====== lighttpd ======
[[https://lighttpd.net|Lighttpd]] (AKA lighty) is a **light**weight **HTTP** **d**aemon (server) written in C that specializes in low resource usage. Its configuration is powerful, but more terse than Apache and nginx. Due to lighty's focus on resource use, it has a variety of strategies for dealing with high resource use.
Since lighttpd doesn't get much attention in documentation, this page will cover steps to take for common applications or settings that make life easier.
===== Redirect HTTP → HTTPS =====
If you're using lighttpd v1.4.50 or greater, try this one-liner on for size:
# Be sure to enable mod_redirect in order to use this.
$SERVER["socket"] == ":80" {
url.redirect = ( "" => "https://${url.authority}${url.path}${sqa}" )
}
See [[https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModRewrite#Extended-Replacement-Patterns|lighttpd wiki's mod_rewrite page]] for an explanation of the variables. ''mod_rewrite'' and ''mod_redirect'' share code, so the same tricks used in one can be used in the other.
Also note that adopting this one-liner means your other redirects or rewrites may need revision.
===== cgit =====
[[https://git.zx2c4.com/cgit|Cgit]] is a CGI-powered Git front-end written in C, using Git's own source code for its heavy lifting.
Create a new cgit-oriented file somewhere in your configuration hierarchy. Then be sure you're ''include''ing it in lighttpd's main configuration file.
server.name = "git.zlg.space"
server.document-root = var.basedir + "/cgit"
index-file.names = ( "cgit.cgi" )
cgi.assign = (
"cgit.cgi" => ""
)
dir-listing.activate = "disable"
url.rewrite-once = (
# Serve static files plainly
"^/(?:cgit.css|favicon.ico|cgit.png|robots.txt)$" => "",
# and let cgit handle the rest
"" => "/cgit.cgi?url=${url.path}${qsa}"
# If the above line doesn't work (lighty < 1.4.50), uncomment this one:
#"^/([^?/]+/[^?]*)?(?:\?(.*))?$" => "/cgit.cgi?url=$1&$2"
)
I use ''/srv/www/cgit'', with these symlinks:
cgit.cgi -> /usr/share/webapps/cgit/cgit.cgi
cgit.css -> /usr/share/webapps/cgit/cgit.css
cgit.png -> /usr/share/webapps/cgit/cgit.png
Your OS may do things differently; the above is where they're stored on my machine.
Next, be sure you have the correct modules enabled. Additionally, you need to setup a temporary file space with permissions that allow the server to read and write to it. Highlighted source code view with cgit can be rather large, and lighttpd will switch to temporary files when a transfer of data is large enough.
server.modules += ( "mod_cgi", "mod_dirlisting" )
# Change this to suit your needs:
server.upload-dirs = ( "/var/tmp/lighttpd" )
include "git.zlg.space.conf"
I chose ''/var/tmp/lighttpd'', but it can be any storage you want. Just be sure that it's enough to have data written to it frequently, as needed. Be sure to setup ''/var/cache/cgit'' (or wherever else you configured it) as well.
mkdir -p /var/tmp/lighttpd /var/cache/cgit
chown lighttpd:lighttpd /var/tmp/lighttpd /var/cache/cgit
Next, setup ''/etc/cgitrc''. You'll want to change the ''scan-path'' variable to point to wherever you plan on storing the repositories (I chose ''/srv/www/cgit''), and **make sure ''scan-path'' is the last line in cgitrc**.
Lastly, start the server using whatever your OS uses to manage servers. For OpenRC:
rc-service lighttpd start
===== DokuWiki =====
[[https://dokuwiki.org|DokuWiki]] is a PHP-powered wiki backend meant primarily for documentation.
A key configuration in DokuWiki is the ''x-sendfile'' option. By default it's set to send the standard ''X-Sendfile'' HTTP header, so the webserver can fetch the file and serve it directly instead of letting the backend (DokuWiki, in this case) do it. This tends to be faster, which is important for wikis displaying a lot of images.
In the Lighttpd configuration for your DokuWiki instance, be sure to set ''x-sendfile'' to ''enable'', and set ''x-sendfile-docroot'' to an array containing the media directory. It's important to set ''x-sendfile-docroot'' because otherwise, DokuWiki could be abused to output the contents of **any file lighttpd has read access to**. ''x-sendfile'' is disabled by default in Lighttpd, to ensure administrators understand the risks before enabling the header's use.
Here's an example of a safe configuration, used on this wiki:
server.modules += ( "mod_fastcgi" ) # skip this if you've already enabled it
fastcgi.server = (
".php" => (
"localhost" => (
"socket" = "/path/to/socket", # I put mine under /var/run
"x-sendfile" => "enable",
"x-sendfile-docroot" => ( server.document-root ) # For me it's /srv/www/wiki
)
)
)
With the above configuration, the only files DokuWiki will be able to serve statically via Lighttpd will be its own media files. This is exactly what we want!