I manage some
websites for car clubs I belong to. They had been paying for web
hosting and had some volunteers who knew not quite enough about maintaining and administrating
the sites. Having some prior experience with similar small club sites,
I volunteered to host them and admin them.With the first site, the pages were a train wreck of PHP and making even a small change on the existing pages caused the site to crash. Way back around the turn of the last century, I had a few Linux user’s groups that wanted a website, so I worked with Cynthia Manuel of Flamingo Internet Navigators to make a template for a web site that would be easy to maintain and easy to add static content. She developed templates that relied on Server Side Includes (SSI) and Cascading Style Sheets (CSS) to make administration and content additions simple and easy, so I ported all the content over to that template and hosted the site myself. Later, another car club needed the same assistance and I ported it over as well.
The web server I
chose initially was the venerable Apache web server. Setting up SSI
was a little complicated, but not too bad, but Apache seemed like
overkill and virtual hosts were a pain to configure. Enter the
Lighttpd webserver.
Configuration for
Lighttpd was pretty straightforward until it came time for virtual
hosts, so what follows is what I did to enable SSI and Virtual Hosts
(vhosts) as well as user-based directories and directory listings on the Lighttpd webserver. Part of the initial difficulty
was that all the documentation available seemingly addressed older versions
and it appears that the configuration options have changed quite a bit.
As of April 2020, this guide applies to Lighttpd version 1.4.53. I currently have it running on a Mageia7 64-bit dedicated server.
DEFAULT FILE LOCATIONS
The HTML files for each website are kept at /var/www/xxxx and /var/www/yyyy. In this way, if anyone just uses the IP address instead of the domain name, they only get the standard default page which simply says It works! You'll find the access and error logs at /var/log/lighttpd. The configuration files are at /etc/lighttpd.
ENABLE SSI
To configure lighttpd for my use, it’s necessary to enable the modules I will be using by simply editing /etc/lighttpd/modules.conf and un-commenting the entries for SGCI and mod_simple_host.
ENABLE VIRTUAL HOSTS
To create the actual virtual hosts, I created a new directory, /etc/lighttpd/vhosts.d and in that directory (enable it in lighttpd.conf under "custom includes"), I created two files, xxxx.conf and yyyy.conf.
As of April 2020, this guide applies to Lighttpd version 1.4.53. I currently have it running on a Mageia7 64-bit dedicated server.
DEFAULT FILE LOCATIONS
The HTML files for each website are kept at /var/www/xxxx and /var/www/yyyy. In this way, if anyone just uses the IP address instead of the domain name, they only get the standard default page which simply says It works! You'll find the access and error logs at /var/log/lighttpd. The configuration files are at /etc/lighttpd.
ENABLE SSI
To configure lighttpd for my use, it’s necessary to enable the modules I will be using by simply editing /etc/lighttpd/modules.conf and un-commenting the entries for SGCI and mod_simple_host.
ENABLE VIRTUAL HOSTS
To create the actual virtual hosts, I created a new directory, /etc/lighttpd/vhosts.d and in that directory (enable it in lighttpd.conf under "custom includes"), I created two files, xxxx.conf and yyyy.conf.
In those files, I
added the following information:
#xxxx.conf
$HTTP["host"]
=~ "(^|\.)xxx\.com$" {
server.document-root
= "/var/www/html/xxxx"
}
#yyyy.conf
$HTTP["host"]
=~ "(^|\.)yyyy\.org$" {
server.document-root
= "/var/www/html/yyyy"
}
To make those files
available to the webserver, I needed to add the following to
/etc/lighttpd/lighttpd.conf
include
"vhosts.conf/xxxx.conf"
include
"vhosts.conf/yyyy.conf"
There is, of course,
much greater flexibility in writing these configuration files and
many more features that can be enabled
in Lighttpd and they are about as easy as my example. If you need more flexibility with virtual hosts, it
is possible to have the virtual hosts kept in a mysql
database.
ALLOW USER-BASED DIRECTORIES
To set up user-based directories, I followed the instructions here. The file to edit for the options you desire is /etc/lighttpd/conf.d/userdir.conf. I restricted use of this feature to a user set up solely to host the files that are stored there. You then need to un-comment the appropriate line in /etc/lighttpd/modules.conf and restart the server. By default, the files will be served as www.domainname.com/~username from ~/public_html. See the page referenced above if you want to use some other path. The ~/public_html directory should have permissions of 750 and be owned as user:apache.
To access the user-based directories, you craft the URL like this: http://www.domain.name/~username/
DISPLAY A DIRECTORY LISTING
To enable a directory listing for files, all you need to do is edit /etc/lighttpd/conf.d/dirlisting.conf to change dir-listing.activate = "disable" to "enable" and restart lighttpd. This will only display a file list if the directory does not have an index file.
File Permissions and Ownership
Know the correct file permissions has always seemed problematic since standards for this have evolved over time and good security practices appear to give way to expedience for new users. For example, if problems arise getting pages to display properly or at all, the quick but foolish method seems to be to change all file permissions to 777. This of course, opens your webserver to anybody, even a malicious user. As well, the Apache webserver in its first version, owned the files in /var/www as apache:apache, but Apache2 wants to see them as owned by www-data:www-data. As provided by Mageia, the server.username and server.groupname are coded as apache in lighttpd.conf. You may change them to www-data if you wish as long as you add www-data to /etc/group; it really won't affect how lighttpd runs.
There's a good discussion at ServerFault dealing with the file permission issues. For Mageia, the ownership should be apache:apache with directory permission set to 770 (or 550) and file permissions set to 660 (or 440). There are also instructions on how to set groups and permissions if you have multiple people allowed to access and change the web content.
