Lighttpd 1.4.x on Ubuntu (14.04)

From HostmasterWiki
Jump to: navigation, search

This how-to will statically compile lighttpd1.4 with libressl


Prepare[edit]

$ sudo apt-get install make gcc patch libev-dev libpcre3-dev zlib1g-dev libbz2-dev gamin libgamin-dev liblua5.1-0-dev
$ wget \
http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.37.tar.gz \
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.3.tar.gz
$ tar xvfz libressl-2.2.3.tar.gz && tar xvfz lighttpd-1.4.37.tar.gz

Compile[edit]

LibreSSL[edit]

$ cd libressl-2.2.3
$ ./configure --prefix=/opt/libressl
$ make 
$ sudo make install

Lighttpd[edit]

$ cd ../lighttpd-1.4.37
$ ./configure \
--prefix=/usr \
--sysconfdir=/etc \
--localstatedir=/var \
--with-libev \
--with-pcre \
--with-zlib \
--with-bzip2 \
--with-fam \
--with-lua \
--with-openssl=/opt/libressl
$ make
$ sudo make install

Install[edit]

$ sudo mkdir /etc/lighttpd && sudo mkdir /var/log/lighttpd && sudo mkdir /var/cache/lighttpd
$ sudo chmod 755 /var/log/lighttpd/ && sudo chmod 777 /var/cache/lighttpd/
$ sudo chown www-data:www-data /var/log/lighttpd
$ sudo mkdir -p /var/www/default && mkdir -p /var/www/internal


init.d[edit]

$ sudo nano /etc/init.d/lighttpd


#!/bin/sh
### BEGIN INIT INFO
# Provides:          lighttpd
# Required-Start:    $local_fs $remote_fs $network $syslog
# Required-Stop:     $local_fs $remote_fs $network $syslog
# Should-Start:      fam
# Should-Stop:       fam
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Start the lighttpd web server.
# Description:       Fast and smalle webserver with minimal memory footprint
#                    developed with security in mind HTTP/1.1 compliant caching
#                    proxy server.
### END INIT INFO

PATH=/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/lighttpd
NAME=lighttpd
DESC="web server" 
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME

DAEMON_OPTS="-f /etc/lighttpd/lighttpd.conf" 

test -x $DAEMON || exit 0

set -e

check_syntax()
{
    $DAEMON -t $DAEMON_OPTS > /dev/null || exit $?
}

if [ "$1" != status ]; then
    # be sure there is a /var/run/lighttpd, even with tmpfs
    # The directory is defined as volatile and may thus be non-existing
    # after a boot (DPM §9.3.2)
    if ! dpkg-statoverride --list /var/run/lighttpd >/dev/null 2>&1; then
        install -d -o www-data -g www-data -m 0750 "/var/run/lighttpd" 
    fi
fi

. /lib/lsb/init-functions

case "$1" in
    start)
    check_syntax
        log_daemon_msg "Starting $DESC" $NAME
        if ! start-stop-daemon --start --oknodo --quiet \
            --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_OPTS
        then
            log_end_msg 1
        else
            log_end_msg 0
        fi
        ;;
    stop)
        log_daemon_msg "Stopping $DESC" $NAME
        if start-stop-daemon --stop --retry 30 --oknodo --quiet \
            --pidfile $PIDFILE --exec $DAEMON
        then
            rm -f $PIDFILE
            log_end_msg 0
        else
            log_end_msg 1
        fi
        ;;
    reload|force-reload)
    check_syntax
        log_daemon_msg "Reloading $DESC configuration" $NAME
        if start-stop-daemon --stop --signal INT --quiet \
            --pidfile $PIDFILE --exec $DAEMON \
            --retry=TERM/60/KILL/5
        then
            rm $PIDFILE
            if start-stop-daemon --start --quiet  \
                --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_OPTS ; then
                log_end_msg 0
            else
                log_end_msg 1
            fi
        else
            log_end_msg 1
        fi
        ;;
    reopen-logs)
        log_daemon_msg "Reopening $DESC logs" $NAME
        if start-stop-daemon --stop --signal HUP --oknodo --quiet \
            --pidfile $PIDFILE --exec $DAEMON
        then
            log_end_msg 0
        else
            log_end_msg 1
        fi
        ;;
    restart)
    check_syntax
        $0 stop
        $0 start
        ;;
    status)
        status_of_proc -p "$PIDFILE" "$DAEMON" lighttpd && exit 0 || exit $?
        ;;
    *)
        echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload|status}" >&2
        exit 1
        ;;
esac

exit 0


$ sudo chmod +x /etc/init.d/lighttpd
$ sudo update-rc.d lighttpd defaults


logrotate.d[edit]

