Lighttpd

From Indie IT Wiki
Jump to: navigation, search

Shell Script To Clean Lighttpd Web Server Cache

https://bash.cyberciti.biz/file-management/cleaning-webserver-cache-script/

HOWTO: Fix Error: failed to execute shell

Error...

failed to execute shell: bash -c /usr/share/lighttpd/create-mime.assign.pl: No such file or directory
failed to execute shell: bash -c /usr/share/lighttpd/include-conf-enabled.pl: No such file or directory

Reason...

Because the Ubuntu Release Upgrader has removed PHP during the upgrade process. God knows why.

Solution...

Reinstall the PHP CGI module and the PHP MySQL module.

Fix...

sudo apt-get install php-cgi php-mysql
sudo lighty-enable-mod fastcgi-php
sudo service lighttpd restart

HOWTO: Compile Source Code Latest Version

sudo -i
apt-get install build-essential libpcre3 libpcre3-dev zlib1g-dev libbz2-dev libssl-dev libxml2 libxml2-dev libxml libxml++2.6-dev libsqlite3-dev
mkdir lighttpd
cd lighttpd
wget https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.49.tar.gz
tar -xzvf lighttpd-1.4.49.tar.gz
cd lighttpd-1.4.49/
./configure --with-openssl --with-webdav-props
make
make install
nano /etc/init.d/lighttpd
  DAEMON=/usr/local/sbin/lighttpd
service lighttpd start

HOWTO: Index Page Column Sorting

Example - http://doc.lighttpd.net/

View Source and you will see the CSS and JavaScript.

Documentation - https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModDirlisting

You will need Lighttpd version 1.4.42+

HOWTO: Lighttpd + PHP

Install the packages we need: (this may not be all, but these two will automatically download the rest as dependencies)

sudo aptitude install lighttpd php-cgi

Enable the fastcgi module and the php configuration with

sudo lighty-enable-mod fastcgi
sudo lighty-enable-mod fastcgi-php

Reload the lighttpd daemon

sudo service lighttpd force-reload

To test if it's working create the file /var/www/index.php with the following contents:

<?php phpinfo(); ?>

Thanks - https://wiki.ubuntu.com/Lighttpd+PHP

HOWTO: Move Default Document Root

sudo mkdir /var/www/default
sudo mv /var/www/index.lighttpd.html /var/www/default/
sudo chown -R www-data:www-data /var/www/default/
sudo nano /etc/lighttpd/lighttpd.conf
server.document-root = "/var/www/default"
sudo /etc/init.d/lighttpd restart

HOWTO: SSL Secure Certificate Purchase

https://www.ssls.com/

HOWTO: SSL Secure Certificate Generation

https://www.digicert.com/easy-csr/openssl.htm

openssl req -new -newkey rsa:2048 -nodes -out domain_co_uk.csr -keyout domain_co_uk.key -subj "/C=GB/ST=County/L=Town/O=Your Name/OU=Web Site/CN=domain.co.uk"

HOWTO: SSL Secure Certificate Installation

https://www.digicert.com/ssl-certificate-installation-lighttpd.htm

http://billpatrianakos.me/blog/2014/04/04/installing-comodo-positive-ssl-certs-on-apache-and-openssl/

cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > BundleCA.crt
cat your_domain_name.key your_domain_name.crt > your_domain_name.pem
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/path/to/your_domain_name.pem"
ssl.ca-file = "/path/to/BundleCA.crt"
#ssl.use-compression = "disable"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
#ssl.honor-cipher-order = "enable"
#ssl.cipher-list = "AES256+EECDH:AES256+EDH:!aNULL:!eNULL"
ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
}

HOWTO: Restrict Access To IP Address

$HTTP["remoteip"] !~ "123.456.789.10|66.102.[0-15].[0-255]" {
  url.access-deny = ( "" )
}

or

$HTTP["remoteip"] !~ "66.249.*.*|66.102.*.*" {

}

Thanks - http://serverfault.com/questions/137969/allowing-multiple-ip-ranges-access-to-a-virtual-host-in-lighttpd-with-remoteip#146848

