Install and configure Lighttpd by adding SSL access

Lighttpd (http://lighttpd.net/) and apache are the same open source, compared with apache, although the function is not as good as apache, stability is not as good as apache, but, whether it is service static page, or service dynamic content (CGI, PHP), which is faster than apache. It is most appropriate for WEB servers such as ad banner.

This article describes how to install and configure lighttpd from the application perspective.

(1) Installation

Download the latest source code (.tar.gz) or rpm package from http://lighttpd.net/download. If you download the .tar.gz file, first./configure like other GNU software, and then make & make install. However, if you want to customize some functions, you have to take a good look at the output results of README, INSTALL, and./configure-help after decompression. Here we will only talk about how to install it from the source code. For other installation methods, refer to http://trac.lighttpd.net/trac/wiki/tutorialinstallation.

$ gzip -cd lighttpd-1.4.9.tar.gz | tar xf -...$ cd lighttpd-1.4.9$ ./configure --help`configure' configures lighttpd 1.4.9 to adapt to many kinds of systems.Usage: ./configure [OPTION]... [VAR=VALUE]...To assign environment variables (e.g., CC, CFLAGS...), specify them asVAR=VALUE.  See below for descriptions of some of the useful variables.Defaults for the options are specified in brackets.Configuration:...Installation directories:  --prefix=PREFIX         install architecture-independent files in PREFIX                          [/usr/local]  --exec-prefix=EPREFIX   install architecture-dependent files in EPREFIX                          [PREFIX]By default, `make install' will install all the files in`/usr/local/bin', `/usr/local/lib' etc.  You can specifyan installation prefix other than `/usr/local' using `--prefix',for instance `--prefix=$HOME'.For better control, use the options below.Fine tuning of the installation directories:...Program names:...System types:...Optional Features:  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]  --enable-maintainer-mode  enable make rules and dependencies not useful                          (and sometimes confusing) to the casual installer  --disable-dependency-tracking  speeds up one-time build  --enable-dependency-tracking   do not reject slow dependency extractors  --enable-static[=PKGS]                          build static libraries [default=no]  --enable-shared[=PKGS]                          build shared libraries [default=yes]  --enable-fast-install[=PKGS]                          optimize for fast installation [default=yes]  --disable-libtool-lock  avoid locking (might break parallel builds)  --enable-lfs            Turn on Large File System (default)  --disable-ipv6          disable IPv6 supportOptional Packages:  --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]  --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)  --with-gnu-ld           assume the C compiler uses GNU ld [default=no]  --with-pic              try to use only PIC/non-PIC objects [default=use                          both]  --with-tags[=TAGS]                          include additional configurations [automatic]  --with-mysql[=PATH]                          Include MySQL support. PATH is the path to                          'mysql_config'  --with-ldap             enable LDAP support  --with-attr             enable extended attribute support  --with-valgrind         enable internal support for valgrind  --with-openssl[=DIR]                          Include openssl support (default no)  --with-openssl-includes=DIR                          OpenSSL includes  --with-openssl-libs=DIR OpenSSL libraries  --with-kerberos5        use Kerberos5 support with OpenSSL  --with-pcre             Enable pcre support (default yes)  --with-bzip2            Enable bzip2 support for mod_compress  --with-fam              fam/gamin for reducing number of stat() calls  --with-webdav-props     properties in mod_webdav  --with-gdbm             gdbm storage for mod_trigger_b4_dl  --with-memcache         memcached storage for mod_trigger_b4_dl  --with-lua              lua engine for mod_cmlSome influential environment variables:...

As described above, you can use-prefix to specify the installation path, which is installed under/usr/local by default. You can specify which features (INS) are enabled and which features (INS) are disabled ). Suppose we want to install lighttpd under/usr/local/lighttpd-1.4.9.

$. /Configure -- prefix =/usr/local/lighttpd-1.4.9 $ make install $ cp doc/lighttpd. conf/usr/local/lighttpd-1.4.9/# copy configuration file $ cd/usr/local/lighttpd-1.4.9 $ vi lighttpd. conf # modify the configuration file

The configuration file is straightforward. You only need to change server.doc ument-root, server. errorlog, and accesslog. filename to your actual directory and file name.

$ Sbin/lighttpd-f lighttpd. conf # Start the lighttpd service $ ps aux | grep lighttpdwww 15403 0.0 0.9 2860? S sbin/lighttpd-f

This completes the entire process from installation to startup, which is simple. From the output of the last line, we can see that lighttpd is a single-process service, which is different from apache (maybe it is not as stable as apache ).

(2) Integrate php and fastcgi

Take the php-4.3.11 as an example, when compiling PHP, you cannot specify the-with-apxs option, compile the command line is roughly as follows:

$ ./configure ... --enable-force-cgi-redirect --enable-fastcgi$ make$ sapi/cgi/php -vPHP 4.3.11 (cgi-fcgi) (built: Jan 30 2006 00:12:34)Copyright (c) 1997-2004 The PHP GroupZend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies

After make is complete, the php program under the command line is generated in the sapi/cli directory, and the php program under fastcgi is generated under sapi/cgi. If you execute php under sapi/cgi to display the version number, you will find cgi-fcgi instructions, which indicates that you have succeeded.

