Lighttpd: Installation and configuration of an Apache alternative
Introduction
LigHTTPd (or "lighty") is a secure, fast, and flexible HTTP server.
Its speed comes from having a smaller memory footprint than other HTTP servers, as well as intelligent CPU load management.
Many languages like PHP, Perl, Ruby, and Python are supported via FastCGI.
The main disadvantage of LigHTTPd is that it has only one configuration file and doesn't support .htaccess files (though there are alternatives): directives must be in the configuration file. This is also an advantage, as the server administrator only has one file to manage.
In April 2007, LigHTTPd entered the Top 5 of the most widely used web servers.
It can be useful to redirect part of your traffic to SSL. This is my case for mediawiki which doesn't take SSL into account during authentication (or I don't know how to do it, but it doesn't matter, the idea here is to have a small exercise):
If it arrives on a page containing 'Connexion&returnto'
Then it is redirected to https at the same location as the previous one
Differentiating logs
For example, I want to differentiate the logs of my blog as well as the rest of my domain and my wiki to be able to process them correctly with awstats. Here's how to do it:
...# Deimos Domain$HTTP["host"]=~"deimos\.fr"{server.document-root="/var/www/deimos.fr"# Default logsaccesslog.filename="/var/log/lighttpd/access-blog_and_co.log"# Wiki logs$HTTP["url"]=~"^/mytechnotebook/"{accesslog.filename="/var/log/lighttpd/access-deimos-wiki.log"}}...
Blocking access to your site via Internet Explorer
It is possible to block access to all kinds of browsers. If like me, you're not friends with IE (which breaks your PNGs in version 6, doesn't respect standards, breaks CSS, etc.), it might be useful to block it and kindly indicate to the user to download Firefox as soon as possible.
I did it under Apache and here I couldn't pass up the opportunity to do it for Lighttpd, so here's the solution:
All that's left is to create the ie.html file and put your nice text in it (you can also make a simple text file). Here's what I use (/var/www/ie.html):
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><metahttp-equiv="Content-Type"content="text/html; charset=utf-8"/><title>Access Forbidden with Internet Explorer</title></head><body> Dear Internet User,<br/><br/> This site is not accessible using Internet Explorer that you are using.<br/> You must now understand that times are changing.<br/><br/> You are currently using a browser (Internet Explorer) that does not
respect<br/> the <ahref="http://www.w3.org">standards</a> and has the monopoly, due to
its mandatory presence in your<br/> dear OS (Windows). That said, you may be at work and don't have a choice of
OS.<br/><br/> However, Internet Explorer should no longer be used when there are all kinds
of<br/> other free, open source browsers that respect standards!<br/> But since you don't seem to be aware, that's okay, let me help you.<br/><br/> To start, you can download a clean browser such as
<ahref="http://www.mozilla.org">Firefox</a>.<br/> This would already help you get on the right track and will also allow you
to access<br/> my site.<br/><br/> Still in your new quest to the light side of the force, you should switch
to<br/> a free and open source OS (<ahref="http://www.ubuntu.com">Ubuntu</a> for
example) which will surely make you happy.<br/><br/> I invite you to take matters into your own hands as soon as possible.<br/><br/> Sincerely,<br/> Pierre (aka Deimos)
</body></html>
Access restriction by login and password
Htaccess files don't exist in Lighttpd, but there is an equivalent. Check before you start that the mod_auth module is loaded. First, we'll generate (with -c for the first time, like htaccess) a file containing the credentials for authorization to view a particular site:
Here I'm creating the user deimos. The realm (here 'Authorized users only') will allow us to differentiate between the different login/password files we'll have since we can only specify one for the entire server.
Then add these lines to the global lighttpd configuration:
To speed up the display of your website, it's recommended to enable compression. By default, not enough elements are compressed, so you'll need to define more in the standard configuration. Note: Enabling compression will put a bit more load on your server's CPU/RAM.
Edit your lighty configuration to configure the compress module:
Stopping web server: lighttpd.
Starting web server: lighttpd/usr/sbin/lighttpd: Symbol `FamErrlist' has different size in shared object, consider re-linking
2010-08-20 21:58:02: (network.c.345) can't bind to port: :: 80 Address already in use
failed!
This is due to a bug with IPv6 on Debian. To solve the problem, you need to install libfam0 which also causes these kinds of bugs:
It's simply that you've exceeded the maximum number of file descriptors. You just need to increase the current value. To find out which one is currently applied (default 1024), just run this command:
2011-05-09 09:06:07: (mod_fastcgi.c.2764) fcgi-server re-enabled: 0 /tmp/php.socket
2011-05-09 09:06:07: (mod_fastcgi.c.2764) fcgi-server re-enabled: 0 /tmp/php.socket
2011-05-09 09:06:07: (mod_fastcgi.c.2764) fcgi-server re-enabled: 0 /tmp/php.socket
2011-05-09 09:06:07: (mod_fastcgi.c.2764) fcgi-server re-enabled: 0 /tmp/php.socket
2011-05-09 09:06:10: (mod_fastcgi.c.3001) backend is overloaded; we'll disable it for 1 seconds and send the request to another backend instead: reconnects: 0 load: 521
2011-05-09 09:06:10: (mod_fastcgi.c.3001) backend is overloaded; we'll disable it for 1 seconds and send the request to another backend instead: reconnects: 1 load: 521
2011-05-09 09:06:10: (mod_fastcgi.c.3001) backend is overloaded; we'll disable it for 1 seconds and send the request to another backend instead: reconnects: 2 load: 521
2011-05-09 09:06:10: (mod_fastcgi.c.3001) backend is overloaded; we'll disable it for 1 seconds and send the request to another backend instead: reconnects: 3 load: 521
It's because your fastcgi limits have been exceeded. To solve the problem, here's the configuration to modify:
Then adjust the lines above to accommodate the maximum number of clients you want, as well as the number of instances. You can test your new configuration with the "ab" command.