HOWTO: Restrict Access By User Agent Browser String

$HTTP["useragent"] !~ "GoogleDocs" {
  url.access-deny = ( "" )
}

HOWTO: Restrict Access By Request Method

$HTTP["request-method"] !~ "^GET$" {
  url.access-deny = ( "" )
}

or

$HTTP["request-method"] !~ "^(GET|HEAD)$" {
  url.access-deny = ( "" )
}

HOWTO: Password Protect Directory

Create the password file...

http://www.toolsvoid.com/htpasswd-password-generator

Or...

sudo apt-get install apache2-utils
sudo htpasswd -c /etc/lighttpd/.htpasswd username

Add the authentication module to the main configuration file...

        "mod_auth",

Add the following lines to the separate virtual host file...

auth.backend = "htpasswd"
auth.backend.htpasswd.userfile = "/etc/lighttpd/.htpasswd"
auth.require = ( "/webmail/" =>
  (
    "method" => "basic",
    "realm" => "Webmail Access",
    "require" => "valid-user",
  )
)

If you want to ignore localhost and your network each time, use this instead...

$HTTP["remoteip"] !~ "(127.0.0.1|192.168.0.*)" {
  auth.backend = "htpasswd"
  auth.backend.htpasswd.userfile = "/etc/lighttpd/.htpasswd"
  auth.require = ( "/webmail/" =>
    (
      "method" => "basic",
      "realm" => "Webmail Access",
      "require" => "valid-user",
    )
  )
}

HOWTO: Allow Directory Listing

Add the following line to your main configuration file or separate virtual host file...

server.dir-listing = "enable"

...or...

$HTTP["url"] =~ "^/files($|/)" { server.dir-listing = "enable" }

Official Web Page - http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModDirlisting

Thanks - http://www.cyberciti.biz/tips/howto-lighttpd-enable-disable-directory-listing.html

HOWTO: Change Directory Listing Design

Create 2 files called HEADER.txt and README.txt in your web site folder.

These contain the HTML and CSS for your directory listing page (when no index.html is found).

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Index of /linux/</title>
<link rel="shortcut icon" href="/favicon.ico" />
<style type="text/css">
a, a:active {text-decoration: none; color: blue;}
a:visited {color: #48468F;}
a:hover, a:focus {text-decoration: underline; color: red;}
body {background-color: #F5F5F5;}
h2 {margin-bottom: 12px;}
table {margin-left: 12px;}
th, td { font: 90% monospace; text-align: left;}
th { font-weight: bold; padding-right: 14px; padding-bottom: 3px;}
td {padding-right: 14px;}
td.s, th.s {text-align: right;}
div.list { background-color: white; border-top: 1px solid #646464; border-bottom: 1px solid #646464; padding-top: 10px; padding-bottom: 14px;}
div.foot { font: 90% monospace; color: #787878; padding-top: 4px;}
</style>
</head>
<body>

...and...

</body>
</html>

Then, add these settings to your web site configuration file...

dir-listing.auto-layout = "disable"
dir-listing.show-header = "enable"
dir-listing.hide-header-file = "enable"
dir-listing.encode-header = "disable"
dir-listing.show-readme = "enable"
dir-listing.hide-readme-file = "enable"
dir-listing.encode-readme = "disable"

...and restart Lighttpd.

Thanks - http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModDirlisting

HOWTO: Hide Files From Directory Listing

dir-listing.exclude = ( "favicon.ico" )

HOWTO: Set File Mime Type For Downloads

mimetype.assign += ( ".log" => "text/plain" )

HOWTO: Fix File Timestamps

use_localtime=NO

HOWTO: WebDAV

Install the modules...

sudo apt-get install lighttpd-mod-webdav

Enable the modules...

sudo lighty-enable-mod auth
sudo lighty-enable-mod webdav

Create the directories and apply correct permissions...

sudo mkdir /var/www/domain.co.uk/dav
sudo chown -R www-data:www-data /var/www/domain.co.uk/dav
sudo chmod g+w /var/www/domain.co.uk/dav

Add this to your virtual host file...

