, 1 min read
Configure Lighttpd With PHP and HTTPS
Original post is here eklausmeier.goip.de/blog/2021/05-29-configure-lighttpd-with-php-and-https.
I use the Hiawatha web-server on my servers. For example, this blog runs on Hiawatha. Recently I needed a web-server on Red Hat Enterprise. Unfortunately, Red Hat does not provide Hiawatha directly on its Satellite program, but Lighttpd was there. I also wanted to use PHP and the connection should be secure, i.e., I needed https.
I had written on the lines of code for Apache, Lighttpd, NGINX, and Hiawatha here: Set-Up Hiawatha Web-Server.
Below is the required config file for Lighttpd:
# See /usr/share/doc/lighttpd
# and http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ConfigurationOptions
server.port = 8080
server.username = "http"
server.groupname = "http"
server.document-root = "/srv/http"
server.errorlog = "/var/log/lighttpd/error.log"
dir-listing.activate = "enable"
index-file.names = ( "index.html", "index.php" )
mimetype.assign = (
".html" => "text/html",
".txt" => "text/plain",
".css" => "text/css",
".js" => "application/x-javascript",
".jpg" => "image/jpeg",
".jpeg" => "image/jpeg",
".gif" => "image/gif",
".png" => "image/png",
"" => "application/octet-stream"
)
#
# which extensions should not be handle via static-file transfer
#
# .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi
#
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".scgi" )
server.modules += ( "mod_openssl", "mod_status", "mod_fastcgi" )
status.config-url = "/config"
status.statistics-url = "/statistics"
$SERVER["socket"] == ":8443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/hiawatha/eklausmeier.goip.de.pem"
}
fastcgi.server = ( ".php" =>
( "php-local" =>
(
"socket" => "/tmp/php-fastcgi-1.socket",
"bin-path" => "/bin/php-cgi",
"max-procs" => 1,
"broken-scriptfilename" => "enable",
),
"php-num-procs" =>
(
"socket" => "/tmp/php-fastcgi-2.socket",
"bin-path" => "/bin/php-cgi",
"bin-environment" => (
"PHP_FCGI_CHILDREN" => "1",
"PHP_FCGI_MAX_REQUESTS" => "10000",
),
"max-procs" => 5,
"broken-scriptfilename" => "enable",
),
),
)
As I already run Hiawatha, the ports 80 and 443 are in use, so I switched to 8080 and 8443 instead. I re-use the certificate for Hiawatha, i.e., the PEM-file.
Processes are as follows:
$ ps -ef | grep lighttpd
root 154125 1 0 12:30 ? 00:00:00 /usr/bin/lighttpd-angel -D -f /etc/lighttpd/lighttpd.conf
http 154126 154125 0 12:30 ? 00:00:00 /usr/bin/lighttpd -D -f /etc/lighttpd/lighttpd.conf