if [ "${VHNAME}" != '' ]; then
+	    VH_ROOT="${DEFAULT_VH_ROOT}/${VHNAME}"
+	    VH_DOC_ROOT="${DEFAULT_VH_ROOT}/${VHNAME}/html"
+		WPCONSTCONF="${VH_DOC_ROOT}/wp-content/plugins/litespeed-cache/data/const.default.json"
+	elif [ -d ${DEFAULT_VH_ROOT}/${1}/html ]; then
+	    VH_ROOT="${DEFAULT_VH_ROOT}/${1}"
+        VH_DOC_ROOT="${DEFAULT_VH_ROOT}/${1}/html"
+		WPCONSTCONF="${VH_DOC_ROOT}/wp-content/plugins/litespeed-cache/data/const.default.json"
+	else
+	    echo "${DEFAULT_VH_ROOT}/${1}/html does not exist, please add domain first! Abort!"
+		exit 1
+	fi	
+}
+
+check_sql_native(){
+	local COUNTER=0
+	local LIMIT_NUM=100
+	until [ "$(curl -v mysql:3306 2>&1 | grep -i 'native\|Connected')" ]; do
+		echo "Counter: ${COUNTER}/${LIMIT_NUM}"
+		COUNTER=$((COUNTER+1))
+		if [ ${COUNTER} = 10 ]; then
+			echo '--- MySQL is starting, please wait... ---'
+		elif [ ${COUNTER} = ${LIMIT_NUM} ]; then	
+			echo '--- MySQL is timeout, exit! ---'
+			exit 1
+		fi
+		sleep 1
+	done
+}
+
+install_wp_plugin(){
+    for PLUGIN in ${PLUGINLIST}; do
+        wget -q -P ${VH_DOC_ROOT}/wp-content/plugins/ https://downloads.wordpress.org/plugin/${PLUGIN}
+        if [ ${?} = 0 ]; then
+		    ck_unzip
+            unzip -qq -o ${VH_DOC_ROOT}/wp-content/plugins/${PLUGIN} -d ${VH_DOC_ROOT}/wp-content/plugins/
+        else
+            echo "${PLUGINLIST} FAILED to download"
+        fi
+    done
+    rm -f ${VH_DOC_ROOT}/wp-content/plugins/*.zip
+}
+
+set_htaccess(){
+    if [ ! -f ${VH_DOC_ROOT}/.htaccess ]; then 
+        touch ${VH_DOC_ROOT}/.htaccess
+    fi   
+    cat << EOM > ${VH_DOC_ROOT}/.htaccess
+# BEGIN WordPress
+<IfModule mod_rewrite.c>
+RewriteEngine On
+RewriteBase /
+RewriteRule ^index\.php$ - [L]
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteCond %{REQUEST_FILENAME} !-d
+RewriteRule . /index.php [L]
+</IfModule>
+# END WordPress
+EOM
+}
+
+get_theme_name(){
+    THEME_NAME=$(grep WP_DEFAULT_THEME ${VH_DOC_ROOT}/wp-includes/default-constants.php | grep -v '!' | awk -F "'" '{print $4}')
+    echo "${THEME_NAME}" | grep 'twenty' >/dev/null 2>&1
+    if [ ${?} = 0 ]; then
+        THEME="${THEME_NAME}"
+    fi
+}
+
+set_lscache(){ 
+	wget -q -O ${WPCONSTCONF} https://raw.githubusercontent.com/litespeedtech/lscache_wp/refs/heads/master/data/const.default.json
+    if [ -f ${WPCONSTCONF} ]; then
+        sed -ie 's/"object": .*"/"object": '\"true\"'/g' ${WPCONSTCONF}
+		sed -ie 's/"object-kind": .*"/"object-kind": '\"true\"'/g' ${WPCONSTCONF}
+		sed -ie 's/"object-host": .*"/"object-host": '\"redis\"'/g' ${WPCONSTCONF}
+		sed -ie 's/"object-port": .*"/"object-port": '\"6379\"'/g' ${WPCONSTCONF}
+    fi
+    THEME_PATH="${VH_DOC_ROOT}/wp-content/themes/${THEME}"
+    if [ ! -f ${THEME_PATH}/functions.php ]; then
+        cat >> "${THEME_PATH}/functions.php" <<END
+<?php
+require_once( WP_CONTENT_DIR.'/../wp-admin/includes/plugin.php' );
+\$path = 'litespeed-cache/litespeed-cache.php' ;
+if (!is_plugin_active( \$path )) {
+    activate_plugin( \$path ) ;
+    rename( __FILE__ . '.bk', __FILE__ );
+}
+END
+    elif [ ! -f ${THEME_PATH}/functions.php.bk ]; then 
+        cp ${THEME_PATH}/functions.php ${THEME_PATH}/functions.php.bk
+        ck_ed
+        ed ${THEME_PATH}/functions.php << END >>/dev/null 2>&1
+2i
+require_once( WP_CONTENT_DIR.'/../wp-admin/includes/plugin.php' );
+\$path = 'litespeed-cache/litespeed-cache.php' ;
+if (!is_plugin_active( \$path )) {
+    activate_plugin( \$path ) ;
+    rename( __FILE__ . '.bk', __FILE__ );
+}
+.
+w
+q
+END
+    fi
+}
+
+preinstall_wordpress(){
+	if [ "${VHNAME}" != '' ]; then
+	    get_db_pass ${VHNAME}
+	else
+		get_db_pass ${DOMAIN}
+	fi	
+	if [ ! -f ${VH_DOC_ROOT}/wp-config.php ] && [ -f ${VH_DOC_ROOT}/wp-config-sample.php ]; then
+		cp ${VH_DOC_ROOT}/wp-config-sample.php ${VH_DOC_ROOT}/wp-config.php
+		NEWDBPWD="define('DB_PASSWORD', '${SQL_PASS}');"
+		linechange 'DB_PASSWORD' ${VH_DOC_ROOT}/wp-config.php "${NEWDBPWD}"
+		NEWDBPWD="define('DB_USER', '${SQL_USER}');"
+		linechange 'DB_USER' ${VH_DOC_ROOT}/wp-config.php "${NEWDBPWD}"
+		NEWDBPWD="define('DB_NAME', '${SQL_DB}');"
+		linechange 'DB_NAME' ${VH_DOC_ROOT}/wp-config.php "${NEWDBPWD}"
+        #NEWDBPWD="define('DB_HOST', '${PUB_IP}');"
+		NEWDBPWD="define('DB_HOST', '${DB_HOST}');"
+		linechange 'DB_HOST' ${VH_DOC_ROOT}/wp-config.php "${NEWDBPWD}"
+	elif [ -f ${VH_DOC_ROOT}/wp-config.php ]; then
+		echo "${VH_DOC_ROOT}/wp-config.php already exist, exit !"
+		exit 1
+	else
+		echo 'Skip!'
+		exit 2
+	fi 
+}
+
+app_wordpress_dl(){
+	if [ ! -f "${VH_DOC_ROOT}/wp-config.php" ] && [ ! -f "${VH_DOC_ROOT}/wp-config-sample.php" ]; then
+		wp core download \
+			--allow-root \
+			--quiet
+	else
+	    echo 'wordpress already exist, abort!'
+		exit 1
+	fi
+}
+
+change_owner(){
+		if [ "${VHNAME}" != '' ]; then
+		    chown -R ${WWW_UID}:${WWW_GID} ${DEFAULT_VH_ROOT}/${VHNAME} 
+		else
+		    chown -R ${WWW_UID}:${WWW_GID} ${DEFAULT_VH_ROOT}/${DOMAIN}
+		fi
+}
+
+main(){
+	set_vh_docroot ${DOMAIN}
+	get_owner
+	cd ${VH_DOC_ROOT}
+	if [ "${APP_NAME}" = 'wordpress' ] || [ "${APP_NAME}" = 'wp' ]; then
+		check_sql_native
+		app_wordpress_dl
+		preinstall_wordpress
+		install_wp_plugin
+		set_htaccess
+		get_theme_name
+		set_lscache
+		change_owner
+		exit 0
+	else
+		echo "APP: ${APP_NAME} not support, exit!"
+		exit 1	
+	fi
+}
+
+check_input ${1}
+while [ ! -z "${1}" ]; do
+	case ${1} in
+		-[hH] | -help | --help)
+			help_message
+			;;
+		-[aA] | -app | --app) shift
+			check_input "${1}"
+			APP_NAME="${1}"
+			;;
+		-[dD] | -domain | --domain) shift
+			check_input "${1}"
+			DOMAIN="${1}"
+			;;
+		-vhname | --vhname) shift
+			VHNAME="${1}"
+			;;	       
+		*) 
+			help_message
+			;;              
+	esac
+	shift
+done
+main

bin/container/certhookctl.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+BOTCRON='/var/spool/cron/crontabs/root'
+
+cert_hook(){
+    grep 'acme' ${BOTCRON} >/dev/null
+    if [ ${?} = 0 ]; then
+        grep 'lswsctrl' ${BOTCRON} >/dev/null
+        if [ ${?} = 0 ]; then
+            echo 'Hook already exist, skip!'
+        else
+            sed -i 's/--cron/--cron --renew-hook "\/usr\/local\/lsws\/bin\/lswsctrl restart"/g' ${BOTCRON}
+        fi    
+    else
+        echo "[X] ${BOTCRON} does not exist, please check it later!"
+    fi
+}
+
+cert_hook

