Configuring Lighttpd involves modifying its main configuration file, /etc/lighttpd/lighttpd.conf, as well as setting up modules and additional configurations depending on your needs (like enabling SSL, configuring virtual hosts, or enabling caching). Here’s an overview of common configurations.
The main configuration file for Lighttpd is located at /etc/lighttpd/lighttpd.conf.
You can open it for editing:
sudo nano /etc/lighttpd/lighttpd.conf
Key parameters to configure:
Server port: You can specify which port Lighttpd will listen on:
server.port = 80 # Default HTTP port
Document Root: This is where your web files are located:
server.document-root = "/var/www/html"
Server Name: Set the server name to identify your server:
server.name = "example.com"
You can specify where Lighttpd will log errors and access requests:
server.errorlog = "/var/log/lighttpd/error.log"
accesslog.filename = "/var/log/lighttpd/access.log"
By default, directory listings might be enabled. If you don’t want Lighttpd to list the contents of directories when no index file is present, disable it:
server.dir-listing = "disable"
Set the default index file for directories:
index-file.names = ( "index.php", "index.html", "index.htm" )
Lighttpd uses a modular system, so additional functionalities (like FastCGI, SSL, etc.) are implemented via modules. Modules can be enabled/disabled in the configuration file.
Modules are specified using the server.modules setting. Here’s an example of enabling some key modules:
server.modules = (
"mod_access",
"mod_alias",
"mod_compress",
"mod_redirect",
"mod_rewrite"
)
To load additional modules, uncomment or add them to this list.
To enable mod_rewrite for URL rewriting, add this to the configuration file:
url.rewrite-once = (
"^/old-page.html$" => "/new-page.html",
"^/old-directory/(.*)$" => "/new-directory/$1"
)
Lighttpd supports virtual hosts, which allow you to host multiple domains on the same server.
To set up virtual hosts, you need to modify or add the following in the configuration:
$HTTP["host"] =~ "^(www\.)?example.com$" {
server.document-root = "/var/www/example.com"
accesslog.filename = "/var/log/lighttpd/example.com-access.log"
server.errorlog = "/var/log/lighttpd/example.com-error.log"
}
$HTTP["host"] =~ "^(www\.)?example2.com$" {
server.document-root = "/var/www/example2.com"
accesslog.filename = "/var/log/lighttpd/example2.com-access.log"
server.errorlog = "/var/log/lighttpd/example2.com-error.log"
}
Make sure to create separate directories for each virtual host (like /var/www/example.com and /var/www/example2.com) and give them appropriate permissions.
To enable SSL (HTTPS), you need to have a valid SSL certificate and enable the mod_openssl module.
Ensure you have mod_openssl installed and enabled:
sudo apt install lighttpd-mod-openssl # On Ubuntu/Debian
Modify the Lighttpd configuration for SSL:
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/ssl/certs/lighttpd.pem"
server.document-root = "/var/www/ssl"
}
To create the .pem file from a certificate and private key, use:
cat /etc/ssl/certs/your-cert.crt /etc/ssl/private/your-private-key.key > /etc/ssl/certs/lighttpd.pem
You can redirect HTTP traffic to HTTPS by adding this:
$HTTP["scheme"] == "http" {
$HTTP["host"] =~ ".*" {
url.redirect = (".*" => "https://%0$0")
}
}
FastCGI allows for dynamic content processing, like PHP.
Ensure the FastCGI module is enabled:
server.modules += ( "mod_fastcgi" )
Configure FastCGI for PHP processing:
fastcgi.server = ( ".php" => ((
"bin-path" => "/usr/bin/php-cgi",
"socket" => "/tmp/php.socket"
)))
Lighttpd supports Gzip compression and caching for performance optimization.
To enable compression for certain file types:
server.modules += ( "mod_compress" )
compress.filetype = ( "text/html", "text/plain", "text/css", "application/javascript" )
You can configure cache control using mod_expire:
server.modules += ( "mod_expire" )
expire.url = ( "/images/" => "access 1 weeks" )
To improve the security of your Lighttpd server, you may want to apply these configurations:
Hide Lighttpd version:
server.tag = ""
Limit access by IP:
To restrict access to certain files or directories based on IP address:
$HTTP["remoteip"] !~ "192.168.1.100|127.0.0.1" {
url.access-deny = ( "/admin" )
}
After making any changes to the configuration, you must restart Lighttpd to apply them:
sudo systemctl restart lighttpd
These configurations provide you with a foundation to customize Lighttpd for your needs, whether you are hosting simple static websites, dynamic content via PHP, or multiple sites using virtual hosting.