Lighttpd

From MattWiki
Jump to: navigation, search

Compiling Lighttpd from source

  • Installing Prerequisites
yum install gcc pcre-devel openssl-devel mysql-devel bzip2-devel
  • Downloading and untaring
wget http://www.lighttpd.net/download/lighttpd-1.4.20.tar.gz
tar -xzf lighttpd-1.4.20.tar.gz
cd lighttpd-1.4.20
  • Compiling Lighttpd
./autogen.sh && ./configure && make
echo $?
  • Compiling Lighttpd with SSL
./autogen.sh && ./configure --with-openssl --with-openssl-libs=/usr/lib/openssl && make
echo $?
  • Installing Lighttpd
make install

Configuring Lighttpd

Running SSL and insecure setups

  • In /etc/lighttpd/lighttpd.conf
#### Redirect HTTP requests to HTTPS
$SERVER["socket"] == ":80" {
  server.document-root       = "/var/www/lighttpd/redirect/"
}

$SERVER["socket"] == ":443" {
  ssl.engine                 = "enable"
  ssl.pemfile                = "/<ssl-dir>/example.com.pem"
  server.document-root       = "/var/www/lighttpd/"
}

Redirecting all insecure requests to the SSL port

The below configuration will redirect all web traffic sent for port 80 to port 443, by asking the client's browser to use the port 443 instead. This configuration will apply to all domains on this server.

  • In /etc/lighttpd/lighttpd.conf

Add "mod_redirect" to the server.modules section on the top then further down add:

$SERVER["socket"] == ":80" {
  $HTTP["host"] =~ "(.*)" {
    url.redirect = ( "^/(.*)" => "https://%1/$1" )
  }
}

Securing a web directory with a password

  • In /etc/lighttpd/lighttpd.conf
## Authication Module - Using htpasswd from Apache
auth.backend                = "htpasswd"
auth.backend.htpasswd.userfile = "/etc/lighttpd/htpasswords"
auth.require = ( "/noc/" =>
                 (
            "method"    => "basic",
            "realm"     => "example.com",
            "require"   => "valid-user"
                 )
              )

Enabling System Status & System Configuration Pages

  • In /etc/lighttpd/lighttpd.conf

(See Securing a web directory with a password above for more information on secure a page

Start by enabling mod_status under the server.modules section.

                               "mod_status",

Then allow access to the corresponding pages:

auth.require               = ( "/server-status" =>
                              (
                                "method"  => "basic",
                                "realm"   => "mail.mattrude.com",
                                "require" => "valid-user"
                              ),
                               "/server-config" =>
                              (
                                "method"  => "basic",
                                "realm"   => "mail.mattrude.com",
                                "require" => "valid-user"
                              )
                            )

Lighttpd's init files

  • /etc/init.d/lighttpd
#!/bin/sh
#
# lighttpd     Startup script for the lighttpd server
#
# chkconfig: - 85 15
# description: Lightning fast webserver with light system requirements
#
# processname: lighttpd
# config: /etc/lighttpd/lighttpd.conf
# config: /etc/sysconfig/lighttpd
# pidfile: /var/run/lighttpd.pid
#
# Note: pidfile is assumed to be created
# by lighttpd (config: server.pid-file).
# If not, uncomment 'pidof' line.

# Source function library
. /etc/rc.d/init.d/functions

if [ -f /etc/sysconfig/lighttpd ]; then
	. /etc/sysconfig/lighttpd
fi

if [ -z "$LIGHTTPD_CONF_PATH" ]; then
	LIGHTTPD_CONF_PATH="/etc/lighttpd/lighttpd.conf"
fi

prog="lighttpd"
lighttpd="/usr/local/sbin/lighttpd"
RETVAL=0

start() {
	echo -n $"Starting $prog: "
	daemon $lighttpd -f $LIGHTTPD_CONF_PATH
	RETVAL=$?
	echo
	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
	return $RETVAL
}

stop() {
	echo -n $"Stopping $prog: "
	killproc $lighttpd
	RETVAL=$?
	echo
	[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog
	return $RETVAL
}

reload() {
	echo -n $"Reloading $prog: "
	killproc $lighttpd -HUP
	RETVAL=$?
	echo
	return $RETVAL
}

case "$1" in
	start)
		start
		;;
	stop)
		stop
		;;
	restart)
		stop
		start
		;;
	condrestart)
		if [ -f /var/lock/subsys/$prog ]; then
			stop
			start
		fi
		;;
	reload)
		reload
		;;
	status)
		status $lighttpd
		RETVAL=$?
		;;
	*)
		echo $"Usage: $0 {start|stop|restart|condrestart|reload|status}"
		RETVAL=1
esac

exit $RETVAL
  • /etc/sysconfig/lighttpd
LIGHTTPD_CONF_PATH=/etc/lighttpd/lighttpd.conf
  • Setup
echo "lighttpd:x:493:492:lighttpd web server:/var/www/lighttpd:/sbin/nologin" >> /etc/passwd
echo "lighttpd:x:492:" >> /etc/group
mkdir /etc/lighttpd
chown lighttpd:lighttpd /etc/lighttpd
mkdir /var/run/lighttpd
chown lighttpd:lighttpd /var/run/lighttpd
mkdir /var/log/lighttpd
chown lighttpd:lighttpd /var/log/lighttpd