{"id":3392,"date":"2023-02-22T07:15:51","date_gmt":"2023-02-22T12:15:51","guid":{"rendered":"https:\/\/dft.wiki\/?p=3392"},"modified":"2025-04-16T22:00:58","modified_gmt":"2025-04-17T02:00:58","slug":"setting-up-lighttpd-on-ubuntu-20-04-and-22-04","status":"publish","type":"post","link":"https:\/\/dft.wiki\/?p=3392","title":{"rendered":"Setting Up LIGHTtpd with PHP on Ubuntu"},"content":{"rendered":"

Lighttpd<\/strong> [Link<\/a>] uses fewer resources than Apache2<\/strong> or Nginx<\/strong>, making it ideal for handling a lot of traffic with less memory and CPU.<\/p>\n

It’s a great choice for low-powered devices like the Raspberry Pi Zero. While other web servers can work too, Lighttpd will likely perform better on such limited hardware.<\/p>\n

\n

INSTALLING WEB SERVER PLUS PHP<\/strong><\/p>\n

sudo apt update && sudo apt upgrade -y\r\nsudo apt install lighttpd -y<\/pre>\n
sudo apt install php7.4 php7.4-fpm php7.4-mysql php7.4-cli php7.4-curl php7.4-xml curl -y<\/pre>\n
sudo nano \/etc\/php\/7.4\/fpm\/pool.d\/www.conf<\/pre>\n
;listen = \/run\/php\/php7.4-fpm.sock\r\nlisten = 127.0.0.1:9000<\/pre>\n
                #\"bin-path\" => \"\/usr\/bin\/php-cgi\",\r\n                #\"socket\" => \"\/var\/run\/lighttpd\/php.socket\",\r\n                \"host\" => \"127.0.0.1\",\r\n                \"port\" => \"9000\",<\/pre>\n
sudo lighty-enable-mod fastcgi\r\nsudo lighty-enable-mod fastcgi-php\r\nsudo systemctl restart lighttpd php7.4-fpm<\/pre>\n
rm \/var\/www\/html\/index.lighttpd.html\r\necho '<?php echo \"HTTP_HOST: \" . $_SERVER[\"HTTP_HOST\"] . \" SERVER_NAME: \" . $_SERVER[\"SERVER_NAME\"] ?>' | sudo tee \/var\/www\/html\/index.php\r\nsudo chown -R www-data: \/var\/www\/html\/\r\nsudo chmod -R 755 \/var\/www\/html\/<\/pre>\n
At this point, any HTTP request to this server will be served with the same page. Consider using Virtual Hosts to server multiple sites based on its Host header.<\/p>\n
\n
SETTING A VIRTUAL HOST<\/strong><\/p>\n
sudo nano \/etc\/lighttpd\/lighttpd.conf<\/pre>\n
...\r\ninclude_shell \"\/usr\/share\/lighttpd\/create-mime.conf.pl\"\r\ninclude_shell \"cat \/etc\/lighttpd\/vhosts.d\/*.conf\"<\/strong>\r\ninclude \"\/etc\/lighttpd\/conf-enabled\/*.conf\"\r\n...<\/pre>\n
sudo mkdir -p \/etc\/lighttpd\/vhosts.d\/\r\nsudo nano \/etc\/lighttpd\/vhosts.d\/localhost.conf<\/pre>\n
$HTTP[\"host\"] =~ \"(^|.)localhost$\" {\r\n    server.document-root = \"\/var\/www\/html\/localhost\"\r\n}<\/pre>\n
sudo mkdir -p \/var\/www\/html\/localhost\r\necho 'VHOST: localhost' | sudo tee \/var\/www\/html\/localhost\/index.html<\/pre>\n
sudo lighttpd -t -f \/etc\/lighttpd\/lighttpd.conf && sudo systemctl restart lighttpd.service<\/pre>\n
curl http:\/\/127.0.0.1\r\ncurl http:\/\/localhost<\/pre>\n
While the first request is served with the default site, the second request will be served with a different content.<\/p>\n
\n
DEPLOYING A SELF-SIGNED CERTIFICATE<\/strong><\/p>\n
Replace the fake domain example.com<\/code> accordingly.<\/p>\n
sudo mkdir -p \/etc\/lighttpd\/ssl\/example.com<\/strong>\r\ncd \/etc\/lighttpd\/ssl\/example.com<\/strong>\r\nsudo apt install lighttpd-mod-openssl -y\r\nsudo lighttpd-enable-mod ssl\r\nsudo openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes\r\nsudo nano \/etc\/lighttpd\/conf-enabled\/10-ssl.conf<\/pre>\n
# \/usr\/share\/doc\/lighttpd\/ssl.txt\r\nserver.modules += ( \"mod_openssl\" )\r\n$HTTP[\"scheme\"] == \"http\" {\r\n    $HTTP[\"host\"] =~ \".*\" {\r\n        url.redirect = (\".*\" => \"https:\/\/%0$0\")\r\n    }\r\n}\r\n$SERVER[\"socket\"] == \"0.0.0.0:443\" {\r\n        ssl.engine  = \"enable\"\r\n        ssl.pemfile = \"\/etc\/lighttpd\/ssl\/domain.com<\/strong>\/server.pem\"\r\n        ssl.cipher-list = \"HIGH\"\r\n}<\/pre>\n
sudo lighttpd -t -f \/etc\/lighttpd\/lighttpd.conf && sudo systemctl restart lighttpd.service<\/pre>\n
