lighttpd

Pronounced "lighty", it describes itself as being two to three times faster than apache.  More importantly, it consumes very few resources; important on a nas type system.

Install

sudo apt-get install lighttpd

Configure

Configuration files are in /etc/lighttpd.  Interestingly, one edits (or replaces) the files in the conf-available folder, which correspond to the available modules, and then turns them on with the lighty-enable-mod command.

SSL

Generate a self-signed certificate. (remember to use the public facing DNS name when it asks for Common Name)

sudo openssl req -new -x509 -keyout /etc/lighttpd/server.pem -out /etc/lighttpd/server.pem -days 3650 -nodes
sudo chmod 400 /etc/lighttpd/server.pem

Enable SSL and restart (see SSL notes below)

sudo lighty-enable-mod ssl
sudo service lighttpd restart


Proxy

Let's say we want to SSL wrap service, like transmission, that may not provide SSL on it's own. In this example it's running on the same host on port 9091

Edit the config file

cd /etc/lighttpd/conf-available
sudo cp -a 10-proxy.conf 10-proxy.conf.bak
sudo vim 10-proxy.conf

And make it look like so

server.modules   += ( "mod_proxy" )

$HTTP["url"] =~ "^/transmission/" {
proxy.server    = ( "" =>
                     (
                        ( "host" => "127.0.0.1",
                          "port" => "9091"
                        )
                     )
                  )
}
 
And enable and restart

sudo lighty-enable-mod proxy
sudo service lighttpd force-reload


Notes

SSL - 

At one time one edited the main conf file:

Edit  /etc/lighttpd/lighttpd.conf so it contains:

$SERVER["socket"] == ":443" {
  ssl.engine = "enable" 
  ssl.pemfile = "/etc/lighttpd/server.pem" 
}
But as of Ubuntu 13.04, the above is included in a sub conf file referenced in the main file 

include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
So if you try to add it in the main, you get a red-herring error message of 

(network.c.379) can't bind to port:  443 Address already in use


To be honest, this is a quick - but bad - example. It takes one 'service' , securing transmission, and stretches the config for it over two files; the ssl and proxy conf files. If we added authentication (to secure it in lighty) and rewriting ( so you can use a short url ) it would stretch out further. The better way is a virtual host file that combines all the settings for one service, in one place.

One would do that by adding include "domain1.com.conf" at the bottom of lighttpd.conf  file and start it with a   $HTTP["host"] == "www2.example.org" and then some directives. Haven't tried it though.


Links

Comments