Read More

ZeroConf Settings

ZeroConf is a feature that allows authorized client servers to send their configuration (domains, ip addresses, ports, etc.) to LiteSpeed Web ADC. This feature provides an alternative way to set up load balancing dynamically rather than working with the webadmin interface. The ZeroConf API describes the messages accepted by the ZeroConf feature. This section provides the interface to enable and configure the ZeroConf feature.

Table of Contents

General

Enable ZeroConf | Separate VHost Per Domain | Separate Log Per Domain | Domain Log Directory | User Password File | Group Password File | ZeroConf Domain Ciphers | Mode | Strategy | Show Backend In Header | Forward IP Header | Forwarded By Header | ZeroConf SHM Directory

ZeroConf Worker

Additional HTTPS Protocols | Worker Max Connections | Initial Request Timeout (secs) | Retry Timeout (secs) | Persistent Connection | Connection Keepalive Timeout | Response Buffering | Ping Path | Ping Interval (secs) | Smart Ping Factor

ZeroConf Listeners

Listener Name | Address | Private Key File | Certificate File | CA Certificate File

ZeroConf Listener Log

File Name | Log Level | Debug Level | Rolling Size (bytes) | Keep Days | Compress Archive

ZeroConf Access Log

File Name | Piped Logger | Log Format | Log Headers | Rolling Size (bytes) | Keep Days | Compress Archive

Access Control

Allowed List | Denied List

Enable ZeroConf

Description

Choose whether or not to enable the ZeroConf feature.

Syntax

Select from radio box

Tips

Once enabled at the server level, this feature can be enabled individually per listener.

Separate VHost Per Domain

Description

Create a VHost for each domain configured through ZeroConf. If set to No, all domains that share the same list of backends will share a VHost.

Warning: When set to Yes, this could be very memory expensive if there are many domains.

Default value: No

Syntax

Select from radio box

Separate Log Per Domain

Description

Indicate whether to log ZeroConf configured VHosts separately. This configuration only takes effect when Separate VHost Per Domain is set for the domain.

For example, if Separate VHost Per Domain is not set at the Server level but is set in a VHost Template, this will only take effect for the VHost Template's domains.

Note: Domain Log Directory must also be set for this option to be saved.

Default value: All unchecked

Syntax

Select from checkbox

See Also

Separate VHost Per Domain, Domain Log Directory

Domain Log Directory

Description

Directory in which to create logs for ZeroConf domains.
Note: This directory must be writeable for the LSLBD runtime user set in Running As for logs to be written.

Default value: Not Set

Syntax

An absolute path or a relative path to $SERVER_ROOT.

See Also

Separate Log Per Domain

User Password File

Description

The location of an HTTP basic authentication user password file.

Syntax

path

Group Password File

Description

The location of an HTTP basic authentication group password file.

Syntax

path

ZeroConf Domain Ciphers

Description

Specifies a custom cipher suite for ZeroConf domains.

Default value: Use server default ciphers

Syntax

Colon-separated string of cipher specifications.

Mode

Description

Specifies which mode the ZeroConf cluster operates in, "Stateless" or "Stateful".

"Stateful" mode track sessions associated with each back-end server. It also called "Session Affinity".

"Stateless" mode does not care about sessions.

Default value: Stateful

Syntax

Select from drop down list

Strategy

Description

Select load balancing strategy from the list.

  • The round-robin algorithm cycles through a list of backend Server instances in order.
  • The least-load algorithm improves on the round-robin algorithm by also taking into account the current work load of each server.
  • The least-session algorithm choose the server with fewest session associated.
  • The Fastest Response algorithm chooses the Worker Group node that responds the fastest to a backend worker ping.
  • The Failover algorithm chooses the Worker Group node that is configured with the highest priority. When that node becomes unhealthy, the next highest priority node is selected. If multiple nodes are configured with the same priority, then the first node configured will be selected. When an unhealthy node with a higher priority recovers, it will return as the highest priority node choice.