The Lighttpd website recommends 550 for directories and 440 for files, aka r-x and r-- respectively. You can easily do this with the following:
$ sudo find /var/www -type d -exec chmod 550 {} + ;
$ sudo find /var/www -type f -exec chmod 440 {} + ;
Lighttpd-angel
Lighttpd is actually launched but root by running the lighttpd-angel binary whose job it is to launch the lighttpd server binary and keep it running. This improves security since root is not running the server itself and the lighttpd user only has access to the files in /var/www.
Manually Start and Stop Lighttpd
As mentioned above, lighttpd-angel is used to control the server binary and will re-start the server automatically unless command re issued through lighttpd-angel.
# lighttpd-angel SIGTERM
to initiate immediate shutdown of the server.
# lighttpd-angel SIGINT
to initiate graceful shutdown of the server.
# lighttpd-angel SIGHUP
to initiate graceful restart of the server.
# lighttpd-angel SIGUSR1
to initiate graceful reload of the server's configuration file.
You can also use the SysV frontend to SystemD or SystemD in the as follows.
$ sudo service lighttpd {start|stop|status}
Or systemd as follows,
ALLOW USER-BASED DIRECTORIES
To set up user-based directories, I followed the instructions here. The file to edit for the options you desire is /etc/lighttpd/conf.d/userdir.conf. I restricted use of this feature to a user set up solely to host the files that are stored there. You then need to un-comment the appropriate line in /etc/lighttpd/modules.conf and restart the server. By default, the files will be served as www.domainname.com/~username from ~/public_html. See the page referenced above if you want to use some other path. The ~/public_html directory should have permissions of 750 and be owned as user:apache.
To access the user-based directories, you craft the URL like this: http://www.domain.name/~username/
DISPLAY A DIRECTORY LISTING
To enable a directory listing for files, all you need to do is edit /etc/lighttpd/conf.d/dirlisting.conf to change dir-listing.activate = "disable" to "enable" and restart lighttpd. This will only display a file list if the directory does not have an index file.
File Permissions and Ownership
Know the correct file permissions has always seemed problematic since standards for this have evolved over time and good security practices appear to give way to expedience for new users. For example, if problems arise getting pages to display properly or at all, the quick but foolish method seems to be to change all file permissions to 777. This of course, opens your webserver to anybody, even a malicious user. As well, the Apache webserver in its first version, owned the files in /var/www as apache:apache, but Apache2 wants to see them as owned by www-data:www-data. As provided by Mageia, the server.username and server.groupname are coded as apache in lighttpd.conf. You may change them to www-data if you wish as long as you add www-data to /etc/group; it really won't affect how lighttpd runs.
There's a good discussion at ServerFault dealing with the file permission issues. For Mageia, the ownership should be apache:apache with directory permission set to 770 (or 550) and file permissions set to 660 (or 440). There are also instructions on how to set groups and permissions if you have multiple people allowed to access and change the web content.
The Lighttpd website recommends 550 for directories and 440 for files, aka r-x and r-- respectively. You can easily do this with the following:
$ sudo find /var/www -type d -exec chmod 550 {} + ;
$ sudo find /var/www -type f -exec chmod 440 {} + ;
Lighttpd-angel
Lighttpd is actually launched but root by running the lighttpd-angel binary whose job it is to launch the lighttpd server binary and keep it running. This improves security since root is not running the server itself and the lighttpd user only has access to the files in /var/www.
Manually Start and Stop Lighttpd
As mentioned above, lighttpd-angel is used to control the server binary and will re-start the server automatically unless command re issued through lighttpd-angel.
# lighttpd-angel SIGTERM
to initiate immediate shutdown of the server.
# lighttpd-angel SIGINT
to initiate graceful shutdown of the server.
# lighttpd-angel SIGHUP
to initiate graceful restart of the server.
# lighttpd-angel SIGUSR1
to initiate graceful reload of the server's configuration file.
You can also use the SysV frontend to SystemD or SystemD in the as follows.
$ sudo service lighttpd {start|stop|status}
Or systemd as follows,
$ sudo systemctl {start|stop|status} lighttpd.service
And set the server to automatically run in the same manner.
$ sudo chkconfig lighttpd on
Or,
$ sudo systemctl enable lighttpd.service
RESOURCES
Lighttpd Homepage
Lighttpd Wiki
How to Support
Configuration per Virtual Host
A more elaborate procedure to configure multiple virtual host with differing configurations.
A more elaborate procedure to configure multiple virtual host with differing configurations.
http://redmine.lighttpd.net/projects/1/wiki/docs_moduserdir
How to Enable File Lists in Directories
https://redmine.lighttpd.net/projects/1/wiki/Docs_ModDirlisting
ServerFault Web Server File Permissions
https://serverfault.com/questions/357108/what-permissions-should-my-website-files-folders-have-on-a-linux-webserver
Lighttpd PHP fastcgi Configuration
https://www.cyberciti.biz/tips/lighttpd-php-fastcgi-configuration.html
Complete Setup Tutorial - Lightppd on UBUNTU
http://www.linuxandubuntu.com/home/complete-setup-tutorial-for-lighttpd-a-lightweight-web-server
How to Enable File Lists in Directories
https://redmine.lighttpd.net/projects/1/wiki/Docs_ModDirlisting
ServerFault Web Server File Permissions
https://serverfault.com/questions/357108/what-permissions-should-my-website-files-folders-have-on-a-linux-webserver
Lighttpd PHP fastcgi Configuration
https://www.cyberciti.biz/tips/lighttpd-php-fastcgi-configuration.html
Complete Setup Tutorial - Lightppd on UBUNTU
http://www.linuxandubuntu.com/home/complete-setup-tutorial-for-lighttpd-a-lightweight-web-server
Comments