amuck-landowner

Using lighttpd as a webservce and proxy

wlanboy

Content Contributer
I do like lighttpd. It is easy to setup and is running with low resources.

This tutorial will show some nice config featues of lighttpd.

  • basic configuration
    First of all there is a macro doing all the config stuff for you. Enabling a mod, including the list of available mods, is quite easy:

    lighttpd-enable-mod

    Available mods are:

    Code:
    lighttpd-enable-mod
    Available modules: auth accesslog cgi evasive evhost expire fastcgi flv-streaming no-www proxy rrdtool simple-vhost ssi ssl status userdir usertrack fastcgi-php debian-doc
    Already enabled modules: auth accesslog cgi fastcgi proxy ssl status fastcgi-php
    Enable module:
    As you can see I have enabled: auth accesslog cgi fastcgi proxy ssl status fastcgi-php.

    The default lighttpd.conf looks like this:


    /etc/lighttpd/lighttpd.conf

    server.modules = (
    "mod_access",
    "mod_alias",
    "mod_compress",
    "mod_redirect",
    #"mod_rewrite"
    )

    server.document-root = "/var/www"
    server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
    server.errorlog = "/var/log/lighttpd/error.log"
    server.pid-file = "/var/run/lighttpd.pid"
    server.username = "www-data"
    server.groupname = "www-data"

    index-file.names = ( "index.php", "index.html",
    "index.htm", "default.htm",
    " index.lighttpd.html" )

    url.access-deny = ( "~", ".inc", ".dat" )

    static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

    ## Use ipv6 if available
    #include_shell "/usr/share/lighttpd/use-ipv6.pl"

    dir-listing.encoding = "utf-8"
    server.dir-listing = "disable"

    compress.cache-dir = "/var/cache/lighttpd/compress/"
    compress.filetype = ( "application/x-javascript", "text/css", "text/html", "text/plain" )

    include_shell "/usr/share/lighttpd/create-mime.assign.pl"
    include_shell "/usr/share/lighttpd/include-conf-enabled.pl"

    Only thing to change: server.dir-listing to "disable"
  • https configuration
    Done in conf-enabled/10-ssl.conf

    $SERVER["socket"] == "0.0.0.0:443" {
    ssl.engine = "enable"
    ssl.pemfile = "/etc/lighttpd/server.pem"
    }

    Just likt to the pem file. That's it.

  • php configuration
    Done in conf-enabled/15-fastcgi-php.conf
    Code:
    fastcgi.server += ( ".php" =>
            ((
                    "bin-path" => "/usr/bin/php-cgi",
                    "socket" => "/tmp/php.socket",
                    "max-procs" => 2,
                    "bin-environment" => (
                            "PHP_FCGI_CHILDREN" => "1",
                            "PHP_FCGI_MAX_REQUESTS" => "1000"
                    ),
                    "bin-copy-environment" => (
                            "PATH", "SHELL", "USER"
                    ),
                    "broken-scriptfilename" => "enable"
            ))
    )
    Max-Procs defines the number of php-cgi threads. And PHP_FCGI_CHILDRE the number of child processes that should be started. This setup is suitable for a small blog. And is consuming not that much of RAM.

  • auth configuration
    Can be done in conf-enabled/05-auth.conf or in lighttpd.conf. Depends on your way to keep the config files clear...
    Code:
    $HTTP["url"] =~ "^/important/" {
      auth.backend = "htpasswd"
      auth.backend.htpasswd.userfile = "/etc/lighttpd/.passwords"
      auth.require = ("/important" => (
         "method" => "basic",
         "realm" => "important",
         "require" => "valid-user"
      ))
    }
    I use the url pattern style for setting up the password files. So for each url path or host you can setup the auth backend and password file.


  • proxy configuration
    Can be done in conf-enabled/10-proxy.conf or in lighttpd.conf. Depends on your way to keep the config files clear...

    Code:
    $HTTP["host"]=~ "domain1|domain2"  {
            proxy.balance = "fair"
            proxy.server =  ("" =>
                                    (
                                            ( "host" => "127.0.0.1", "port" => 4001 ),
                                            ( "host" => "127.0.0.1", "port" => 4002 )
                                    ))
                            }
    Just set which host should be directed to which pool of ips/ports
     
  • host based configuration
    Done in lighttpd.conf

    $HTTP["host"]=~ "domain.org" {
    server.document-root = "/var/www-org"
    }

    Set host and document root.

Quite simple if you look e.g. to the apache configuration.
 
Last edited by a moderator:

wlanboy

Content Contributer
If someone needs a short how to for self signed ssl certificate:


sudo apt-get install openssl
cd /etc/lighttpd
openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes

365 stands for the number of days. So in this example for 1 year.
 

Three single lines to create a ssl certificate.
 

365Networks

New Member
This is similar to nginx reverse proxy or am I slightly confused? This is quick and to the point, I'm a big fan of lighty too.
 

drmike

100% Tier-1 Gogent
Wow!  This seems super light on the config.  My kind of software! 

Being lazy here, but is lighttpd still under active development?

Thanks again @wlanboy, another quality post.
 

acd

New Member
Yes, lighttpd is still actively developed and bugfixed. 

Regarding php configuration, I prefer fpm, which you can enable like so (assuming you're still using tcp fcgi and not a unix socket):

Code:
fastcgi.server = ( ".php" =>
  ( "localhost" =>
    (
      "host" => "127.0.0.1",
      "port" => "9000"
    )
  )
)
 
Top
amuck-landowner