Syntax

Select from drop down list

Show Backend In Header

Description

Add response header 'x-lsadc-backend' which indicates that backend server that served the request. The header's value is a concatenation of the cluster name and the backend IP and port.

Default value: No

Syntax

Select from radio box

Example

"x-lsadc-backend: clusterHTTP_10.10.15.11:443"

Forward IP Header

Description

An additional header to be added to all proxy requests made to the backend server. This header will use either the visiting IP or the value set in the 'X-Forwarded-For' header as it's value, depending on the value set for Use Client IP in Header.

Default value: Not Set

Syntax

String with allowed characters a-z, A-Z, 0-9, underscore(_), and hyphen(-)

Example

X-Client-Ip

Forwarded By Header

Description

An additional header to be added to all proxy requests made to the backend server. This header's value will be set to the serverName value.

Default value: Not Set

Syntax

String with allowed characters a-z, A-Z, 0-9, underscore(_), and hyphen(-)

Example

X-Forwarded-By

ZeroConf SHM Directory

Description

The location where ZeroConf shared memory files are stored. The default directory is $SERVER_ROOT/zconf.

Syntax

path

Additional HTTPS Protocols

Description

Additional HTTP protocols used to communicate with the backend server when supported. For this setting to take effect, Type must be set to HTTPS Proxy.

HTTP/1 will be used by default if no additional protocols are selected or if the selected protocols are not supported by the backend server.

Default value: All Unchecked (HTTP/1)

Syntax

Select from checkbox

Worker Max Connections

Description

Maximum number of connections per ZeroConf worker. There is one worker created per backend listener per ADC worker process.

Default value: 100

Syntax

Integer number

Example

Suppose the ADC has four worker processes. Three backend servers send their configurations to the ADC and each of them have an HTTP (:80) and HTTPS (:443) listener. Using the default value of Worker Max Connections value of 100, the maximum number of connections made between the ADC and backend nodes will be:

100 (default per worker) x 4 (ADC workers with a "Web ADC Large" license), x 3 (backend ZeroConf servers) x 2 (HTTP and HTTPS ports) = 2,400

Initial Request Timeout (secs)

Description

Specifies the maximum time in seconds the server will wait for the external application to respond to the first request over a new established connection. If the server does not receive any data from the external application within this timeout limit, it will mark this connection as bad. This helps to identify communication problems with external applications as quickly as possible. If some requests take longer to process, increase this limit to avoid 503 error messages.

Default value: 600

Syntax

Integer number

Retry Timeout (secs)

Description

Specifies the period of time that the server waits before retrying an external application that had a prior communication problem.

Default value: 10

Syntax

Integer number

Persistent Connection

Description

Specifies whether to keep the connection open after a request has been processed. Persistent connections can increase performance, but some FastCGI external applications do not support persistent connections fully. The default is "On".

Default value: Yes

Syntax

Select from radio box

Connection Keepalive Timeout

Description

Specifies the maximum time in seconds to keep an idle persistent connection open.

When set to -1, the connection will never timeout. When set to 0 or greater, the connection will be closed after this time in seconds has passed.

Default value: 30

Syntax

int

Response Buffering

Description

Specifies whether to buffer responses received from external applications. If a "nph-" (Non-Parsed-Header) script is detected, buffering is turned off for responses with full HTTP headers.

Default value: Yes

Syntax

Select from drop down list

Ping Path

Description

Changes ping target path, http(s)://IP:port/ by default, to http(s)://IP:port/path_value when a path is configured and Ping Interval (secs) is set to a non-zero value.

Note: All ZeroConf configured backends use the same target path.

Default value: Not Set

Syntax

A path starting with '/'.

Ping Interval (secs)

Description

Specifies how often to ping a backend worker. For web server backend, an http request based on "Ping URL" will be sent. For other types of backends, an TCP connection attempt will be made to the backend server, if successful, the backend will be used as a good node.

Note: Set to 0 to disable ping.