bin/container/domainctl.sh

@@ -0,0 +1,160 @@
+#!/usr/bin/env bash
+CK_RESULT=''
+LSDIR='/usr/local/lsws'
+LS_HTTPD_CONF="${LSDIR}/conf/httpd_config.xml"
+OLS_HTTPD_CONF="${LSDIR}/conf/httpd_config.conf"
+EPACE='        '
+
+echow(){
+    FLAG=${1}
+    shift
+    echo -e "\033[1m${EPACE}${FLAG}\033[0m${@}"
+}
+
+help_message(){
+    echo -e "\033[1mOPTIONS\033[0m"
+    echow '-A, --add [DOMAIN_NAME]'
+    echo "${EPACE}${EPACE}Will add domain to listener and creat a virtual host from template"
+    echow '-D, --del [DOMAIN_NAME]'
+    echo "${EPACE}${EPACE}Will delete domain from listener"
+    echow '-H, --help'
+    echo "${EPACE}${EPACE}Display help."    
+}
+
+check_lsv(){
+    if [ -f ${LSDIR}/bin/openlitespeed ]; then
+        LSV='openlitespeed'
+    elif [ -f ${LSDIR}/bin/litespeed ]; then
+        LSV='lsws'
+    else
+        echo 'Version not exist, abort!'
+        exit 1     
+    fi
+}
+
+dot_escape(){
+    ESCAPE=$(echo ${1} | sed 's/\./\\./g')
+}  
+
+check_duplicate(){
+    CK_RESULT=$(grep -E "${1}" ${2})
+}
+
+fst_match_line(){
+    FIRST_LINE_NUM=$(grep -n -m 1 ${1} ${2} | awk -F ':' '{print $1}')
+}
+fst_match_after(){
+    FIRST_NUM_AFTER=$(tail -n +${1} ${2} | grep -n -m 1 ${3} | awk -F ':' '{print $1}')
+}
+lst_match_line(){
+    fst_match_after ${1} ${2} ${3}
+    LAST_LINE_NUM=$((${FIRST_LINE_NUM}+${FIRST_NUM_AFTER}-1))
+}
+
+check_input(){
+    if [ -z "${1}" ]; then
+        help_message
+        exit 1
+    fi
+}
+
+check_www(){
+    CHECK_WWW=$(echo ${1} | cut -c1-4)
+    if [[ ${CHECK_WWW} == www. ]] ; then
+        echo 'www domain shoudnt be passed!'
+        exit 1
+    fi
+}
+
+www_domain(){
+    check_www ${1}
+    WWW_DOMAIN=$(echo www.${1})
+}
+
+add_ls_domain(){
+    fst_match_line 'docker.xml</templateFile>' ${LS_HTTPD_CONF}
+    NEWNUM=$((FIRST_LINE_NUM+2))
+    sed -i "${NEWNUM}i \ \ \ \ \ \ <member>\n \ \ \ \ \ \ \ <vhName>${DOMAIN}</vhName>\n \ \ \ \ \ \ \ <vhDomain>${DOMAIN},${WWW_DOMAIN}</vhDomain>\n \ \ \ \ \ \ </member>" ${LS_HTTPD_CONF}
+}
+
+add_ols_domain(){
+    perl -0777 -p -i -e 's/(vhTemplate docker \{[^}]+)\}*(^.*listeners.*$)/\1$2
+  member '${DOMAIN}' {
+    vhDomain              '${DOMAIN},${WWW_DOMAIN}'
+  }/gmi' ${OLS_HTTPD_CONF}
+}
+
+add_domain(){
+    check_lsv
+    dot_escape ${1}
+    DOMAIN=${ESCAPE}
+    www_domain ${1}
+    if [ "${LSV}" = 'lsws' ]; then
+        check_duplicate "vhDomain.*${DOMAIN}" ${LS_HTTPD_CONF}
+        if [ "${CK_RESULT}" != '' ]; then
+            echo "# It appears the domain already exist! Check the ${LS_HTTPD_CONF} if you believe this is a mistake!"
+            exit 1
+        fi
+        add_ls_domain 
+    elif [ "${LSV}" = 'openlitespeed' ]; then
+        check_duplicate "member.*${DOMAIN}" ${OLS_HTTPD_CONF}
+        if [ "${CK_RESULT}" != '' ]; then
+            echo "# It appears the domain already exist! Check the ${OLS_HTTPD_CONF} if you believe this is a mistake!"
+            exit 1
+        fi  
+        add_ols_domain      
+    fi   
+}
+
+del_ls_domain(){
+    fst_match_line "<vhName>*${1}" ${LS_HTTPD_CONF}
+    FIRST_LINE_NUM=$((FIRST_LINE_NUM-1))
+    lst_match_line ${FIRST_LINE_NUM} ${LS_HTTPD_CONF} '</member>'
+    sed -i "${FIRST_LINE_NUM},${LAST_LINE_NUM}d" ${LS_HTTPD_CONF}
+}
+
+del_ols_domain(){
+    fst_match_line ${1} ${OLS_HTTPD_CONF}
+    lst_match_line ${FIRST_LINE_NUM} ${OLS_HTTPD_CONF} '}'
+    sed -i "${FIRST_LINE_NUM},${LAST_LINE_NUM}d" ${OLS_HTTPD_CONF}    
+}
+
+del_domain(){
+    check_lsv
+    dot_escape ${1}
+    DOMAIN=${ESCAPE}
+    if [ "${LSV}" = 'lsws' ]; then
+        check_duplicate "vhDomain.*${DOMAIN}" ${LS_HTTPD_CONF}
+        if [ "${CK_RESULT}" = '' ]; then
+            echo "# Domain non-exist! Check the ${LS_HTTPD_CONF} if you believe this is a mistake!"
+            exit 1
+        fi
+        del_ls_domain ${1}
+    elif [ "${LSV}" = 'openlitespeed' ]; then
+        check_duplicate "member.*${DOMAIN}" ${OLS_HTTPD_CONF}
+        if [ "${CK_RESULT}" = '' ]; then
+            echo "# Domain non-exist! Check the ${OLS_HTTPD_CONF} if you believe this is a mistake!"
+            exit 1
+        fi
+        del_ols_domain ${1}     
+    fi
+}
+
+check_input ${1}
+while [ ! -z "${1}" ]; do
+    case ${1} in
+        -[hH] | -help | --help)
+            help_message
+            ;;
+        -[aA] | -add | --add) shift
+            add_domain ${1}
+            ;;
+        -[dD] | -del | --del | --delete) shift
+            del_domain ${1}
+            ;;          
+        *) 
+            help_message
+            ;;
+    esac
+    shift
+done

bin/container/owaspctl.sh

@@ -0,0 +1,219 @@
+#!/bin/bash
+LSDIR='/usr/local/lsws'
+OWASP_DIR="${LSDIR}/conf/owasp"
+CRS_DIR='owasp-modsecurity-crs'
+RULE_FILE='modsec_includes.conf'
+LS_HTTPD_CONF="${LSDIR}/conf/httpd_config.xml"
+OLS_HTTPD_CONF="${LSDIR}/conf/httpd_config.conf"
+EPACE='        '
+OWASP_V='4.3.0'
+
+echow(){
+    FLAG=${1}
+    shift
+    echo -e "\033[1m${EPACE}${FLAG}\033[0m${@}"
+}
+
+help_message(){
+    echo -e "\033[1mOPTIONS\033[0m"
+    echow '-E, --enable'
+    echo "${EPACE}${EPACE}Will Enable mod_secure module with latest OWASP version of rules"
+    echow '-D, --disable'
+    echo "${EPACE}${EPACE}Will Disable mod_secure module with latest OWASP version of rules" 
+    echow '-H, --help'
+    echo "${EPACE}${EPACE}Display help and exit."       
+    exit 0
+}
+
+check_lsv(){
+    if [ -f ${LSDIR}/bin/openlitespeed ]; then
+        LSV='openlitespeed'
+    elif [ -f ${LSDIR}/bin/litespeed ]; then
+        LSV='lsws'
+    else
+        echo 'Version not exist, abort!'
+        exit 1     
+    fi
+}
+
+check_input(){
+    if [ -z "${1}" ]; then
+        help_message
+        exit 1
+    fi
+}
+
+mk_owasp_dir(){
+    if [ -d ${OWASP_DIR} ] ; then
+        rm -rf ${OWASP_DIR}
+    fi
+    mkdir -p ${OWASP_DIR}
+    if [ ${?} -ne 0 ] ; then
+        echo "Unable to create directory: ${OWASP_DIR}, exit!"
+        exit 1
+    fi
+}
+
+fst_match_line(){
+    FIRST_LINE_NUM=$(grep -n -m 1 "${1}" ${2} | awk -F ':' '{print $1}')
+}
+fst_match_after(){
+    FIRST_NUM_AFTER=$(tail -n +${1} ${2} | grep -n -m 1 ${3} | awk -F ':' '{print $1}')
+}
+lst_match_line(){
+    fst_match_after ${1} ${2} ${3}
+    LAST_LINE_NUM=$((${FIRST_LINE_NUM}+${FIRST_NUM_AFTER}-1))
+}
+
+enable_ols_modsec(){
+    grep 'module mod_security {' ${OLS_HTTPD_CONF} >/dev/null 2>&1
+    if [ ${?} -eq 0 ] ; then
+        echo "Already configured for modsecurity."
+    else
+        echo 'Enable modsecurity'
+        sed -i "s=module cache=module mod_security {\nmodsecurity  on\
+        \nmodsecurity_rules \`\nSecRuleEngine On\n\`\nmodsecurity_rules_file \
+        ${OWASP_DIR}/${RULE_FILE}\n  ls_enabled              1\n}\
+        \n\nmodule cache=" ${OLS_HTTPD_CONF}
+    fi    
+}
+
+enable_ls_modsec(){
+    grep '<enableCensorship>1</enableCensorship>' ${LS_HTTPD_CONF} >/dev/null 2>&1
+    if [ ${?} -eq 0 ] ; then
+        echo "LSWS already configured for modsecurity"
+    else
+        echo 'Enable modsecurity'
+        sed -i \
+        "s=<enableCensorship>0</enableCensorship>=<enableCensorship>1</enableCensorship>=" ${LS_HTTPD_CONF}
+        sed -i \
+        "s=</censorshipControl>=</censorshipControl>\n\
+        <censorshipRuleSet>\n\
+        <name>ModSec</name>\n\
+        <enabled>1</enabled>\n\
+        <ruleSet>include ${OWASP_DIR}/${RULE_FILE}</ruleSet>\n\
+        </censorshipRuleSet>=" ${LS_HTTPD_CONF}
+    fi
+}
+
+enable_modsec(){
+    if [ "${LSV}" = 'lsws' ]; then
+        enable_ls_modsec
+    elif [ "${LSV}" = 'openlitespeed' ]; then
+        enable_ols_modsec
+    fi
+}
+
+disable_ols_modesec(){
+    grep 'module mod_security {' ${OLS_HTTPD_CONF} >/dev/null 2>&1
+    if [ ${?} -eq 0 ] ; then
+        echo 'Disable modsecurity'
+        fst_match_line 'module mod_security' ${OLS_HTTPD_CONF}
+        lst_match_line ${FIRST_LINE_NUM} ${OLS_HTTPD_CONF} '}'
+        sed -i "${FIRST_LINE_NUM},${LAST_LINE_NUM}d" ${OLS_HTTPD_CONF}
+    else
+        echo 'Already disabled for modsecurity'
+    fi    
+}
+
+disable_ls_modesec(){
+    grep '<enableCensorship>0</enableCensorship>' ${LS_HTTPD_CONF}
+    if [ ${?} -eq 0 ] ; then
+        echo 'Already disabled for modsecurity'
+    else
+        echo 'Disable modsecurity'
+        sed -i \
+        "s=<enableCensorship>1</enableCensorship>=<enableCensorship>0</enableCensorship>=" ${LS_HTTPD_CONF}
+        fst_match_line 'censorshipRuleSet' ${LS_HTTPD_CONF}
+        lst_match_line ${FIRST_LINE_NUM} ${LS_HTTPD_CONF} '/censorshipRuleSet'
+        sed -i "${FIRST_LINE_NUM},${LAST_LINE_NUM}d" ${LS_HTTPD_CONF}
+    fi    
+}
+
+disable_modsec(){
+    check_lsv
+    if [ "${LSV}" = 'lsws' ]; then
+        disable_ls_modesec
+    elif [ "${LSV}" = 'openlitespeed' ]; then
+        disable_ols_modesec
+    fi
+}
+
+install_unzip(){
+    if [ ! -f /usr/bin/unzip ]; then
+        echo 'Install Unzip'
+        apt update >/dev/null 2>&1
+        apt-get install unzip -y >/dev/null 2>&1
+    fi
+}
+
+backup_owasp(){
+    if [ -d ${OWASP_DIR} ]; then
+        echo "Detect ${OWASP_DIR} folder exist, move to ${OWASP_DIR}.$(date +%F).bk"
+        if [ -d ${OWASP_DIR}.$(date +%F).bk ]; then
+            rm -rf ${OWASP_DIR}.$(date +%F).bk
+        fi
+        mv ${OWASP_DIR} ${OWASP_DIR}.$(date +%F).bk
+    fi
+}   
+
+install_owasp(){
+    cd ${OWASP_DIR}
+    echo 'Download OWASP rules'
+    wget -q https://github.com/coreruleset/coreruleset/archive/refs/tags/v${OWASP_V}.zip
+    unzip -qq v${OWASP_V}.zip
+    rm -f v${OWASP_V}.zip
+    mv coreruleset-* ${CRS_DIR}
+}
+
+configure_owasp(){
+    echo 'Config OWASP rules.'
+    cd ${OWASP_DIR}
+    if [ -f ${CRS_DIR}/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example ]; then
+        mv ${CRS_DIR}/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example ${CRS_DIR}/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
+    fi
+    if [ -f ${CRS_DIR}/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example ]; then
+        mv ${CRS_DIR}/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example ${CRS_DIR}/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
+    fi
+    if [ -f ${RULE_FILE} ]; then
+        mv ${RULE_FILE} ${RULE_FILE}.bk
+    fi
+    echo 'include modsecurity.conf' >> ${RULE_FILE}
+    if [ -f ${CRS_DIR}/crs-setup.conf.example ]; then
+        mv ${CRS_DIR}/crs-setup.conf.example ${CRS_DIR}/crs-setup.conf
+        echo "include ${CRS_DIR}/crs-setup.conf" >> ${RULE_FILE}
+    fi    
+    ALL_RULES="$(ls ${CRS_DIR}/rules/ | grep 'REQUEST-\|RESPONSE-')"
+    echo "${ALL_RULES}"  | while read LINE; do echo "include ${CRS_DIR}/rules/${LINE}" >> ${RULE_FILE}; done
+    echo 'SecRuleEngine On' > modsecurity.conf
+    chown -R lsadm ${OWASP_DIR}
+}
+
+main_owasp(){
+    backup_owasp
+    mk_owasp_dir
+    install_unzip
+    install_owasp
+    configure_owasp
+    check_lsv
+    enable_modsec    
+}
+
+check_input ${1}
+while [ ! -z "${1}" ]; do
+    case ${1} in
+        -[hH] | -help | --help)
+            help_message
+            ;;
+        -[eE] | -enable | --enable)
+            main_owasp
+            ;;
+        -[dD] | -disable | --disable)
+            disable_modsec
+            ;;          
+        *) 
+            help_message
+            ;;
+    esac
+    shift
+done

