Lighttpd
Jump to navigation
Jump to search
Installation
lighttpd
sudo apt-get install libtool automake zlib1g-dev libev-dev pkg-config \
libpcre2-dev libssl-dev libgnutls28-dev
Checkout the source:
git clone https://git.lighttpd.net/lighttpd/lighttpd1.4.git lighttpd1.4-git cd lighttpd1.4-git ./autogen.sh ./configure --prefix=/opt/lighttpd with-openssl --with-gnutls --with-zlib --with-libev make sudo make install
Note: It's really important to install pkg-config
, otherwise autoconf
will fail.[1]
spawn-fcgi
spawn-fcgi runs our FastCGI scripts:
git clone https://git.lighttpd.net/lighttpd/spawn-fcgi.git spawn-fcgi-git cd spawn-fcgi-git ./autogen.sh && ./configure --prefix=/opt/spawn-fcgi && make sudo make install
Configuration
A very basic configuration:
lighttpd.conf
A very basic lighttpd.conf:
server.modules = ( "mod_access", "mod_accesslog" "mod_alias", "mod_redirect", "mod_rewrite", # "mod_status", # "mod_fastcgi", "mod_setenv", ) server.errorlog = "/var/log/lighttpd/error.log" accesslog.filename = "/var/log/lighttpd/access.log" # server.bind = "0.0.0.0" # Not needed just yet server.port = 80 server.pid-file = "/var/run/lighttpd.pid" server.username = "lighttpd" server.groupname = "lighttpd" dir-listing.activate = "enable" index-file.names = ( "index.php", "index.html" ) url.access-deny = ( "~", ".inc" ) static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) # PHP-FPM fastcgi.server = ( ".php" => ( "localhost" => ( "socket" => "/var/run/php5-fpm.sock", "broken-scriptfilename" => "enable" )) ) # CGI scripts # cgi.assign = ( # ".pl" => "/usr/bin/perl", # ".cgi" => "/usr/bin/perl" # ) include_shell "/usr/share/lighttpd/create-mime.conf.pl" include "/etc/lighttpd/local.conf"
local.conf
# HTTP $SERVER["socket"] == ":80" { } $SERVER["socket"] == "[::]:80" { } # HTTPS $SERVER["socket"] == ":443" { include "tls.conf" include "vhosts.conf" } $SERVER["socket"] == "[::]:443" { include "tls.conf" include "vhosts.conf" } # HTTP redirect $HTTP["scheme"] == "http" { url.redirect = ("" => "https://${url.authority}${url.path}${qsa}") url.redirect-code = 308 } # HSTS $HTTP["scheme"] == "https" { setenv.add-response-header += ( "Strict-Transport-Security" => "max-age=31536000; includeSubDomains" ) }
tls.conf
A basic TLS configuration,[2] a lot of other SSL options are no longer necessary:
ssl.engine = "enable" ssl.pemfile = "/etc/ssl/private/example.net.pem" # ?? ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1.3") ssl.openssl.ssl-conf-cmd += ("Options" => "-ServerPreference")
vhosts.conf
Multiple virtual hosts with TLS certificates:[3]
$HTTP["host"] =~ "example.net" { server.name = "example.net" server.document-root = "/var/www/example.net/" ssl.pemfile = "/etc/ssl/private/example.net.pem" accesslog.filename = "/var/www/logs/access_example.net.log" alias.url = ( "/bits" => "/var/www/example.net/foo" ) $HTTP["url"] =~ "^/foo/" { dir-listing.activate = "enable" } } $HTTP["host"] == "sub.example.net" { server.name = "sub.example.net" server.document-root = "/var/www/sub.example.net/" ssl.pemfile = "/etc/ssl/private/sub.example.net.pem" accesslog.filename = "/var/www/logs/access_sub.example.net.log" }
With all that, lighttpd
should listen on all necessary interfaces:
$ ss -lnt4p | grep -e :80 -e :443 && ss -lnt6p | grep -e :80 -e :443 LISTEN 0 0 0.0.0.0:80 0.0.0.0:* users:(("lighttpd",pid=2811,fd=4)) LISTEN 0 0 0.0.0.0:443 0.0.0.0:* users:(("lighttpd",pid=2811,fd=6)) LISTEN 0 0 *:80 *:* users:(("lighttpd",pid=2811,fd=5)) LISTEN 0 0 *:443 *:* users:(("lighttpd",pid=2811,fd=7))
Tuning
Some advanced configuration directives:
- server.max-fds is set to 1024 by default on most platforms. Increasing this value might help on busy servers. If SELinux is enabled, use "setsebool -P httpd_setrlimit on" to allow increasing ulimits.
- server.max-connections should be set to "max-fds/2" or "max-fds/3" Default is 1024. If this is set too large, lighttpd might not be able to start.
- server.event-handler should be set to
linux-sysepoll
for Linux 2.6+ or libev (if--with-libev
was used during compile time)
- server.network-backend should be set to
linux-sendfile
for serving small files,writev
for serving large files or several other, more exotic values.
Example:
server.max-fds = 1024 server.max-connections = 512 server.event-handler = linux-sysepoll server.network-backend = linux-sendfile
See also
Links
- mod_mime
- #109: GnuTLS support for the mod_ssl
- #2445: SSL Compression config option (WONTFIX)
- #2322: Support for SPDY protocol (WONTFIX)
- Docs:SSL (Secure HTTP)
- #2553: New lighttpd breaks connections from Safari on iOS
- How to "forget" a HSTS setting
- Arch: Lighttpd & php-fpm