Difference between revisions of "Lighttpd"
(initscripts/rc.conf is deprecated: https://www.archlinux.org/news/end-of-initscripts-support/) |
Kynikos.bot (talk | contribs) (Use Template:Note directly) |
||
(13 intermediate revisions by 9 users not shown) | |||
Line 6: | Line 6: | ||
[[zh-TW:Lighttpd]] | [[zh-TW:Lighttpd]] | ||
[[Category:Web Server]] | [[Category:Web Server]] | ||
− | |||
[http://www.lighttpd.net/ Lighttpd] is "a secure, fast, compliant, and very flexible [[Wikipedia:Web server|web-server]] that has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set ([[Wikipedia:FastCGI|FastCGI]], [[Wikipedia:Common Gateway Interface|CGI]], Auth, Output-Compression, URL-Rewriting and many more) make lighttpd the perfect webserver-software for every server that suffers load problems." | [http://www.lighttpd.net/ Lighttpd] is "a secure, fast, compliant, and very flexible [[Wikipedia:Web server|web-server]] that has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set ([[Wikipedia:FastCGI|FastCGI]], [[Wikipedia:Common Gateway Interface|CGI]], Auth, Output-Compression, URL-Rewriting and many more) make lighttpd the perfect webserver-software for every server that suffers load problems." | ||
Line 21: | Line 20: | ||
The default configuration file specifies {{ic|/srv/http/}} as the document directory served. | The default configuration file specifies {{ic|/srv/http/}} as the document directory served. | ||
− | |||
− | |||
− | |||
− | |||
− | |||
To test the install: | To test the install: | ||
Line 41: | Line 35: | ||
Example configuration files are available in {{ic|/usr/share/doc/lighttpd/}}. | Example configuration files are available in {{ic|/usr/share/doc/lighttpd/}}. | ||
+ | |||
+ | ===CGI=== | ||
+ | |||
+ | CGI scripts work with Lighttpd out of box, you just need to enable the CGI module, include the configuration file and make sure your chosen programing language interpreter is installed. (ie for python you would install {{pkg|python}}) | ||
+ | |||
+ | Create the file {{ic|/etc/lighttpd/conf.d/cgi.conf}} Add the following to it: | ||
+ | |||
+ | server.modules += ( "mod_cgi" ) | ||
+ | |||
+ | cgi.assign = ( ".pl" => "/usr/bin/perl", | ||
+ | ".cgi" => "/usr/bin/perl", | ||
+ | ".rb" => "/usr/bin/ruby", | ||
+ | ".erb" => "/usr/bin/eruby", | ||
+ | ".py" => "/usr/bin/python", | ||
+ | ".php" => "/usr/bin/php" ) | ||
+ | |||
+ | index-file.names = ( "index.pl", "default.pl", | ||
+ | "index.rb", "default.rb", | ||
+ | "index.erb", "default.erb", | ||
+ | "index.py", "default.py", | ||
+ | "index.php", "default.php" ) | ||
+ | |||
+ | For PHP scripts you will need to make sure the following is set in {{ic|/etc/php/php.ini}} | ||
+ | cgi.fix_pathinfo = 1 | ||
+ | |||
+ | In your Lighttpd configuration file, {{ic|/etc/lighttpd/lighttpd.conf}} add: | ||
+ | include "conf.d/cgi.conf" | ||
===FastCGI=== | ===FastCGI=== | ||
Line 46: | Line 67: | ||
Install {{pkg|fcgi}}. | Install {{pkg|fcgi}}. | ||
Now you have lighttpd with fcgi support. If it was that what you wanted you are all set. People that want Ruby on Rails, PHP or Python should continue. | Now you have lighttpd with fcgi support. If it was that what you wanted you are all set. People that want Ruby on Rails, PHP or Python should continue. | ||
− | {{ | + | {{Note| New default user and group: Instead of group "nobody" lighttpd now runs as user/group "http" by default.}} |
First copy the example config file form {{ic|/usr/share/doc/lighttpd/config/conf.d/fastcgi.conf}} to {{ic|/etc/lighttpd/conf.d}} | First copy the example config file form {{ic|/usr/share/doc/lighttpd/config/conf.d/fastcgi.conf}} to {{ic|/etc/lighttpd/conf.d}} | ||
Line 83: | Line 104: | ||
If you get a similar output then php is installed correctly. | If you get a similar output then php is installed correctly. | ||
− | + | Create a new configuration file: | |
− | |||
− | |||
− | |||
− | |||
− | + | {{hc|/etc/lighttpd/conf.d/fastcgi.conf|<nowiki> | |
