Installing and configuring lighttpd webserver – HOWTO

lighttpd is a web server for UNIX/Linux and Windows operating systems. It is an alternative to Apache web server. It is also called Lighty.

It is designed to be secure, fast, standards-compliant, and flexible while being optimized for speed-critical environments. Its low memory footprint (compared to other web servers), light CPU load and its speed goals make lighttpd suitable for servers that are suffering load problems. Visit official site for more information.

This document shows you how to install lighttpd and covers basic configuration.

Installing lighttpd

If you are using RPM based distro (RedHat, Fedora and friends) download RPM and other formats here. Binary RPM is here

Download Fedora Core RPM Binary:

$ cd /tmp
$ wget http://lighttpd.net/download/lighttpd-1.4.13-1.i386.rpm
$ su -
# rpm -ivh lighttpd-1.4.13-1.i386.rpm

Now skip to configuration section.

Debian Linux user use apt-get command to install lighttpd:

# apt-get install lighttpd

Now skip to configuration section.

Source code installation

Above RPM binary does not carries mod_rewrite and other stuff, so I had decided to rebuild lighttpd from source code (note source code installation is recommended for advanced users only):
$ cd /tmp

Get latest source code:
$ wget http://lighttpd.net/download/lighttpd-1.4.13.tar.gz

Untar tar ball:
$ tar -zxvf lighttpd-1.4.13.tar.gz
$ cd lighttpd-1.4.13

Configure lighttpd with ./configure

$ ./configure --host=i686-redhat-linux-gnu \
--build=i686-redhat-linux-gnu \
--target=i386-redhat-linux \
--program-prefix= --prefix=/usr \
--exec-prefix=/usr \
--bindir=/usr/bin \
--sbindir=/usr/sbin \
--sysconfdir=/etc \
--datadir=/usr/share \
--includedir=/usr/include \
--libdir=/usr/lib \
--libexecdir=/usr/libexec \
--localstatedir=/var \
--sharedstatedir=/usr/com \
--mandir=/usr/share/man \
--infodir=/usr/share/info \
--with-openssl \
--with-pcre \
--with-zlib \
--with-bzip2 \
--disable-ipv6 \
--with-PACKAGE=mod_redirect \
--with-rewrite \
--with-redirect \
--with-ssi

Above configure option includes support for SSL, mod_rewrite, ssi, mod_redirect etc. Run following command to get help on all other available options:
$ ./configure --help | less

Install lighttpd:
$ make
# make install

Create a configuration directory:
# mkdir /etc/lighttpd/

Create lighttpd user and group:
# groupadd lighttpd
# useradd -g lighttpd -d /var/www/html -s /sbin/nologin lighttpd
OR
# adduser -g lighttpd -d /var/www/html -s /sbin/nologin lighttpd

Create a log directory:
# mkdir /var/log/lighttpd
# chown lighttpd:lighttpd /var/log/lighttpd

Download sample config and startup files:
# cd /etc/lighttpd
# wget http://www.cyberciti.biz/tips/wp-content/uploads/2006/07/lighttpd.conf.txt
# mv lighttpd.conf.txt lighttpd.conf
# chown lighttpd:root /etc/lighttpd/lighttpd.conf
# cd /etc/init.d/
# wget http://www.cyberciti.biz/tips/wp-content/uploads/2006/07/lighttpd.txt
# mv lighttpd.txt lighttpd
# chmod +x lighttpd

Configuring lighttpd

Following are important files for lighttpd server:

• The default lighttpd configuration file: /etc/lighttpd/lighttpd.conf (download sample lighttpd.conf file)
• Service startup script: /etc/init.d/lighttpd (download sample lighttpd file)

These files are installed by default for all binary installations methods. Now lighttpd installed and it is time to configure lighttpd.

Remove apache

If you are not going to use Apache v1.3/2.x at all, then it is better to remove it (make sure you have a backup of Apache data and config file):
# rpm -e httpd
# yum remove httpd
# apt-get remove apache2

Understanding core lighttpd Directives

Following are core lighttpd Directives:

• server.document-root = "/var/www/html": Specifies default document-root for your server.
• server.port = 80: Specifies default http port for your server.
• server.username = "lighttpd"
• server.groupname = "lighttpd": Specifies default username and groups to start/stop lighttpd server. This is a security feature (as it drops root privileges).
• server.bind = "server-ip-address": Specify server ip-address. You can also specify hostname such as theos.in.
• server.tag ="lighttpd": Use to setup lighttpd name and version number (default). This is security feature. You can setup it as follows:
  server.tag ="myWebServer v1.0"
  Please note that this name is reported by the Server response header (you can see it using netcraft)
• server.errorlog = "/var/log/lighttpd/error.log": Specify the error-log file.
• accesslog.filename = "/var/log/lighttpd": Specify the accesslog file name (use to generate stats using stats software).
• index-file.names = ( "index.php", "index.html" ): A list of files to search for if a directory is requested.

server.modules = (
"mod_access",
"mod_accesslog",
"mod_fastcgi",
"mod_rewrite",
"mod_auth"
): Above modules are loaded by lighty:

• mod_access: The access module is used to deny access to files with given trailing path names.
• mod_accesslog: Use to write CLF log, flexible like apache
• mod_fastcgi : FastCGI for perl/PHP etc
• mod_rewrite : Good for writing SEO urls
• mod_auth: Authntication (password protected directory)

mimetype.assign = (
".pdf" => "application/pdf",
".sig" => "application/pgp-signature"
): Use to setup mimetype mapping.

Open file /etc/lighttpd/lighttpd.conf and setup all of the above directives:
# vi /etc/lighttpd/lighttpd.conf

Save the file and start the lighttpd:
# /etc/init.d/lighttpd start

Verify that lighttpd is running:
$ netstat -ntulp

Output:

Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      29855/sshd
tcp        0      0 203.111.103.81:80           0.0.0.0:*                   LISTEN      5866/lighttpd
...
.....
..

Fire your web browser and test new setup by typing URL: http://your-domain.com/ or http://server-ip/

Next time I will cover following topics:

Lighttpd How to

• PHP FastCGI configuration
• Lighttpd Virtual hosting configuration
• Lighttpd howto setup cgi-bin access for perl programs
• How to Configure lighttpd alias (mod_alias)
• Multiple IP address virtual hosting configuration (bind multiple IPs)
• Rotating logs with logrotate
• Red Hat enterprise Linux Install lighttpd and Fastcgi PHP
• Use and Install PHP 5 and php-fastcgi on Red Hat Enterprise Linux version 4 under lighttpd
• Lighttpd: redirect feed traffic to a Feedburner account
• Lighttpd redirect www.domain.com requests to domain.com or vice versa
• Lighttpd map html pages to php (execute html pages as php)
• How to upgrade chrooted lighttpd web server
• PHP send email using authenticated smtp server in real time

Lighttpd security

• Ultimate Web server Security. Run and configure Lighttpd, php,perl, mysql support in chrooted jail
• SSL configuration
• Lighttpd create and use self signed SSL Certificates
• Password protected directories - I
• Lighttpd secure digest authentication (mod_auth) Password protected directories - II
• Lighttpd deny access to certain files
• Block libwww-perl based bots
• Install secure chrooted lighttpd under Ubuntu Linux 64 bit version
• Access configuration

Lighttpd software configuration how-tos

• Lighttpd install and configure Webalizer statistics software
• Lighttpd and wordpress setup clean SEO friendly URLs
• Lighttpd prevent image hotlinking or leeching or direct linking

Lighttpd Server Monitoring

• Monitor and restart lighttpd webserver when daemon is killed

Lighttpd Troubleshooting

• Lighttpd web server and php eAccelerator cache problem
• Lighttpd beware of default php session path permission
• Lighttpd php segfault at 0000000000000040 rip 0000003e30228278 rsp 0000007fbffff708 error 4
• Setup sendmail php mail() support for chrooted Lighttpd or Apache web server
• HTTP Error 500 Internal server for php pages and solution (missing php.ini)

Download: Lighttpd Sample config and RPM files

• Red Hat enterprise Linux
  (AMD x86_64 bit) PHP-FastCGI RPM files
• Sample config files for RHEL, Fedora, Debian and test files

This is regularly updated series. Last Updated on 10-Dec-2006 by nixCraft.

Featured Articles:

• 20 Linux System Monitoring Tools Every SysAdmin Should Know
• 20 Linux Server Hardening Security Tips
• 10 Greatest Open Source Software Of 2009
• My 10 UNIX Command Line Mistakes
• Top 5 Email Client For Linux, Mac OS X, and Windows Users
• Top 20 OpenSSH Server Best Security Practices
• Top 10 Open Source Web-Based Project Management Software
• Top 5 Linux Video Editor Software