Lighttpd, a HowTo for Debian etch 4.0 plus extras

This weekend I took a old box laying around the house and installed my Debian Etch 4.0 on it. Here is a run down of notes from the installation as well as some configuration I performed on it. Hopefully some of this will help those of you out there trying to figure out this awesome, fast web server.

1. Installation of lighttpd, php5 cgi with apt

apt-get install -y lighttpd php5-cgi

2. Configuring the lighttpd.conf

vi /etc/lighttpd/lighttpd.conf

look for the area called server modules, which is as the top and
ensure “mod_fastcgi”, and “mod_auth”, are both added. Mod fast_cgi
enables php functionality and mod_auth enables .htaccess support.

server.modules = (
“mod_access”,
“mod_auth”,
“mod_alias”,
“mod_accesslog”,
“mod_fastcgi”,
# “mod_rewrite”,
# “mod_redirect”,
# “mod_status”,
# “mod_evhost”,
# “mod_compress”,
# “mod_usertrack”,
# “mod_rrdtool”,
# “mod_webdav”,
# “mod_expire”,
# “mod_flv_streaming”,
# “mod_evasive”
)

At the very end of the file, add the following configurationdirective that tells lighttpd where php

fastcgi.server = ( “.php” => (( “bin-path” => “/usr/bin/php5-cgi”,
“socket” => “/tmp/php.socket”
)))

3. Configuring the php.ini file

All we need to do now is to add aconfiguration directive to the php.ini file

vi /etc/php5/cgi/php.ini and add this line to the very end of the file:

cgi.fix_pathinfo = 1

4. Testing the lighttpd.conf for errors

lighttpd -t -f /etc/lighttpd/lighttpd.conf

5. Restarting lighttpd

/etc/init.d/lighttpd restart

6. Adding a SSL vhost with a self signed cert

Generating a self signed cert example

mkdir /etc/lighttpd/ssl/yourdomain.com -p
cd /etc/lighttpd/ssl/yourdomain.com
openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
chmod 0600 /etc/lighttpd/ssl/yourdomain.com

Creating a vhost with SSL support

vi /etc/lighttpd/lighttpd.conf

vhost with SSL support Example below:

$SERVER["socket"] == “192.168.1.8:443″ {
server.document-root = “/netshare”
ssl.engine = “enable”
ssl.pemfile = “/etc/lighttpd/ssl/yourdomain.com/server.pem”
}

7. Adding .htaccess protection

Assuming mod_auth is enabled you can create a directory configuration with .htaccess enabled:

example .htaccess protected vhost

auth.backend = “htpasswd”
auth.backend.htpasswd.userfile = “/yourhtpasswddirectory/.htpasswd”
auth.require = ( “/yourpasswordprotecteddirectory” =>
(
“method” => “basic”,
“realm” => “Access Denied!”,
“require” => “valid-user”
)
)

The .htaccess works the same as a regular apache .htaccess.you can either use htpasswd -c to create the password file or a online generator such as http://www.webmaster-toolkit.com/htaccess-generator.shtml for this purpose. I hope these examples help people. – Dustin