bin/container/serialctl.sh

@@ -0,0 +1,84 @@
+#!/bin/bash
+LSDIR='/usr/local/lsws'
+EPACE='        '
+
+echow(){
+    FLAG=${1}
+    shift
+    echo -e "\033[1m${EPACE}${FLAG}\033[0m${@}"
+}
+
+help_message(){
+    echo -e "\033[1mOPTIONS\033[0m"
+    echow '-S, --serial [YOUR_SERIAL|TRIAL]'
+    echo "${EPACE}${EPACE}Will apply and register the serial to LSWS."
+    echow '-H, --help'
+    echo "${EPACE}${EPACE}Display help and exit."       
+    exit 0
+}
+
+check_input(){
+    if [ -z "${1}" ]; then
+        help_message
+        exit 1
+    fi
+}
+
+backup_old(){
+    if [ -f ${1} ] && [ ! -f ${1}_old ]; then
+       mv ${1} ${1}_old
+    fi
+}
+
+detect_ols(){
+    if [ -e ${LSDIR}/bin/openlitespeed ]; then
+        echo '[X] Detect OpenLiteSpeed, abort!'
+        exit 1
+    fi    
+}
+
+apply_serial(){
+    detect_ols
+    check_input ${1}
+    echo ${1} | grep -i 'trial' >/dev/null
+    if [ ${?} = 0 ]; then 
+        echo 'Apply Trial License'
+        if [ ! -e ${LSDIR}/conf/serial.no ] && [ ! -e ${LSDIR}/conf/license.key ]; then
+            rm -f ${LSDIR}/conf/trial.key*
+            wget -P ${LSDIR}/conf -q http://license.litespeedtech.com/reseller/trial.key
+            echo 'Apply trial finished'
+        else
+            echo "Please backup and remove your existing license, apply abort!"
+            exit 1    
+        fi
+    else
+        echo "Apply Serial number: ${1}"
+        backup_old ${LSDIR}/conf/serial.no
+        backup_old ${LSDIR}/conf/license.key
+        backup_old ${LSDIR}/conf/trial.key
+        echo "${1}" > ${LSDIR}/conf/serial.no
+        ${LSDIR}/bin/lshttpd -r
+        if [ -f ${LSDIR}/conf/license.key ]; then
+            echo '[O] Apply success'
+        else 
+            echo '[X] Apply failed, please check!'
+            exit 1
+        fi
+    fi
+}
+
+check_input ${1}
+while [ ! -z "${1}" ]; do
+    case ${1} in
+        -[hH] | -help | --help)
+            help_message
+            ;;
+        -[sS] | -serial | --serial) shift
+            apply_serial "${1}"
+            ;;            
+        *)
+            help_message
+            ;;
+    esac
+    shift
+done

bin/database.sh

@@ -0,0 +1,193 @@
+#!/usr/bin/env bash
+source .env
+
+DOMAIN=''
+SQL_DB=''
+SQL_USER=''
+SQL_PASS=''
+ANY="'%'"
+SET_OK=0
+EPACE='        '
+METHOD=0
+
+echow(){
+    FLAG=${1}
+    shift
+    echo -e "\033[1m${EPACE}${FLAG}\033[0m${@}"
+}
+
+help_message(){
+    echo -e "\033[1mOPTIONS\033[0m"
+    echow '-D, --domain [DOMAIN_NAME]'
+    echo "${EPACE}${EPACE}Example: database.sh -D example.com"
+    echo "${EPACE}${EPACE}Will auto-generate Database/username/password for the domain"
+    echow '-D, --domain [DOMAIN_NAME] -U, --user [xxx] -P, --password [xxx] -DB, --database [xxx]'
+    echo "${EPACE}${EPACE}Example: database.sh -D example.com -U USERNAME -P PASSWORD -DB DATABASENAME"
+    echo "${EPACE}${EPACE}Will create Database/username/password by given"
+    echow '-R, --delete -DB, --database [xxx] -U, --user [xxx]'
+    echo "${EPACE}${EPACE}Example: database.sh -r -DB DATABASENAME -U USERNAME"
+    echo "${EPACE}${EPACE}Will delete the database (require) and username (optional) by given"
+    echow '-H, --help'
+    echo "${EPACE}${EPACE}Display help and exit."
+    exit 0    
+}
+
+check_input(){
+    if [ -z "${1}" ]; then
+        help_message
+        exit 1
+    fi
+}
+
+specify_name(){
+    check_input ${SQL_USER}
+    check_input ${SQL_PASS}
+    check_input ${SQL_DB}
+}
+
+auto_name(){
+    SQL_DB="${TRANSNAME}"
+    SQL_USER="${TRANSNAME}"
+    SQL_PASS="'${RANDOM_PASS}'"
+}
+
+gen_pass(){
+    RANDOM_PASS="$(openssl rand -base64 12)"
+}
+
+trans_name(){
+    TRANSNAME=$(echo ${1} | tr -d '.&&-')
+}
+
+display_credential(){
+    if [ ${SET_OK} = 0 ]; then
+        echo "Database: ${SQL_DB}"
+        echo "Username: ${SQL_USER}"
+        echo "Password: $(echo ${SQL_PASS} | tr -d "'")"
+    fi    
+}
+
+store_credential(){
+    if [ -d "./sites/${1}" ]; then
+        if [ -f ./sites/${1}/.db_pass ]; then 
+            mv ./sites/${1}/.db_pass ./sites/${1}/.db_pass.bk
+        fi
+        cat > "./sites/${1}/.db_pass" << EOT
+"Database":"${SQL_DB}"
+"Username":"${SQL_USER}"
+"Password":"$(echo ${SQL_PASS} | tr -d "'")"
+EOT
+    else
+        echo "./sites/${1} not found, abort credential store!"
+    fi    
+}
+
+check_db_access(){
+    docker compose exec -T mysql su -c "mariadb -uroot --password=${MYSQL_ROOT_PASSWORD} -e 'status'" >/dev/null 2>&1
+    if [ ${?} != 0 ]; then
+        echo '[X] DB access failed, please check!'
+        exit 1
+    fi    
+}
+
+check_db_exist(){
+    docker compose exec -T mysql su -c "test -e /var/lib/mysql/${1}"
+    if [ ${?} = 0 ]; then
+        echo "Database ${1} already exist, skip DB creation!"
+        exit 0    
+    fi      
+}
+
+check_db_not_exist(){
+    docker compose exec -T mysql su -c "test -e /var/lib/mysql/${1}"
+    if [ ${?} != 0 ]; then
+        echo "Database ${1} doesn't exist, skip DB deletion!"
+        exit 0
+    fi
+}
+
+db_setup(){  
+    docker compose exec -T mysql su -c 'mariadb -uroot --password=${MYSQL_ROOT_PASSWORD} \
+    -e "CREATE DATABASE '${SQL_DB}';" \
+    -e "GRANT ALL PRIVILEGES ON '${SQL_DB}'.* TO '${SQL_USER}'@'${ANY}' IDENTIFIED BY '${SQL_PASS}';" \
+    -e "FLUSH PRIVILEGES;"'
+    SET_OK=${?}
+}
+
+db_delete(){
+    if [ "${SQL_DB}" == '' ]; then
+        echo "Database parameter is required!"
+        exit 0
+    fi
+    if [ "${SQL_USER}" == '' ]; then
+        SQL_USER="${SQL_DB}"
+    fi
+    check_db_not_exist ${SQL_DB}
+    docker compose exec -T mysql su -c 'mariadb -uroot --password=${MYSQL_ROOT_PASSWORD} \
+        -e "DROP DATABASE IF EXISTS '${SQL_DB}';" \
+        -e "DROP USER IF EXISTS '${SQL_USER}'@'${ANY}';" \
+        -e "FLUSH PRIVILEGES;"'
+    echo "Database ${SQL_DB} and User ${SQL_USER} are deleted!"
+}
+
+auto_setup_main(){
+    check_input ${DOMAIN}
+    gen_pass
+    trans_name ${DOMAIN}
+    auto_name
+    check_db_exist ${SQL_DB}
+    check_db_access
+    db_setup
+    display_credential
+    store_credential ${DOMAIN}
+}
+
+specify_setup_main(){
+    specify_name
+    check_db_exist ${SQL_DB}
+    check_db_access
+    db_setup
+    display_credential
+    store_credential ${DOMAIN}
+}
+
+main(){
+    if [ ${METHOD} == 1 ]; then
+        db_delete
+        exit 0
+    fi
+    if [ "${SQL_USER}" != '' ] && [ "${SQL_PASS}" != '' ] && [ "${SQL_DB}" != '' ]; then
+        specify_setup_main
+    else
+        auto_setup_main
+    fi
+}
+
+check_input ${1}
+while [ ! -z "${1}" ]; do
+    case ${1} in
+        -[hH] | -help | --help)
+            help_message
+            ;;
+        -[dD] | -domain| --domain) shift
+            DOMAIN="${1}"
+            ;;
+        -[uU] | -user | --user) shift
+            SQL_USER="${1}"
+            ;;
+        -[pP] | -password| --password) shift
+            SQL_PASS="'${1}'"
+            ;;            
+        -db | -DB | -database| --database) shift
+            SQL_DB="${1}"
+            ;;
+        -[rR] | -del | --del | --delete)
+            METHOD=1
+            ;;
+        *) 
+            help_message
+            ;;              
+    esac
+    shift
+done
+main

bin/demosite.sh

@@ -0,0 +1,102 @@
+#!/usr/bin/env bash
+source .env
+APP_NAME='wordpress'
+CONT_NAME='litespeed'
+DOC_FD=''
+
+echow(){
+    FLAG=${1}
+    shift
+    echo -e "\033[1m${EPACE}${FLAG}\033[0m${@}"
+}
+
+help_message(){
+    case ${1} in
+        "1")    
+            echow "Script will get 'DOMAIN' and 'database' info from .env file, then auto setup virtual host and the wordpress site for you."
+            exit 0
+        ;;
+        "2")
+            echow 'Service finished, enjoy your accelarated LiteSpeed server!'
+        ;;
+    esac       
+}
+
+domain_filter(){
+    if [ ! -n "${DOMAIN}" ]; then
+        echo "Parameters not supplied, please check!"
+        exit 1
+    fi
+    DOMAIN="${1}"
+    DOMAIN="${DOMAIN#http://}"
+    DOMAIN="${DOMAIN#https://}"
+    DOMAIN="${DOMAIN#ftp://}"
+    DOMAIN="${DOMAIN#scp://}"
+    DOMAIN="${DOMAIN#scp://}"
+    DOMAIN="${DOMAIN#sftp://}"
+    DOMAIN=${DOMAIN%%/*}
+}
+
+gen_root_fd(){
+    DOC_FD="./sites/${1}/"
+    if [ -d "./sites/${1}" ]; then
+        echo -e "[O] The root folder \033[32m${DOC_FD}\033[0m exist."
+    else
+        echo "Creating - document root."
+        bash bin/domain.sh -add ${1}
+        echo "Finished - document root."
+    fi
+}
+
+create_db(){
+    if [ ! -n "${MYSQL_DATABASE}" ] || [ ! -n "${MYSQL_USER}" ] || [ ! -n "${MYSQL_PASSWORD}" ]; then
+        echo "Parameters not supplied, please check!"
+        exit 1
+    else    
+        bash bin/database.sh -D ${1} -U ${MYSQL_USER} -P ${MYSQL_PASSWORD} -DB ${MYSQL_DATABASE}
+    fi    
+}    
+
+store_credential(){
+    if [ -f ${DOC_FD}/.db_pass ]; then
+        echo '[O] db file exist!'
+    else
+        echo 'Storing database parameter'
+        cat > "${DOC_FD}/.db_pass" << EOT
+"Database":"${MYSQL_DATABASE}"
+"Username":"${MYSQL_USER}"
+"Password":"$(echo ${MYSQL_PASSWORD} | tr -d "'")"
+EOT
+    fi
+}
+
+app_download(){
+    docker compose exec -T ${CONT_NAME} su -c "appinstallctl.sh --app ${1} --domain ${2}"
+}
+
+lsws_restart(){
+    bash bin/webadmin.sh -r
+}
+
+main(){
+    domain_filter ${DOMAIN}
+    gen_root_fd ${DOMAIN}
+    create_db ${DOMAIN}
+    store_credential
+    app_download ${APP_NAME} ${DOMAIN}
+    lsws_restart
+    help_message 2
+}
+
+while [ ! -z "${1}" ]; do
+    case ${1} in
+        -[hH] | -help | --help)
+            help_message 1
+            ;;
+        *) 
+            help_message 1
+            ;;              
+    esac
+    shift
+done
+main

