Using lighttpd as a webservce and proxy


Content Contributer
I do like lighttpd. It is easy to setup and is running with low resources.

This tutorial will show some nice config featues of lighttpd.

  • basic configuration
    First of all there is a macro doing all the config stuff for you. Enabling a mod, including the list of available mods, is quite easy:


    Available mods are:

    Available modules: auth accesslog cgi evasive evhost expire fastcgi flv-streaming no-www proxy rrdtool simple-vhost ssi ssl status userdir usertrack fastcgi-php debian-doc
    Already enabled modules: auth accesslog cgi fastcgi proxy ssl status fastcgi-php
    Enable module:
    As you can see I have enabled: auth accesslog cgi fastcgi proxy ssl status fastcgi-php.

    The default lighttpd.conf looks like this:


    server.modules = (

    server.document-root = "/var/www"
    server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
    server.errorlog = "/var/log/lighttpd/error.log" = "/var/run/"
    server.username = "www-data"
    server.groupname = "www-data"

    index-file.names = ( "index.php", "index.html",
    "index.htm", "default.htm",
    " index.lighttpd.html" )

    url.access-deny = ( "~", ".inc", ".dat" )

    static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

    ## Use ipv6 if available
    #include_shell "/usr/share/lighttpd/"

    dir-listing.encoding = "utf-8"
    server.dir-listing = "disable"

    compress.cache-dir = "/var/cache/lighttpd/compress/"
    compress.filetype = ( "application/x-javascript", "text/css", "text/html", "text/plain" )

    include_shell "/usr/share/lighttpd/"
    include_shell "/usr/share/lighttpd/"

    Only thing to change: server.dir-listing to "disable"
  • https configuration
    Done in conf-enabled/10-ssl.conf

    $SERVER["socket"] == "" {
    ssl.engine = "enable"
    ssl.pemfile = "/etc/lighttpd/server.pem"

    Just likt to the pem file. That's it.

  • php configuration
    Done in conf-enabled/15-fastcgi-php.conf
    fastcgi.server += ( ".php" =>
                    "bin-path" => "/usr/bin/php-cgi",
                    "socket" => "/tmp/php.socket",
                    "max-procs" => 2,
                    "bin-environment" => (
                            "PHP_FCGI_CHILDREN" => "1",
                            "PHP_FCGI_MAX_REQUESTS" => "1000"
                    "bin-copy-environment" => (
                            "PATH", "SHELL", "USER"
                    "broken-scriptfilename" => "enable"
    Max-Procs defines the number of php-cgi threads. And PHP_FCGI_CHILDRE the number of child processes that should be started. This setup is suitable for a small blog. And is consuming not that much of RAM.

  • auth configuration
    Can be done in conf-enabled/05-auth.conf or in lighttpd.conf. Depends on your way to keep the config files clear...
    $HTTP["url"] =~ "^/important/" {
      auth.backend = "htpasswd"
      auth.backend.htpasswd.userfile = "/etc/lighttpd/.passwords"
      auth.require = ("/important" => (
         "method" => "basic",
         "realm" => "important",
         "require" => "valid-user"
    I use the url pattern style for setting up the password files. So for each url path or host you can setup the auth backend and password file.

  • proxy configuration
    Can be done in conf-enabled/10-proxy.conf or in lighttpd.conf. Depends on your way to keep the config files clear...

    $HTTP["host"]=~ "domain1|domain2"  {
            proxy.balance = "fair"
            proxy.server =  ("" =>
                                            ( "host" => "", "port" => 4001 ),
                                            ( "host" => "", "port" => 4002 )
    Just set which host should be directed to which pool of ips/ports
  • host based configuration
    Done in lighttpd.conf

    $HTTP["host"]=~ "" {
    server.document-root = "/var/www-org"

    Set host and document root.

Quite simple if you look e.g. to the apache configuration.
Last edited by a moderator:


Content Contributer
If someone needs a short how to for self signed ssl certificate:

sudo apt-get install openssl
cd /etc/lighttpd
openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes

365 stands for the number of days. So in this example for 1 year.

Three single lines to create a ssl certificate.


New Member
This is similar to nginx reverse proxy or am I slightly confused? This is quick and to the point, I'm a big fan of lighty too.


100% Tier-1 Gogent
Wow!  This seems super light on the config.  My kind of software! 

Being lazy here, but is lighttpd still under active development?

Thanks again @wlanboy, another quality post.


New Member
Yes, lighttpd is still actively developed and bugfixed. 

Regarding php configuration, I prefer fpm, which you can enable like so (assuming you're still using tcp fcgi and not a unix socket):

fastcgi.server = ( ".php" =>
  ( "localhost" =>
      "host" => "",
      "port" => "9000"