lighttpd

From Gentoo Wiki
Jump to:navigation Jump to:search
This page contains changes which are not marked for translation.

lighttpd (pronounced /lighty/) is a fast and lightweight web server.

Installation

USE flags

USE flags for www-servers/lighttpd Lightweight high-performance web server

brotli Enable output compression via app-arch/brotli (recommended)
dbi Enable dev-db/libdbi (database-independent abstraction layer) support
gnutls Build module for TLS via net-libs/gnutls
kerberos Add kerberos support
ldap Add LDAP support (Lightweight Directory Access Protocol)
lua Enable Lua scripting support
maxminddb Add support for geolocation using dev-libs/libmaxminddb
mbedtls Build module for TLS via net-libs/mbedtls
mmap Use mmap when sendfile is not available
mysql Add mySQL Database support
nettle Use dev-libs/nettle as crypto backend
nss Build module for TLS via Mozilla's Network Security Services
pcre Add support for Perl Compatible Regular Expressions
php Include support for the PHP language
postgres Add support for the postgresql database
rrdtool Enable rrdtool support via mod_rrdtool
sasl Add support for the Simple Authentication and Security Layer
selinux !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur
sqlite Add support for sqlite - embedded sql database
ssl Add support for SSL/TLS connections (Secure Socket Layer / Transport Layer Security)
test Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently)
unwind Add support for call stack unwinding and function name resolution
verify-sig Verify upstream signatures on distfiles
webdav Enable webdav properties
xattr Add support for extended attributes (filesystem-stored metadata)
zlib Enable output compression via gzip or deflate algorithms from sys-libs/zlib
zstd Enable output compression via Zstandard (app-arch/zstd) algorithm

Emerge

Install www-servers/lighttpd:

root #emerge --ask www-servers/lighttpd

Configuration

The lighttpd configuration is handled by /etc/lighttpd/lighttpd.conf. The first example shows a single-site access, with SSL and no dynamic capabilities (such as PHP).

FILE /etc/lighttpd/lighttpd.confExample 1
server.modules += ("mod_openssl")
$SERVER["socket"] == "192.0.2.10:443" {
  server.name = "www.genfic.com"
  server.document-root = "/var/www/www.genfic.com/"
  server.errorlog = "/var/log/lighttpd/http_error.log"
  accesslog.filename = "/var/log/lighttpd/http_access.log"
  ## SSL Configuration
  ssl.engine = "enable"
  ssl.pemfile = "/etc/ssl/lighttpd-ssl.pem" # certificate chain; e.g. Let's Encrypt fullchain.pem
  ssl.privkey = "/etc/ssl/lighttpd-ssl.pem" # certificate private key; e.g. Let's Encrypt privkey.pem
}

To enable additional functionalities configure needed modules in /etc/lighttpd/lighttpd.conf. For instance, to enable PHP using the FastCGI processor:

FILE /etc/lighttpd/lighttpd.confExample 2 - Enabling PHP support
...
include "mod_fastcgi.conf"
...

IP access lists

This third example shows how to allow access to a particular site /server-status only to certain IP addresses. To allow using service status for the external host having an IP address: 198.51.100.1 and for the localhost 127.0.0.1, set the following lines in the lighttpd.conf file:

FILE /etc/lighttpd/lighttpd.confExample 3 - Enabling and configuring an IP access lists for /server-status page
# enable access module
server.modules = {
  ...
  "mod_access",
}
...
# enable server-status page globally
status.status-url  = "/server-status"

...
# restrict access to server-status to listed IP hosts
$HTTP["remoteip"] !~ "198.51.100.1|127.0.0.1" {
      url.access-deny = ( "/server-status" )
}

Start up

In order for the lighttpd service to start automatically it must be properly added to the init handler program. Gentoo has two main init handler programs: OpenRC and systemd.

OpenRC

With OpenRC use the rc-update command:

root #rc-update add lighttpd default

systemd

With systemd use the systemctl command:

root #systemctl enable lighttpd.service

Troubleshooting

Verifying /etc/lighttpd/lighttpd.conf configuration file with lighttpd-angel, it will return the exit code 0, if everything is configured properly:

root #lighttpd-angel -t -f /etc/lighttpd/lighttpd.conf
Syntax OK
lighttpd-angel.c.140: child (pid=32491) exited normally with exitcode: 0

If the configuration file has errors, it will print it to stdout, like in the example below:

root #lighttpd-angel -t -f /etc/lighttpd/lighttpd.conf
2012-09-02 12:52:08: (plugin.c.131) Cannot load plugin mod_fastcgi more than once, please fix your config
2012-09-02 12:52:08: (network.c.379) can't bind to port: 192.168.0.1 80 Address already in use 
lighttpd-angel.c.140: child (pid=32139) exited normally with exitcode: 255

See also

  • Apache — an efficient, extensible web server. It is one of the most popular web servers used the Internet.
  • Nginx — a robust, small, high performance web server and reverse proxy server.

External resources