− | + | # Make sure to install php and php-cgi. See: | |
− | + | # https://wiki.archlinux.org/index.php/Fastcgi_and_lighttpd#PHP | |
− | + | ||
− | + | server.modules += ("mod_fastcgi") | |
+ | |||
+ | # FCGI server | ||
+ | # =========== | ||
+ | # | ||
+ | # Configure a FastCGI server which handles PHP requests. | ||
+ | # | ||
+ | index-file.names += ("index.php") | ||
+ | fastcgi.server = ( | ||
+ | # Load-balance requests for this path... | ||
+ | ".php" => ( | ||
+ | # ... among the following FastCGI servers. The string naming each | ||
+ | # server is just a label, and it has little functional impact. | ||
+ | # (affects logfile output?) | ||
+ | "localhost" => ( | ||
+ | "bin-path" => "/usr/bin/php-cgi", | ||
+ | "socket" => "/tmp/php-fastcgi.sock", | ||
+ | # breaks SCRIPT_FILENAME in a way that PHP can extract PATH_INFO | ||
+ | # from it | ||
+ | "broken-scriptfilename" => "enable", | ||
+ | # Launch (max-procs + (max-procs * PHP_FCGI_CHILDREN)) procs, where | ||
+ | # max-procs are "watchers" and the rest are "workers". See: | ||
+ | # https://redmine.lighttpd.net/projects/1/wiki/frequentlyaskedquestions#How-many-php-CGI-processes-will-lighttpd-spawn | ||
+ | "max-procs" => 4, # default value | ||
+ | "bin-environment" => ( | ||
+ | "PHP_FCGI_CHILDREN" => "1" # default value | ||
+ | ) | ||
+ | ) | ||
+ | ) | ||
+ | ) | ||
+ | </nowiki>}} | ||
+ | |||
+ | Make lighttpd use the new configuration file: | ||
+ | |||
+ | {{hc|/etc/lighttpd/lighttpd.conf| | ||
+ | include "conf.d/fastcgi.conf" | ||
+ | }} | ||
+ | |||
+ | Reload lighttpd: | ||
− | + | # systemctl reload lighttpd | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | {{Note|If you receive errors like ''No input file found'' when attempting to access php files, there are several possible explanations. See [http://redmine.lighttpd.net/projects/1/wiki/frequentlyaskedquestions#I-get-the-error-No-input-file-specified-when-trying-to-use-PHP this FAQ] for more information.}} | |
− | |||
===== Using php-fpm ===== | ===== Using php-fpm ===== | ||
Line 115: | Line 158: | ||
There is no adaptive spawning anymore in recent lighttpd releases. For dynamic management of PHP processes, you can use {{Pkg|php-fpm}}. | There is no adaptive spawning anymore in recent lighttpd releases. For dynamic management of PHP processes, you can use {{Pkg|php-fpm}}. | ||
# pacman -S php-fpm | # pacman -S php-fpm | ||
− | # | + | # systemctl enable php-fpm |
− | {{Note|You can configure the number of servers in the pool and tweak other configuration options by editing the file {{ic|/etc/php/php-fpm.conf}}. More details on ''php-fpm'' can be found on the [http://php-fpm | + | # systemctl start php-fpm |
+ | {{Note|You can configure the number of servers in the pool and tweak other configuration options by editing the file {{ic|/etc/php/php-fpm.conf}}. More details on ''php-fpm'' can be found on the [http://php-fpm.org/ php-fpm website]. You should also note that when you make changes to /etc/php/php.ini you will need to restart php-fpm}} | ||
In {{ic|/etc/lighttpd/conf.d/fastcgi.conf}} add: | In {{ic|/etc/lighttpd/conf.d/fastcgi.conf}} add: | ||
Line 233: | Line 277: | ||
===== Server Name Indication ===== | ===== Server Name Indication ===== | ||
− | To use [http://en.wikipedia.org/wiki/Server_Name_Indication SNI] with lighttpd, simply put additional ssl.pemfile configuration directives inside host conditionals. | + | To use [http://en.wikipedia.org/wiki/Server_Name_Indication SNI] with lighttpd, simply put additional ssl.pemfile configuration directives inside host conditionals. A default ssl.pemfile is [https://redmine.lighttpd.net/projects/1/wiki/Docs_SSL#Server-Name-Indication-SNI still required]. |
$HTTP["host"] == "www.example.org" { | $HTTP["host"] == "www.example.org" { | ||
− | + | ssl.pemfile = "/etc/lighttpd/certs/www.example.org.pem" | |
− | + | } | |
− | + | ||
$HTTP["host"] == "mail.example.org" { | $HTTP["host"] == "mail.example.org" { | ||
− | + | ssl.pemfile = "/etc/lighttpd/certs/mail.example.org.pem" | |