Syntax

Integer number

Smart Ping Factor

Description

When set to 0, a ping is sent out at the configured Ping Interval (secs).

When set to a non-zero value, all successful requests to the backend are also counted as a ping, meaning that a standard ping will only occur when the backend has not actively served any requests at the configured Ping Interval (secs). In addition to this, when there are no open connections to the backend server, the ping interval is multiplied by the configured value effectively lengthening the configured Ping Interval (secs).

Default value: 0

Syntax

Integer value from 0 to 255.

Example

All examples assume a ping interval of 30 seconds.

pingSmartFactor = 0: A ping is sent out every 30 seconds.

For the below cases, successful requests to the backend will also count as a ping.

Smart Ping Factor = 1: A ping is sent out every 30 seconds. When idle, a ping is sent out every 30 seconds.
Smart Ping Factor = 2: A ping is sent out every 30 seconds. When idle, a ping is sent out every 60 seconds.
Smart Ping Factor = 3: A ping is sent out every 30 seconds. When idle, a ping is sent out every 90 seconds.

ZeroConf Listeners

Description

Secure SSL listeners that will listen for ZeroConf messages only.

Listener Name

Description

A unique name for this listener.

Address

Description

Address of listener that will only accept ZeroConf configuration and control messages.

Syntax

IP:port

Private Key File

Description

The filename of the SSL private key file. The key file should not be encrypted.

Syntax

Filename which can be an absolute path or a relative path to $SERVER_ROOT.

Tips

The private key file should be placed in a secured directory that allows read-only access to the user the server runs as.

Certificate File

Description

The filename of the SSL certificate file.

Syntax

Filename which can be an absolute path or a relative path to $SERVER_ROOT.

Tips

The certificate file should be placed in a secured directory, which allows read-only access to the user that the server runs as.

CA Certificate File

Description

Specifies the file that contains all certificates of certification authorities (CAs) for chained certificates. This file is simply the concatenation of PEM-encoded certificate files, in order of preference. This can be used as an alternative or in addition to CA Certificate Path. Those certificates are used for client certificate authentication and constructing the server certificate chain, which will be sent to browsers in addition to the server certificate.

Syntax

Filename which can be an absolute path or a relative path to $SERVER_ROOT.

File Name

Description

Specifies the path for the log file.

Syntax

Filename which can be an absolute path or a relative path to $SERVER_ROOT.

Tips

Place the log file on a separate disk.

Log Level

Description

Specifies the level of logging to include in your log file. Available levels (from high to low) are: ERROR, WARNING, NOTICE, INFO and DEBUG. Only messages with level higher or equal to the current setting will be logged.

Syntax

Select from drop down list

Tips

Using DEBUG log level does not have any performance impact, unless Debug Level is set to a level other than NONE. It's recommended to set Log Level to DEBUG and Debug Level to NONE. These settings mean that you will not fill up your hard disk with debug logging, but you will be able to use the Toggle Debug Logging action to control debug output. This action can turn debug logging on and off on the fly, and is useful for debugging busy production servers.

See Also

Debug Level

Debug Level

Description

Specifies the level of debug logging. Log Level must be set to DEBUG to use this feature. Debug logging is disabled when "Debug Level" is set to NONE even if Log Level is set to DEBUG. Toggle Debug Logging can be used to control debug level on a live server without restarting.

Syntax

Select from drop down list

Tips

Important! Always set this to NONE if you do not need detailed debug logging. Active debug logging will severely degrade service performance and potentially saturate disk space in a very short time. Debug logging includes detailed information for each request and response.

It's recommended to set Log Level to DEBUG and Debug Level to NONE. These settings mean that you will not fill up your hard disk with debug logging, but you will be able to use the Toggle Debug Logging action to control debug output. This action can turn debug logging on and off on the fly, and is useful for debugging busy production servers.

