Lighttpd

From Indie IT Wiki
Jump to: navigation, search

HOWTO: Index Page Column Sorting

Example - http://doc.lighttpd.net/

View Source and you will see the CSS and JavaScript.

Documentation - https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModDirlisting

You will need Lighttpd version 1.4.42+

HOWTO: Lighttpd + PHP

Install the packages we need: (this may not be all, but these two will automatically download the rest as dependencies)

sudo aptitude install lighttpd php5-cgi

Enable the fastcgi module and the php configuration with

sudo lighty-enable-mod fastcgi
sudo lighty-enable-mod fastcgi-php

Reload the lighttpd daemon

sudo service lighttpd force-reload

To test if it's working create the file /var/www/index.php with the following contents:

<?php phpinfo(); ?>

Thanks - https://wiki.ubuntu.com/Lighttpd+PHP

HOWTO: Move Default Document Root

sudo mkdir /var/www/default
sudo mv /var/www/index.lighttpd.html /var/www/default/
sudo chown -R www-data:www-data /var/www/default/
sudo nano /etc/lighttpd/lighttpd.conf
server.document-root = "/var/www/default"
sudo /etc/init.d/lighttpd restart

HOWTO: SSL Secure Certificate Purchase

https://www.ssls.com/

HOWTO: SSL Secure Certificate Generation

https://www.digicert.com/easy-csr/openssl.htm

openssl req -new -newkey rsa:2048 -nodes -out domain_co_uk.csr -keyout domain_co_uk.key -subj "/C=GB/ST=County/L=Town/O=Your Name/OU=Web Site/CN=domain.co.uk"

HOWTO: SSL Secure Certificate Installation

https://www.digicert.com/ssl-certificate-installation-lighttpd.htm

http://billpatrianakos.me/blog/2014/04/04/installing-comodo-positive-ssl-certs-on-apache-and-openssl/

cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > BundleCA.crt
cat your_domain_name.key your_domain_name.crt > your_domain_name.pem
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/path/to/your_domain_name.pem"
ssl.ca-file = "/path/to/BundleCA.crt"
#ssl.use-compression = "disable"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
#ssl.honor-cipher-order = "enable"
#ssl.cipher-list = "AES256+EECDH:AES256+EDH:!aNULL:!eNULL"
ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
}

HOWTO: Restrict Access To IP Address

$HTTP["remoteip"] !~ "123.456.789.10|66.102.[0-15].[0-255]" {
  url.access-deny = ( "" )
}

or

$HTTP["remoteip"] !~ "66.249.*.*|66.102.*.*" {

}

Thanks - http://serverfault.com/questions/137969/allowing-multiple-ip-ranges-access-to-a-virtual-host-in-lighttpd-with-remoteip#146848

HOWTO: Restrict Access By User Agent Browser String

$HTTP["useragent"] !~ "GoogleDocs" {
  url.access-deny = ( "" )
}

HOWTO: Restrict Access By Request Method

$HTTP["request-method"] !~ "^GET$" {
  url.access-deny = ( "" )
}

or

$HTTP["request-method"] !~ "^(GET|HEAD)$" {
  url.access-deny = ( "" )
}

HOWTO: Password Protect Directory

Create the password file...

sudo apt-get install apache2-utils
sudo htpasswd -c /etc/lighttpd/.htpasswd username

Add the authentication module to the main configuration file...

        "mod_auth",

Add the following lines to the separate virtual host file...

auth.backend = "htpasswd"
auth.backend.htpasswd.userfile = "/etc/lighttpd/.htpasswd"
auth.require = ( "/webmail/" =>
  (
    "method" => "basic",
    "realm" => "Webmail Access",
    "require" => "valid-user",
  )
)

If you want to ignore localhost and your network each time, use this instead...

$HTTP["remoteip"] !~ "(127.0.0.1|192.168.0.*)" {
  auth.backend = "htpasswd"
  auth.backend.htpasswd.userfile = "/etc/lighttpd/.htpasswd"
  auth.require = ( "/webmail/" =>
    (
      "method" => "basic",
      "realm" => "Webmail Access",
      "require" => "valid-user",
    )
  )
}

HOWTO: Allow Directory Listing

Add the following line to your main configuration file or separate virtual host file...

server.dir-listing = "enable"

...or...

$HTTP["url"] =~ "^/files($|/)" { server.dir-listing = "enable" }

Official Web Page - http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModDirlisting

Thanks - http://www.cyberciti.biz/tips/howto-lighttpd-enable-disable-directory-listing.html

HOWTO: Change Directory Listing Design

Create 2 files called HEADER.txt and README.txt in your web site folder.

These contain the HTML and CSS for your directory listing page (when no index.html is found).

