Posted in

Lighttpd web and proxy server

Lighttpd a powerful and flexible web server

Lighttpd is a powerful and flexible web server that can be tailored to meet the needs of almost any web application. It is a light, fast, and secure web server that’s perfect for environments where speed and low resource usage are critical. Whether you’re running a small personal blog or a large-scale web application, Lighttpd can help you serve content efficiently without bogging down your server.
By following these guidelines, you can set up, secure, and optimize Lighttpd for your specific requirements.

Installing Lighttpd
First things first, let’s get Lighttpd installed. If you’re using a Debian-based system like Ubuntu, you can install Lighttpd with the following commands:

sudo apt-get update
sudo apt-get install lighttpd

For CentOS or RHEL users, the process is just as simple:

sudo yum install epel-release
sudo yum install lighttpd

Once installed, start and enable the Lighttpd service so it runs automatically on boot:

sudo systemctl start lighttpd
sudo systemctl enable lighttpd

To make sure everything is working correctly, you can check the status of Lighttpd with:

sudo systemctl status lighttpd

Basic Configuration
Now that Lighttpd is up and running, let’s dive into some basic configuration. The main configuration file is located at /etc/lighttpd/lighttpd.conf. Here’s how you can set it up:

  • Open the configuration file
sudo nano /etc/lighttpd/lighttpd.conf
  • Set the server port and document root to define where your website files are located
server.port = 80
server.document-root = "/var/www/html"
  • Enable essential modules like access control, aliasing, compression, redirection, and rewriting
server.modules = (
"mod_access",
"mod_alias",
"mod_compress",
"mod_redirect",
"mod_rewrite"
)
  • After making these changes, restart Lighttpd to apply them
sudo systemctl restart lighttpd

Advanced Configuration
Lighttpd’s flexibility shines through in its advanced configurations. Here are some examples:

URL Rewriting and Redirection
If you need to rewrite URLs, you can use the following configuration:

url.rewrite-if-not-file = (
"^/blog(.*)" => "/blog/index.php$1"
)

This example rewrites any request to /blog to /blog/index.php.

Enabling FastCGI
For PHP support, you can enable FastCGI:

server.modules += ( "mod_fastcgi" )

fastcgi.server = ( ".php" =>
( "localhost" =>
(
"socket" => "/var/run/lighttpd/php-fastcgi.socket",
"bin-path" => "/usr/bin/php-cgi"
)
)
)

This configuration sets up FastCGI to handle PHP scripts.

Load Balancing
To distribute traffic across multiple backend servers, you can configure load balancing:

proxy.server = ( "/" =>
(
( "host" => "127.0.0.1", "port" => 8080 ),
( "host" => "127.0.0.1", "port" => 8081 )
)
)

This setup balances requests between two local servers running on ports 8080 and 8081.

Securing Your Site with SSL and Certbot
Securing your website with SSL is crucial. Certbot simplifies obtaining and renewing SSL certificates from Let’s Encrypt.

  • First, install Certbot
sudo apt-get install certbot python-certbot-lighttpd
  • To obtain an SSL certificate, run:
sudo certbot --lighttpd
  • After obtaining your certificates, update your Lighttpd configuration to use SSL:
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/letsencrypt/live/yourdomain.com/fullchain.pem"
ssl.privkey = "/etc/letsencrypt/live/yourdomain.com/privkey.pem"
}
  • To ensure all traffic is secure, redirect HTTP to HTTPS:
$HTTP["scheme"] == "http" {
$HTTP["host"] =~ ".*" {
url.redirect = (".*" => "https://%0$0")
}
}
  • Finally, restart Lighttpd:
sudo systemctl restart lighttpd

Serving Multiple Websites
Lighttpd makes it easy to serve multiple websites from a single server. To do this:

  • Create directories for each site
sudo mkdir -p /var/www/site1
sudo mkdir -p /var/www/site2
  • Configure virtual hosts in your Lighttpd configuration:
$HTTP["host"] == "site1.com" {
server.document-root = "/var/www/site1"
ssl.pemfile = "/etc/letsencrypt/live/site1.com/fullchain.pem"
ssl.privkey = "/etc/letsencrypt/live/site1.com/privkey.pem"
}

$HTTP["host"] == "site2.com" {
server.document-root = "/var/www/site2"
ssl.pemfile = "/etc/letsencrypt/live/site2.com/fullchain.pem"
ssl.privkey = "/etc/letsencrypt/live/site2.com/privkey.pem"
}
  • Obtain SSL certificates for each site using Certbot as described earlier.

Setting Up a Reverse Proxy
A reverse proxy can be useful for distributing load or isolating backend services.

