29th May 2021, 1 min read

Configure Lighttpd With PHP and HTTPS

Original post is here eklausmeier.goip.de/blog/2021/05-29-configure-lighttpd-with-php-and-https.

I use the Hiawatha web-server on my servers. For example, this blog runs on Hiawatha. Recently I needed a web-server on Red Hat Enterprise. Unfortunately, Red Hat does not provide Hiawatha directly on its Satellite program, but Lighttpd was there. I also wanted to use PHP and the connection should be secure, i.e., I needed https.

I had written on the lines of code for Apache, Lighttpd, NGINX, and Hiawatha here: Set-Up Hiawatha Web-Server.

Below is the required config file for Lighttpd:

# See /usr/share/doc/lighttpd
# and http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ConfigurationOptions

server.port		= 8080
server.username		= "http"
server.groupname	= "http"
server.document-root	= "/srv/http"
server.errorlog		= "/var/log/lighttpd/error.log"
dir-listing.activate	= "enable"
index-file.names	= ( "index.html", "index.php" )
mimetype.assign		= (
                ".html" => "text/html",
                ".txt" => "text/plain",
                ".css" => "text/css",
                ".js" => "application/x-javascript",
                ".jpg" => "image/jpeg",
                ".jpeg" => "image/jpeg",
                ".gif" => "image/gif",
                ".png" => "image/png",
                "" => "application/octet-stream"
            )

#
# which extensions should not be handle via static-file transfer
#
# .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi
#
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".scgi" )


server.modules += ( "mod_openssl", "mod_status", "mod_fastcgi" )
status.config-url = "/config"
status.statistics-url = "/statistics"

$SERVER["socket"] == ":8443" {
    ssl.engine = "enable" 
    ssl.pemfile = "/etc/hiawatha/eklausmeier.goip.de.pem" 
}


fastcgi.server = ( ".php" =>
    ( "php-local" =>
        (
            "socket" => "/tmp/php-fastcgi-1.socket",
            "bin-path" => "/bin/php-cgi",
            "max-procs" => 1,
            "broken-scriptfilename" => "enable",
        ),
      "php-num-procs" =>
        (
            "socket" => "/tmp/php-fastcgi-2.socket",
            "bin-path" => "/bin/php-cgi",
            "bin-environment" => (
                "PHP_FCGI_CHILDREN" => "1",
                "PHP_FCGI_MAX_REQUESTS" => "10000",
            ),
            "max-procs" => 5,
            "broken-scriptfilename" => "enable",
        ),
    ),
)

As I already run Hiawatha, the ports 80 and 443 are in use, so I switched to 8080 and 8443 instead. I re-use the certificate for Hiawatha, i.e., the PEM-file.

Processes are as follows:

$ ps -ef | grep lighttpd
root      154125       1  0 12:30 ?        00:00:00 /usr/bin/lighttpd-angel -D -f /etc/lighttpd/lighttpd.conf
http      154126  154125  0 12:30 ?        00:00:00 /usr/bin/lighttpd -D -f /etc/lighttpd/lighttpd.conf