|
Starting out with LighttpdWednesday, April 11. 2007While a large proportion of the world's webservers are currently using Apache, a competitor has been steadily gaining popularity on many high-usage sites. Lighttpd, pronounced "lighty", is a small-footprint, high-speed webserver, and is notably used by sites such as Sourceforge, YouTube and MiniNova. Netcraft state that Lighttpd is currently being used on 1.38 million sites, and is steadily gaining on Sun's share of the market. This introductory article provides a guide to getting Lighttpd installed and configured. Compiling a basic serverLighttpd's build process is quite straightforward, and anyone who has any experience with building applications under Unix before will be quite familiar with the process. We'll start by unpacking the source code, and configuring it to install under /usr/local/lighttpd, using the --prefix option. There's no hard and fast need for it to be installed in that location, I've just chosen it so that everything is installed under a single directory, where it won't mess up the rest of the filesystem, and everything can be removed easily if need be. tar xzf lighttpd-1.4.13.tar.gz We'll now create a few extra support directories, as root, to hold configuration files, logs and our webpages: mkdir /usr/local/lighttpd/etc And finally, we'll create a very simple webpage to test things with: echo "<p>hi</p>" > /usr/local/lighttpd/www/index.html Configuration fileWe'll set up a very basic configuration file, enough to get lighttpd serving just static webpages. Firstly, we'll enable the accesslog module, to provide logging: server.modules = ( "mod_accesslog" ) Modules are optional extensions to the webserver, which are loaded at start-up time, and are specified in a comma-separated list to the server.modules directive. It's best to only load the modules needed, to reduce both the memory footprint and the number of potential security issues. In order to bind to ports below 1024 (including the default webserver port 80), lighttpd will need to be started as root. For security reasons, however, we don't want the server to continue with root privileges once it has bound to the port. Here, we'll set the webserver to run as the user nobody, with a group of nogroup. server.username = "nobody" In the long run, however, it would be better to create a separate user and group to run the webserver (for example, www), rather than using nobody. Now, we'll tell the webserver which directories we wish to use for the document root (where our webpages are stored), and where access and error logs should go: server.document-root = "/usr/local/lighttpd/www/" Here, we specify a list of files that will be the default page displayed if a directory is viewed. The files are listed in a descending order of priority; in this case, if a directory contains both an index.html and an index.htm file, it will be the index.html file that is displayed by default: index-file.names = ( "index.html", "index.htm" ) Now, set the port on which the webserver listens: server.port = 80 Although this webserver isn't yet configured to run any sort of fast-cgi processes, we will take a precaution and stop it from serving up the source code of any php, perl or fcgi scripts that we may put in our document root in the future: static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) Finally, we'll assign mappings of filename extensions to mime-types. These are used to inform web clients of the type of file they will be downloading, so they can spawn it off to the correct program, if necessary. The list of mime-types is too long to include here in full, so I've just chosen a select few to provide an idea of the syntax. Download the full configuration file below for more. mimetype.assign = ( You can download the full configuration file here: lighttpd.conf. Put in in /usr/local/lighttpd/etc/. Start it up with: /usr/local/lighttpd/sbin/lighttpd -f /usr/local/lighttpd/etc/lighttpd.conf There's no special method for shutting the webserver down, so just killing the process will suffice. Rather than having to run ps every time to find the process ID, it's best to configure the server to store it in a file when it starts: server.pid-file = "/usr/local/lighttpd/var/lighttpd.pid" Add the above to the configuration file, kill and restart the server and from then on, the webserver can be stopped in one step with: kill `cat /usr/local/lighttpd/var/lighttpd.pid` Server statisticsLighttpd can provide information on its status, configuration and usage statistics while running. This is done with mod_status. Append the following lines to the configuration file and restart the server: server.modules += ( "mod_status" ) You'll notice the += operator in the server.modules line. This appends the new module to the list of server modules that are being loaded in at startup. We should now be able to access these statistics at http://your.server.name/server-status, http://your.server.name/server-config and http://your.server.name/server-statistics. The above configuration allows this information to be accessible to anyone in the world, which isn't ideal. It's advisable to limit access to it to a small range of IP addresses. We'll see how to do this later, in the Conditionals section. User directoriesIf we were running a server for multiple users, such as in an educational institution, it's common for users to have their own homepages, typically in a public_html subdirectory of their home directory. mod_userdir is provided for this purpose. The following example enables user directories for all users except root and nobody: server.modules += ( "mod_userdir" ) It's also possible