Tutorial: lighttpd

I do like lighttpd. It is easy to setup and is running with low resources.

This tutorial will show some nice config featues of lighttpd.

  • basic configuration
    First of all there is a macro doing all the config stuff for you. Enabling a mod, including the list of available mods, is quite easy:

    lighttpd-enable-mod
    

    Available mods are:

    lighttpd-enable-mod
    Available modules: auth accesslog cgi evasive evhost expire fastcgi flv-streaming no-www proxy rrdtool simple-vhost ssi ssl status userdir usertrack fastcgi-php debian-doc
    Already enabled modules: auth accesslog cgi fastcgi proxy ssl status fastcgi-php
    Enable module:
    

    As you can see I have enabled: auth accesslog cgi fastcgi proxy ssl status fastcgi-php.

    The default lighttpd.conf looks like this:

    /etc/lighttpd/lighttpd.conf
    
    server.modules = (
        "mod_access",
        "mod_alias",
        "mod_compress",
        "mod_redirect",
            #"mod_rewrite"
    )
    
    server.document-root        = "/var/www"
    server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
    server.errorlog             = "/var/log/lighttpd/error.log"
    server.pid-file             = "/var/run/lighttpd.pid"
    server.username             = "www-data"
    server.groupname            = "www-data"
    
    index-file.names            = ( "index.php", "index.html",
                                    "index.htm", "default.htm",
                                   " index.lighttpd.html" )
    
    url.access-deny             = ( "~", ".inc", ".dat" )
    
    static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
    
    ## Use ipv6 if available
    #include_shell "/usr/share/lighttpd/use-ipv6.pl"
    
    dir-listing.encoding        = "utf-8"
    server.dir-listing          = "disable"
    
    compress.cache-dir          = "/var/cache/lighttpd/compress/"
    compress.filetype           = ( "application/x-javascript", "text/css", "text/html", "text/plain" )
    
    include_shell "/usr/share/lighttpd/create-mime.assign.pl"
    include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
    

    Only thing to change: server.dir-listing to "disable"

  • https configuration
    Done in conf-enabled/10-ssl.conf

    $SERVER["socket"] == "0.0.0.0:443" {
            ssl.engine  = "enable"
            ssl.pemfile = "/etc/lighttpd/server.pem"
    }
    

    Just likt to the pem file. That's it.

  • php configuration
    Done in conf-enabled/15-fastcgi-php.conf

    fastcgi.server += ( ".php" =>
            ((
                    "bin-path" => "/usr/bin/php-cgi",
                    "socket" => "/tmp/php.socket",
                    "max-procs" => 2,
                    "bin-environment" => (
                            "PHP_FCGI_CHILDREN" => "1",
                            "PHP_FCGI_MAX_REQUESTS" => "1000"
                    ),
                    "bin-copy-environment" => (
                            "PATH", "SHELL", "USER"
                    ),
                    "broken-scriptfilename" => "enable"
            ))
    )
    

    Max-Procs defines the number of php-cgi threads. And PHP_FCGI_CHILDRE the number of child processes that should be started. This setup is suitable for a small blog. And is consuming not that much of RAM.

  • auth configuration
    Can be done in conf-enabled/05-auth.conf or in lighttpd.conf. Depends on your way to keep the config files clear...

    $HTTP["url"] =~ "^/important/" {
      auth.backend = "htpasswd"
      auth.backend.htpasswd.userfile = "/etc/lighttpd/.passwords"
      auth.require = ("/important" => (
         "method" => "basic",
         "realm" => "important",
         "require" => "valid-user"
      ))
    }
    

    I use the url pattern style for setting up the password files. So for each url path or host you can setup the auth backend and password file.

  • proxy configuration
    Can be done in conf-enabled/10-proxy.conf or in lighttpd.conf. Depends on your way to keep the config files clear...

    $HTTP["host"]=~ "domain1|domain2"  {
            proxy.balance = "fair"
            proxy.server =  ("" =>
                                    (
                                            ( "host" => "127.0.0.1", "port" => 4001 ),
                                            ( "host" => "127.0.0.1", "port" => 4002 )
                                    ))
                            }
    

    Just set which host should be directed to which pool of ips/ports

  • host based configuration
    Done in lighttpd.conf

    $HTTP["host"]=~ "domain.org" {
        server.document-root        = "/var/www-org"
    }
    

    Set host and document root.

Quite simple if you look e.g. to the apache configuration.