 alias.url = ( "/dav" => "/var/www/domain.co.uk/dav" )
 $HTTP["url"] =~ "^/dav($|/)" {
   dir-listing.activate = "enable"
   webdav.activate = "enable"
   webdav.is-readonly = "disable"
   webdav.sqlite-db-name = "/var/run/lighttpd/lighttpd.webdav_lock.db"
   auth.backend = "htpasswd"
   auth.backend.htpasswd.userfile = "/etc/lighttpd/htpasswd"
   auth.require = ( "" => ( "method" => "basic",
                            "realm" => "webdav",
                            "require" => "valid-user" ) )
 }

Restart the web server...

sudo service lighttpd restart

Thanks - https://www.howtoforge.com/how-to-set-up-webdav-with-lighttpd-on-debian-squeeze

HOWTO: Redirect Root Domain To WWW

$HTTP["host"] =~ "^example.com$" {
   url.redirect = (
       "^/(.*)" => "http://www.example.com/$1"
   )
}

HOWTO: Redirect To Secure HTTPS

https://wiki.archlinux.org/index.php/Lighttpd#Redirect_http_requests_to_https

server.modules += ( "mod_redirect" )

$SERVER["socket"] == ":80" {
  $HTTP["host"] =~ "example.org" {
    url.redirect = ( "^/(.*)" => "https://example.org/$1" )
    server.name                 = "example.org" 
  }
}

$SERVER["socket"] == ":443" {
  ssl.engine = "enable" 
  ssl.pemfile = "/etc/lighttpd/certs/server.pem" 
  server.document-root = "..." 
}

When the visitor comes to port 80 (wrapped in the http scheme) it redirects them to port 443 then looks up the host details. This way, you can have multiple host configurations doing different things, like redirecting without any subdomain or a different subdomain with WordPress, and blocking access except for a few IP addresses, etc...

$HTTP["scheme"] == "http" {
  $HTTP["host"] =~ "^secure\.domain\.com$" {
    url.redirect = ( "^/(.*)" => "https://secure.domain.com/$1" )
  }
  $HTTP["host"] =~ "^domain\.com$" {
    url.redirect = ( ".*" => "http://www.domain.com" )
    url.redirect-code = 301
  }
  $HTTP["host"] =~ "^aws\.domain\.com$" {
    server.document-root = "/var/www/aws.domain.com/html"
    server.errorlog = "/var/www/aws.domain.com/logs/error.log"
    accesslog.filename = "/var/www/aws.domain.com/logs/access.log"
    # uncomment below for wordpress
    url.rewrite-if-not-file = ( "^/(wp-.+).*/?" => "$0", "^/keyword/([A-Za-z_0-9\-]+)/?$" => "/index.php?keyword=$1", "^/.*?(\?.*)?$" => "/index.php$1" )
 }
}
$SERVER["socket"] == ":443" {
  ssl.engine = "enable"
  ssl.pemfile = "/etc/lighttpd/domain_com.pem"
  ssl.ca-file = "/etc/lighttpd/BundleCA.crt"
  ssl.use-sslv2 = "disable"
  ssl.use-sslv3 = "disable"
  ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
  $HTTP["host"] =~ "secure\.domain\.com$" {
    server.document-root = "/var/www/secure.domain.com/html"
    server.errorlog = "/var/www/secure.domain.com/logs/error.log"
    accesslog.filename = "/var/www/secure.domain.com/logs/access.log"
    $HTTP["remoteip"] !~ "123.456.789.10|01.987.654.321|66.0.0.0/8" {
      url.access-deny = ( "" )
    }
  }
}

OLD METHOD

server.modules += ( "mod_redirect" )

$SERVER["socket"] == ":80" {
  $HTTP["host"] =~ "example.org" {
    url.redirect = ( "^/(.*)" => "https://example.org/$1" )
    server.name                 = "example.org" 
  }
}

$SERVER["socket"] == ":443" {
  ssl.engine = "enable" 
  ssl.pemfile = "/etc/lighttpd/ssl/server.pem" 
  server.document-root = "..." 
}