bin/dev/list-flagged-files.sh

@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+git ls-files -v|grep '^S'

bin/dev/no-skip-worktree-conf.sh

@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+find conf -maxdepth 1 -type d \( ! -name . \) -exec bash -c "cd '{}' && pwd && git ls-files -z ${pwd} | xargs -0 git update-index --no-skip-worktree" \;

bin/dev/skip-worktree-conf.sh

@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+find conf -maxdepth 1 -type d \( ! -name . \) -exec bash -c "cd '{}' && pwd && git ls-files -z ${pwd} | xargs -0 git update-index --skip-worktree" \;
+

bin/domain.sh

@@ -0,0 +1,61 @@
+#!/usr/bin/env bash
+CONT_NAME='litespeed'
+EPACE='        '
+
+echow(){
+    FLAG=${1}
+    shift
+    echo -e "\033[1m${EPACE}${FLAG}\033[0m${@}"
+}
+
+help_message(){
+    echo -e "\033[1mOPTIONS\033[0m"
+    echow "-A, --add [domain_name]"
+    echo "${EPACE}${EPACE}Example: domain.sh -A example.com, will add the domain to Listener and auto create a new virtual host."
+    echow "-D, --del [domain_name]"
+    echo "${EPACE}${EPACE}Example: domain.sh -D example.com, will delete the domain from Listener."
+    echow '-H, --help'
+    echo "${EPACE}${EPACE}Display help and exit."    
+}
+
+check_input(){
+    if [ -z "${1}" ]; then
+        help_message
+        exit 1
+    fi
+}
+
+add_domain(){
+    check_input ${1}
+    docker compose exec ${CONT_NAME} su -s /bin/bash lsadm -c "cd /usr/local/lsws/conf && domainctl.sh --add ${1}"
+    if [ ! -d "./sites/${1}" ]; then 
+        mkdir -p ./sites/${1}/{html,logs,certs}
+    fi
+    bash bin/webadmin.sh -r
+}
+
+del_domain(){
+    check_input ${1}
+    docker compose exec ${CONT_NAME} su -s /bin/bash lsadm -c "cd /usr/local/lsws/conf && domainctl.sh --del ${1}"
+    bash bin/webadmin.sh -r
+}
+
+check_input ${1}
+while [ ! -z "${1}" ]; do
+    case ${1} in
+        -[hH] | -help | --help)
+            help_message
+            ;;
+        -[aA] | -add | --add) shift
+            add_domain ${1}
+            ;;
+        -[dD] | -del | --del | --delete) shift
+            del_domain ${1}
+            ;;          
+        *) 
+            help_message
+            ;;              
+    esac
+    shift
+done
+          

