Lighttpd Web Server: Difference between revisions

From Elvanör's Technical Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 50: Line 50:


* If used as a proxy, lighttpd 1.4.x cannot compress the output of the remote server (via mod_compress). For this you need mode_deflate, only available in 1.5.x.
* If used as a proxy, lighttpd 1.4.x cannot compress the output of the remote server (via mod_compress). For this you need mode_deflate, only available in 1.5.x.
== HTTPS / SSL ==
* To generate the certificate, use:
openssl req -new -x509 -keyout server.pem -out server.pem -days 10000 -nodes
* Be careful to use the following in /etc/lighttpd/vhosts.d/00_default_vhost.conf:
<pre>
$SERVER["socket"] == ":443" {
        ssl.engine = "enable"
        ssl.pemfile = "/etc/lighttpd/certificates/server.pem"
}
</pre>


= Bugs =
= Bugs =

Revision as of 21:32, 23 September 2012

lighttpd is a fast, small web server. It is supposedly lighter than Apache, however it has a lot of features like proxying, url rewriting, virtual hosts and so on.

Configuration

  • To get PHP working (via cgi), you need this line in lighttpd.conf:
include "mod_fastcgi.conf"
  • As mentionned in the mod_compress documentation, if you use a charset for a filetype (JavaScript), you should use the full mime-type with the charset included, else it won't act on this filetype. See this link.

URL Rewriting

  • URL rewriting does not work inside an HTTP["url"] conditional block.
  • You can use %1, %2 in a url rewriting directive. These correspond to the groups of your HTTP["host"] regular expression. They have nothing to do with the same variables for mod_evhost. Example:
$HTTP["host"] =~ "^(?!(images|css|static|www)\.)([^\s.]+)\.shoopz-local\.net$" {
        url.rewrite-once = ( "/sitemap\.xml" => "/%2-sitemap.xml", "^/(.*)$" => "/shop-engine/$1" )
        server.document-root = "/srv/" + domain + "/static/sitemaps/"

        $HTTP["url"] !~ "^/(.*?)-sitemap\.xml$" {
                proxy.server = ( "" =>
                ( (
                        "host" => "127.0.0.1",
                        "port" => 8080
                ) )
                )
        }
}
  • You can also use %1, %2 in the evhost.path-pattern directive.

Cache Control

  • For this you need to use mod_expire and mod_setenv. Typically, you want to setup the Expires and Cache-Control headers. Example:
setenv.add-response-header = ("Cache-Control" => "public")
expire.url = ("" => "access plus 5 minutes")
$HTTP["host"] =~ "^static" {

expire.url = ("/js/editor/resource/" => "access plus 7 days", "" => "access plus 1 days")

}
else $HTTP["host"] =~ "^images" {

expire.url = ("/library/" => "access plus 7 days", "" => "access plus 5 minutes")

}
  • This would enable caching via Cache-Control: public, and configure everything to be strongly cached (without revalidation) for 5 minutes. Specific directories on the static and images host have different settings.

Proxy mode

  • If used as a proxy, lighttpd 1.4.x cannot compress the output of the remote server (via mod_compress). For this you need mode_deflate, only available in 1.5.x.

HTTPS / SSL

  • To generate the certificate, use:
openssl req -new -x509 -keyout server.pem -out server.pem -days 10000 -nodes
  • Be careful to use the following in /etc/lighttpd/vhosts.d/00_default_vhost.conf:
$SERVER["socket"] == ":443" {
        ssl.engine = "enable"
        ssl.pemfile = "/etc/lighttpd/certificates/server.pem"
}

Bugs

  • lighttpd-1.4.19 had a bug when no actual content was sent on a HTTP 410 return code (from a proxy). Fixed in 1.4.20.
  • lighttpd-1.4.19 had a bug with URLs containing an url-encoded slash (%2F). It returned a 400 status code. Fixed in 1.4.20.

Proxy

  • When used as a proxy to Apache, if Apache issues a 301 redirect, lighttpd does not send it to the client right away. It waits until Apache closes the TCP connection. By default this takes 15 seconds so the redirect takes 15 seconds! A workaround is to lower the keep alive timeout of Apache (to 1 second for instance). This affects lighttpd versions until at least 1.4.28.