  • Enable the proxy modules
sudo lighty-enable-mod proxy
sudo lighty-enable-mod proxy-http
  • Configure the reverse proxy
$HTTP["host"] == "proxy.com" {
proxy.server = ( "" =>
(
"backend1" => (
"host" => "127.0.0.1",
"port" => 8080
)
)
)
ssl.pemfile = "/etc/letsencrypt/live/proxy.com/fullchain.pem"
ssl.privkey = "/etc/letsencrypt/live/proxy.com/privkey.pem"
}

Advanced Proxy Configurations
If you need to proxy multiple sites, you can extend the configuration here:

$HTTP["host"] == "proxy1.com" {
proxy.server = ( "" =>
(
"backend1" => (
"host" => "127.0.0.1",
"port" => 8080
)
)
)
ssl.pemfile = "/etc/letsencrypt/live/proxy1.com/fullchain.pem"
ssl.privkey = "/etc/letsencrypt/live/proxy1.com/privkey.pem"
}

$HTTP["host"] == "proxy2.com" {
proxy.server = ( "" =>
(
"backend2" => (
"host" => "127.0.0.1",
"port" => 8081
)
)
)
ssl.pemfile = "/etc/letsencrypt/live/proxy2.com/fullchain.pem"
ssl.privkey = "/etc/letsencrypt/live/proxy2.com/privkey.pem"
}

Configuring a Forward Proxy
To set up Lighttpd as a forward proxy enable the necessary modules such like:

sudo lighty-enable-mod proxy
sudo lighty-enable-mod proxy-forward
  • Configure the forward proxy
proxy.forward = (
".*" => (
"host" => "backend-proxy.com",
"port" => 3128
)
)

$HTTP["scheme"] == "https" {
ssl.pemfile = "/etc/letsencrypt/live/forward-proxy.com/fullchain.pem"
ssl.privkey = "/etc/letsencrypt/live/forward-proxy.com/privkey.pem"
}

Keeping Your Site Secure
Regularly updating your Lighttpd installation and SSL certificates is crucial for security. If you use Certbot to automate certificate renewals then use the following command:

sudo certbot renew

Tuning Performance in Lighttpd
Optimizing the performance of your Lighttpd server is essential to ensure it can handle a large number of requests efficiently. Here, we’ll look into two key areas for performance tuning, enabling caching and optimizing FastCGI settings.

Enabling Caching
Caching can significantly reduce the load on your server by serving static content directly from the cache instead of generating it dynamically for each request. This reduces the processing time and server resource usage, leading to faster response times for your users.

Lighttpd supports caching through the mod_expire module, which sets expiration times for cached content.

  • Configuration for Caching

Ensure that the mod_expire module is enabled in your Lighttpd configuration file (/etc/lighttpd/lighttpd.conf). And if it is not then please use the following code to enable it.

server.modules += ( "mod_expire" )
  • Set Expiration Times:

Configure the expiration times for your static content. For example, if you want to cache static content in the /static/ directory for one month, add the following configuration:

expire.url = ( "/static/" => "access 1 months" )

This setting tells Lighttpd to set the Cache-Control header for any request to the /static/ directory to one month. The Cache-Control header is used by browsers to determine how long they can cache a resource before requesting it again from the server.

Here is an example Configuration

server.modules += ( "mod_expire" )
expire.url = ( "/static/" => "access 1 months" )

With this configuration, any files served from the /static/ directory will be cached by the client’s browser for one month, reducing the number of requests that hit your server and improving overall performance.

  • FastCGI Optimization

FastCGI is a protocol for interfacing interactive programs with a web server. It allows dynamic content to be generated quickly and efficiently. Optimizing FastCGI settings can help balance the load and ensure your server can handle multiple requests without slowing down.

Configuration for FastCGI requires enabling the mod_fastcgi Module.Ensure the mod_fastcgi module is enabled in your Lighttpd configuration file.

server.modules += ( "mod_fastcgi" )
  • Configure FastCGI Server

Define the FastCGI server settings. Here’s an example configuration that you can add to your lighttpd.conf file.

fastcgi.server = ( ".php" =>
( "localhost" =>
(
"socket" => "/var/run/lighttpd/php-fastcgi.socket",
"bin-path" => "/usr/bin/php-cgi",
"min-procs" => 1,
"max-procs" => 5,
"max-load-per-proc" => 4,
"idle-timeout" => 20
)
)
)

socket: Defines the path to the FastCGI socket. Lighttpd and PHP-FastCGI communicate through this socket.
bin-path: Specifies the path to the PHP FastCGI executable.
min-procs: Minimum number of FastCGI processes to start. Starting with at least one process ensures that FastCGI is ready to handle requests as soon as the server starts.
max-procs: Maximum number of FastCGI processes to spawn. Limiting the number of processes prevents the server from being overwhelmed by too many concurrent processes.
max-load-per-proc: The maximum load a single FastCGI process should handle. If a process exceeds this load, Lighttpd will start a new process (up to the maximum number defined by max-procs).
idle-timeout: Defines how long a FastCGI process should wait for a new request before it’s terminated. This helps in freeing up system resources during low traffic periods.

Here’s the complete configuration snippet for enabling and optimizing FastCGI.

server.modules += ( "mod_fastcgi" )

fastcgi.server = ( ".php" =>
( "localhost" =>
(
"socket" => "/var/run/lighttpd/php-fastcgi.socket",
"bin-path" => "/usr/bin/php-cgi",
"min-procs" => 1,
"max-procs" => 5,
"max-load-per-proc" => 4,
"idle-timeout" => 20
)
)
)

By enabling caching and optimizing FastCGI, you can significantly improve the performance of your Lighttpd server, ensuring that it can handle more traffic with lower latency and higher efficiency. These configurations are essential for providing a smooth and responsive user experience.

Leave a Reply

Your email address will not be published. Required fields are marked *