bin/mkcert.sh

@@ -0,0 +1,463 @@
+#!/usr/bin/env bash
+DOMAIN=''
+INSTALL=''
+REMOVE=''
+CONT_NAME='litespeed'
+CERT_DIR='./certs'
+EPACE='        '
+
+echow(){
+    FLAG=${1}
+    shift
+    echo -e "\033[1m${EPACE}${FLAG}\033[0m${@}"
+}
+
+help_message(){
+    echo -e "\033[1mUSAGE\033[0m"
+    echo "${EPACE}mkcert.sh [OPTIONS]"
+    echo ""
+    echo -e "\033[1mOPTIONS\033[0m" 
+    echow '-D, --domain [DOMAIN_NAME]'         
+    echo "${EPACE}${EPACE}Example: mkcert.sh --domain example.test"
+    echo "${EPACE}${EPACE}Will create certificate for example.test and www.example.test"
+    echow '-I, --install'
+    echo "${EPACE}${EPACE}Install mkcert on Windows (requires Chocolatey)"
+    echow '-R, --remove'
+    echo "${EPACE}${EPACE}Remove certificate for a specific domain. Must be used with --domain."
+    echo "${EPACE}${EPACE}Example: mkcert.sh --remove --domain example.test"
+    echow '-H, --help'
+    echo "${EPACE}${EPACE}Display help and exit"
+    exit 0
+}
+
+check_input(){
+    if [ -z "${1}" ]; then
+        help_message
+    fi
+}
+
+domain_filter(){
+    if [ -z "${1}" ]; then
+        echo "[X] Domain name is required!"
+        exit 1
+    fi
+    DOMAIN="${1}"
+    DOMAIN="${DOMAIN#http://}"
+    DOMAIN="${DOMAIN#https://}"
+    DOMAIN="${DOMAIN#ftp://}"
+    DOMAIN="${DOMAIN%%/*}"
+}
+
+www_domain(){
+    CHECK_WWW=$(echo ${1} | cut -c1-4)
+    if [[ ${CHECK_WWW} == www. ]] ; then
+        DOMAIN=$(echo ${1} | cut -c 5-)
+    else
+        DOMAIN=${1}    
+    fi
+    WWW_DOMAIN="www.${DOMAIN}"
+}
+
+check_mkcert() {
+    echo "[Start] Checking mkcert installation..."
+
+    if MKCERT_CMD=$(command -v mkcert.exe 2>/dev/null || command -v mkcert 2>/dev/null); then
+        echo "[✔] mkcert found at: ${MKCERT_CMD}"
+    else
+        echo "[✖] mkcert not found!"
+        echo "→ Please run 'bash bin/mkcert.sh --install' or install it manually."
+        echo "   Windows: choco install mkcert"
+        echo "   (Linux/macOS support can be added here later)"
+        exit 1
+    fi
+
+    echo "[End] mkcert check completed."
+}
+
+install_mkcert() {
+    echo "[Start] Installing mkcert..."
+    case "$(uname -s)" in
+        Linux*)   OS="linux" ;;
+        Darwin*)  OS="mac" ;;
+        MINGW*|MSYS*|CYGWIN*|Windows*) OS="windows" ;;
+        *) echo "[X] Unsupported OS: $(uname -s)"; exit 1 ;;
+    esac
+    echo "[*] Detected OS: $OS"
+    if command -v mkcert >/dev/null 2>&1 || command -v mkcert.exe >/dev/null 2>&1; then
+        echo "[O] mkcert is already installed."
+        echo "[!] Ensuring local CA is installed..."
+        (command -v mkcert.exe >/dev/null 2>&1 && mkcert.exe -install || mkcert -install)
+        echo "[O] Local CA configured."
+        return 0
+    fi
+    case "$OS" in
+        windows)
+            if ! command -v choco >/dev/null 2>&1 && ! command -v choco.exe >/dev/null 2>&1; then
+                echo "[X] Chocolatey not found!"
+                echo "Install it first: https://chocolatey.org/install"
+                exit 1
+            fi
+            choco install mkcert -y
+            ;;
+        mac)
+            if ! command -v brew >/dev/null 2>&1; then
+                echo "[X] Homebrew not found!"
+                echo "Install it from https://brew.sh/"
+                exit 1
+            fi
+            brew install mkcert nss
+            ;;
+        linux)
+            if command -v apt >/dev/null 2>&1; then
+                sudo apt update -y && sudo apt install -y mkcert libnss3-tools
+            elif command -v dnf >/dev/null 2>&1; then
+                sudo dnf install -y mkcert nss-tools
+            elif command -v yum >/dev/null 2>&1; then
+                sudo yum install -y mkcert nss-tools
+            elif command -v zypper >/dev/null 2>&1; then
+                sudo zypper install -y mkcert mozilla-nss-tools
+            else
+                echo "[X] Unsupported Linux distro. Install manually:"
+                echo "→ https://github.com/FiloSottile/mkcert"
+                exit 1
+            fi
+            ;;
+    esac
+    if command -v mkcert >/dev/null 2>&1 || command -v mkcert.exe >/dev/null 2>&1; then
+        echo "[O] mkcert installed successfully."
+        echo "[!] Creating local CA..."
+        (command -v mkcert.exe >/dev/null 2>&1 && mkcert.exe -install || mkcert -install)
+        echo "[O] Local CA configured."
+        echo "[End] mkcert installation complete."
+    else
+        echo "[X] mkcert installation failed!"
+        exit 1
+    fi
+}
+
+create_cert_dir(){
+    if [ ! -d "${CERT_DIR}" ]; then
+        echo "[!] Creating certificate directory: ${CERT_DIR}"
+        mkdir -p "${CERT_DIR}"
+    fi
+}
+
+domain_verify(){
+    local domain="${1}"
+    local doc_path="/var/www/vhosts/${domain}/html"
+    
+    echo "[!] Checking if domain '${domain}' has been added..."
+    
+    if docker compose exec -T ${CONT_NAME} bash -c "[ -d ${doc_path} ]" 2>/dev/null; then
+        echo -e "[O] Domain \033[32m${domain}\033[0m exists (document root found)"
+        return 0
+    else
+        echo -e "[X] Domain \033[31m${domain}\033[0m has NOT been added yet!"
+        echo "[!] Document root not found: ${doc_path}"
+        echo "[!] Please add this domain first using: bash bin/domain.sh -a ${domain}"
+        exit 1
+    fi
+}
+
+generate_cert(){
+    echo '[Start] Generating SSL certificate'
+    www_domain "${DOMAIN}"   
+    create_cert_dir
+    mkdir -p "${CERT_DIR}/${DOMAIN}"
+    cd "${CERT_DIR}/${DOMAIN}"
+    echo -e "[!] Generating certificate for: \033[32m${DOMAIN}\033[0m and \033[32m${WWW_DOMAIN}\033[0m"
+    
+    ${MKCERT_CMD} -key-file key.pem -cert-file cert.pem "${DOMAIN}" "${WWW_DOMAIN}" >/dev/null 2>&1
+    if [ ${?} = 0 ]; then
+        echo -e "[O] Certificate generated successfully"
+        echo "[!] Certificate files:"
+        echo "${EPACE}Cert: ${CERT_DIR}/${DOMAIN}/cert.pem"
+        echo "${EPACE}Key:  ${CERT_DIR}/${DOMAIN}/key.pem"
+    else
+        echo "[X] Failed to generate certificate"
+        cd ../..
+        rm -rf "${CERT_DIR}/${DOMAIN}"
+        exit 1
+    fi
+    cd - > /dev/null
+    echo '[End] Generating SSL certificate'
+}
+
+create_local_template(){
+    echo '[Start] Creating docker-local.conf template'   
+    local source_file="/usr/local/lsws/conf/templates/docker.conf"
+    local dest_file="/usr/local/lsws/conf/templates/docker-local.conf"
+    if docker compose exec -T ${CONT_NAME} bash -c "[ -f ${dest_file} ]" 2>/dev/null; then
+        echo "[i] Template file already exists: ${dest_file}"
+        echo '[End] Creating docker-local.conf template'
+        return 0
+    fi
+    
+    docker compose exec -T ${CONT_NAME} bash -c "
+        # Copy template file
+        cp ${source_file} ${dest_file}
+        
+        # Remove old vhssl block and last closing brace
+        sed -i '/^  vhssl  {/,/^  }/d; \$d' ${dest_file}
+        
+        # Append new vhssl configuration
+        cat >> ${dest_file} <<'VHSSL_EOF'
+  vhssl  {
+    keyFile               /usr/local/lsws/conf/cert/\$VH_NAME/key.pem
+    certFile              /usr/local/lsws/conf/cert/\$VH_NAME/cert.pem
+    certChain             1
+  }
+}
+VHSSL_EOF
+        
+        # Fix ownership and permissions
+        chown nobody:nogroup ${dest_file} 2>/dev/null || chown lsadm:lsadm ${dest_file}
+        chmod 644 ${dest_file}
+    "
+    
+    echo -e "[O] Template \033[32mdocker-local.conf\033[0m created successfully!"
+    echo -e "    SSL certificates path: /usr/local/lsws/conf/cert/\$VH_NAME/"
+    echo '[End] Creating docker-local.conf template'
+}
+
+register_local_template() {
+    echo '[Start] Registering vhTemplate: dockerLocal'
+    local config_file="/usr/local/lsws/conf/httpd_config.conf"
+    local template_name="dockerLocal"
+    local template_path="conf/templates/docker-local.conf"
+
+    docker compose exec -T ${CONT_NAME} bash -c "
+    if ! grep -q 'vhTemplate ${template_name} {' ${config_file}; then
+      cat >> ${config_file} <<EOF
+
+vhTemplate ${template_name} {
+  templateFile            ${template_path}
+  listeners               HTTP, HTTPS
+  note                    ${template_name}
+}
+EOF
+      echo '[✔] Template ${template_name} registered.'
+    else
+      echo '[i] Template ${template_name} already exists, skipped.'
+    fi
+  "
+
+    echo '[End] Registering vhTemplate complete.'
+}
+
+configure_litespeed(){
+    echo '[Start] Configuring OpenLiteSpeed for local SSL'
+    local cert_host_path="${CERT_DIR}/${DOMAIN}"
+    if [ ! -f "${cert_host_path}/cert.pem" ] || [ ! -f "${cert_host_path}/key.pem" ]; then
+        echo "[X] Certificate files not found on host at: ${cert_host_path}"
+        exit 1
+    fi
+    echo "[!] Configuring SSL for domain: ${DOMAIN}"
+    
+    local lsws_conf_dir="/usr/local/lsws/conf"
+    local httpd_conf="${lsws_conf_dir}/httpd_config.conf"
+    local cert_container_path="${lsws_conf_dir}/cert/${DOMAIN}"
+
+    echo "[!] Step 1: Creating docker-local template..."
+    create_local_template
+    echo "[!] Step 2: Registering dockerLocal template..."
+    register_local_template
+    echo "[!] Step 3: Searching for Virtual Host mapped to '${DOMAIN}'..."
+    local vhost_name=$(docker compose exec -T ${CONT_NAME} bash -c "grep -B 2 'vhDomain.*${DOMAIN}' ${httpd_conf} | grep 'member' | awk '{print \$2}'" | tr -d '\r')
+
+    if [ -z "${vhost_name}" ]; then
+        echo "[X] No Virtual Host found for domain '${DOMAIN}' in ${httpd_conf}."
+        echo "[!] Please add this domain to your environment first (e.g., using the 'domain' script)."
+        exit 1
+    fi
+    echo "[O] Found Virtual Host member name: '${vhost_name}'"
+
+    echo "[!] Step 4: Checking if domain is already configured for SSL..."
+    if docker compose exec -T ${CONT_NAME} bash -c "sed -n '/^vhTemplate dockerLocal {/,/^}/p' ${httpd_conf} | grep -q 'member ${vhost_name}'"; then
+        echo -e "[O] Domain '\033[32m${DOMAIN}\033[0m' is already in 'dockerLocal' template."
+        echo "[!] Updating certificates and restarting..."
+        docker compose exec -T ${CONT_NAME} bash -c "mkdir -p ${cert_container_path}"
+        docker compose cp "${cert_host_path}/cert.pem" "${CONT_NAME}:${cert_container_path}/cert.pem"
+        docker compose cp "${cert_host_path}/key.pem" "${CONT_NAME}:${cert_container_path}/key.pem"
+        lsws_restart
+        echo "[End] Configuration complete."
+        exit 0
+    fi
+
+    echo "[!] Step 5: Copying certificates to container..."
+    docker compose exec -T ${CONT_NAME} bash -c "mkdir -p ${cert_container_path}"
+    docker compose cp "${cert_host_path}/cert.pem" "${CONT_NAME}:${cert_container_path}/cert.pem"
+    docker compose cp "${cert_host_path}/key.pem" "${CONT_NAME}:${cert_container_path}/key.pem"
+    echo "[O] Certificates copied to: ${cert_container_path}"
+
+    echo "[!] Step 6: Moving domain from 'docker' template to 'dockerLocal' template..."
+    docker compose exec -T ${CONT_NAME} bash -c "
+        # Backup httpd_config.conf
+        cp ${httpd_conf} ${httpd_conf}.backup.\$(date +%Y%m%d_%H%M%S)
+        
+        # Find the member block for this vhost in 'docker' template
+        sed -i '/^vhTemplate docker {/,/^}/ {
+            /member ${vhost_name} {/,/}/d
+        }' ${httpd_conf}
+        
+        # Add the member to 'dockerLocal' template
+        # Find the last line of dockerLocal template and insert before it
+        sed -i '/^vhTemplate dockerLocal {/,/^}/ {
+            /^}/ i\  member ${vhost_name} {\n    vhDomain              ${DOMAIN},www.${DOMAIN}\n  }
+        }' ${httpd_conf}
+    "
+    
+    if [ ${?} = 0 ]; then
+        echo -e "[O] Domain '\033[32m${DOMAIN}\033[0m' moved to 'dockerLocal' template"
+        echo "[!] Restarting OpenLiteSpeed to apply changes..."
+        lsws_restart
+    else
+        echo "[X] Failed to move domain to dockerLocal template"
+        exit 1
+    fi
+    
+    echo '[End] Configuring OpenLiteSpeed'
+}
+
+remove_cert(){
+    echo '[Start] Removing SSL certificate'
+    
+    local cert_host_path="${CERT_DIR}/${DOMAIN}"
+    local lsws_conf_dir="/usr/local/lsws/conf"
+    local httpd_conf="${lsws_conf_dir}/httpd_config.conf"
+    local cert_container_path="${lsws_conf_dir}/cert/${DOMAIN}"
+    
+    echo "[!] Step 1: Finding Virtual Host for domain '${DOMAIN}'..."
+    local vhost_name=$(docker compose exec -T ${CONT_NAME} bash -c "grep -B 2 'vhDomain.*${DOMAIN}' ${httpd_conf} | grep 'member' | awk '{print \$2}'" | tr -d '\r')
+    
+    if [ -z "${vhost_name}" ]; then
+        echo "[!] No Virtual Host found for domain '${DOMAIN}' in dockerLocal template"
+        echo "[!] Certificate may have already been removed or was never configured"
+    else
+        echo "[O] Found Virtual Host member name: '${vhost_name}'"
+        
+        echo "[!] Step 2: Removing domain from 'dockerLocal' template..."
+        if docker compose exec -T ${CONT_NAME} bash -c "sed -n '/^vhTemplate dockerLocal {/,/^}/p' ${httpd_conf} | grep -q 'member ${vhost_name}'"; then
+            echo "[O] Domain is configured for SSL. Moving it back to 'docker' template..."
+            docker compose exec -T ${CONT_NAME} bash -c "
+                # Backup httpd_config.conf
+                cp ${httpd_conf} ${httpd_conf}.backup.\$(date +%Y%m%d_%H%M%S)
+                
+                # Remove the member block from dockerLocal template
+                sed -i '/^vhTemplate dockerLocal {/,/^}/ {
+                    /member ${vhost_name} {/,/}/d
+                }' ${httpd_conf}
+                
+                # Add the member back to 'docker' template (without SSL)
+                sed -i '/^vhTemplate docker {/,/^}/ {
+                    /^}/ i\  member ${vhost_name} {\n    vhDomain              ${DOMAIN},www.${DOMAIN}\n  }
+                }' ${httpd_conf}
+            "
+            if [ ${?} = 0 ]; then
+                echo -e "[O] Domain '\033[32m${DOMAIN}\033[0m' moved back to 'docker' template"
+            else
+                echo "[X] Failed to move domain back to docker template"
+            fi
+        else
+            echo "[!] Domain is not in 'dockerLocal' template. No configuration changes needed."
+        fi
+    fi
+    
+    echo "[!] Step 3: Removing certificate files from host..."
+    if [ -d "${cert_host_path}" ]; then
+        rm -rf "${cert_host_path}"
+        echo -e "[O] Removed: ${cert_host_path}"
+    else
+        echo "[!] Certificate directory not found on host: ${cert_host_path}"
+    fi
+    
+    echo "[!] Step 4: Removing certificate files from container..."
+    docker compose exec -T ${CONT_NAME} bash -c "
+        if [ -d ${cert_container_path} ]; then
+            rm -rf ${cert_container_path}
+            echo '[O] Removed certificate directory from container: ${cert_container_path}'
+        else
+            echo '[!] Certificate directory not found in container'
+        fi
+    "
+    
+    echo "[!] Step 5: Checking if dockerLocal template has any members..."
+    local member_count=$(docker compose exec -T ${CONT_NAME} bash -c "grep -A 20 'vhTemplate dockerLocal' ${httpd_conf} | grep -c 'member'" | tr -d '\r')
+    
+    if [ "${member_count}" = "0" ]; then
+        echo "[!] dockerLocal template has no members, removing template..."
+        docker compose exec -T ${CONT_NAME} bash -c "
+            sed -i '/^vhTemplate dockerLocal {/,/^}/d' ${httpd_conf}
+        "
+        echo "[O] Removed empty dockerLocal template"
+        
+        docker compose exec -T ${CONT_NAME} bash -c "
+            if [ -f ${lsws_conf_dir}/templates/docker-local.conf ]; then
+                rm ${lsws_conf_dir}/templates/docker-local.conf
+                echo '[O] Removed docker-local.conf template file'
+            fi
+        "
+    else
+        echo "[i] dockerLocal template still has ${member_count} member(s), keeping template"
+    fi
+    
+    echo "[!] Step 6: Restarting OpenLiteSpeed..."
+    lsws_restart
+    
+    echo ""
+    echo -e "\033[1m[SUCCESS] Certificate removed for domain: ${DOMAIN}\033[0m"
+    echo ""
+    echo '[End] Removing SSL certificate'
+}
+
+lsws_restart() {
+    docker compose exec ${CONT_NAME} su -c '/usr/local/lsws/bin/lswsctrl restart >/dev/null'
+
+    if [ ${?} = 0 ]; then
+        echo -e "[O] OpenLiteSpeed restarted successfully"
+    else
+        echo "[X] Failed to restart OpenLiteSpeed"
+    fi
+}
+
+main(){
+    if [ "${INSTALL}" = 'true' ]; then
+        install_mkcert
+        exit 0
+    fi
+    domain_filter "${DOMAIN}"
+    if [ "${REMOVE}" = 'true' ]; then
+        remove_cert
+        exit 0
+    fi
+    check_mkcert
+    domain_verify "${DOMAIN}"
+    generate_cert
+    configure_litespeed
+}
+
+check_input ${1}
+while [ ! -z "${1}" ]; do
+    case ${1} in
+        -[hH] | -help | --help)
+            help_message
+            ;;
+        -[dD] | -domain | --domain) 
+            shift
+            check_input "${1}"
+            DOMAIN="${1}"
+            ;;
+        -[iI] | --install) 
+            INSTALL=true
+            ;;
+        -[rR] | --remove)
+            REMOVE=true
+            ;;
+        *) 
+            help_message
+            ;;              
+    esac
+    shift
+done
+
+main

bin/webadmin.sh

@@ -0,0 +1,98 @@
+#!/usr/bin/env bash
+CONT_NAME='litespeed'
+EPACE='        '
+
+echow(){
+    FLAG=${1}
+    shift
+    echo -e "\033[1m${EPACE}${FLAG}\033[0m${@}"
+}
+
+help_message(){
+    echo -e "\033[1mOPTIONS\033[0m"
+    echow '[Enter Your PASSWORD]'
+    echo "${EPACE}${EPACE}Example: webadmin.sh MY_SECURE_PASS, to update web admin password immediatly."
+    echow '-R, --restart'
+    echo "${EPACE}${EPACE}Will gracefully restart LiteSpeed Web Server."
+    echow '-M, --mod-secure [enable|disable]'
+    echo "${EPACE}${EPACE}Example: webadmin.sh -M enable, will enable and apply Mod_Secure OWASP rules on server"
+    echow '-U, --upgrade'
+    echo "${EPACE}${EPACE}Will upgrade web server to latest stable version"
+    echow '-S, --serial [YOUR_SERIAL|TRIAL]'
+    echo "${EPACE}${EPACE}Will apply your serial number to LiteSpeed Web Server."
+    echow '-H, --help'
+    echo "${EPACE}${EPACE}Display help and exit."
+    exit 0
+}
+
+check_input(){
+    if [ -z "${1}" ]; then
+        help_message
+        exit 1
+    fi
+}
+
+lsws_restart(){
+    docker compose exec -T ${CONT_NAME} su -c '/usr/local/lsws/bin/lswsctrl restart >/dev/null'
+}
+
+apply_serial(){
+    docker compose exec ${CONT_NAME} su -c "serialctl.sh --serial ${1}"
+    lsws_restart
+}
+
+mod_secure(){
+    if [ "${1}" = 'enable' ] || [ "${1}" = 'Enable' ]; then
+        docker compose exec ${CONT_NAME} su -s /bin/bash root -c "owaspctl.sh --enable"
+        lsws_restart
+    elif [ "${1}" = 'disable' ] || [ "${1}" = 'Disable' ]; then
+        docker compose exec ${CONT_NAME} su -s /bin/bash root -c "owaspctl.sh --disable"
+        lsws_restart
+    else
+        help_message
+    fi
+}
+
+ls_upgrade(){
+    echo 'Upgrade web server to latest stable version.'
+    docker compose exec ${CONT_NAME} su -c '/usr/local/lsws/admin/misc/lsup.sh 2>/dev/null'
+}
+
+set_web_admin(){
+    echo 'Update web admin password.'
+    local LSADPATH='/usr/local/lsws/admin'
+    docker compose exec ${CONT_NAME} su -s /bin/bash lsadm -c \
+        'if [ -e /usr/local/lsws/admin/fcgi-bin/admin_php ]; then \
+        echo "admin:$('${LSADPATH}'/fcgi-bin/admin_php -q '${LSADPATH}'/misc/htpasswd.php '${1}')" > '${LSADPATH}'/conf/htpasswd; \
+        else echo "admin:$('${LSADPATH}'/fcgi-bin/admin_php5 -q '${LSADPATH}'/misc/htpasswd.php '${1}')" > '${LSADPATH}'/conf/htpasswd; \
+        fi';
+}
+
+main(){
+    set_web_admin ${1}
+}
+
+check_input ${1}
+while [ ! -z "${1}" ]; do
+    case ${1} in
+        -[hH] | -help | --help)
+            help_message
+            ;;
+        -[rR] | -restart | --restart)
+            lsws_restart
+            ;;
+        -M | -mode-secure | --mod-secure) shift
+            mod_secure ${1}
+            ;;
+        -lsup | --lsup | --upgrade | -U) shift
+            ls_upgrade
+            ;;
+        -[sS] | -serial | --serial) shift
+            apply_serial ${1}
+            ;;             
+        *) 
+            main ${1}
+            ;;              
+    esac
+    shift
+done

