Author: smokeink. Date 2018-03-22 02:03:32, views: 287, Raw

yum install lighttpd lighttpd-fastcgi -y
vim /etc/lighttpd/lighttpd.conf
server.username  = "lighttpd"
server.groupname = "lighttpd"
server.use-ipv6 = "disable"
server.max-fds = 2048
server.max-fds Lighttpd is single-threaded server, its main resource limit is the number of file descriptors, which is set to 1024 by default (on most systems). To handle high traffic site set this to 2048.
ctrl-G in vim and Uncomment following line by removing starting # symbol.

include_shell "cat /etc/lighttpd/vhosts.d/*.conf"
If you prefer that lighttpd doesn't report its version number the server.tag should be set to just lighttpd:
server.tag = "lighttpd"
The next statement will return a 403 to every request that does not match any of the hosted domains domain1 and domain2 (instead of 404):
$HTTP["host"] !~ "(^|\.)domain1$|(^|\.)domain2$" {
    url.access-deny = ( "" )
debug.log-request-handling = "enable"
#redirect all http to https 
$HTTP["host"] !~ "^(demo|faq|help|forums|mail|www)\.(myhost\.com)$" {
    $HTTP["host"] =~ "^(.+\.)?(myhost\.com)$" {
        $HTTP["scheme"] == "http" {
             #capture vhost name with regex conditiona -> %0 in redirect    pattern must be the most inner block to the redirect rule
            $HTTP["host"] =~ ".*" {
                url.redirect = (".*" => "https://%0$0")
#ssl cert configuration 
$SERVER["socket"] == ":443" {
       ssl.engine = "enable"
       ssl.pemfile = "/etc/lighttpd/ssl/" = "/etc/lighttpd/ssl/CA_issuing.crt"
        setenv.add-environment = ( 
                "HTTPS" => "on"
#enable php fastcgi
fastcgi.server += ( ".php" =>   ### PHP-FPM Support
                "host" => "",
                "port" => "9000",
                "broken-scriptfilename" => "enable"                                                                                                                                   
vim /etc/lighttpd/modules.conf
Uncomment the modules that you like to have enabled:
server.modules = (
#  "mod_evasive",
#  "mod_setenv",
#  "mod_usertrack",
vim /etc/php.d/php.ini
archlin /etc/php/php.ini
for the following statement and change/add it in case it is missing/unset:
cgi.fix_pathinfo = 1
Otherwise fastcgi will not work.
vim /etc/lighttpd/vhosts.d/
$HTTP["host"] == "" {
        server.document-root = "/srv/www/"
        server.errorlog = "/srv/www/"
        accesslog.filename = "/srv/www/"
$HTTP["host"] == "" {
    server.document-root = "/srv/www/"
    server.errorlog = "/srv/www/"
    accesslog.filename = "/srv/www/"
    url.rewrite-once = ( "^/$" => "/index.php?route=common/home" )
    url.rewrite-if-not-file = ( "^/(.*)" => "/index.php?_route_=$1" )
In the file /etc/php.ini check if expose_php is disabled to prevent that PHP will provide to much information to the ouside world:
expose_php = Off
After making the configuration changes the directory for the fastcgi socket needs to be created
useradd lighttpd
mkdir -p /srv/www
mkdir /var/run/lighttpd
chown -R lighttpd:lighttpd /var/run/lighttpd
chown -R lighttpd:lighttpd /var/log/lighttpd
and permission for some directories need to be corrected as these belong to apache by default. These files can be found with the find command:
find / -user apache
find / -group apache
Change owner and/or user apache to lighttpd:
chown -R lighttpd:lighttpd /srv/www
in php.ini
mkdir /var/lib/php/session -p
session.save_path = "/var/lib/php/session" 
chown root:lighttpd /var/lib/php/session
vim /etc/php-fpm.d/www.conf
or archlinux
vim /etc/php/php-fpm.d/www.conf
user = lighttpd
group = lighttpd 
mkdir /etc/lighttpd/ssl/
cd /etc/lighttpd/ssl/
openssl req -new -newkey rsa:2048 -nodes -keyout -out
After creating CSR, Request an SSL certificate from any certificate providers like Geotrust, Comodo, Digicert or GoDaddy etc.  or create a self signed certificate for internal use. We do not recommend this for production sites.
openssl x509 -req -days 365 -in -signkey -out
Now create pem file by combining key file and certificate in one file
cat >
save then test configuration
lighttpd -t -f /etc/lighttpd/lighttpd.conf
service nginx stop
service lighttpd start
service php-fpm restart
chkconfig nginx off
chkconfig lighttpd on