Lighttpd both http and https


We can configure both http & https on lighttpd webserver.

Use following configuration to serve both http & https requests:

server.document-root = "/var/www"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
accesslog.filename = "/var/log/lighttpd/access.log"
server.errorlog = "/var/log/lighttpd/error.log" = "/var/run/"
server.username = "www-data"
server.groupname = "www-data"
server.port = 80

#Configuration for https
$SERVER["socket"] == ":443" {
  ssl.engine = "enable"
  ssl.pemfile = "/etc/lighttpd/certs/"

In above configuration file should contain both the private key and the certificate.

After updating lighttpd.conf file restart lighttpd:

$ service lighttpd restart

After restarting both http & https should work for your host.

Linghttpd – unknown config-key: accesslog.filename

Recently I faced wearied scenario where I am unable to view access logs of lighttpd.

Even though after adding accesslog.filename = “/var/log/lighttpd/access.log” line in lighttpd.conf file logs are not getting updated in lighttpd.conf file

After debugging for a while I seen following error in /var/log/lighttpd/error.log:

WARNING: unknown config-key: accesslog.filename (ignored)

To fix this issue I adding “mod_accesslog” to servers.modules in lighttpd.conf file & restarted lighttpd. After that issue got resolved.

Following is my server.modules after adding mod_accesslog:

server.modules = (

lighttpd – allow/block ip range


To allow some or multiple ip rages use below code:

$HTTP["remoteip"] =~ "192\.168\.1\.*|10\.2\.20\.*" {
    server.document-root = "/var/www"

Above code will allow only 192.18.1.* and 10.2.20.* ip rages and blocks all other ip’s.

To block some or multiple ip ragnes use below code

$HTTP["remoteip"] =~ "192\.168\.1\.*|10\.2\.20\.*" {
    url.access-deny = ( "" )

Above code will block 192.168.1.* and 10.2.20.* ip rages and allow all other ip’s.

Lighttpd – block user agent


In lighttpd we can block or deny access to a specific user agent.

Syntax to block user agent:

$HTTP["useragent"] =~ "User agent name" {url.access-deny = ( "" )}

where “User agent name” is any user agent.


$HTTP["useragent"] =~ "Xenu Link Sleuth" {url.access-deny = ( "" )}

Above example will block all requests with user agent name “Xenu Link Sleuth”.