− | + | } | |
==== Redirect HTTP requests to HTTPS ==== | ==== Redirect HTTP requests to HTTPS ==== | ||
You should add "mod_redirect" in server.modules array in {{ic|/etc/lighttpd/lighttpd.conf}}: | You should add "mod_redirect" in server.modules array in {{ic|/etc/lighttpd/lighttpd.conf}}: | ||
− | server.modules | + | server.modules += ( "mod_redirect" ) |
− | + | ||
− | |||
− | |||
− | |||
− | |||
$SERVER["socket"] == ":80" { | $SERVER["socket"] == ":80" { | ||
$HTTP["host"] =~ "example.org" { | $HTTP["host"] =~ "example.org" { | ||
Line 257: | Line 297: | ||
} | } | ||
} | } | ||
− | + | ||
$SERVER["socket"] == ":443" { | $SERVER["socket"] == ":443" { | ||
ssl.engine = "enable" | ssl.engine = "enable" | ||
Line 290: | Line 330: | ||
Add following in {{ic|/etc/lighttpd/lighttpd.conf}}: | Add following in {{ic|/etc/lighttpd/lighttpd.conf}}: | ||
include "conf.d/compress.conf" | include "conf.d/compress.conf" | ||
− | {{ | + | {{Note| You can not do this (copy compress.conf) and add a needed content in {{ic|/etc/lighttpd/lighttpd.conf}} instead.}} |
==Troubleshooting== | ==Troubleshooting== |
Revision as of 14:14, 6 December 2013
zh-CN:Lighttpd zh-TW:Lighttpd Lighttpd is "a secure, fast, compliant, and very flexible web-server that has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make lighttpd the perfect webserver-software for every server that suffers load problems."
Installation
Install the lighttpd package from the official repositories.
Configuration
Basic Setup
The lighttpd configuration file is: /etc/lighttpd/lighttpd.conf
. By default it should produce a working test page.
To check your lighttpd.conf
for bugs you can use this command - helps finding misconfigurations very fast:
$ lighttpd -t -f /etc/lighttpd/lighttpd.conf
The default configuration file specifies /srv/http/
as the document directory served.
To test the install:
# echo 'TestMe!' >> /srv/http/index.html # chmod 755 /srv/http/index.html
To start the server:
# systemctl start lighttpd
Then point your browser to localhost
, and you should see the test page.
To start the server on every boot:
# systemctl enable lighttpd
Example configuration files are available in /usr/share/doc/lighttpd/
.
CGI
CGI scripts work with Lighttpd out of box, you just need to enable the CGI module, include the configuration file and make sure your chosen programing language interpreter is installed. (ie for python you would install python)
Create the file /etc/lighttpd/conf.d/cgi.conf
Add the following to it:
server.modules += ( "mod_cgi" ) cgi.assign = ( ".pl" => "/usr/bin/perl", ".cgi" => "/usr/bin/perl", ".rb" => "/usr/bin/ruby", ".erb" => "/usr/bin/eruby", ".py" => "/usr/bin/python", ".php" => "/usr/bin/php" ) index-file.names = ( "index.pl", "default.pl", "index.rb", "default.rb", "index.erb", "default.erb", "index.py", "default.py", "index.php", "default.php" )
For PHP scripts you will need to make sure the following is set in /etc/php/php.ini
cgi.fix_pathinfo = 1
In your Lighttpd configuration file, /etc/lighttpd/lighttpd.conf
add:
include "conf.d/cgi.conf"
FastCGI
Install fcgi. Now you have lighttpd with fcgi support. If it was that what you wanted you are all set. People that want Ruby on Rails, PHP or Python should continue.
First copy the example config file form /usr/share/doc/lighttpd/config/conf.d/fastcgi.conf
to /etc/lighttpd/conf.d
The following needs adding to the config file, /etc/lighttpd/conf.d/fastcgi.conf
server.modules += ( "mod_fastcgi" ) #server.indexfiles += ( "dispatch.fcgi" ) #this is deprecated index-file.names += ( "dispatch.fcgi" ) #dispatch.fcgi if rails specified server.error-handler-404 = "/dispatch.fcgi" #too fastcgi.server = ( ".fcgi" => ( "localhost" => ( "socket" => "/run/lighttpd/rails-fastcgi.sock", "bin-path" => "/path/to/rails/application/public/dispatch.fcgi" ) ) )
Then in /etc/lighttpd/lighttpd.conf
:
include "conf.d/fastcgi.conf"
For PHP or Ruby on Rails see the next sections.