to limit the users who can have a user directory, with the userdir.include-user statement. If this is used, then only the listed users are allowed to have homepages: userdir.include-user = ( "paul" ) Directory ListingsBy default, if a directory doesn't have an index page, then the server will return a 404 error if the directory page is accessed. There are times when we might prefer to return a listing of the contents of the directory. This is done with the mod_dirlisting module. This module is loaded into the server by default, however it still needs to be enabled: dir-listing.activate = "enable" If we didn't want any files that begin with a dot to be listed, then we could enable dir-listing.hide-dotfiles: dir-listing.hide-dotfiles = "enable" Finally, we can display the contents of README.txt and HEADER.txt files in a directory listing with: dir-listing.show-readme = "enable" Aliasingmod_alias allows us to specify aliases for directories, effectively importing a completely separate part of the filesystem into our document directory. The alias.url directive takes a list of alias mappings, as shown here: server.modules += ( "mod_alias" ) The above configuration will create two aliases, which can be accessed at the addresses http://your.server.name/doc/ and http://your.server.name/mysql/, respectively. ConditionalsMost of the options available in lighttpd can be configured conditionally; that is, the options may have different values under different conditions. For example, we may have a webserver set up where the default index page is index.html under all directories. Some time later, we decide to import a large directory of content from an outside source where the default index page was home.html. The conditional variable $HTTP["url"] can be used to handle this, in conjunction with a regular expression: index-file.names = ( "index.html" ) This will limit the second index-files.names statement to only those files under the /newcontent directory. The available conditional variables are:
There are four operators available:
$SERVER["socket"] only supports the equality operator. It can be used to create IP based virtual hosts. $HTTP["remoteip"] can be used to create areas within the document tree that are available only to certain IP ranges: $HTTP["remoteip"] == "192.168.3.0/24" { Virtual HostingNow that we're familiar with conditionals, we can easily set up name-based virtual hosting. The following lines create two name-based virtual hosts, domain1.biz and domain2.info: $HTTP["host"] =~ "(^|\.)domain1.biz$" ( IP or port based virtual hosting can be done just as easily, using $SERVER["socket"]. The following configuration will create two separate virtual hosts, one listening on 10.1.8.1 port 80, and the other listening on 10.1.8.5, port 80: $SERVER["socket"] == "10.1.8.1:80" ( SSLWhen we originally compiled Lighttpd, we didn't enable any SSL support, so we'll have to recompile it: ./configure --prefix=/usr/local/lighttpd --with-openssl Obviously, we would need the OpenSSL libraries and headers installed, in order for this to compile. Under Debian and Ubuntu Linux, these can be found in the libssl0.9.8 and libssl-dev packages. Fedora and Redhat keep them in the openssl and openssl-devel packages. Now, we can enable SSL in the configuration file with the following: ssl.engine = "enable" The server.pem and ca.crt files are created either by using the openssl utility, or by obtaining a signed-certificate from a certificate authority. The above configuration will make the running webserver SSL only, and furthermore, it will be running on port 80, as we set up earlier, which probably isn't what we want. To run both SSL and non-SSL HTTP at the same time, we can use a conditional, and put SSL on port 443: $SERVER["socket"] == "0.0.0.0:443" { Obviously, if we wanted our SSL content to be different to that which we're serving on our non-SSL port, we would just insert a different document-root within the $SERVER["socket"] block. FastCGIStatic webpages are all very nice, but there's likely to be a point where we want our website to be more interactive. Lighttpd doesn't serve any dynamic content itself; rather, it hands it off to a FastCGI handler. To use php with lighttpd, we must ensure that it has been compiled with FastCGI support; Debian and Ubuntu both provide a php-cgi package with the correct compile time options set; in Redhat and Fedora, the php-cli package contains the required binary. The following will configure Lighttpd to pass php pages off to the php4-cgi binary. Be sure to update the index-file.names directive so that it picks up index.php as an index page: index-file.names = ( "index.php", "index.html", "index.htm" ) FastCGI servers don't have to sit on the same host as our webserver; it's quite simple to tell Lighttpd to forward requests to a server elsewhere: fastcgi.server = ( ".php" => There's a number of additional options that can be given in the fastcgi.server directive. For locally spawned servers, min-procs sets the minimum number of processes started, while max-procs puts an upper limit on the number that can be spawned. idle-timeout sets the time, in seconds, after which an idle process will be terminated. Next time...We've covered a fairly wide range of areas within Lighttpd that you might like to start off investigating. In the next tutorial, we'll cover more advanced features of Lighttpd, such as proxying, rewriting urls, complex virtual hosting and authentication. If you found this article helpful, consider making a donation to offset the costs of running this server, to one of these addresses: Trackbacks
Trackback specific URI for this entry
No Trackbacks
|