$ sudo nano /etc/logrotate.d/lighttpd


/var/log/lighttpd/*.log {        
        daily
        missingok
        rotate 7
        compress
        delaycompress
        notifempty
        sharedscripts
        postrotate
             /etc/init.d/lighttpd reopen-logs > /dev/null
        endscript
        create 644 www-data www-data
}

Config (Sample)[edit]

lighttpd.conf[edit]

# mimetype mapping
include "mimetypes.conf" 

server.modules              = (
  "mod_accesslog",
  "mod_setenv",
  "mod_expire",
  "mod_compress",
  "mod_access",
  "mod_alias",
  "mod_magnet",
  "mod_redirect",
  "mod_rewrite",
  "mod_auth",
  "mod_status",
  "mod_fastcgi" 
)

server.document-root        = "/var/www/default" 
server.errorlog             = "/var/log/lighttpd/error.log" 
index-file.names            = ( "index.html", "index.php" )

server.event-handler = "libev" 
server.network-backend = "writev" 
server.max-connections = 3072
server.max-fds = 8192
server.stat-cache-engine = "fam" 
server.max-keep-alive-requests = 100
server.max-keep-alive-idle = 10
server.max-read-idle = 600
server.max-write-idle = 600

server.tag = "lighttpd" 
server.bind = "127.0.0.1" 
server.use-ipv6 = "disable" 
server.port = 80
server.pid-file = "/var/run/lighttpd.pid" 
server.username = "www-data" 
server.groupname = "www-data" 
setenv.add-response-header = (
        "X-Server-Name" => "www01" 
)

url.access-deny             = ( "~", ".inc", ".lua", ".htaccess", ".htpasswd" )
$HTTP["url"] =~ "(\.svn|\.git)" {
  url.access-deny = ( "" )
}

$HTTP["url"] =~ "\.pdf$" {
  server.range-requests = "disable" 
}
static-file.exclude-extensions = ( ".php" )

# post / curl / flash uploader
server.reject-expect-100-with-417 = "disable" 

#### PHP
fastcgi.server = (
  ".php" =>
  ((
        "socket" => "/var/run/php5-fpm.sock",
        "allow-x-send-file" => "enable",
        "broken-scriptfilename" => "enable" 
  ))
)

#### auth
auth.debug                 = 0
auth.backend               = "htpasswd" 
auth.backend.htpasswd.userfile = "/etc/lighttpd/htpasswd.conf" 

#### VHOSTS
include "vhost-internal.conf" 
$SERVER["socket"] == "144.144.144.144:80" {
    include "vhost-yourdomain.conf" 
}


client-performance.conf[edit]

#### PERFORMANCE OPTIMIZATIONS: CLIENTS ####
# requires: server.name

## COMPRESSION OF STATIC FILES ##
compress.cache-dir = "/var/cache/lighttpd/" + server.name  + "/" 
compress.filetype = (
  "text/css",
  "application/javascript",
  "image/svg+xml",
  "application/font-sfnt",
  "application/vnd.ms-fontobject",
  "application/font-woff" 
)
compress.max-filesize = 1024

## EXPIRE HEADERS ##
$HTTP["url"] =~ "\.(gif|png|jpeg|jpg|ico|css|js|svg|otf|ttf|eot|woff)(\?(.*))?$" { expire.url = ( "" => "access 12 months" ) }


mimetypes.conf[edit]

mimetype.assign = (
  "README"        => "text/plain",
  ".patch"        => "text/plain",
  ".tar.gz"       => "application/x-tgz",
  ".pdf"          => "application/pdf",
  ".sig"          => "application/pgp-signature",
  ".spl"          => "application/futuresplash",
  ".class"        => "application/octet-stream",
  ".ps"           => "application/postscript",
  ".torrent"      => "application/x-bittorrent",
  ".dvi"          => "application/x-dvi",
  ".gz"           => "application/x-gzip",
  ".pac"          => "application/x-ns-proxy-autoconfig",
  ".swf"          => "application/x-shockwave-flash",
#  ".tgz"          => "application/x-tgz",
  ".tar"          => "application/x-tar",
  ".zip"          => "application/zip",
  ".mp3"          => "audio/mpeg",
  ".m3u"          => "audio/x-mpegurl",
  ".wma"          => "audio/x-ms-wma",
  ".wax"          => "audio/x-ms-wax",
  ".ogg"          => "application/ogg",
  ".wav"          => "audio/x-wav",
  ".gif"          => "image/gif",
  ".jar"          => "application/x-java-archive",

