Catalog / Lighttpd Web Server Cheatsheet

Lighttpd Web Server Cheatsheet

A quick reference guide for Lighttpd, covering installation, configuration, common commands, and modules.

Installation and Basic Commands

Installation

Debian/Ubuntu:

sudo apt update
sudo apt install lighttpd

CentOS/RHEL:

sudo yum install lighttpd

Verify Installation:

lighttpd -v

Service Management

Start

sudo systemctl start lighttpd

Stop

sudo systemctl stop lighttpd

Restart

sudo systemctl restart lighttpd

Status

sudo systemctl status lighttpd

Enable (Start on boot)

sudo systemctl enable lighttpd

Disable (Don’t start on boot)

sudo systemctl disable lighttpd

Configuration File

Main configuration file:
/etc/lighttpd/lighttpd.conf

Modules configuration directory:
/etc/lighttpd/conf-enabled/

Basic Configuration

Server Configuration

server.modules = (
    "mod_access",
    "mod_alias",
    "mod_compress",
    "mod_redirect",
)
server.document-root = "/var/www/html"
server.upload-dirs   = ( "/tmp" )
server.errorlog             = "/var/log/lighttpd/error.log"
server.pid-file             = "/run/lighttpd.pid"
server.username             = "www-data"
server.groupname              = "www-data"
index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
url.access-deny             = ( ".so", ".*~", ".bak", ".*#", ".*", ".inc", ".config" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

Port and Interface Configuration

Bind to a specific IP and Port

server.bind = "192.168.1.100"
server.port = 80

Listen on IPv6

server.use-ipv6 = "enable"

Virtual Hosts

Create directories for each virtual host. For example, /var/www/example.com

Create a virtual host configuration file (e.g., /etc/lighttpd/conf-available/example.com.conf):

$HTTP["host"] == "example.com" {
    server.document-root = "/var/www/example.com"
    server.errorlog = "/var/log/lighttpd/example.com-error.log"
    accesslog.filename = "/var/log/lighttpd/example.com-access.log"
}

Enable the virtual host:

ln -s /etc/lighttpd/conf-available/example.com.conf /etc/lighttpd/conf-enabled/example.com.conf

Restart Lighttpd.

Modules

Enabling/Disabling Modules

Use lighty-enable-mod and lighty-disable-mod to manage modules.

Enable a module:

sudo lighty-enable-mod <module_name>

Disable a module:

sudo lighty-disable-mod <module_name>

This creates/removes symbolic links in /etc/lighttpd/conf-enabled/.

Common Modules

mod_access

Provides access control based on IP addresses.

mod_alias

Allows defining aliases for directories.

mod_compress

Enables HTTP compression (gzip/deflate).

mod_redirect

Handles HTTP redirects.

mod_rewrite

Provides URL rewriting capabilities.

mod_fastcgi

For FastCGI support (e.g., PHP).

PHP Configuration (mod_fastcgi)

Enable mod_fastcgi:

sudo lighty-enable-mod fastcgi

Configure PHP in /etc/lighttpd/conf-enabled/15-fastcgi.conf:

fastcgi.server = (
    ".php" => (
        (
            "bin-path" => "/usr/bin/php-cgi",
            "socket" => "/tmp/php.socket",
            "max-procs" => 2
        )
    )
)

Ensure php-cgi is installed and the socket path is correct. You may need to install the php-cgi package separately (e.g., sudo apt install php-cgi).

Advanced Configuration

HTTPS Configuration (mod_openssl)

  1. Enable mod_openssl:
    sudo lighty-enable-mod openssl
    
  2. Configure SSL settings in /etc/lighttpd/conf-enabled/44-ssl.conf:
    $SERVER["socket"] == ":443" {
        ssl.engine = "enable"
        ssl.pemfile = "/etc/lighttpd/ssl/example.com.pem"
        ssl.ca-file = "/etc/lighttpd/ssl/ca.pem"
        ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
        ssl.honor-cipher-order = "enable"
    }
    
  3. Create a self-signed certificate or obtain one from a CA:
    sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/lighttpd/ssl/example.com.pem -out /etc/lighttpd/ssl/example.com.pem
    
    Adjust paths accordingly.

Restart Lighttpd.

URL Rewriting (mod_rewrite)

Enable mod_rewrite:

sudo lighty-enable-mod rewrite

Rewrite rules in lighttpd.conf or virtual host configuration:

url.rewrite-once = (
    "^/oldpage.html$" => "/newpage.html",
    "^/images/(.*)$" => "/media/images/$1"
)

Access Control (mod_access)

Allow only specific IPs

$HTTP["remoteip"] == "192.168.1.100" {
    access.allow = ( "." )
}

Deny all other IPs by default.

Deny specific IPs

$HTTP["remoteip"] == "192.168.1.101" {
    access.deny = ( "." )
}