Lighttpd

From Segfault
Jump to: navigation, search

Installation

lighttpd

sudo apt-get install libtool automake zlib1g-dev libbz2-dev libev-dev pkg-config \
                     libpcre3-dev libmysqlclient-dev libssl-dev

Checkout the source from git:

git clone git://git.lighttpd.net/lighttpd/lighttpd-1.x lighttpd-1.x-git
cd lighttpd-1.x-git
git checkout -b remote-1.4 origin/lighttpd-1.4.x          # Apparently master is somewhat behind.
./autogen.sh
./configure --prefix=/opt/lighttpd --with-openssl --with-zlib --with-bzip2 --with-libev 
make
sudo make install

Note: It's really important to install pkg-config, otherwise autoconf will fail.[1]

spawn-fcgi

spawn-fcgi runs your FastCGI scripts:

 svn co svn://svn.lighttpd.net/spawn-fcgi/trunk spawn-fcgi-svn
 cd spawn-fcgi-svn
 ./autogen.sh && ./configure --prefix=/opt/spawn-fcgi && make
 sudo make install

Configuration

A very basic configuration:

lighttpd.conf

A very basic lighttpd.conf:

server.modules = (
       "mod_access",
       "mod_accesslog"
       "mod_alias",
       "mod_redirect",
       "mod_rewrite",
#      "mod_status",
#      "mod_fastcgi",
       "mod_setenv",
)

server.errorlog         = "/var/log/lighttpd/error.log"
accesslog.filename      = "/var/log/lighttpd/access.log"

# server.bind           = "0.0.0.0"
server.port             = 80
server.pid-file         = "/var/run/lighttpd.pid"
server.username         = "lighttpd"
server.groupname        = "lighttpd"

dir-listing.activate           = "enable"
index-file.names               = ( "index.php", "index.html" )
url.access-deny                = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

# PHP-FPM
fastcgi.server = (
    ".php" => (
      "localhost" => ( 
        "socket" => "/var/run/php5-fpm.sock",
        "broken-scriptfilename" => "enable"
      ))
)

# CGI scripts
# cgi.assign = (
#   ".pl"  => "/usr/bin/perl",
#   ".cgi" => "/usr/bin/perl"
# )

include            "/etc/lighttpd/vhosts.conf"

90-vhosts.conf

$HTTP["host"] =~ "www.example.org" {
        server.name             = "www.example.org"
        server.document-root    = "/var/www"
        accesslog.filename      = "/var/www/logs/access.log"
}

10-ssl.conf

$HTTP["scheme"] == "http" {
    $HTTP["host"] =~ ".*" {
        url.redirect = (".*" => "https://%0$0")
    }
}

$SERVER["socket"] == ":443" {
        ssl.engine              = "enable"
        ssl.pemfile             = "/etc/lighttpd/cert.pem"
        ssl.ec-curve            = "secp384r1"
        ssl.dh-file             = "/etc/lighttpd/dhparam.pem"
        ssl.cipher-list         = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
        ssl.honor-cipher-order  = "enable"
}

# HSTS
# https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
$HTTP["scheme"] == "https" {
      setenv.add-response-header += ( "Strict-Transport-Security" => "max-age=31536000; includeSubDomains" )
}

Tuning

Some advanced configuration directives:

  • server.max-fds is set to 1024 by default on most platforms. Increasing this value might help on busy servers. If SELinux is enabled, use "setsebool -P httpd_setrlimit on" to allow increasing ulimits.

Example:

server.max-fds          = 1024
server.max-connections  =  512
server.event-handler    = linux-sysepoll
server.network-backend  = linux-sendfile

See also

Links

References