See Also

Log Level, Toggle Debug Logging

Rolling Size (bytes)

Description

Specifies when the current log file needs to be rolled over, also known as log rotation. When the file size is over the rollover limit, the active log file will be renamed to log_name.mm_dd_yyyy(.sequence) in the same directory and a new active log file will be created. The actual size of the rotated log file once it is created will sometimes be a little bigger than this size limit. Set to 0 to disable log rotation.

Syntax

Integer number

Tips

Append "K", "M", "G" to the number for kilo-, mega- and giga- bytes.

Keep Days

Description

Specifies how many days the access log file will be kept on disk. Only rotated log files older than the specified number of days will be deleted. The current log file will not be touched regardless how many days worth of data it contains. If you do not want to auto-delete stale and very old log files, set this to 0.

Syntax

Integer number

Compress Archive

Description

Specifies whether to compress rotated log files in order to save disk space.

Syntax

Select from radio box

Tips

Log files are highly compressible and this is recommended to reduce disk usage for old logs.

File Name

Description

The access log filename.

Syntax

Filename which can be an absolute path or a relative path to $SERVER_ROOT.

Tips

Put access log file on a separate disk.

Piped Logger

Description

Specifies an external application that will receive the access log data sent by LiteSpeed through a pipe on its STDIN stream (file handle 0). When specified, the access log will be sent to the logger application instead of the access log file specified in previous entry.

LiteSpeed load balancer performs simple load balancing among multiple logger applications if more than one instance of a logger application is configured. LiteSpeed Web Server always attempts to keep the number of logger processes as low as possible. Only when one logger application fails to process access log entries in time will the server attempt to spawn another logger application instance.

If a logger process crashes, the server will start another instance but the log data in the stream buffer will be lost. It is possible to lose log data if external loggers cannot keep up with the speed and volume of the log stream.
File path to the logger application should be given here, and optionally, the number of application instances can be set before the file path, followed by '|'.

Syntax

[<intances>|]<path_to_logger_app>

Example

4|/path/to/logger/app
tells the server to start up to 4 logger processes.

/path/to/logger/app
tells the server to start only one logger process.

Log Format

Description

Specifies the log format for the access log. When log format is set, it will override the Log Headers setting.

Syntax

String. The syntax of log format is compatible with Apache 2.0's custom log format.

Example

Common Log Format (CLF)
"%h %l %u %t \"%r\" %>s %b"

Common Log Format with Virtual Host
"%v %h %l %u %t \"%r\" %>s %b"

NCSA extended/combined log format
"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"

Log cookie value of Foobar
"%{Foobar}C"

See Also

Log Headers

Log Headers

Description

Specifies whether to log HTTP request headers: Referer, UserAgent, and Host.

Syntax

Select from checkbox

Tips

Turn this off if you do not need these headers in the access log.

See Also

Log Format

Access Control

Description

Specifies what sub networks and/or IP addresses can send ZeroConf messages to LiteSpeed Web ADC when ZeroConf is enabled.

Allowed List

Description

Specifies the list of IPs or sub-networks allowed. * or ALL are accepted.

Syntax

Comma delimited list of IP addresses or sub-networks. A trailing "T" can be used to indicate a trusted IP or sub-network, such as 192.168.1.*T.

Example

Sub-networks: 192.168.1.0/255.255.255.0, 192.168.1.0/24, 192.168.1, or 192.168.1.*
IPv6 addresses: ::1 or [::1]
IPv6 subnets: 3ffe:302:11:2:20f:1fff:fe29:717c/64 or [3ffe:302:11:2:20f:1fff:fe29:717c]/64

Denied List

Description

Specifies the list of IPs or sub-networks disallowed.

Syntax

Comma delimited list of IP addresses or sub-networks. * or ALL are accepted.