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Index of /linux/</title>
<link rel="shortcut icon" href="/favicon.ico" />
<style type="text/css">
a, a:active {text-decoration: none; color: blue;}
a:visited {color: #48468F;}
a:hover, a:focus {text-decoration: underline; color: red;}
body {background-color: #F5F5F5;}
h2 {margin-bottom: 12px;}
table {margin-left: 12px;}
th, td { font: 90% monospace; text-align: left;}
th { font-weight: bold; padding-right: 14px; padding-bottom: 3px;}
td {padding-right: 14px;}
td.s, th.s {text-align: right;}
div.list { background-color: white; border-top: 1px solid #646464; border-bottom: 1px solid #646464; padding-top: 10px; padding-bottom: 14px;}
div.foot { font: 90% monospace; color: #787878; padding-top: 4px;}
</style>
</head>
<body>

...and...

</body>
</html>

Then, add these settings to your web site configuration file...

dir-listing.auto-layout = "disable"
dir-listing.show-header = "enable"
dir-listing.hide-header-file = "enable"
dir-listing.encode-header = "disable"
dir-listing.show-readme = "enable"
dir-listing.hide-readme-file = "enable"
dir-listing.encode-readme = "disable"

...and restart Lighttpd.

Thanks - http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModDirlisting

HOWTO: Hide Files From Directory Listing

dir-listing.exclude = ( "favicon.ico" )

HOWTO: Set File Mime Type For Downloads

mimetype.assign += ( ".log" => "text/plain" )

HOWTO: Fix File Timestamps

use_localtime=NO

HOWTO: WebDAV

Install the modules...

sudo apt-get install lighttpd-mod-webdav

Enable the modules...

sudo lighty-enable-mod auth
sudo lighty-enable-mod webdav

Create the directories and apply correct permissions...

sudo mkdir /var/www/domain.co.uk/dav
sudo chown -R www-data:www-data /var/www/domain.co.uk/dav
sudo chmod g+w /var/www/domain.co.uk/dav

Add this to your virtual host file...

 alias.url = ( "/dav" => "/var/www/domain.co.uk/dav" )
 $HTTP["url"] =~ "^/dav($|/)" {
   dir-listing.activate = "enable"
   webdav.activate = "enable"
   webdav.is-readonly = "disable"
   webdav.sqlite-db-name = "/var/run/lighttpd/lighttpd.webdav_lock.db"
   auth.backend = "htpasswd"
   auth.backend.htpasswd.userfile = "/etc/lighttpd/htpasswd"
   auth.require = ( "" => ( "method" => "basic",
                            "realm" => "webdav",
                            "require" => "valid-user" ) )
 }

Restart the web server...

sudo service lighttpd restart

Thanks - https://www.howtoforge.com/how-to-set-up-webdav-with-lighttpd-on-debian-squeeze

HOWTO: Redirect Root Domain To WWW

$HTTP["host"] =~ "^example.com$" {
   url.redirect = (
       "^/(.*)" => "http://www.example.com/$1"
   )
}

HOWTO: Redirect To Secure HTTPS

When the visitor comes to port 80 (wrapped in the http scheme) it redirects them to port 443 then looks up the host details. This way, you can have multiple host configurations doing different things, like redirecting without any subdomain or a different subdomain with WordPress, and blocking access except for a few IP addresses, etc...

$HTTP["scheme"] == "http" {
  $HTTP["host"] =~ "^secure\.domain\.com$" {
    url.redirect = ( "^/(.*)" => "https://secure.domain.com/$1" )
  }
  $HTTP["host"] =~ "^domain\.com$" {
    url.redirect = ( ".*" => "http://www.domain.com" )
    url.redirect-code = 301
  }
  $HTTP["host"] =~ "^aws\.domain\.com$" {
    server.document-root = "/var/www/aws.domain.com/html"
    server.errorlog = "/var/www/aws.domain.com/logs/error.log"
    accesslog.filename = "/var/www/aws.domain.com/logs/access.log"
    # uncomment below for wordpress
    url.rewrite-if-not-file = ( "^/(wp-.+).*/?" => "$0", "^/keyword/([A-Za-z_0-9\-]+)/?$" => "/index.php?keyword=$1", "^/.*?(\?.*)?$" => "/index.php$1" )
 }
}
$SERVER["socket"] == ":443" {
  ssl.engine = "enable"
  ssl.pemfile = "/etc/lighttpd/domain_com.pem"
  ssl.ca-file = "/etc/lighttpd/BundleCA.crt"
  ssl.use-sslv2 = "disable"
  ssl.use-sslv3 = "disable"
  ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
  $HTTP["host"] =~ "secure\.domain\.com$" {
    server.document-root = "/var/www/secure.domain.com/html"
    server.errorlog = "/var/www/secure.domain.com/logs/error.log"
    accesslog.filename = "/var/www/secure.domain.com/logs/access.log"
    $HTTP["remoteip"] !~ "123.456.789.10|01.987.654.321|66.0.0.0/8" {
      url.access-deny = ( "" )
    }
  }
}

OLD METHOD

server.modules += ( "mod_redirect" )

$SERVER["socket"] == ":80" {
  $HTTP["host"] =~ "example.org" {
    url.redirect = ( "^/(.*)" => "https://example.org/$1" )
    server.name                 = "example.org" 
  }
}

$SERVER["socket"] == ":443" {
  ssl.engine = "enable" 
  ssl.pemfile = "/etc/lighttpd/ssl/server.pem" 
  server.document-root = "..." 
}