PHP
Install php and php-cgi (see also PHP and LAMP).
Check that php-cgi is working php-cgi --version
PHP 5.4.3 (cgi-fcgi) (built: May 8 2012 17:10:17) Copyright (c) 1997-2012 The PHP Group Zend Engine v2.4.0, Copyright (c) 1998-2012 Zend Technologies
If you get a similar output then php is installed correctly.
Create a new configuration file:
/etc/lighttpd/conf.d/fastcgi.conf
# Make sure to install php and php-cgi. See: # https://wiki.archlinux.org/index.php/Fastcgi_and_lighttpd#PHP server.modules += ("mod_fastcgi") # FCGI server # =========== # # Configure a FastCGI server which handles PHP requests. # index-file.names += ("index.php") fastcgi.server = ( # Load-balance requests for this path... ".php" => ( # ... among the following FastCGI servers. The string naming each # server is just a label, and it has little functional impact. # (affects logfile output?) "localhost" => ( "bin-path" => "/usr/bin/php-cgi", "socket" => "/tmp/php-fastcgi.sock", # breaks SCRIPT_FILENAME in a way that PHP can extract PATH_INFO # from it "broken-scriptfilename" => "enable", # Launch (max-procs + (max-procs * PHP_FCGI_CHILDREN)) procs, where # max-procs are "watchers" and the rest are "workers". See: # https://redmine.lighttpd.net/projects/1/wiki/frequentlyaskedquestions#How-many-php-CGI-processes-will-lighttpd-spawn "max-procs" => 4, # default value "bin-environment" => ( "PHP_FCGI_CHILDREN" => "1" # default value ) ) ) )
Make lighttpd use the new configuration file:
/etc/lighttpd/lighttpd.conf
include "conf.d/fastcgi.conf"
Reload lighttpd:
# systemctl reload lighttpd
Using php-fpm
There is no adaptive spawning anymore in recent lighttpd releases. For dynamic management of PHP processes, you can use php-fpm.
# pacman -S php-fpm # systemctl enable php-fpm # systemctl start php-fpm
/etc/php/php-fpm.conf
. More details on php-fpm can be found on the php-fpm website. You should also note that when you make changes to /etc/php/php.ini you will need to restart php-fpmIn /etc/lighttpd/conf.d/fastcgi.conf
add:
server.modules += ( "mod_fastcgi" ) index-file.names += ( "index.php" ) fastcgi.server = ( ".php" => ( "localhost" => ( "socket" => "/run/php-fpm/php-fpm.sock", "broken-scriptfilename" => "enable" )) )
eAccelerator
Install eacceleratorAUR from the AUR.
Add own config file for eaccelerator:
/etc/php/conf.d/eaccelerator-own.ini
zlib.output_compression = On cgi.fix_pathinfo=1 eaccelerator.cache_dir="/home/phpuser/eaccelerator/cache"
safe_mod
to On
in my setup, but this is not required.Try a php page
Create the following php page, name it index.php, and place a copy in both /srv/http/ and /srv/http-ssl/html/
<?php phpinfo(); ?>
Try navigating with a web browser to both the http and https address of your server. You should see the phpinfo page.
Check eaccelerator caching:
# ls -l /home/phpuser/eaccelerator/cache
If the above command outputs the following:
-rw------- 1 phpuser phpuser 456 2005-05-05 14:53 eaccelerator-277.58081 -rw------- 1 phpuser phpuser 452 2005-05-05 14:53 eaccelerator-277.88081
Then eaccelerator is happily caching your php scripts to help speed things up.
Ruby on Rails
Install and configure FastCGI (see #FastCGI above).
Install ruby from [extra] and ruby-fcgiAUR from AUR.
Follow instructions on RubyOnRails.
Python FastCGI
Install and configure FastCGI (see #FastCGI above).
Install flup:
# pacman -S python2-flup
Configure:
fastcgi.server = ( ".py" => ( "python-fcgi" => ( "socket" => "/run/lighttpd/fastcgi.python.socket", "bin-path" => "test.py", "check-local" => "disable", "max-procs" => 1, ) ) )
Put the test.py in the root of your server (don't forget to chmod +x it)
#!/usr/bin/env python2 def myapp(environ, start_response): print 'got request: %s' % environ start_response('200 OK', [('Content-Type', 'text/plain')]) return ['Hello World!'] if __name__ == '__main__': from flup.server.fcgi import WSGIServer WSGIServer(myapp).run()
Thanks to firecat53 for his explanation
SSL
Generate an SSL Cert, e.g. like that:
# mkdir /etc/lighttpd/certs # openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/lighttpd/certs/www.example.com.pem -out /etc/lighttpd/certs/www.example.com.pem # chmod 600 /etc/lighttpd/certs/www.example.com.pem
Edit /etc/lighttpd/lighttpd.conf
.