Example

Sub-networks: 192.168.1.0/255.255.255.0, 192.168.1.0/24, 192.168.1, or 192.168.1.*
IPv6 addresses: ::1 or [::1]
IPv6 subnets: 3ffe:302:11:2:20f:1fff:fe29:717c/64 or [3ffe:302:11:2:20f:1fff:fe29:717c]/64

Privacy Policy

Privacy Policy

LiteSpeed Technologies, Inc. (aka “LiteSpeed”) is committed to protecting your privacy. This policy ("Privacy Policy" or "Policy") explains our practices for our site, www.litespeedtech.com ("Site"). You can visit most pages of the Site without giving us any information about yourself, but sometimes we do need information to provide services that you request. By using this Site or any products or services provided through the Site, you expressly consent to the use and disclosure of information as described in this Privacy Policy.

LiteSpeed reserves the right to revise, modify, add, or remove provisions to this Privacy Policy at any time. If we make changes to this Privacy Policy, we will update the Effective Date to note the date of such changes. LiteSpeed encourages you to review this Privacy Policy periodically for any changes. IF YOU DO NOT AGREE WITH ANY OF THE TERMS BELOW, YOU SHOULD NOT USE THIS SITE OR THE PRODUCTS OR SERVICES OFFERED BY LITESPEED TECHNOLOGIES AT THIS SITE.

Collection of Information

Personal Information.

LiteSpeed will ask you for certain “Personal Information” when you complete registration or product information request forms on the Site, including but not limited to your name, address, telephone number, email address, and credit card information. You can always choose not to provide us with the requested information, however, you may not be able to complete the transaction or use our products or services if you do not provide the information requested.

Non-Personal Information.

LiteSpeed may collect non-personally identifiable information from you such as the type of browser you use, your operating system, the screen resolution of your browser, your ISP, your IP address, which pages you view on the Site and the time and duration of your visits to the Site (collectively, “Non-Personal Information”). LiteSpeed may associate Non-Personal Information with Personal Information if you register with the Site.

User Communications.

If you communicate with us, we may collect information relating to that communication whether it takes the form of email, fax, letter, forum posting, blog comments, testimonials or any other form of communication between you and LiteSpeed or Submitted by you to the Site (collectively, “User Communications”).

Server Information.

If you use one of our software products such as LiteSpeed Web Server or LiteSpeed Web ADC, we may collect certain information concerning such software and concerning the server upon which the software operates. This information includes: (a) the licensed or unlicensed status of the software; (b) the source from which the license for the software was obtained (i.e., LiteSpeed or a LiteSpeed affiliate); or (c) information about the server upon which the software is installed including (i) the public IP address, (ii) the operating system and (iii) the use of any virtualization technologies on such server ((a) through (c) collectively, “Server Information”). Additionally, “Server Information” may also include information collected from you by LiteSpeed in the event that you request technical support services including without limitation, IP addresses, usernames, and passwords necessary to login to SSH, the root directory of the server upon which you installed the LiteSpeed software and any affected accounts including email accounts, control panel accounts, MySQL accounts, CMS accounts and other accounts.

Use and Storage of Collected Information

LiteSpeed may use Personal Information to create and authenticate your account, to respond to your requests, to provide you with customer and technical support, or to provide you with information regarding our products, services, partners, and company. You may update your Personal Information with us at any time, but we may maintain records of any Personal Information you disclose to us indefinitely, unless otherwise requested as outlined below.

We may use User Communications in the same ways we use Personal Information. If you communicate with us for a particular purpose, we may use your User Communications for that purpose. For example, if you contact us for technical support, we may use your communications to provide technical support to you. We may maintain records of User Communications you transmit to us indefinitely, unless otherwise requested as outlined below.

LiteSpeed may use Non-Personal Information to maintain, evaluate, improve and provide our Site, the Services and any other LiteSpeed products and services. We may retain Non-Personal Information indefinitely.

We may use Server Information to provide you with technical support services and to maintain, evaluate, improve and provide LiteSpeed products and services. We may also use such information to investigate unlicensed (and therefore unauthorized) uses of our software. LiteSpeed may maintain Server Information indefinitely, with the exception of usernames, passwords, and other login information given in connection with support service requests. Such login information will be purged when the ticket is closed.

