Lighttpd
Compiling Lighttpd from source[edit | edit source]
- Installing Prerequisites
yum install gcc pcre-devel openssl-devel mysql-devel bzip2-devel
- Downloading and untaring
wget http://www.lighttpd.net/download/lighttpd-1.4.20.tar.gz tar -xzf lighttpd-1.4.20.tar.gz cd lighttpd-1.4.20
- Compiling Lighttpd
./autogen.sh && ./configure && make echo $?
- Compiling Lighttpd with SSL
./autogen.sh && ./configure --with-openssl --with-openssl-libs=/usr/lib/openssl && make echo $?
- Installing Lighttpd
make install
Configuring Lighttpd[edit | edit source]
Running SSL and insecure setups[edit | edit source]
- In /etc/lighttpd/lighttpd.conf
#### Redirect HTTP requests to HTTPS
$SERVER["socket"] == ":80" {
server.document-root = "/var/www/lighttpd/redirect/"
}
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/<ssl-dir>/example.com.pem"
server.document-root = "/var/www/lighttpd/"
}
Redirecting all insecure requests to the SSL port[edit | edit source]
The below configuration will redirect all web traffic sent for port 80 to port 443, by asking the client's browser to use the port 443 instead. This configuration will apply to all domains on this server.
- In /etc/lighttpd/lighttpd.conf
Add "mod_redirect" to the server.modules section on the top then further down add:
$SERVER["socket"] == ":80" {
$HTTP["host"] =~ "(.*)" {
url.redirect = ( "^/(.*)" => "https://%1/$1" )
}
}
Securing a web directory with a password[edit | edit source]
- In /etc/lighttpd/lighttpd.conf
## Authication Module - Using htpasswd from Apache auth.backend = "htpasswd" auth.backend.htpasswd.userfile = "/etc/lighttpd/htpasswords" auth.require = ( "/noc/" => ( "method" => "basic", "realm" => "example.com", "require" => "valid-user" ) )
Enabling System Status & System Configuration Pages[edit | edit source]
- In /etc/lighttpd/lighttpd.conf
(See Securing a web directory with a password above for more information on secure a page
Start by enabling mod_status under the server.modules section.
"mod_status",
Then allow access to the corresponding pages:
auth.require = ( "/server-status" =>
(
"method" => "basic",
"realm" => "mail.mattrude.com",
"require" => "valid-user"
),
"/server-config" =>
(
"method" => "basic",
"realm" => "mail.mattrude.com",
"require" => "valid-user"
)
)
Lighttpd's init files[edit | edit source]
- /etc/init.d/lighttpd
#!/bin/sh
#
# lighttpd Startup script for the lighttpd server
#
# chkconfig: - 85 15
# description: Lightning fast webserver with light system requirements
#
# processname: lighttpd
# config: /etc/lighttpd/lighttpd.conf
# config: /etc/sysconfig/lighttpd
# pidfile: /var/run/lighttpd.pid
#
# Note: pidfile is assumed to be created
# by lighttpd (config: server.pid-file).
# If not, uncomment 'pidof' line.
# Source function library
. /etc/rc.d/init.d/functions
if [ -f /etc/sysconfig/lighttpd ]; then
. /etc/sysconfig/lighttpd
fi
if [ -z "$LIGHTTPD_CONF_PATH" ]; then
LIGHTTPD_CONF_PATH="/etc/lighttpd/lighttpd.conf"
fi
prog="lighttpd"
lighttpd="/usr/local/sbin/lighttpd"
RETVAL=0
start() {
echo -n $"Starting $prog: "
daemon $lighttpd -f $LIGHTTPD_CONF_PATH
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
return $RETVAL
}
stop() {
echo -n $"Stopping $prog: "
killproc $lighttpd
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog
return $RETVAL
}
reload() {
echo -n $"Reloading $prog: "
killproc $lighttpd -HUP
RETVAL=$?
echo
return $RETVAL
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
condrestart)
if [ -f /var/lock/subsys/$prog ]; then
stop
start
fi
;;
reload)
reload
;;
status)
status $lighttpd
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|restart|condrestart|reload|status}"
RETVAL=1
esac
exit $RETVAL
- /etc/sysconfig/lighttpd
LIGHTTPD_CONF_PATH=/etc/lighttpd/lighttpd.conf
- Setup
echo "lighttpd:x:493:492:lighttpd web server:/var/www/lighttpd:/sbin/nologin" >> /etc/passwd echo "lighttpd:x:492:" >> /etc/group mkdir /etc/lighttpd chown lighttpd:lighttpd /etc/lighttpd mkdir /var/run/lighttpd chown lighttpd:lighttpd /var/run/lighttpd mkdir /var/log/lighttpd chown lighttpd:lighttpd /var/log/lighttpd