$ mkdir /usr/local/lighttpd-1.4.9/fcgi$ cp sapi/cgi/php /usr/local/lighttpd-1.4.9/fcgi/$ vi /usr/local/lighttpd-1.4.9/lighttpd.conf

We create a sub-directory fcgi to save all the fast-cgi programs, and then copy php to this directory. Edit lighttpd. conf as follows:

...server.modules = ( ... "mod_fastcgi", ...)...fastcgi.server = (".php" => ( "127.0.0.1" => ( "socket" => "/tmp/fcgi_php.sock", "bin-path" => "/usr/local/lighttpd-1.4.9/fcgi/php" ) ) )

Restart lighttpd. Lighttpd can communicate with fastcgi in two ways: through Unix socket communication, such as the above PHP startup, and through TCP/IP socket communication. Lighttpd supports fastcgi-based load balancing, but I have not tried it.

For more information about the fastcgi protocol specifications, see http://www.fastcgi.com/. The following is a configuration example of fastcgi:

fastcgi.server = ( "/fastcgi/adsim" => ( "127.0.0.1" => ( "host" => "127.0.0.1", "port" => 4000, "bin-path" => "/usr/local/lighttpd-1.4.9/fcgi/adsim", "check-local" => "disable" ))

Check-local must be set to disable; otherwise, the request fails because/fastcgi/adsim cannot be found.

(3) create a lighttpd Startup Script

Each time we start lighttpd, We need to specify the location of the configuration file. When we stop lighttpd, we need to first find the process number and then use kill to send the stop signal, which is a little too troublesome. Fortunately, lighttpd comes with a script program that can assist with these operations. It can be used only after slight modification, that is, the source code directory doc/rc. lighttpd and doc/rc. lighttpd. redhat, which is dedicated to RedHat Linux. The main changes are as follows:

...if [ -z "$LIGHTTPD_CONF_PATH" ]; then LIGHTTPD_CONF_PATH="/usr/local/lighttpd-1.4.9/lighttpd.conf"fi...lighttpd="/usr/local/lighttpd-1.4.9/usr/sbin/lighttpd"...

It is much easier to use this script to manage lighttpd.

(4) Lighttpd and OpenSSL

Lighttpd does not compile the ssl module by default. Therefore, you must explicitly specify-with-openssl during compilation, and then generate the self-Signed server certificate or obtain it from the CA. The method for generating a self-signed certificate is as follows:

$ openssl req -new -x509 -keyout server.pem \ -out server.pem -days 365 -nodes

Lighttpd requires that certificates and private keys be stored in the same file. If they are separated, they must be merged:

$ cat host.key host.crt > host.pem

Configure lighttpd. conf as follows:

ssl.engine = "enable"ssl.pemfile = "server.pem"

You can set this for a virtual host, but because SSL works on the TCP layer, you cannot set a name-based virtual host, but you can only set a port-based virtual host. The following is a configuration example:

$SERVER["socket"] == "192.168.146.128:443" { ssl.engine = "enable" ssl.pemfile = "/usr/local/lighttpd/certs/server.pem" server.document-root = "/home/www/wfs/www"}

(5) configure the Directory List

Modify lighttpd. conf as follows:

server.module = { ... "mod_dirlisting", ...}dir-listing.activate = "enable"

(6) Configure CGI

To modify lighttpd. conf, first start mod_cgi, specify the cgi file extension in the static-file.exclude-extensions, and then associate it with the cgi. assign configuration command.

You can specify the path of the Resolution Program for CGI with an extension and the execution of a specific parsing program. For example:

cgi.assign = ( ".pl" => "/usr/bin/perl", ".cgi" => "/usr/bin/perl" )

For CGI that can be executed without a specific parser by cutting the extension, you can specify that the parser is empty, for example:

cgi.assign = (".cgi" => "")

CGI programs without an extension can only be accessed through a fixed path, for example:

cgi.assgin = ( "/cgi-bin/mycgi" => "/usr/local/cgi/mycgi )

(7) Configure Virtual Hosts

The Port-based virtual host configuration is described above. The name-based virtual host is also very simple. Modify lighttpd. conf, start the module mod_simple_vhost, and specify your VM information, such:

$HTTP["host"] == "news.example.org" { server.document-root = "/var/www/servers/news2.example.org/pages/"}

Lighttpd focuses on speed, while Apache focuses on stability and functions. You need to check the specific application for how to choose.

2. Unzip, install, and configure

Shell> tar zxvf lighttpd-1.5.0-r1691.tar.gz
Shell> cd lighttpd-1.5.0
Shell>./configure-prefix =/usr/local/lighttpd
Shell>./make
Shell>./make install
Shell> cp doc/rc. lighttpd. redhat/etc/rc. d/init. d/lighttpd
Shell> chmod 777/etc/rc. d/init. d/lighttpd
Shell> cp doc/sysconfig. lighttpd/etc/sysconfig/lighttpd
Shell> mkdir/etc/lighttpd
Shell> cp doc/lighttpd. conf/etc/lighttpd. conf
Shell> chkconfig lighttpd on

Next, open/etc/rc. d/init. d/lighttpd and modify the value of lighttpd as follows:

Lighttpd = "/usr/local/lighttpd/sbin/lighttpd"

Open/etc/lighttpd. conf to modify the service port (80 by default) and the path of the document root directory (/www/pages by default), and then start the lighttpd service.

Shell> service lighttpd start