Using lighttpd as a webservce and proxy

Discussion in 'Tutorials and Guides' started by wlanboy, May 21, 2013.

Tags:
  1. wlanboy

    wlanboy Content Contributer

    2,126
    1,169
    May 16, 2013
    I do like lighttpd. It is easy to setup and is running with low resources.

    This tutorial will show some nice config featues of lighttpd.

    • basic configuration
      First of all there is a macro doing all the config stuff for you. Enabling a mod, including the list of available mods, is quite easy:

      lighttpd-enable-mod

      Available mods are:

      Code:
      lighttpd-enable-mod
      Available modules: auth accesslog cgi evasive evhost expire fastcgi flv-streaming no-www proxy rrdtool simple-vhost ssi ssl status userdir usertrack fastcgi-php debian-doc
      Already enabled modules: auth accesslog cgi fastcgi proxy ssl status fastcgi-php
      Enable module:
      
      As you can see I have enabled: auth accesslog cgi fastcgi proxy ssl status fastcgi-php.

      The default lighttpd.conf looks like this:


      /etc/lighttpd/lighttpd.conf

      server.modules = (
      "mod_access",
      "mod_alias",
      "mod_compress",
      "mod_redirect",
      #"mod_rewrite"
      )

      server.document-root = "/var/www"
      server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
      server.errorlog = "/var/log/lighttpd/error.log"
      server.pid-file = "/var/run/lighttpd.pid"
      server.username = "www-data"
      server.groupname = "www-data"

      index-file.names = ( "index.php", "index.html",
      "index.htm", "default.htm",
      " index.lighttpd.html" )

      url.access-deny = ( "~", ".inc", ".dat" )

      static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

      ## Use ipv6 if available
      #include_shell "/usr/share/lighttpd/use-ipv6.pl"

      dir-listing.encoding = "utf-8"
      server.dir-listing = "disable"

      compress.cache-dir = "/var/cache/lighttpd/compress/"
      compress.filetype = ( "application/x-javascript", "text/css", "text/html", "text/plain" )

      include_shell "/usr/share/lighttpd/create-mime.assign.pl"
      include_shell "/usr/share/lighttpd/include-conf-enabled.pl"

      Only thing to change: server.dir-listing to "disable"
    • https configuration
      Done in conf-enabled/10-ssl.conf

      $SERVER["socket"] == "0.0.0.0:443" {
      ssl.engine = "enable"
      ssl.pemfile = "/etc/lighttpd/server.pem"
      }

      Just likt to the pem file. That's it.

    • php configuration
      Done in conf-enabled/15-fastcgi-php.conf
      Code:
      fastcgi.server += ( ".php" =>
              ((
                      "bin-path" => "/usr/bin/php-cgi",
                      "socket" => "/tmp/php.socket",
                      "max-procs" => 2,
                      "bin-environment" => (
                              "PHP_FCGI_CHILDREN" => "1",
                              "PHP_FCGI_MAX_REQUESTS" => "1000"
                      ),
                      "bin-copy-environment" => (
                              "PATH", "SHELL", "USER"
                      ),
                      "broken-scriptfilename" => "enable"
              ))
      )
      
      Max-Procs defines the number of php-cgi threads. And PHP_FCGI_CHILDRE the number of child processes that should be started. This setup is suitable for a small blog. And is consuming not that much of RAM.

    • auth configuration
      Can be done in conf-enabled/05-auth.conf or in lighttpd.conf. Depends on your way to keep the config files clear...
      Code:
      $HTTP["url"] =~ "^/important/" {
        auth.backend = "htpasswd"
        auth.backend.htpasswd.userfile = "/etc/lighttpd/.passwords"
        auth.require = ("/important" => (
           "method" => "basic",
           "realm" => "important",
           "require" => "valid-user"
        ))
      }
      
      I use the url pattern style for setting up the password files. So for each url path or host you can setup the auth backend and password file.


    • proxy configuration
      Can be done in conf-enabled/10-proxy.conf or in lighttpd.conf. Depends on your way to keep the config files clear...

      Code:
      $HTTP["host"]=~ "domain1|domain2"  {
              proxy.balance = "fair"
              proxy.server =  ("" =>
                                      (
                                              ( "host" => "127.0.0.1", "port" => 4001 ),
                                              ( "host" => "127.0.0.1", "port" => 4002 )
                                      ))
                              }
      
      Just set which host should be directed to which pool of ips/ports
       
    • host based configuration
      Done in lighttpd.conf

      $HTTP["host"]=~ "domain.org" {
      server.document-root = "/var/www-org"
      }

      Set host and document root.

    Quite simple if you look e.g. to the apache configuration.
     
    Last edited by a moderator: May 21, 2013
  2. wlanboy

    wlanboy Content Contributer

    2,126
    1,169
    May 16, 2013
    If someone needs a short how to for self signed ssl certificate:


    sudo apt-get install openssl
    cd /etc/lighttpd
    openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes

    365 stands for the number of days. So in this example for 1 year.
     

    Three single lines to create a ssl certificate.
     
  3. 365Networks

    365Networks New Member

    121
    38
    May 15, 2013
    This is similar to nginx reverse proxy or am I slightly confused? This is quick and to the point, I'm a big fan of lighty too.
     
  4. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,717
    May 13, 2013
    Wow!  This seems super light on the config.  My kind of software! 

    Being lazy here, but is lighttpd still under active development?

    Thanks again @wlanboy, another quality post.
     
  5. acd

    acd New Member

    176
    71
    May 16, 2013
    Yes, lighttpd is still actively developed and bugfixed. 

    Regarding php configuration, I prefer fpm, which you can enable like so (assuming you're still using tcp fcgi and not a unix socket):

    Code:
    fastcgi.server = ( ".php" =>
      ( "localhost" =>
        (
          "host" => "127.0.0.1",
          "port" => "9000"
        )
      )
    )
     
    drmike likes this.