Disclosure of Collected Information

LiteSpeed will only disclose Personal Information to third parties if acting under a good faith belief that such action is necessary, including but not limited to: (a) to resolve disputes, investigate problems, or comply with laws or regulations; (b) to enforce our Terms of Service; (c) to protect and defend the rights, property, or safety of our company or our users; or (d) in the event of a merger, acquisition or sale of all or substantially all LiteSpeed assets. Other than this limited activity, we do not share, sell, or rent any personal information to third parties.

You will receive notice in the form of modifications to this Policy when information about you might go to third parties other than as described in this Policy, and you always have the opportunity to contact us as set forth below if you do not wish your information to go to third parties.

LiteSpeed cannot be responsible for protecting your information if you share such information in publicly available sections of the Site such as the user forums, blog comments, or testimonials section. You should use your own judgment in disclosing this information on the Site.

Use of Cookies

“Cookies” are small pieces of information that your browser stores on your computer on behalf of a website that you have visited. Cookies may be used in order to complete transactions on our site. You can always choose not to accept cookies with the settings of your web browser, however, you may not be able to complete these transactions if you do not accept cookies.

Security of Personal Information

We use reasonable security methods to protect your personal information from unauthorized access, use or disclosure. No data transmission over the Internet or any wireless network can be guaranteed to be perfectly secure. While we try to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.

LiteSpeed uses industry-standard SSL-encryption to protect sensitive data.

In the event that LiteSpeed becomes aware of a security breach, unauthorized disclosure or inadvertent disclosure concerning your information, you agree that LiteSpeed may notify you of such an event using the Personal Information previously provided.

You are responsible for maintaining your account’s security.

GDPR Statement

LiteSpeed Technologies values your users’ privacy. Although our software does not directly collect any personally identifiable information from visitors to your site, LiteSpeed may still be considered a data processor, as user information may be temporarily cached and/or logged, as outlined in this document.

Servers

LiteSpeed Web Server, OpenLiteSpeed, LiteSpeed Web ADC, and related software may record IP addresses as a part of normal logging. An access log and an error log may record visitor IP addresses and URL visited. The logs are stored locally on the system where LiteSpeed server software is installed and are not transferred to or accessed by LiteSpeed employees in any way, except as necessary in providing routine technical support if you request it. This logging may be turned off through configuration. It is up to individual server administrators to come up with their own schedule for removing such logs from the file system.

Cache Solutions

Our cache plugins potentially store a duplicate copy of every web page on display on your site. The pages are stored locally on the system where LiteSpeed server software is installed and are not transferred to or accessed by LiteSpeed employees in any way, except as necessary in providing routine technical support if you request it. All cache files are temporary, and may easily be purged before their natural expiration, if necessary, via a Purge All command. It is up to individual site administrators to come up with their own cache expiration rules.

LSCache for WordPress

In addition to caching, our WordPress plugin has an Image Optimization feature. When optimization is requested, images are transmitted to a remote LiteSpeed server, processed, and then transmitted back for use on your site. LiteSpeed keeps copies of optimized images for 7 days (in case of network stability issues) and then permanently deletes them.

Similarly, the WordPress plugin has a Reporting feature whereby a site owner can transmit an environment report to our server so that we may better provide technical support.

Neither of these features collects any visitor data. Only server and site data is involved.

Support Services

Sometimes, when you request technical support, LiteSpeed may ask for login credentials to various areas of your site. You may refuse to share such credentials, however refusal may impact LiteSpeed’s ability to provide the requested support services.

Upon completion of a support ticket, LiteSpeed immediately deletes all login credentials you may have shared.

Any user data encountered by LiteSpeed is kept strictly confidential. We never provide your support ticket information to any third party without your explicit consent.

Contact Us

If you would like to update information that you have voluntarily provided to us, stop receiving information from us, or exercise any of the rights granted to you under Privacy Laws, including the EU’s General Data Protection Regulation, please e-mail info@litespeedtech.com.