The Lighttpd web server is responsible for providing access to static content via the HTTP or HTTPS protocol. In this example, I'm going to install and use the Lighttpd web server and set DocumentRoot to vm05:/exports/static mounted at /var/www/static. You need to type the following commands on vm01 having an IP address 192.168.1.10 only.
Configure NFS client
Use the yum command to install required NFS client packages:
# yum groupinstall "Network file system client"
OR
# yum install nfs-utils nfs4-acl-tools
Turn on the NFSv4 client services:
# chkconfig rpcbind on
# chkconfig rpcidmapd on
# chkconfig nfslock on
/etc/idmapd.conf nfs client configuration
Edit /etc/idmapd.conf, enter:
# vi /etc/idmapd.conf
Make sure it is set as per NFS server domain name:
Domain = cyberciti.biz [Mapping] Nobody-User = nobody Nobody-Group = nobody
Save and close the file. Start all nfs client services, enter:
# /sbin/service rpcbind start
# /sbin/service rpcidmapd start
# /sbin/service nfslock start
Creating user account
I'm going to run the Lighttpd web server as apache user only. To add Linux user account, enter:
# /usr/sbin/groupadd -g 48 apache
# /usr/sbin/useradd -s /sbin/nologin -g 48 -u 48 -M -d /var/www apache
# /usr/bin/passwd -l apache
Mount file system
Type the following command:
# showmout -e vm05
Sample outputs:
Export list for v.txvip1: /exports/html 192.168.1.10,192.168.1.11 /exports/static 192.168.1.10,192.168.1.11
Mount /exports/static nfs file system at /var/www/static, enter:
# mkdir /var/www/static
# /bin/mount -t nfs4 -orsize=32768,wsize=32768,intr,hard,proto=tcp,sync vm05:/exports/static /var/www/static/
Mount /exports/static nfs file system at /var/www/static, enter:
# mkdir /var/www/static
Mounting NFS file systems using /etc/fstab
Edit /etc/fstab, enter:
# vi /etc/fstab
Append the entry, enter:
vm05:/exports/static /var/www/static nfs4 orsize=32768,wsize=32768,intr,hard,proto=tcp,sync
Save and close the file. Make sure netfs service is turned on:
# chkconfig netfs on
Finally, verify that apache user can see files, enter:
# su - apache
$ ls /var/www/static/
$ exit
#
Please note that root user or any other user may not able to see /var/www/html due to security policy. This is default and only lighttpd user called apache must access DocumentRoot.
Install Lighttpd web server
Turn on EPEL repo and install the lighttpd web server:
# yum install lighttpd
Sample outputs:
Loaded plugins: rhnplugin Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package lighttpd.x86_64 0:1.4.28-3.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved ========================================================================== Package Arch Version Repository Size ========================================================================== Installing: lighttpd x86_64 1.4.28-3.el6 epel 328 k Transaction Summary ========================================================================== Install 1 Package(s) Total download size: 328 k Installed size: 878 k Is this ok [y/N]: y Downloading Packages: lighttpd-1.4.28-3.el6.x86_64.rpm | 328 kB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : lighttpd-1.4.28-3.el6.x86_64 1/1 Installed: lighttpd.x86_64 0:1.4.28-3.el6 Complete!
Configure Lighttpd web server
Edit /etc/lighttpd/lighttpd.conf, enter:
# mv /etc/lighttpd/lighttpd.{conf,default.bak}
# vi /etc/lighttpd/lighttpd.conf
Append the following configuration:
## Static config for http://static.cyberciti.biz server.modules = ( "mod_expire", "mod_access", "mod_accesslog", "mod_setenv", "mod_extforward" ) server.errorlog = "/var/log/lighttpd/error.log" accesslog.filename = "/var/log/lighttpd/access.log" index-file.names = ( "index.html", "index.htm", "default.htm" ) server.tag = "lighttpd" server.network-backend = "linux-sendfile" ## allow lan only communication ## server.port = "80" server.bind = "192.168.1.10" server.document-root = "/var/www/static" server.pid-file = "/var/run/lighttpd.pid" server.username = "apache" server.groupname = "apache" ## all static assets are cached for 30days ## $HTTP["url"] =~ "^/" { expire.url = ( "" => "access 30 days" ) } ### Log real client ips on backend ### ### 192.168.1.{1,2} == nginx resverse proxy server ## extforward.headers = ("X-Forwarded-For") extforward.forwarder = ( "192.168.1.1" => "trust", "192.168.1.2" => "trust" ) ## ## mimetype mapping ## include "conf.d/mime.conf"
Save and close the file.
Configure iptables to allow access to the web server
Edit /etc/sysconfig/iptables. Add the following lines, ensuring that they appear before the final LOG and DROP lines for the INPUT chain:
## allow only access from lan ## -A INPUT -m state --state NEW -p tcp -s 192.168.1.0/24 --dport 80 -j ACCEPT
Save and close the file. Restart the iptables service, enter:
# /sbin/service iptables restart
# /sbin/iptables -L -v -n
Turn on Lighttpd:
Start the Lighttpd web server, enter:
# chkconfig lighttpd on
# service lighttpd start
Test it
Fire a webbrowser and type:
http://192.168.1.10/
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 2 comments… read them below or add one }
Hi,
Thanks a lot…
Why lighttpd instead of nginx?