To make lighttpd SSL-only (you probably need to set the server port to 443 as well)
ssl.engine = "enable" ssl.pemfile = "/etc/lighttpd/certs/www.example.com.pem"
To enable SSL in addition to normal HTTP
$SERVER["socket"] == ":443" { ssl.engine = "enable" ssl.pemfile = "/etc/lighttpd/certs/www.example.com.pem" }
If you want to serve different sites, you can change the document root inside the socket conditional:
$SERVER["socket"] == ":443" { server.document-root = "/srv/ssl" # use your ssl directory here ssl.engine = "enable" ssl.pemfile = "/etc/lighttpd/certs/www.example.com.pem" # use the path where you created your pem file }
or as alternative you can use the scheme conditional to distinguish between secure and normal requests.
$HTTP["scheme"] == "https" { server.document-root = "/srv/ssl" # use your ssl directory here ssl.engine = "enable" ssl.pemfile = "/etc/lighttpd/certs/www.example.com.pem" # use the path where you created your pem file }
Note that you cannot use the scheme conditional around ssl.engine above, since lighttpd needs to know on what port to enable SSL.
Server Name Indication
To use SNI with lighttpd, simply put additional ssl.pemfile configuration directives inside host conditionals. A default ssl.pemfile is still required.
$HTTP["host"] == "www.example.org" { ssl.pemfile = "/etc/lighttpd/certs/www.example.org.pem" } $HTTP["host"] == "mail.example.org" { ssl.pemfile = "/etc/lighttpd/certs/mail.example.org.pem" }
Redirect HTTP requests to HTTPS
You should add "mod_redirect" in server.modules array in /etc/lighttpd/lighttpd.conf
:
server.modules += ( "mod_redirect" ) $SERVER["socket"] == ":80" { $HTTP["host"] =~ "example.org" { url.redirect = ( "^/(.*)" => "https://example.org/$1" ) server.name = "example.org" } } $SERVER["socket"] == ":443" { ssl.engine = "enable" ssl.pemfile = "/etc/lighttpd/ssl/server.pem" server.document-root = "..." }
To redirect all hosts to their secure equivalents use the following in place of the socket 80 configuration above:
$SERVER["socket"] == ":80" { $HTTP["host"] =~ "(.*)" { url.redirect = ( "^/(.*)" => "https://%1/$1" ) } }
To redirect all hosts for part of the site (e.g. secure or phpmyadmin):
$SERVER["socket"] == ":80" { $HTTP["url"] =~ "^/secure" { url.redirect = ( "^/(.*)" => "https://example.com/$1" ) } }
Output Compression
In /etc/lighttpd/lighttpd.conf
add
var.cache_dir = "/var/cache/lighttpd"
Then create directory for a compressed files:
# mkdir /var/cache/lighttpd/compress # chown http:http /var/cache/lighttpd/compress
Copy example configuration file:
# mkdir /etc/lighttpd/conf.d # cp /usr/share/doc/lighttpd/config/conf.d/compress.conf /etc/lighttpd/conf.d/
Add following in /etc/lighttpd/lighttpd.conf
:
include "conf.d/compress.conf"
/etc/lighttpd/lighttpd.conf
instead.Troubleshooting
Lighttpd downloads .php files
If lighttpd downloads .php
files instead of "initializing" them you probably missed to add these lines to your /etc/lighttpd/lighttpd.conf
.
server.modules = ( "mod_fastcgi", ) fastcgi.server = ( ".php" => (( "bin-path" => "/usr/bin/php-cgi", #depends where your php-cgi has been installed. Default here. "socket" => "/tmp/php.socket", "max-procs" => 2, "bin-environment" => ( "PHP_FCGI_CHILDREN" => "16", "PHP_FCGI_MAX_REQUESTS" => "10000" ), "bin-copy-environment" => ( "PATH", "SHELL", "USER" ), "broken-scriptfilename" => "enable" )))
Styles (CSS) not working properly
The default lighttpd config does not include a mimetype definition for CSS so when standards compliant browsers get text/html instead of text/css they get confused and nothing displays properly. To fix this add an entry for CSS.
mimetype.assign = ( ".html" => "text/html", ".txt" => "text/plain", ".jpg" => "image/jpeg", ".png" => "image/png", ".css" => "text/css", "" => "application/octet-stream" )
New lines are not needed and are only used here for readability.
Note: The "application/octet-stream" declaration must be at the end. It is a catch-all, and any declarations after it will be ignored.