  # images
  ".jpg"          => "image/jpeg",
  ".jpeg"         => "image/jpeg",
  ".png"          => "image/png",
  ".xbm"          => "image/x-xbitmap",
  ".xpm"          => "image/x-xpixmap",
  ".xwd"          => "image/x-xwindowdump",
  ".svg"          => "image/svg+xml",
  ".svgz"          => "image/svg+xml",
  ".ico"          => "image/x-icon",

  ".css"          => "text/css",
  ".html"         => "text/html",
  ".htm"          => "text/html",
  ".js"           => "text/javascript",
  ".asc"          => "text/plain",
  ".md5"          => "text/plain",
  ".sha1"         => "text/plain",
  ".sha"          => "text/plain",
  ".c"            => "text/plain",
  ".cpp"          => "text/plain",
  ".log"          => "text/plain",
  ".conf"         => "text/plain",
  ".text"         => "text/plain",
  ".txt"          => "text/plain",
  ".dtd"          => "text/xml",
  ".xml"          => "application/xml",
  ".xml.gz"       => "application/x-gzip",
  ".xsl"          => "application/xml",
  ".mpeg"         => "video/mpeg",
  ".mpg"          => "video/mpeg",
  ".mov"          => "video/quicktime",
  ".qt"           => "video/quicktime",
  ".avi"          => "video/x-msvideo",
  ".asf"          => "video/x-ms-asf",
  ".asx"          => "video/x-ms-asf",
  ".wmv"          => "video/x-ms-wmv",
  ".mp4"          => "video/mp4",
#  ".bz2"          => "application/x-bzip",
  ".tbz"          => "application/x-bzip-compressed-tar",
  ".tar.bz2"      => "application/x-bzip-compressed-tar",

  # phpweb
  ".chm"          => "application/octet-stream",
  ".bz2"          => "application/octet-stream",
  ".tgz"          => "application/octet-stream",
  ".msi"          => "application/octet-stream",
  ".prc"          => "application/x-pilot",
  ".pdb"          => "application/x-pilot",

  # (web-) fonts
  ".otf"          => "application/font-sfnt",
  ".ttf"          => "application/font-sfnt",
  ".eot"          => "application/vnd.ms-fontobject",
  ".woff"         => "application/font-woff",

  ".Z"            => "application/x-compress" 

  # default (dl)
#  ""              => "application/octet-stream" 
)


vhost-internal.conf[edit]

## munin / zabbix / internal urls
$HTTP["host"] =~ "^(www01\.YOURDOMAIN\.COM|127\.0\.0\.1|127\.0\.0\.1:80)$" {

    server.document-root = "/var/www/internal" 

    $HTTP["remoteip"] != "127.0.0.1" {
        auth.require = ( "/" => (
            "method"  => "basic",
            "realm"   => "intern",
            "require" => "valid-user" 
        ))
    }

    status.status-url = "/server-status"    

    fastcgi.server += (
        "/status" => ((
            "socket" => "/var/run/php5-fpm.sock",
            "check-local" => "disable" 
        )),
        "/ping" => ((
            "socket" => "/var/run/php5-fpm.sock",
            "check-local" => "disable" 
    )))

    alias.url = ( "/xcache/" => "/usr/share/xcache/htdocs/" )
}


Munin Plugin[edit]

$ cd /usr/share/munin/plugins/
$ sudo wget https://raw.github.com/rtucker/munin-lighttpd/master/lighttpd_
$ sudo chmod +x lighttpd_

$ sudo ln -s /usr/share/munin/plugins/lighttpd_ /etc/munin/plugins/lighttpd_accesses && \
sudo ln -s /usr/share/munin/plugins/lighttpd_ /etc/munin/plugins/lighttpd_idleservers && \
sudo ln -s /usr/share/munin/plugins/lighttpd_ /etc/munin/plugins/lighttpd_kbytes