config/litespeed/1.5.10wp/Dockerfile

@@ -1,44 +0,0 @@
-#FROM debian:jessie-slim
-FROM ubuntu:18.04
-
-RUN apt-get update && apt-get install -y wget && \
-    wget https://openlitespeed.org/preuse/openlitespeed-1.5.10.tgz && \
-    tar xzvf openlitespeed-1.5.10.tgz && cd openlitespeed && \
-    ./install.sh && \
-    rm -rf /openlitespeed && \
-    apt-get install -y curl mysql-client \
-    lsphp73 lsphp73-mysql lsphp73-opcache lsphp73-curl
-
-RUN echo "admin:$(/usr/local/lsws/admin/fcgi-bin/admin_php* -q /usr/local/lsws/admin/misc/htpasswd.php ${WEB_ADMIN})" \
-    > /usr/local/lsws/admin/conf/htpasswd
-
-EXPOSE 7080
-
-RUN curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar && \
-	chmod +x wp-cli.phar && mv wp-cli.phar /usr/local/bin/wp && \
-	ln -s /usr/local/lsws/lsphp73/bin/php7.3 /usr/bin/php
-
-#install certbot
-#RUN apt-get install -y software-properties-common && \
-#    add-apt-repository 'deb http://ftp.debian.org/debian jessie-backports main' && \
-#    apt-get update && apt-get install -y python-certbot-apache -t jessie-backports
-
-# Download postfix to send mails
-#RUN apt-get update && \
-#  DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \
-#    postfix \
-#    bsd-mailx \
-#    mysql-client && \
-#    mkfifo /var/spool/postfix/public/pickup
-
-#remove the conf files and add the template conf files instead
-RUN rm -rf /usr/local/lsws/conf
-ADD conf /usr/local/lsws/conf
-RUN chown 999 /usr/local/lsws/conf -R
-COPY entrypoint.sh /entrypoint.sh
-RUN chmod +x /entrypoint.sh
-ENTRYPOINT ["/entrypoint.sh"]
-WORKDIR /var/www/vhosts/
-
-CMD ["/usr/local/lsws/bin/openlitespeed","-n"]
-

config/litespeed/1.5.10wp/conf/httpd_config.conf

@@ -1,246 +0,0 @@
-#
-# PLAIN TEXT CONFIGURATION FILE
-#
-#It not set, will use host name as serverName
-serverName                
-user                      nobody
-group                     nogroup
-priority                  0
-inMemBufSize              60M
-swappingDir               /tmp/lshttpd/swap
-autoFix503                1
-gracefulRestartTimeout    300
-mime                      conf/mime.properties
-showVersionNumber         0
-
-errorlog logs/error.log {
-  logLevel                DEBUG
-  debugLevel              0
-  rollingSize             10M
-  enableStderrLog         1
-}
-
-accesslog logs/access.log {
-  rollingSize             10M
-  keepDays                30
-  compressArchive         0
-}
-indexFiles                index.html, index.php
-
-expires  {
-  enableExpires           1
-  expiresByType           image/*=A604800,text/css=A604800,application/x-javascript=A604800,application/javascript=A604800,font/*=A604800,application/x-font-ttf=A604800
-}
-autoLoadHtaccess          1
-
-tuning  {
-  eventDispatcher         best
-  maxConnections          10000
-  maxSSLConnections       10000
-  connTimeout             300
-  maxKeepAliveReq         10000
-  smartKeepAlive          0
-  keepAliveTimeout        5
-  sndBufSize              0
-  rcvBufSize              0
-  maxReqURLLen            8192
-  maxReqHeaderSize        16380
-  maxReqBodySize          2047M
-  maxDynRespHeaderSize    8192
-  maxDynRespSize          2047M
-  maxCachedFileSize       4096
-  totalInMemCacheSize     20M
-  maxMMapFileSize         256K
-  totalMMapCacheSize      40M
-  useSendfile             1
-  fileETag                28
-  enableGzipCompress      1
-  enableDynGzipCompress   1
-  gzipCompressLevel       6
-  compressibleTypes       text/*, application/x-javascript, application/xml, application/javascript, image/svg+xml,application/rss+xml
-  gzipAutoUpdateStatic    1
-  gzipStaticCompressLevel 6
-  gzipMaxFileSize         10M
-  gzipMinFileSize         300
-  enableBrCompress        1
-  SSLCryptoDevice         null
-}
-
-fileAccessControl  {
-  followSymbolLink        1
-  checkSymbolLink         0
-  requiredPermissionMask  000
-  restrictedPermissionMask 000
-}
-
-perClientConnLimit  {
-  staticReqPerSec         0
-  dynReqPerSec            0
-  outBandwidth            0
-  inBandwidth             0
-  softLimit               10000
-  hardLimit               10000
-  gracePeriod             15
-  banPeriod               300
-}
-
-CGIRLimit  {
-  maxCGIInstances         20
-  minUID                  11
-  minGID                  10
-  priority                0
-  CPUSoftLimit            10
-  CPUHardLimit            50
-  memSoftLimit            1460M
-  memHardLimit            1470M
-  procSoftLimit           400
-  procHardLimit           450
-}
-
-accessDenyDir  {
-  dir                     /
-  dir                     /etc/*
-  dir                     /dev/*
-  dir                     conf/*
-  dir                     admin/conf/*
-}
-
-accessControl  {
-  allow                   ALL
-}
-
-extprocessor lsphp {
-  type                    lsapi
-  address                 uds://tmp/lshttpd/lsphp.sock
-  maxConns                35
-  env                     PHP_LSAPI_CHILDREN=35
-  env                     LSAPI_AVOID_FORK=200M
-  initTimeout             60
-  retryTimeout            0
-  persistConn             1
-  respBuffer              0
-  autoStart               1
-  path                    lsphp73/bin/lsphp
-  backlog                 100
-  instances               1
-  priority                0
-  memSoftLimit            2047M
-  memHardLimit            2047M
-  procSoftLimit           1400
-  procHardLimit           1500
-}
-
-scripthandler  {
-  add                     lsapi:lsphp php
-}
-
-railsDefaults  {
-  maxConns                5
-  env                     LSAPI_MAX_IDLE=60
-  initTimeout             60
-  retryTimeout            0
-  pcKeepAliveTimeout      60
-  respBuffer              0
-  backlog                 50
-  runOnStartUp            1
-  extMaxIdleTime          300
-  priority                3
-  memSoftLimit            2047M
-  memHardLimit            2047M
-  procSoftLimit           500
-  procHardLimit           600
-}
-
-wsgiDefaults  {
-  maxConns                5
-  env                     LSAPI_MAX_IDLE=60
-  initTimeout             60
-  retryTimeout            0
-  pcKeepAliveTimeout      60
-  respBuffer              0
-  backlog                 50
-  runOnStartUp            1
-  extMaxIdleTime          300
-  priority                3
-  memSoftLimit            2047M
-  memHardLimit            2047M
-  procSoftLimit           500
-  procHardLimit           600
-}
-
-nodeDefaults  {
-  maxConns                5
-  env                     LSAPI_MAX_IDLE=60
-  initTimeout             60
-  retryTimeout            0
-  pcKeepAliveTimeout      60
-  respBuffer              0
-  backlog                 50
-  runOnStartUp            1
-  extMaxIdleTime          300
-  priority                3
-  memSoftLimit            2047M
-  memHardLimit            2047M
-  procSoftLimit           500
-  procHardLimit           600
-}
-
-module cache {
-
-checkPrivateCache   1
-checkPublicCache    1
-maxCacheObjSize     10000000
-maxStaleAge         200
-qsCache             1
-reqCookieCache      1
-respCookieCache     1
-ignoreReqCacheCtrl  1
-ignoreRespCacheCtrl 0
-
-enableCache         0
-expireInSeconds     3600
-enablePrivateCache  0
-privateExpireInSeconds 3600
-
-
-  ls_enabled              1
-}
-
-virtualhost Example {
-  vhRoot                  /var/www/vhosts/localhost/
-  configFile              conf/vhosts/Example/vhconf.conf
-  allowSymbolLink         1
-  enableScript            1
-  restrained              1
-  setUIDMode              2
-}
-
-listener Default {
-  address                 *:80
-  secure                  0
-  map                     Example *
-}
-
-listener HTTPS {
-  address                 *:443
-  secure                  1
-  keyFile                 /usr/local/lsws/admin/conf/webadmin.key
-  certFile                /usr/local/lsws/admin/conf/webadmin.crt
-  map                     Example *
-}
-
-vhTemplate centralConfigLog {
-  templateFile            conf/templates/ccl.conf
-  listeners               Default
-}
-
-vhTemplate PHP_SuEXEC {
-  templateFile            conf/templates/phpsuexec.conf
-  listeners               Default
-}
-
-vhTemplate EasyRailsWithSuEXEC {
-  templateFile            conf/templates/rails.conf
-  listeners               Default
-}
-

