edoceo

Installation & Configuration of Lighttpd on Linux

Lighttpd is a high performance web-server that can serve well as an "asset server". Lighttpd also works very well as a CGI server for FastCGI or even RoR. When implemented we saw a large reduction in load on our primary web server and increased performance of our sites as a whole.

Installing lighttpd

Simply set the USE flags and emerge, this is what ours looks like.

emerge -pv lighttpd
[ebuild  N    ] www-servers/lighttpd-1.4.20  USE="bzip2 -doc -fam -fastcgi \
  gdbm ipv6 -ldap -lua -memcache -minimal -mysql pcre -php -rrdtool ssl \
  -test -webdav xattr" 604 kB

Caching & Expires Header §

Put this configuration, generally after host configs. Adjust the extensions as necessary.

$HTTP["url"] =~ "\.(css|gif|jpeg|jpg|png|js)$" {
    expire.url = ( "" => "access 3 days" )
    etag.use-inode = "enable"
    etag.use-mtime = "enable"
    etag.use-size = "enable"
    static-file.etags = "enable"
}

Configuring SSL §

We are assuming that keys have already been generated using openssl. We simply concatinate the key and certificate files as a "pem" and hand that to Lighttpd.

cd /etc/lighttpd
cat example.com.key example.com.crt > example.com.pem
chmod 0400 example.com.key example.com.pem

Update the Lighttpd configuration accordingly. The ca-file directive is only necessary if the issuing certificate authority says so.

$SERVER["socket"] == ":443" {
    ssl.engine = "enable"
    ssl.pemfile = "/etc/lighttpd/example.com.pem"
    ssl.ca-file = "/etc/lighttpd/example.com_CA.crt"
    ssl.use-compression = "disable"
    ssl.use-sslv3 = "disable"
    ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
	ssl.dh-file = "/etc/ssl/certs/dhparam.pem" 
	ssl.ec-curve = "secp384r1"
}

Virtual Server lighttpd with mod_simple_vhost §

To enable Virtual Server update the core configuration to include these three items. For this example all of our web-sites are stored under /var/www with no other document root. So the resultant web-root of cdn.edoceo.com /var/www/cdn.edoceo.com.

simple-vhost.server-root = "/var/www"
simple-vhost.default-host = "/var/www/cdn.edoceo.com"
simple-vhost.document-root = "/"

Configuring Logging

The configuration below will provide for access and error logging in a format that is compatible with the output in Apache virtualhosting logs. These are handy for use with awstats.

server.modules = (
    "mod_access",
    "mod_accesslog",
)
server.errorlog      = var.logdir  + "/error.log"
# log errors to syslog instead
#   server.errorlog-use-syslog = "enable"

accesslog.format   = "%V %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
accesslog.filename = var.logdir + "/access.log"

Configuring as CDN

When lighttpd will be functioning in a CDN it may be necessary to adjust some modules as well as add a few additional mime types.

We choose to disable almost all modules possible, here is a snip from lighttpd.conf

server.modules = (
  "mod_access",
  "mod_setenv",
  "mod_status",
  "mod_simple_vhost",
  "mod_accesslog"
)

# we comment this out because everything from the CDN is static
#static-file.exclude-extensions = (".php", ".pl", ".cgi", ".fcgi")

We also had to update the mime-types so lighttpd would return scripting language files as text. We added these lines to the mime-types.conf file distributed with lighttpd.

".dmg"          =>      "application/x-apple-diskimage",
# return these scripts as text
".php"          =>      "text/plain",
".pl"           =>      "text/plain",
".sh"           =>      "text/plain",

Gzip, Compress Content

Lighttpd can compress the content, and cache that, so subsequent requests can serve that. Adjust file-types as necessary.

$HTTP["host"] == "cdn.domain.ltd" {

	compress.cache-dir         = "/tmp/compress.tmp/"
	compress.filetype          = ("text/plain", "text/javascript", "text/css", "text/xml")

	setenv.add-response-header = (
		"Access-Control-Allow-Origin" => "*"
	)

}

See Also

Loading Comments from Disqus...