lighttpd
lighttpd is "a secure, fast, compliant, and very flexible web-server that has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make lighttpd the perfect webserver-software for every server that suffers load problems."
Configuration
Basic setup
The lighttpd configuration file is: /etc/lighttpd/lighttpd.conf. By default it should produce a working test page.
To check your lighttpd.conf for bugs you can use this command (helps finding misconfigurations very quickly):
$ lighttpd -t -f /etc/lighttpd/lighttpd.conf
A more thorough preflight check is also available:
$ lighttpd -tt -f /etc/lighttpd/lighttpd.conf
The default configuration file specifies /srv/http/ as the document directory served. To test the installation, create a dummy file:
/srv/http/index.html
Hello world!
Then start/enable the lighttpd.service and point your browser to localhost, where you should see the test page.
Example configuration files are available in /usr/share/doc/lighttpd/.
Basic logging
lighttpd can write out both errors and access to log files. The error log is enabled by default (controlled by the server.errorlog option). To enable the access log, edit /etc/lighttpd/lighttpd.conf as follows:
server.modules += ( "mod_accesslog", ) accesslog.filename = "/var/log/lighttpd/access.log"
Enabling https via SSL
- Mozilla has an SSL configuration generator that can be used with lighttpd.
- After setting up SSL, you can use Qualys SSL Labs SSL Server Check to check your configuration.
Self-signed
Self-signed SSL Certificates can be generated assuming is installed on the system as follows:
# mkdir /etc/lighttpd/certs # openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -sha256 -keyout /etc/lighttpd/certs/server.pem -out /etc/lighttpd/certs/server.pem # chmod 600 /etc/lighttpd/certs/server.pem
Modify /etc/lighttpd/lighttpd.conf adding the following lines to enable https:
server.modules += ( "mod_openssl" )
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/certs/server.pem"
}
See lighttpd TLS configuration for details.
Let's Encrypt
Alternatively, generate a certificate signed by Let's Encrypt.
Edit /etc/lighttpd/lighttpd.conf by adding the following lines:
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.privkey = "/etc/letsencrypt/live/domain/privkey.pem"
ssl.pemfile = "/etc/letsencrypt/live/domain/fullchain.pem"
}
See bootstrap Let's Encrypt in the lighttpd documentation for details.
Redirect http requests to https
You should add in server.modules array in /etc/lighttpd/lighttpd.conf:
To redirect all hosts to their secure equivalents, use the following in place of the socket 80 configuration above:
$SERVER["socket"] == ":80" {
$HTTP["host"] =~ ".*" {
url.redirect = (".*" => "https://%0$0")
}
}
To redirect all hosts for part of the site (e.g. secure or phpmyadmin):
Password protecting a directory
Note that this module requires to be installed. A passwd file which is lighttpd's equivalent to the system's is needed for user authentication. The setup requires a specific format and md5sum hashed password but users can quickly and easily create an entry using the following as an example:
$ user=foo $ password=b@R102 $ realm='Password Required' $ hash=`echo -n "$user:$realm:$password" | md5sum | cut -b -32` # echo "$user:$realm:$hash" >> /etc/lighttpd/lighttpd.user
Modify /etc/lighttpd/lighttpd.conf adding the following lines to enable the directory protection:
server.modules += ( "mod_auth", "mod_authn_file" )
auth.backend = "htdigest"
auth.backend.htdigest.userfile = "/etc/lighttpd/lighttpd.user"
# note this entry is relative to the server.document-root
auth.require = ( "/secret" =>
(
"method" => "basic",
"realm" => "Password Required",
"require" => "valid-user"
)
)
CGI
Common Gateway Interface (CGI) scripts just need to enable the CGI module; include the configuration file and make sure your chosen programming language interpreter is installed. (i.e. for python you would install )
Create the file and add the following to it:
server.modules += ( "mod_cgi" )
cgi.assign = ( ".pl" => "/usr/bin/perl",
".cgi" => "/usr/bin/perl",
".rb" => "/usr/bin/ruby",
".erb" => "/usr/bin/eruby",
".py" => "/usr/bin/python",
".php" => "/usr/bin/php-cgi" )
index-file.names += ( "index.pl", "default.pl",
"index.rb", "default.rb",
"index.erb", "default.erb",
"index.py", "default.py",
"index.php", "default.php" )
For PHP scripts, you will need to make sure the following is set in /etc/php/php.ini
cgi.fix_pathinfo = 1
In your lighttpd configuration file, /etc/lighttpd/lighttpd.conf add:
include "conf.d/cgi.conf"
FastCGI
Install . Now you have lighttpd with fcgi support. If that was what you wanted, you are all set. People that want Ruby on Rails, PHP or Python should continue.
First, copy the example configuration file from /usr/share/doc/lighttpd/config/conf.d/fastcgi.conf to
The following needs adding to the configuration file,
server.modules += ( "mod_fastcgi" )
#server.indexfiles += ( "dispatch.fcgi" ) #this is deprecated
index-file.names += ( "dispatch.fcgi" ) #dispatch.fcgi if rails specified
server.error-handler-404 = "/dispatch.fcgi" #too
fastcgi.server = (
".fcgi" => (
"localhost" => (
"socket" => "/run/lighttpd/rails-fastcgi.sock",
"bin-path" => "/path/to/rails/application/public/dispatch.fcgi"
)
)
)
Then in /etc/lighttpd/lighttpd.conf:
include "conf.d/fastcgi.conf"
For PHP or Ruby on Rails, see the next sections.
Using php-cgi
Install and (see also PHP and LAMP).
Check that php-cgi is working
PHP 5.4.3 (cgi-fcgi) (built: May 8 2012 17:10:17) Copyright (c) 1997-2012 The PHP Group Zend Engine v2.4.0, Copyright (c) 1998-2012 Zend Technologies
If you get a similar output, php is installed correctly.
Create a new configuration file:
Make lighttpd use the new configuration file by appending the following line to your lighttpd configuration file:
/usr/share/doc/lighttpd/config/modules.conf.Reload lighttpd.
Using php-fpm
For dynamic management of PHP processes, you can install and then start and enable php-fpm.service.
In add:
server.modules += ( "mod_fastcgi" )
index-file.names += ( "index.php" )
fastcgi.server = (
".php" => (
"localhost" => (
"socket" => "/run/php-fpm/php-fpm.sock",
"broken-scriptfilename" => "enable"
))
)
uWSGI
In /etc/lighttpd/lighttpd.conf add
You can than start the uwsgi application either as a systemd unit or direct.
Here is a neat guide from digitalocean on how to setup a flask application from the scratch.
Output compression
Copy example configuration file:
# mkdir /etc/lighttpd/conf.d # cp /usr/share/doc/lighttpd/config/conf.d/deflate.conf /etc/lighttpd/conf.d/
Add following in /etc/lighttpd/lighttpd.conf:
include "conf.d/deflate.conf"
Finally, reload lighttpd.service, and it will dynamically compress plain text and html content.
It is also possible to select the type of content that should be compressed. Modify on the parameter :
deflate.mimetypes = ("text/plain", "text/html", "text/javascript", "text/css", "text/xml")
You can also create a cache directory to store compressed files:
# mkdir /var/cache/lighttpd/compress # chown http:http /var/cache/lighttpd/compress
Then uncomment and modify the option in :
deflate.cache-dir = "/var/cache/lighttpd/compress"