config/litespeed/1.5.10wp/conf/httpd_config.conf.bak

@@ -1,236 +0,0 @@
-#
-# PLAIN TEXT CONFIGURATION FILE
-#
-#It not set, will use host name as serverName
-serverName                
-user                      nobody
-group                     nogroup
-priority                  0
-inMemBufSize              60M
-swappingDir               /tmp/lshttpd/swap
-autoFix503                1
-gracefulRestartTimeout    300
-mime                      conf/mime.properties
-showVersionNumber         0
-
-errorlog logs/error.log {
-  logLevel                DEBUG
-  debugLevel              0
-  rollingSize             10M
-  enableStderrLog         1
-}
-
-accesslog logs/access.log {
-  rollingSize             10M
-  keepDays                30
-  compressArchive         0
-}
-indexFiles                index.html, index.php
-
-expires  {
-  enableExpires           1
-  expiresByType           image/*=A604800,text/css=A604800,application/x-javascript=A604800,application/javascript=A604800,font/*=A604800,application/x-font-ttf=A604800
-}
-
-tuning  {
-  eventDispatcher         best
-  maxConnections          10000
-  maxSSLConnections       10000
-  connTimeout             300
-  maxKeepAliveReq         10000
-  smartKeepAlive          0
-  keepAliveTimeout        5
-  sndBufSize              0
-  rcvBufSize              0
-  maxReqURLLen            8192
-  maxReqHeaderSize        16380
-  maxReqBodySize          2047M
-  maxDynRespHeaderSize    8192
-  maxDynRespSize          2047M
-  maxCachedFileSize       4096
-  totalInMemCacheSize     20M
-  maxMMapFileSize         256K
-  totalMMapCacheSize      40M
-  useSendfile             1
-  fileETag                28
-  enableGzipCompress      1
-  enableDynGzipCompress   1
-  gzipCompressLevel       6
-  compressibleTypes       text/*, application/x-javascript, application/xml, application/javascript, image/svg+xml,application/rss+xml
-  gzipAutoUpdateStatic    1
-  gzipStaticCompressLevel 6
-  gzipMaxFileSize         10M
-  gzipMinFileSize         300
-  enableBrCompress        1
-  SSLCryptoDevice         null
-}
-
-fileAccessControl  {
-  followSymbolLink        1
-  checkSymbolLink         0
-  requiredPermissionMask  000
-  restrictedPermissionMask 000
-}
-
-perClientConnLimit  {
-  staticReqPerSec         0
-  dynReqPerSec            0
-  outBandwidth            0
-  inBandwidth             0
-  softLimit               10000
-  hardLimit               10000
-  gracePeriod             15
-  banPeriod               300
-}
-
-CGIRLimit  {
-  maxCGIInstances         20
-  minUID                  11
-  minGID                  10
-  priority                0
-  CPUSoftLimit            10
-  CPUHardLimit            50
-  memSoftLimit            1460M
-  memHardLimit            1470M
-  procSoftLimit           400
-  procHardLimit           450
-}
-
-accessDenyDir  {
-  dir                     /
-  dir                     /etc/*
-  dir                     /dev/*
-  dir                     conf/*
-  dir                     admin/conf/*
-}
-
-accessControl  {
-  allow                   ALL
-}
-
-extprocessor lsphp {
-  type                    lsapi
-  address                 uds://tmp/lshttpd/lsphp.sock
-  maxConns                35
-  env                     PHP_LSAPI_CHILDREN=35
-  initTimeout             60
-  retryTimeout            0
-  persistConn             1
-  respBuffer              0
-  autoStart               1
-  path                    fcgi-bin/lsphp
-  backlog                 100
-  instances               1
-  priority                0
-  memSoftLimit            2047M
-  memHardLimit            2047M
-  procSoftLimit           400
-  procHardLimit           500
-}
-
-scripthandler  {
-  add                     lsapi:lsphp php
-}
-
-railsDefaults  {
-  maxConns                5
-  env                     LSAPI_MAX_IDLE=60
-  initTimeout             60
-  retryTimeout            0
-  pcKeepAliveTimeout      60
-  respBuffer              0
-  backlog                 50
-  runOnStartUp            1
-  extMaxIdleTime          300
-  priority                3
-  memSoftLimit            2047M
-  memHardLimit            2047M
-  procSoftLimit           500
-  procHardLimit           600
-}
-
-wsgiDefaults  {
-  maxConns                5
-  env                     LSAPI_MAX_IDLE=60
-  initTimeout             60
-  retryTimeout            0
-  pcKeepAliveTimeout      60
-  respBuffer              0
-  backlog                 50
-  runOnStartUp            1
-  extMaxIdleTime          300
-  priority                3
-  memSoftLimit            2047M
-  memHardLimit            2047M
-  procSoftLimit           500
-  procHardLimit           600
-}
-
-nodeDefaults  {
-  maxConns                5
-  env                     LSAPI_MAX_IDLE=60
-  initTimeout             60
-  retryTimeout            0
-  pcKeepAliveTimeout      60
-  respBuffer              0
-  backlog                 50
-  runOnStartUp            1
-  extMaxIdleTime          300
-  priority                3
-  memSoftLimit            2047M
-  memHardLimit            2047M
-  procSoftLimit           500
-  procHardLimit           600
-}
-
-module cache {
-
-checkPrivateCache   1
-checkPublicCache    1
-maxCacheObjSize     10000000
-maxStaleAge         200
-qsCache             1
-reqCookieCache      1
-respCookieCache     1
-ignoreReqCacheCtrl  1
-ignoreRespCacheCtrl 0
-
-enableCache         0
-expireInSeconds     3600
-enablePrivateCache  0
-privateExpireInSeconds 3600
-
-
-  ls_enabled              1
-}
-
-virtualhost Example {
-  vhRoot                  /var/www/vhosts/localhost/
-  configFile              conf/vhosts/Example/vhconf.conf
-  allowSymbolLink         1
-  enableScript            1
-  restrained              1
-  setUIDMode              2
-}
-
-listener Default {
-  address                 *:8088
-  secure                  0
-  map                     Example *
-}
-
-vhTemplate centralConfigLog {
-  templateFile            conf/templates/ccl.conf
-  listeners               Default
-}
-
-vhTemplate PHP_SuEXEC {
-  templateFile            conf/templates/phpsuexec.conf
-  listeners               Default
-}
-
-vhTemplate EasyRailsWithSuEXEC {
-  templateFile            conf/templates/rails.conf
-  listeners               Default
-}
-

config/litespeed/1.5.10wp/conf/mime.properties

@@ -1,162 +0,0 @@
-default = application/octet-stream
-3gp     = video/3gpp
-3g2     = video/3gpp2
-ai, eps   = application/postscript
-aif, aifc, aiff = audio/x-aiff
-asc     = text/plain
-asf     = video/asf
-asx     = video/x-ms-asf
-au      = audio/basic
-avi     = video/x-msvideo
-bcpio   = application/x-bcpio
-bmp     = image/bmp
-bin     = application/octet-stream
-bz, bz2 = application/x-bzip
-cdf     = application/x-netcdf
-class   = application/java-vm
-cpio    = application/x-cpio
-cpt     = application/mac-compactpro
-crt     = application/x-x509-ca-cert
-csh     = application/x-csh
-css     = text/css
-dcr,dir, dxr = application/x-director
-dms     = application/octet-stream
-doc     = application/msword
-dtd     = application/xml-dtd
-dvi     = application/x-dvi
-eot     = application/vnd.ms-fontobject
-etx     = text/x-setext
-exe     = application/x-executable
-ez      = application/andrew-inset
-flv     = video/x-flv
-gif     = image/gif
-gtar    = application/x-gtar
-gz, gzip  = application/gzip
-hdf     = application/x-hdf
-hqx     = application/mac-binhex40
-htc     = text/x-component
-html, htm    = text/html
-ice     = x-conference/x-cooltalk
-ico     = image/x-icon
-ief     = image/ief
-iges, igs    = model/iges
-iso     = application/x-cd-image
-java    = text/plain
-jar     = application/java-archive
-jnlp    = application/x-java-jnlp-file
-jpeg, jpe, jpg    = image/jpeg
-js      = application/x-javascript
-js2     = application/javascript
-js3     = text/javascript
-json    = application/json
-jsp     = text/plain
-kar     = audio/midi
-latex   = application/x-latex
-lha, lzh = application/octet-stream
-man     = application/x-troff-man
-mdb     = application/vnd.ms-access
-me      = application/x-troff-me
-mesh    = model/mesh
-mid, midi  = audio/midi
-mif     = application/vnd.mif
-movie   = video/x-sgi-movie
-mov     = video/quicktime
-mp2, mp3, mpga  = audio/mpeg 
-mpeg, mpe, mpg  = video/mpeg
-mp4     = video/mp4
-mpp     = application/vnd.ms-project
-ms      = application/x-troff-ms
-msh     = model/mesh
-nc      = application/x-netcdf
-oda     = application/oda
-odb     = application/vnd.oasis.opendocument.database
-odc     = application/vnd.oasis.opendocument.chart
-odf     = application/vnd.oasis.opendocument.formula
-odg     = application/vnd.oasis.opendocument.graphics
-odi     = application/vnd.oasis.opendocument.image
-odp     = application/vnd.oasis.opendocument.presentation
-ods     = application/vnd.oasis.opendocument.spreadsheet
-odt     = application/vnd.oasis.opendocument.text
-ogg     = audio/ogg
-otf     = application/x-font-woff
-pbm     = image/x-portable-bitmap
-pdb     = chemical/x-pdb
-pdf     = application/pdf
-pgm     = image/x-portable-graymap
-pgn     = application/x-chess-pgn
-pls     = audio/x-scpls
-png     = image/png
-pnm     = image/x-portable-anymap
-ppm     = image/x-portable-pixmap
-ppt     = application/vnd.ms-powerpoint
-ps      = application/postscript
-qt,qtvr = video/quicktime
-ra      = audio/x-realaudio
-ram, rm = audio/x-pn-realaudio
-rar     = application/x-rar-compressed
-ras     = image/x-cmu-raster
-rgb     = image/x-rgb
-roff, t, tr    = application/x-troff
-rss     = application/rss+xml
-rsd     = application/rsd+xml
-rtf     = application/rtf
-rtx     = text/richtext
-ser     = application/java-serialized-object
-sgml, sgm    = text/sgml
-sh      = application/x-sh
-shar    = application/x-shar
-shtml   = application/x-httpd-shtml
-silo    = model/mesh
-sit     = application/x-stuffit
-skd, skm, skp, skt     = application/x-koan
-smi,smil     = application/smil
-snd     = audio/basic
-spl     = application/x-futuresplash
-sql     = text/x-sql
-src     = application/x-wais-source
-sv4cpio = application/x-sv4cpio
-sv4crc  = application/x-sv4crc
-svg, svgz = image/svg+xml
-swf     = application/x-shockwave-flash
-tar     = application/x-tar
-tcl     = application/x-tcl
-tex     = application/x-tex
-texi, texinfo    = application/x-texinfo
-tgz     = application/x-gtar
-tiff, tif    = image/tiff
-tsv     = text/tab-separated-values
-ttf, ttc = application/x-font-ttf
-txt     = text/plain
-ustar   = application/x-ustar
-vcd     = application/x-cdlink
-vrml    = model/vrml
-vxml    = application/voicexml+xml
-wav     = audio/vnd.wave
-wax     = audio/x-ms-wax
-wbmp    = image/vnd.wap.wbmp
-webp    = image/webp
-wma     = audio/x-ms-wma
-wml     = text/vnd.wap.wml
-wmlc    = application/vnd.wap.wmlc
-wmls    = text/vnd.wap.wmlscript
-wmlsc   = application/vnd.wap.wmlscriptc
-woff    = application/font-woff
-woff2   = font/woff2
-woff3   = font/woff
-woff4   = application/font-woff2
-ttf2    = font/ttf
-woff_o1 = application/x-font-woff
-wtls-ca-certificate = application/vnd.wap.wtls-ca-certificate
-wri     = application/vnd.ms-write
-wrl     = model/vrml
-xbm     = image/x-xbitmap
-xhtml, xht   = application/xhtml+xml
-xls     = application/vnd.ms-excel
-xml, xsd, xsl = application/xml
-xml2    = text/xml
-xslt    = application/xslt+xml
-xpm     = image/x-xpixmap
-xwd     = image/x-xwindowdump
-xyz     = chemical/x-pdb
-zip     = application/zip
-z       = application/compress

config/litespeed/1.5.10wp/conf/templates/ccl.conf

@@ -1,84 +0,0 @@
-allowSymbolLink 1
-chrootMode 0
-enableScript 1
-restrained 1
-setUIDMode 0
-vhRoot $SERVER_ROOT/$VH_NAME/
-configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhconf.conf
-
-virtualHostConfig {
-  enableGzip 1
-  docRoot $VH_ROOT/html/
-
-  hotlinkCtrl {
-    allowedHosts 
-    enableHotlinkCtrl 0
-    suffixes gif, jpeg, jpg
-    allowDirectAccess 1
-    redirectUri 
-    onlySelf 1
-  }
-  
-  general {
-    enableContextAC 0
-  }
-
-  expires {
-    expiresDefault 
-    enableExpires 1
-  }
-
-  rewrite {
-    enable 0
-    logLevel 0
-  }
-  
-  index {
-    useServer 0
-    autoIndex 0
-    indexFiles index.html
-    autoIndexURI /_autoindex/default.php
-  }
-  
-  accessLog $SERVER_ROOT/logs/$VH_NAME.access.log{
-    useServer 0
-    keepDays 30
-    rollingSize 100M
-    compressArchive 1
-    logUserAgent 1
-    logReferer 1
-  }
-  
-  errorlog {
-    useServer 1
-  }
-  
-  context /cgi-bin/{
-    type cgi
-    location $VH_ROOT/cgi-bin/
-    allowBrowse 1
-  }
-
-  context / {
-    allowBrowse 1
-    location $DOC_ROOT/
-    rewrite  {
-      RewriteFile .htaccess
-    }
-  }
-
-  awstats {
-    updateMode 0
-    siteAliases 127.0.0.1 localhost
-    updateInterval 86400
-    updateOffset 0
-    siteDomain localhost
-    workingDir $VH_ROOT/awstats
-    awstatsURI /awstats/
-  }
-
-  accessControl {
-    deny 
-    allow *
-  }
-}

