Skip to main content

Lighttpd - Lightweight Webserver, HTTP, HTTPS, PHP, Command Overview

680 words·
Lighttpd
Table of Contents

Lighttpd
#

This is a short overview for Lighttpd which has a low memory footprint and optimized CPU usage.

Setup
# 

# Update package index
sudo apt update

# Install package
sudo apt install lighttpd -y

Commands
# 

# Start
sudo systemctl start lighttpd

# Stop
sudo systemctl stop lighttpd

# Restart
sudo systemctl restart lighttpd

# Check status
sudo systemctl status lighttpd

# Journal logs
journalctl -xeu lighttpd.service

# Error log
tail -f /var/log/lighttpd/error.log

# Readme
cat /etc/lighttpd/conf-available/README

Modules / Snippets
# 

# Available configuration snippets
ls /etc/lighttpd/conf-available

# Enabled configuration snippets: Symlinks to the configuration files in conf-available
ls /etc/lighttpd/conf-enabled

# Enable configuration
sudo lighty-enable-mod modulename

# Enable configuration: Alternative
/usr/sbin/lighty-enable-mod modulename

# Disable configuration
sudo lighty-disable-mod modulename

# Disable configuration: Alternative
/usr/sbin/lighty-disable-mod modulename

Testsite
# 

# DocumentRoot
/var/www/html

# Create test html file
sudo vi /var/www/html/index.html

# Set permissions
chmod 644 /var/www/html/index.html

# Delete default html file
sudo rm /var/www/html/index.lighttpd.html

<!-- /var/www/html/index.html -->
<!DOCTYPE html>
<html>

<head>
        <title>jklug.work</title>
</head>

<body>
        <h1>Lighttpd</h1>
</body>

</html>

Main Configuration
# 

# Main configuration file
sudo vi /etc/lighttpd/lighttpd.conf

Default HTTP Configuration
# 

# /etc/lighttpd/lighttpd.conf
server.modules = (
        "mod_indexfile",
        "mod_access",
        "mod_alias",
        "mod_redirect",
)

server.document-root        = "/var/www/html"
server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
server.errorlog             = "/var/log/lighttpd/error.log"
server.pid-file             = "/run/lighttpd.pid"
server.username             = "www-data"
server.groupname            = "www-data"
server.port                 = 80

# features
#https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_feature-flagsDetails
server.feature-flags       += ("server.h2proto" => "enable")
server.feature-flags       += ("server.h2c"     => "enable")
server.feature-flags       += ("server.graceful-shutdown-timeout" => 5)
#server.feature-flags       += ("server.graceful-restart-bg" => "enable")

# strict parsing and normalization of URL for consistency and security
# https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails
# (might need to explicitly set "url-path-2f-decode" = "disable"
#  if a specific application is encoding URLs inside url-path)
server.http-parseopts = (
  "header-strict"           => "enable",# default
  "host-strict"             => "enable",# default
  "host-normalize"          => "enable",# default
  "url-normalize-unreserved"=> "enable",# recommended highly
  "url-normalize-required"  => "enable",# recommended
  "url-ctrls-reject"        => "enable",# recommended
  "url-path-2f-decode"      => "enable",# recommended highly (unless breaks app)
 #"url-path-2f-reject"      => "enable",
  "url-path-dotseg-remove"  => "enable",# recommended highly (unless breaks app)
 #"url-path-dotseg-reject"  => "enable",
 #"url-query-20-plus"       => "enable",# consistency in query string
)

index-file.names            = ( "index.php", "index.html" )
url.access-deny             = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.conf.pl"
include "/etc/lighttpd/conf-enabled/*.conf"

#server.compat-module-load   = "disable"
server.modules += (
        "mod_dirlisting",
        "mod_staticfile",
)

HTTPS Configuration
# 

# /etc/lighttpd/lighttpd.conf
server.modules = (
        "mod_indexfile",
        "mod_access",
        "mod_alias",
        "mod_redirect",
)

server.document-root        = "/var/www/html"
server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
server.errorlog             = "/var/log/lighttpd/error.log"
server.pid-file             = "/run/lighttpd.pid"
server.username             = "www-data"
server.groupname            = "www-data"
server.port                 = 80


# Redirect http to https
$HTTP["scheme"] == "http" {
    # Redirect to HTTPS
    url.redirect = (".*" => "https://%0$0")
}

# https
$SERVER["socket"] == ":443" {
    ssl.engine = "enable"
    ssl.pemfile = "/etc/letsencrypt/live/website.jklug.work/fullchain.pem"
    ssl.privkey = "/etc/letsencrypt/live/website.jklug.work/privkey.pem"
}


# features
#https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_feature-flagsDetails
server.feature-flags       += ("server.h2proto" => "enable")
server.feature-flags       += ("server.h2c"     => "enable")
server.feature-flags       += ("server.graceful-shutdown-timeout" => 5)
#server.feature-flags       += ("server.graceful-restart-bg" => "enable")

# strict parsing and normalization of URL for consistency and security
# https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails
# (might need to explicitly set "url-path-2f-decode" = "disable"
#  if a specific application is encoding URLs inside url-path)
server.http-parseopts = (
  "header-strict"           => "enable",# default
  "host-strict"             => "enable",# default
  "host-normalize"          => "enable",# default
  "url-normalize-unreserved"=> "enable",# recommended highly
  "url-normalize-required"  => "enable",# recommended
  "url-ctrls-reject"        => "enable",# recommended
  "url-path-2f-decode"      => "enable",# recommended highly (unless breaks app)
 #"url-path-2f-reject"      => "enable",
  "url-path-dotseg-remove"  => "enable",# recommended highly (unless breaks app)
 #"url-path-dotseg-reject"  => "enable",
 #"url-query-20-plus"       => "enable",# consistency in query string
)

index-file.names            = ( "index.php", "index.html" )
url.access-deny             = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.conf.pl"
include "/etc/lighttpd/conf-enabled/*.conf"

#server.compat-module-load   = "disable"
server.modules += (
        "mod_dirlisting",
        "mod_staticfile",
        "mod_openssl", # Add SSL Module
)
  • Restart Lighttpd
# Restart
sudo systemctl restart lighttpd

The website is now TLS encrypted.


PHP
# 

# Install PHP package
sudo apt install php-cgi -y

# Enable FastCGI module
sudo lighty-enable-mod fastcgi

# Enable FastCGI-PHP module: Required to handle PHP requests using FastCGI
sudo lighty-enable-mod fastcgi-php
  • Create PHP File
# Create test php file
sudo vi /var/www/html/index.php

# Set permissions
sudo chmod 644 /var/www/html/index.php

# /var/www/html/index.php
<?php
phpinfo();
?>