User Tools

Site Tools


software:lighttpd

lighttpd

Lighttpd (AKA lighty) is a lightweight HTTP daemon (server) written in C that specializes in low resource usage. Its configuration is powerful, but more terse than Apache and nginx. Due to lighty's focus on resource use, it has a variety of strategies for dealing with high resource use.

Since lighttpd doesn't get much attention in documentation, this page will cover steps to take for common applications or settings that make life easier.

Redirect HTTP → HTTPS

If you're using lighttpd v1.4.50 or greater, try this one-liner on for size:

/etc/lighttpd/lighttpd.conf
# Be sure to enable mod_redirect in order to use this.
$SERVER["socket"] == ":80" {
    url.redirect = ( "" => "https://${url.authority}${url.path}${sqa}" )
}

See lighttpd wiki's mod_rewrite page for an explanation of the variables. mod_rewrite and mod_redirect share code, so the same tricks used in one can be used in the other.

Also note that adopting this one-liner means your other redirects or rewrites may need revision.

cgit

Cgit is a CGI-powered Git front-end written in C, using Git's own source code for its heavy lifting.

Create a new cgit-oriented file somewhere in your configuration hierarchy. Then be sure you're includeing it in lighttpd's main configuration file.

git.zlg.space.conf
server.name = "git.zlg.space"
server.document-root = var.basedir + "/cgit"
index-file.names = ( "cgit.cgi" )
cgi.assign = (
    "cgit.cgi" => ""
)
dir-listing.activate = "disable"
url.rewrite-once = (
        # Serve static files plainly
	"^/(?:cgit.css|favicon.ico|cgit.png|robots.txt)$" => "",
        # and let cgit handle the rest
        "" => "/cgit.cgi?url=${url.path}${qsa}"
        # If the above line doesn't work (lighty < 1.4.50), uncomment this one:
        #"^/([^?/]+/[^?]*)?(?:\?(.*))?$" => "/cgit.cgi?url=$1&$2"
)

I use /srv/www/cgit, with these symlinks:

cgit.cgi -> /usr/share/webapps/cgit/cgit.cgi
cgit.css -> /usr/share/webapps/cgit/cgit.css
cgit.png -> /usr/share/webapps/cgit/cgit.png

Your OS may do things differently; the above is where they're stored on my machine.

Next, be sure you have the correct modules enabled. Additionally, you need to setup a temporary file space with permissions that allow the server to read and write to it. Highlighted source code view with cgit can be rather large, and lighttpd will switch to temporary files when a transfer of data is large enough.

/etc/lighttpd/lighttpd.conf
server.modules += ( "mod_cgi", "mod_dirlisting" )
# Change this to suit your needs:
server.upload-dirs = ( "/var/tmp/lighttpd" )
include "git.zlg.space.conf"

I chose /var/tmp/lighttpd, but it can be any storage you want. Just be sure that it's enough to have data written to it frequently, as needed. Be sure to setup /var/cache/cgit (or wherever else you configured it) as well.

mkdir -p /var/tmp/lighttpd /var/cache/cgit
chown lighttpd:lighttpd /var/tmp/lighttpd /var/cache/cgit

Next, setup /etc/cgitrc. You'll want to change the scan-path variable to point to wherever you plan on storing the repositories (I chose /srv/www/cgit), and make sure scan-path is the last line in cgitrc.

Lastly, start the server using whatever your OS uses to manage servers. For OpenRC:

rc-service lighttpd start

DokuWiki

DokuWiki is a PHP-powered wiki backend meant primarily for documentation.

A key configuration in DokuWiki is the x-sendfile option. By default it's set to send the standard X-Sendfile HTTP header, so the webserver can fetch the file and serve it directly instead of letting the backend (DokuWiki, in this case) do it. This tends to be faster, which is important for wikis displaying a lot of images.

In the Lighttpd configuration for your DokuWiki instance, be sure to set x-sendfile to enable, and set x-sendfile-docroot to an array containing the media directory. It's important to set x-sendfile-docroot because otherwise, DokuWiki could be abused to output the contents of any file lighttpd has read access to. x-sendfile is disabled by default in Lighttpd, to ensure administrators understand the risks before enabling the header's use.

Here's an example of a safe configuration, used on this wiki:

server.modules += ( "mod_fastcgi" ) # skip this if you've already enabled it
fastcgi.server = (
    ".php" => (
        "localhost" => (
            "socket" = "/path/to/socket", # I put mine under /var/run
            "x-sendfile" => "enable",
            "x-sendfile-docroot" => ( server.document-root )  # For me it's /srv/www/wiki
        )
    )
)

With the above configuration, the only files DokuWiki will be able to serve statically via Lighttpd will be its own media files. This is exactly what we want!

software/lighttpd.txt · Last modified: 2020-05-26 00:10 by zlg