Lighttpd - Wiki.mattrude.com

Lighttpd

From Wiki.mattrude.com
Revision as of 19:11, 25 January 2009 by Matt (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

FedoraLogo infinity.png Note: This Page was written with Fedora 8, 9, & 10 in mind, and may not have been tested on any other versions.

Contents

[edit] Compiling Lighttpd from source

  • Installing Prerequisites 
yum install gcc pcre-devel openssl-devel mysql-devel bzip2-devel
  • Downloading and untaring 
wget http://www.lighttpd.net/download/lighttpd-1.4.20.tar.gz
tar -xzf lighttpd-1.4.20.tar.gz
cd lighttpd-1.4.20
  • Compiling Lighttpd 
./autogen.sh && ./configure && make
echo $?
  • Compiling Lighttpd with SSL 
./autogen.sh && ./configure --with-openssl --with-openssl-libs=/usr/lib/openssl && make
echo $?
  • Installing Lighttpd 
make install

[edit] Configuring Lighttpd

[edit] Running SSL and insecure setups

  • In /etc/lighttpd/lighttpd.conf 
#### Redirect HTTP requests to HTTPS
$SERVER["socket"] == ":80" {
  server.document-root       = "/var/www/lighttpd/redirect/"
}

$SERVER["socket"] == ":443" {
  ssl.engine                 = "enable"
  ssl.pemfile                = "/<ssl-dir>/example.com.pem"
  server.document-root       = "/var/www/lighttpd/"
}

[edit] Redirecting all insecure requests to the SSL port

The below configuration will redirect all web traffic sent for port 80 to port 443, by asking the client's browser to use the port 443 instead. This configuration will apply to all domains on this server.

  • In /etc/lighttpd/lighttpd.conf

Add "mod_redirect" to the server.modules section on the top then further down add: 

$SERVER["socket"] == ":80" {
  $HTTP["host"] =~ "(.*)" {
    url.redirect = ( "^/(.*)" => "https://%1/$1" )
  }
}

[edit] Securing a web directory with a password

  • In /etc/lighttpd/lighttpd.conf 
## Authication Module - Using htpasswd from Apache
auth.backend                = "htpasswd"
auth.backend.htpasswd.userfile = "/etc/lighttpd/htpasswords"
auth.require = ( "/noc/" =>
                 (
            "method"    => "basic",
            "realm"     => "example.com",
            "require"   => "valid-user"
                 )
              )

[edit] Enabling System Status & System Configuration Pages

  • In /etc/lighttpd/lighttpd.conf

(See Securing a web directory with a password above for more information on secure a page

Start by enabling mod_status under the server.modules section. 

                               "mod_status",

Then allow access to the corresponding pages: 

auth.require               = ( "/server-status" =>
                              (
                                "method"  => "basic",
                                "realm"   => "mail.mattrude.com",
                                "require" => "valid-user"
                              ),
                               "/server-config" =>
                              (
                                "method"  => "basic",
                                "realm"   => "mail.mattrude.com",
                                "require" => "valid-user"
                              )
                            )

[edit] Lighttpd's init files

  • /etc/init.d/lighttpd 
#!/bin/sh
#
# lighttpd     Startup script for the lighttpd server
#
# chkconfig: - 85 15
# description: Lightning fast webserver with light system requirements
#
# processname: lighttpd
# config: /etc/lighttpd/lighttpd.conf
# config: /etc/sysconfig/lighttpd
# pidfile: /var/run/lighttpd.pid
#
# Note: pidfile is assumed to be created
# by lighttpd (config: server.pid-file).
# If not, uncomment 'pidof' line.

# Source function library
. /etc/rc.d/init.d/functions

if [ -f /etc/sysconfig/lighttpd ]; then
	. /etc/sysconfig/lighttpd
fi

if [ -z "$LIGHTTPD_CONF_PATH" ]; then
	LIGHTTPD_CONF_PATH="/etc/lighttpd/lighttpd.conf"
fi

prog="lighttpd"
lighttpd="/usr/local/sbin/lighttpd"
RETVAL=0

start() {
	echo -n $"Starting $prog: "
	daemon $lighttpd -f $LIGHTTPD_CONF_PATH
	RETVAL=$?
	echo
	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
	return $RETVAL
}

stop() {
	echo -n $"Stopping $prog: "
	killproc $lighttpd
	RETVAL=$?
	echo
	[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog
	return $RETVAL
}

reload() {
	echo -n $"Reloading $prog: "
	killproc $lighttpd -HUP
	RETVAL=$?
	echo
	return $RETVAL
}

case "$1" in
	start)
		start
		;;
	stop)
		stop
		;;
	restart)
		stop
		start
		;;
	condrestart)
		if [ -f /var/lock/subsys/$prog ]; then
			stop
			start
		fi
		;;
	reload)
		reload
		;;
	status)
		status $lighttpd
		RETVAL=$?
		;;
	*)
		echo $"Usage: $0 {start|stop|restart|condrestart|reload|status}"
		RETVAL=1
esac

exit $RETVAL
  • /etc/sysconfig/lighttpd 
LIGHTTPD_CONF_PATH=/etc/lighttpd/lighttpd.conf
  • Setup 
echo "lighttpd:x:493:492:lighttpd web server:/var/www/lighttpd:/sbin/nologin" >> /etc/passwd
echo "lighttpd:x:492:" >> /etc/group
mkdir /etc/lighttpd
chown lighttpd:lighttpd /etc/lighttpd
mkdir /var/run/lighttpd
chown lighttpd:lighttpd /var/run/lighttpd
mkdir /var/log/lighttpd
chown lighttpd:lighttpd /var/log/lighttpd
Retrieved from "http://wiki.mattrude.com/index.php/Lighttpd"
Google AdSense