# Using lighttpd as a webservce and proxy



## wlanboy (May 21, 2013)

I do like lighttpd. It is easy to setup and is running with low resources.

This tutorial will show some nice config featues of lighttpd.


basic configuration
First of all there is a macro doing all the config stuff for you. Enabling a mod, including the list of available mods, is quite easy:

lighttpd-enable-mod

Available mods are:


```
lighttpd-enable-mod
Available modules: auth accesslog cgi evasive evhost expire fastcgi flv-streaming no-www proxy rrdtool simple-vhost ssi ssl status userdir usertrack fastcgi-php debian-doc
Already enabled modules: auth accesslog cgi fastcgi proxy ssl status fastcgi-php
Enable module:
```
As you can see I have enabled: auth accesslog cgi fastcgi proxy ssl status fastcgi-php.

The default lighttpd.conf looks like this:


/etc/lighttpd/lighttpd.conf

server.modules = (
"mod_access",
"mod_alias",
"mod_compress",
"mod_redirect",
#"mod_rewrite"
)

server.document-root = "/var/www"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"

index-file.names = ( "index.php", "index.html",
"index.htm", "default.htm",
" index.lighttpd.html" )

url.access-deny = ( "~", ".inc", ".dat" )

static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

## Use ipv6 if available
#include_shell "/usr/share/lighttpd/use-ipv6.pl"

dir-listing.encoding = "utf-8"
server.dir-listing = "disable"

compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ( "application/x-javascript", "text/css", "text/html", "text/plain" )

include_shell "/usr/share/lighttpd/create-mime.assign.pl"
include_shell "/usr/share/lighttpd/include-conf-enabled.pl"

Only thing to change: server.dir-listing to "disable"

https configuration
Done in conf-enabled/10-ssl.conf

$SERVER["socket"] == "0.0.0.0:443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/server.pem"
}

Just likt to the pem file. That's it.


php configuration
Done in conf-enabled/15-fastcgi-php.conf

```
fastcgi.server += ( ".php" =>
        ((
                "bin-path" => "/usr/bin/php-cgi",
                "socket" => "/tmp/php.socket",
                "max-procs" => 2,
                "bin-environment" => (
                        "PHP_FCGI_CHILDREN" => "1",
                        "PHP_FCGI_MAX_REQUESTS" => "1000"
                ),
                "bin-copy-environment" => (
                        "PATH", "SHELL", "USER"
                ),
                "broken-scriptfilename" => "enable"
        ))
)
```
Max-Procs defines the number of php-cgi threads. And PHP_FCGI_CHILDRE the number of child processes that should be started. This setup is suitable for a small blog. And is consuming not that much of RAM.


auth configuration
Can be done in conf-enabled/05-auth.conf or in lighttpd.conf. Depends on your way to keep the config files clear...

```
$HTTP["url"] =~ "^/important/" {
  auth.backend = "htpasswd"
  auth.backend.htpasswd.userfile = "/etc/lighttpd/.passwords"
  auth.require = ("/important" => (
     "method" => "basic",
     "realm" => "important",
     "require" => "valid-user"
  ))
}
```
I use the url pattern style for setting up the password files. So for each url path or host you can setup the auth backend and password file.



proxy configuration
Can be done in conf-enabled/10-proxy.conf or in lighttpd.conf. Depends on your way to keep the config files clear...


```
$HTTP["host"]=~ "domain1|domain2"  {
        proxy.balance = "fair"
        proxy.server =  ("" =>
                                (
                                        ( "host" => "127.0.0.1", "port" => 4001 ),
                                        ( "host" => "127.0.0.1", "port" => 4002 )
                                ))
                        }
```
Just set which host should be directed to which pool of ips/ports
 

host based configuration
Done in lighttpd.conf

$HTTP["host"]=~ "domain.org" {
server.document-root = "/var/www-org"
}

Set host and document root.

Quite simple if you look e.g. to the apache configuration.


----------



## wlanboy (May 21, 2013)

If someone needs a short how to for self signed ssl certificate:


sudo apt-get install openssl
cd /etc/lighttpd
openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes

365 stands for the number of days. So in this example for 1 year.
 

Three single lines to create a ssl certificate.


----------



## 365Networks (May 21, 2013)

This is similar to nginx reverse proxy or am I slightly confused? This is quick and to the point, I'm a big fan of lighty too.


----------



## drmike (May 21, 2013)

Wow!  This seems super light on the config.  My kind of software! 

Being lazy here, but is lighttpd still under active development?

Thanks again @wlanboy, another quality post.


----------



## acd (May 21, 2013)

Yes, lighttpd is still actively developed and bugfixed. 

Regarding php configuration, I prefer fpm, which you can enable like so (assuming you're still using tcp fcgi and not a unix socket):


```
fastcgi.server = ( ".php" =>
  ( "localhost" =>
    (
      "host" => "127.0.0.1",
      "port" => "9000"
    )
  )
)
```


----------

