Lighttpd both http and https

 

We can configure both http & https on lighttpd webserver.

Use following configuration to serve both http & https requests:

server.document-root = "/var/www"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
accesslog.filename = "/var/log/lighttpd/access.log"
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 80

#Configuration for https
$SERVER["socket"] == ":443" {
  ssl.engine = "enable"
  ssl.pemfile = "/etc/lighttpd/certs/www.example.com.pem"
}

In above configuration http://www.example.com.pem file should contain both the private key and the certificate.

After updating lighttpd.conf file restart lighttpd:

$ service lighttpd restart

After restarting both http & https should work for your host.

Linghttpd – unknown config-key: accesslog.filename

Recently I faced wearied scenario where I am unable to view access logs of lighttpd.

Even though after adding accesslog.filename = “/var/log/lighttpd/access.log” line in lighttpd.conf file logs are not getting updated in lighttpd.conf file

After debugging for a while I seen following error in /var/log/lighttpd/error.log:

WARNING: unknown config-key: accesslog.filename (ignored)

To fix this issue I adding “mod_accesslog” to servers.modules in lighttpd.conf file & restarted lighttpd. After that issue got resolved.

Following is my server.modules after adding mod_accesslog:

server.modules = (
  "mod_access",
  "mod_alias",
  "mod_compress",
  "mod_redirect",
  "mod_accesslog",
  "mod_rewrite",
)

lighttpd – allow/block ip range

 

To allow some or multiple ip rages use below code:

$HTTP["remoteip"] =~ "192\.168\.1\.*|10\.2\.20\.*" {
    server.document-root = "/var/www"
}

Above code will allow only 192.18.1.* and 10.2.20.* ip rages and blocks all other ip’s.

To block some or multiple ip ragnes use below code

$HTTP["remoteip"] =~ "192\.168\.1\.*|10\.2\.20\.*" {
    url.access-deny = ( "" )
}

Above code will block 192.168.1.* and 10.2.20.* ip rages and allow all other ip’s.

Lighttpd – block user agent

 

In lighttpd we can block or deny access to a specific user agent.

Syntax to block user agent:

$HTTP["useragent"] =~ "User agent name" {url.access-deny = ( "" )}

where “User agent name” is any user agent.

Example:

$HTTP["useragent"] =~ "Xenu Link Sleuth" {url.access-deny = ( "" )}

Above example will block all requests with user agent name “Xenu Link Sleuth”.