\n
ISSUING A FREE PUBLIC CERTIFICATE<\/strong><\/p>\n
Replace the fake domain example.com<\/code> with a real public domain that has a record that points to the web server.<\/p>\n
add-apt-repository ppa:certbot\/certbot && sudo apt install certbot -y\r\nsudo lighttpd-enable-mod ssl\r\nsudo certbot certonly --webroot -w \/var\/www\/html -d example.com<\/strong> -d www.example.com<\/strong>\r\nls -l \/etc\/letsencrypt\/live\/example.com<\/strong>\r\nsudo nano \/etc\/lighttpd\/lighttpd.conf<\/pre>\n
# \/usr\/share\/doc\/lighttpd\/ssl.txt\r\nserver.modules += ( \"mod_openssl\" )\r\n$HTTP[\"scheme\"] == \"http\" {\r\n    $HTTP[\"host\"] =~ \".*\" {\r\n        url.redirect = (\".*\" => \"https:\/\/%0$0\")\r\n    }\r\n}\r\n$SERVER[\"socket\"] == \"0.0.0.0:443\" {\r\n        ssl.engine  = \"enable\"\r\n        ssl.pemfile = \"\/etc\/letsencrypt\/live\/example.com<\/strong>\/fullchain.pem\"\r\n        ssl.privkey = \"\/etc\/letsencrypt\/live\/example.com<\/strong>\/privkey.pem\"\r\n        ssl.cipher-list = \"HIGH\"\r\n}<\/pre>\n
sudo lighttpd -t -f \/etc\/lighttpd\/lighttpd.conf && sudo systemctl restart lighttpd.service<\/pre>\n
\n
RENEWING THE PUBLIC CERTIFICATE<\/strong><\/p>\n
Certbot (that used Let’s Encrypt) does not automatically renew he free 90 days public certificates.<\/p>\n
Follows the manual renewal command that can be easily scheduled to periodically happens as a cronjob:<\/p>\n
sudo certbot renew --force-renewal -d example.com<\/strong> -d www.example.com<\/strong><\/pre>\n
\n
BONUS<\/strong><\/p>\n
Reverse proxy for a VHOST:<\/p>\n
$HTTP[\"host\"] =~ \"(^|.)example.com$\" {\r\n    proxy.server = ( \"\" => ( ( \"host\" => \"127.0.0.1\", \"port\" => 8080 ) ) )\r\n}<\/pre>\n
Reverse proxy for a PATH rewriting the HEADER:<\/p>\n
$HTTP[\"url\"] =~ \"(^\/path)\" {\r\n    proxy.header = ( \"map-urlpath\" => ( \"\/path\" => \"\/\") )\r\n    proxy.server = ( \"\" => ( ( \"host\" => \"127.0.0.1\", \"port\" => 8080 ) ) )\r\n}<\/pre>\n
Another way of creating a self-signed certificate would be:<\/p>\n
sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout \/etc\/ssl\/private\/apache-selfsigned.key -out \/etc\/ssl\/certs\/apache-selfsigned.crt<\/pre>\n
Note:<\/strong> the different file output format.<\/p>\n
\n
REFLECTIONS<\/strong><\/p>\n
Lighttpd is a lightweight web server that’s great for low-resource systems. For better performance and security, it’s a good idea to place it behind a reverse proxy that handles SSL\/TLS encryption. Using a CDN like Cloudflare can help protect your site and take care of encrypted connections.<\/p>\n
Also, make sure to tighten your firewall settings\u2014only allow the traffic you really need. If you’re using a CDN, restrict access so only the CDN’s IP ranges can connect.<\/p>\n
If your site handles sensitive data (like passwords), you should at least use a self-signed certificate to provide basic encryption.<\/p>\n","protected":false},"excerpt":{"rendered":"
Lighttpd [Link] uses fewer resources than Apache2 or Nginx, making it ideal for handling a […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,6],"tags":[],"class_list":["post-3392","post","type-post","status-publish","format-standard","hentry","category-linux","category-raspberry-pi"],"_links":{"self":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/3392","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3392"}],"version-history":[{"count":9,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/3392\/revisions"}],"predecessor-version":[{"id":4817,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/3392\/revisions\/4817"}],"wp:attachment":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3392"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3392"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3392"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}