Lighttpd is a high performance web-server that can serve well as an "asset server". Lighttpd also works very well as a CGI server for FastCGI or even RoR. When implemented we saw a large reduction in load on our primary web server and increased performance of our sites as a whole.
Installing lighttpd
Simply set the USE flags and emerge, this is what ours looks like.
emerge -pv lighttpd [ebuild N ] www-servers/lighttpd-1.4.20 USE="bzip2 -doc -fam -fastcgi \ gdbm ipv6 -ldap -lua -memcache -minimal -mysql pcre -php -rrdtool ssl \ -test -webdav xattr" 604 kB
Caching & Expires Header
Put this configuration, generally after host configs. Adjust the extensions as necessary.
$HTTP["url"] =~ "\.(css|gif|jpeg|jpg|png|js)$" {
expire.url = ( "" => "access 3 days" )
etag.use-inode = "enable"
etag.use-mtime = "enable"
etag.use-size = "enable"
static-file.etags = "enable"
}
Configuring SSL
We are assuming that keys have already been generated using openssl. We simply concatinate the key and certificate files as a "pem" and hand that to Lighttpd.
cd /etc/lighttpd cat example.com.key example.com.crt > example.com.pem chmod 0400 example.com.key example.com.pem
Update the Lighttpd configuration accordingly. The ca-file directive is only necessary if the issuing certificate authority says so.
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/example.com.pem"
ssl.ca-file = "/etc/lighttpd/example.com_CA.crt"
ssl.use-compression = "disable"
ssl.use-sslv3 = "disable"
ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
ssl.dh-file = "/etc/ssl/certs/dhparam.pem"
ssl.ec-curve = "secp384r1"
}
Virtual Server lighttpd with mod_simple_vhost
To enable Virtual Server update the core configuration to include these three items.
For this example all of our web-sites are stored under /var/www with no other document root.
So the resultant web-root of cdn.edoceo.com /var/www/cdn.edoceo.com.
simple-vhost.server-root = "/var/www" simple-vhost.default-host = "/var/www/cdn.edoceo.com" simple-vhost.document-root = "/"
Configuring Logging ¶
The configuration below will provide for access and error logging in a format that is compatible with the output in Apache virtualhosting logs. These are handy for use with awstats.
server.modules = (
"mod_access",
"mod_accesslog",
)
server.errorlog = var.logdir + "/error.log"
# log errors to syslog instead
# server.errorlog-use-syslog = "enable"
accesslog.format = "%V %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
accesslog.filename = var.logdir + "/access.log"
Configuring as CDN
When lighttpd will be functioning in a CDN it may be necessary to adjust some modules as well as add a few additional mime types.
We choose to disable almost all modules possible, here is a snip from lighttpd.conf
server.modules = (
"mod_access",
"mod_setenv",
"mod_status",
"mod_simple_vhost",
"mod_accesslog"
)
# we comment this out because everything from the CDN is static
#static-file.exclude-extensions = (".php", ".pl", ".cgi", ".fcgi")
We also had to update the mime-types so lighttpd would return scripting language files as text. We added these lines to the mime-types.conf file distributed with lighttpd.
".dmg" => "application/x-apple-diskimage", # return these scripts as text ".php" => "text/plain", ".pl" => "text/plain", ".sh" => "text/plain",
Gzip, Compress Content
Lighttpd can compress the content, and cache that, so subsequent requests can serve that. Adjust file-types as necessary.
$HTTP["host"] == "cdn.domain.ltd" {
compress.cache-dir = "/tmp/compress.tmp/"
compress.filetype = ("text/plain", "text/javascript", "text/css", "text/xml")
setenv.add-response-header = (
"Access-Control-Allow-Origin" => "*"
)
}