config/litespeed/1.5.10wp/conf/templates/phpsuexec.conf

@@ -1,103 +0,0 @@
-allowSymbolLink 1
-chrootMode 0
-enableScript 1
-restrained 1
-setUIDMode 2
-vhRoot $SERVER_ROOT/$VH_NAME/
-configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhconf.conf
-
-virtualHostConfig {
-  enableGzip 1
-  docRoot $VH_ROOT/public_html/
-
-  rewrite {
-    enable 0
-    logLevel 0
-  }
-  
-  awstats {
-    updateMode 0
-    workingDir $VH_ROOT/awstats
-    awstatsURI /awstats/
-    siteDomain localhost
-    siteAliases 127.0.0.1 localhost
-    updateInterval 86400
-    updateOffset 0
-    securedConn 0
-  }
-
-  extProcessor $VH_NAME_lsphp{
-    path $SERVER_ROOT/fcgi-bin/lsphp
-    backlog 10
-    instances 5
-    runOnStartUp 0
-    respBuffer 0
-    autoStart 1
-    extMaxIdleTime 60
-    priority 0
-    memSoftLimit 100M
-    memHardLimit 150M
-    procSoftLimit 100
-    procHardLimit 200
-    type lsapi
-    address uds://tmp/lshttpd/$VH_NAME_lsphp.sock
-    maxConns 5
-    initTimeout 60
-    retryTimeout 0
-    persistConn 1
-    pcKeepAliveTimeout 30
-  }
-  
-  index {
-    useServer 0
-    autoIndex 0
-    autoIndexURI /_autoindex/default.php
-    indexFiles index.html
-  }
-
-  accessLog $SERVER_ROOT/logs/$VH_NAME.access.log{
-    keepDays 30
-    rollingSize 100M
-    compressArchive 1
-    useServer 0
-    logHeaders 3
-  }
-  
-  errorlog {
-    useServer 1
-  }
-
-  hotlinkCtrl {
-    enableHotlinkCtrl 0
-    suffixes gif, jpeg, jpg
-    allowDirectAccess 1
-    onlySelf 1
-  }
-
-  accessControl {
-    allow *
-  }
-  
-  scriptHandler {
-    add lsapi:$VH_NAME_lsphp php
-  }
-   
-  expires {
-    enableExpires 1
-  }
-  
-  context /cgi-bin/{
-    type cgi
-    location $VH_ROOT/cgi-bin/
-    accessControl 
-    rewrite 
-  }
-
-  context / {
-    allowBrowse 1
-    location $DOC_ROOT/
-    rewrite  {
-      RewriteFile .htaccess
-    }
-  }
-}

config/litespeed/1.5.10wp/conf/templates/rails.conf

@@ -1,74 +0,0 @@
-allowSymbolLink 1
-chrootMode 0
-enableScript 1
-restrained 1
-setUIDMode 2
-vhRoot $SERVER_ROOT/$VH_NAME/
-configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhconf.conf
-
-virtualHostConfig {
-  enableGzip 1
-  docRoot $VH_ROOT/public/
-  
-  accessControl {
-    allow *
-  }
-
-  hotlinkCtrl {
-    suffixes gif, jpeg, jpg
-    allowDirectAccess 1
-    onlySelf 1
-    enableHotlinkCtrl 0
-  }
-  
-  rewrite {
-    enable 0
-    logLevel 0
-  }
-  
-  index {
-    useServer 0
-    autoIndex 0
-    indexFiles index.html
-    autoIndexURI /_autoindex/default.php
-  }
-
-  accessLog $SERVER_ROOT/logs/$VH_NAME.access.log{
-    logHeaders 3
-    compressArchive 0
-    useServer 0
-    keepDays 30
-    rollingSize 500M
-  }
-  
-  errorlog {
-    useServer 1
-  }
-
-  context / {
-    railsEnv 1
-    maxConns 5
-    location $VH_ROOT/
-    type rails
-    accessControl 
-    addDefaultCharset off
-    rewrite  {
-      RewriteFile .htaccess
-    }
-  }
-
-  expires {
-    enableExpires 1
-  }
-  
-  awstats {
-    workingDir $VH_ROOT/awstats
-    awstatsURI /awstats/
-    siteDomain localhost
-    siteAliases 127.0.0.1 localhost
-    updateMode 0
-    updateInterval 86400
-    updateOffset 0
-    securedConn 0
-  }
-}

config/litespeed/1.5.10wp/conf/vhosts/Example/htgroup

@@ -1,4 +0,0 @@
-group1: user1,user2, user3
-group2: 
-user:	user8,  test	
-group3:

config/litespeed/1.5.10wp/conf/vhosts/Example/htpasswd

@@ -1,2 +0,0 @@
-test:kF2EDBE2Ux8sQ
-user1:SQtevcsBBnBPY

config/litespeed/1.5.10wp/conf/vhosts/Example/vhconf.conf

@@ -1,95 +0,0 @@
-docRoot                   /var/www/vhosts/
-enableGzip                1
-
-errorlog $VH_ROOT/logs/error.log {
-  useServer               1
-  logLevel                DEBUG
-  rollingSize             10M
-}
-
-accesslog $VH_ROOT/logs/access.log {
-  useServer               0
-  rollingSize             10M
-  keepDays                30
-  compressArchive         0
-}
-
-index  {
-  useServer               0
-  indexFiles              index.html, index.php
-  autoIndex               0
-  autoIndexURI            /_autoindex/default.php
-}
-
-errorpage 404 {
-  url                     /error404.html
-}
-
-scripthandler  {
-  add                     lsapi:lsphp php
-}
-
-expires  {
-  enableExpires           1
-}
-
-accessControl  {
-  allow                   *
-}
-
-realm SampleProtectedArea {
-
-  userDB  {
-    location              conf/vhosts/Example/htpasswd
-    maxCacheSize          200
-    cacheTimeout          60
-  }
-
-  groupDB  {
-    location              conf/vhosts/Example/htgroup
-    maxCacheSize          200
-    cacheTimeout          60
-  }
-}
-
-context / {
-  location                $DOC_ROOT/
-  allowBrowse             1
-
-  rewrite  {
-RewriteFile .htaccess
-
-  }
-}
-
-context /docs/ {
-  location                $SERVER_ROOT/docs/
-  allowBrowse             1
-}
-
-context /protected/ {
-  location                protected/
-  allowBrowse             1
-  realm                   SampleProtectedArea
-  authName                Protected
-  required                user test
-
-  accessControl  {
-    allow                 *
-  }
-}
-
-context /blocked/ {
-  allowBrowse             0
-}
-
-context /cgi-bin/ {
-  type                    cgi
-  location                $VH_ROOT/cgi-bin/
-}
-
-rewrite  {
-  enable                  0
-  logLevel                0
-}
-

config/litespeed/1.5.10wp/conf/vhosts/Example/vhconf.conf.bak

@@ -1,95 +0,0 @@
-docRoot                   $VH_ROOT/html/
-enableGzip                1
-
-errorlog $VH_ROOT/logs/error.log {
-  useServer               1
-  logLevel                DEBUG
-  rollingSize             10M
-}
-
-accesslog $VH_ROOT/logs/access.log {
-  useServer               0
-  rollingSize             10M
-  keepDays                30
-  compressArchive         0
-}
-
-index  {
-  useServer               0
-  indexFiles              index.html
-  autoIndex               0
-  autoIndexURI            /_autoindex/default.php
-}
-
-errorpage 404 {
-  url                     /error404.html
-}
-
-scripthandler  {
-  add                     lsapi:lsphp php
-}
-
-expires  {
-  enableExpires           1
-}
-
-accessControl  {
-  allow                   *
-}
-
-realm SampleProtectedArea {
-
-  userDB  {
-    location              conf/vhosts/Example/htpasswd
-    maxCacheSize          200
-    cacheTimeout          60
-  }
-
-  groupDB  {
-    location              conf/vhosts/Example/htgroup
-    maxCacheSize          200
-    cacheTimeout          60
-  }
-}
-
-context / {
-  location                $DOC_ROOT/
-  allowBrowse             1
-
-  rewrite  {
-RewriteFile .htaccess
-
-  }
-}
-
-context /docs/ {
-  location                $SERVER_ROOT/docs/
-  allowBrowse             1
-}
-
-context /protected/ {
-  location                protected/
-  allowBrowse             1
-  realm                   SampleProtectedArea
-  authName                Protected
-  required                user test
-
-  accessControl  {
-    allow                 *
-  }
-}
-
-context /blocked/ {
-  allowBrowse             0
-}
-
-context /cgi-bin/ {
-  type                    cgi
-  location                $VH_ROOT/cgi-bin/
-}
-
-rewrite  {
-  enable                  0
-  logLevel                0
-}
-

config/litespeed/1.5.10wp/entrypoint.sh

@@ -1,31 +0,0 @@
-#!/bin/bash
-cd localhost/html
-if [ ! -f "./wp-config.php" ]; then
-	# su -s /bin/bash www-data -c
-    wp --allow-root core download --force
-    counter=0
-	until [ "$(curl -v --silent mysql:3306 2>&1 | grep native)" ];
-	do
-		counter=$((counter+1))
-		if [ $counter = 10 ]; then
-			echo --- MySQL is starting, please wait... ---
-			counter=0
-		fi
-		sleep 1
-	done
-    wp --allow-root core config --dbname="$MYSQL_DATABASE" --dbuser="$MYSQL_USER" --dbpass="$MYSQL_PASSWORD" --dbhost=mysql --dbprefix="WP_DB_PREFIX" --force
-	wp --allow-root core install --title="$WP_TITLE" --url="$DOMAIN" --admin_user="$ADMIN_USERNAME" --admin_email="$ADMIN_EMAIL" --admin_password="$ADMIN_PASSWORD" --skip-email
-	wp --allow-root plugin install litespeed-cache 
-	wp --allow-root plugin activate litespeed-cache
-
-fi
-
-
-#www_uid=$(stat -c "%u" /var/www/vhosts/localhost)
-#if [ ${www_uid} -eq 0 ]; then
-#    #echo "./sites/localhost is owned by root, auto changing ownership of ./sites/localhost to uid 1000"
-#	chown 1000 /var/www/vhosts/localhost -R
-#fi
-
-echo "WordPress installation finished."
-exec "$@"

docker-compose.yml

@@ -1,31 +1,65 @@
-version: '3'
 services:
   mysql:
-    image: jbergstroem/mariadb-alpine:10.3.17
-    command: --max_allowed_packet=342341144
+    image: mariadb:11.4
+    logging:
+      driver: none
+    command: ["--max-allowed-packet=512M"]
     volumes:
       - "./data/db:/var/lib/mysql:delegated"
-    ports:
-       - "3306:3306"
     environment:
       MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
       MYSQL_DATABASE: ${MYSQL_DATABASE}
       MYSQL_USER: ${MYSQL_USER}
       MYSQL_PASSWORD: ${MYSQL_PASSWORD}
+    restart: always
+    networks:
+      - default
   litespeed:
-    build: ./config/litespeed/${LITESPEED}/
+    image: litespeedtech/openlitespeed:${OLS_VERSION}-${PHP_VERSION}
+    container_name: litespeed
     env_file:
       - .env
     volumes:
-        - ./sites:/var/www/vhosts/
+      - ./lsws/conf:/usr/local/lsws/conf
+      - ./lsws/admin-conf:/usr/local/lsws/admin/conf
+      - ./bin/container:/usr/local/bin
+      - ./sites:/var/www/vhosts/
+      - ./acme:/root/.acme.sh/
+      - ./logs:/usr/local/lsws/logs/
     ports:
       - 80:80
       - 443:443
+      - 443:443/udp
       - 7080:7080
     restart: always
-  adminer:
-    image: dockette/adminer:full
+    environment:
+      TZ: ${TimeZone}
+    networks:
+      - default
+  phpmyadmin:
+    image: phpmyadmin/phpmyadmin:${PHPMYADMIN_VERSION}
+    env_file:
+      - .env
     ports:
       - 8080:80
     environment:
-      - MEMORY=-1
+      PMA_HOST: mysql
+    restart: always
+    networks:
+      - default
+  redis:
+    image: "redis:alpine"
+    logging:
+      driver: none
+    # command: redis-server --requirepass 8b405f60665e48f795752e534d93b722
+    volumes:
+      - ./redis/data:/data
+      - ./redis/redis.conf:/usr/local/etc/redis/redis.conf
+    environment:
+      - REDIS_REPLICATION_MODE=master
+    restart: always
+    networks:
+      - default
+networks:
+  default:
+    driver: bridge

logs/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore

lsws/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore

sites/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore

sites/localhost/html/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore

sites/localhost/logs/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore