Author: smokeink. Date 2018-03-22 02:03:32, views: 207, Raw

Увеличить
yum install lighttpd lighttpd-fastcgi -y
 
vim /etc/lighttpd/lighttpd.conf
 
server.username  = "lighttpd"
server.groupname = "lighttpd"
 
server.use-ipv6 = "disable"
server.max-fds = 2048
 
server.max-fds Lighttpd is single-threaded server, its main resource limit is the number of file descriptors, which is set to 1024 by default (on most systems). To handle high traffic site set this to 2048.
 
ctrl-G in vim and Uncomment following line by removing starting # symbol.

include_shell "cat /etc/lighttpd/vhosts.d/*.conf"
If you prefer that lighttpd doesn't report its version number the server.tag should be set to just lighttpd:
 
server.tag = "lighttpd"
 
The next statement will return a 403 to every request that does not match any of the hosted domains domain1 and domain2 (instead of 404):
 
$HTTP["host"] !~ "(^|\.)domain1$|(^|\.)domain2$" {
    url.access-deny = ( "" )
}
 
 
debug.log-request-handling = "enable"
#redirect all http to https 
$HTTP["host"] !~ "^(demo|faq|help|forums|mail|www)\.(myhost\.com)$" {
    $HTTP["host"] =~ "^(.+\.)?(myhost\.com)$" {
        $HTTP["scheme"] == "http" {
             #capture vhost name with regex conditiona -> %0 in redirect    pattern must be the most inner block to the redirect rule
            $HTTP["host"] =~ ".*" {
                url.redirect = (".*" => "https://%0$0")
            }   
        }   
    }   
}
#ssl cert configuration 
$SERVER["socket"] == ":443" {
       ssl.engine = "enable"
       ssl.pemfile = "/etc/lighttpd/ssl/myhost.com.pem"
       #ssl.ca-file = "/etc/lighttpd/ssl/CA_issuing.crt"
 
        setenv.add-environment = ( 
                "HTTPS" => "on"
        )   
}
#enable php fastcgi
fastcgi.server += ( ".php" =>   ### PHP-FPM Support
        ((  
                "host" => "127.0.0.1",
                "port" => "9000",
                "broken-scriptfilename" => "enable"                                                                                                                                   
        ))
)
 
vim /etc/lighttpd/modules.conf
Uncomment the modules that you like to have enabled:
 
server.modules = (
  "mod_access",
  "mod_alias",
  "mod_auth",
#  "mod_evasive",
  "mod_redirect",
  "mod_rewrite",
#  "mod_setenv",
#  "mod_usertrack",
  "mod_simple_vhost",
  "mod_fastcgi"
)
 
vim /etc/php.d/php.ini
archlin /etc/php/php.ini
for the following statement and change/add it in case it is missing/unset:
 
cgi.fix_pathinfo = 1
 
Otherwise fastcgi will not work.
 
vim /etc/lighttpd/vhosts.d/myhost.com.conf
$HTTP["host"] == "myhost.com" {
        server.document-root = "/srv/www/myhost.com/public_html"
        server.errorlog = "/srv/www/myhost.com/log/myhost.com-error.log"
        accesslog.filename = "/srv/www/myhost.com/log/myhost.com-access.log"
}  
 
 
/etc/lighttpd/vhosts.d/dev.myhost.com.conf
$HTTP["host"] == "dev.myhost.com" {
    server.document-root = "/srv/www/dev.myhost.com/public_html"
    server.errorlog = "/srv/www/dev.myhost.com/log/dev.myhost.com-error.log"
    accesslog.filename = "/srv/www/dev.myhost.com/log/dev.myhost.com-access.log"
    url.rewrite-once = ( "^/$" => "/index.php?route=common/home" )
    url.rewrite-if-not-file = ( "^/(.*)" => "/index.php?_route_=$1" )
}
 
In the file /etc/php.ini check if expose_php is disabled to prevent that PHP will provide to much information to the ouside world:
 
expose_php = Off
 
After making the configuration changes the directory for the fastcgi socket needs to be created
 
useradd lighttpd
mkdir -p /srv/www
 
mkdir /var/run/lighttpd
chown -R lighttpd:lighttpd /var/run/lighttpd
chown -R lighttpd:lighttpd /var/log/lighttpd
 
and permission for some directories need to be corrected as these belong to apache by default. These files can be found with the find command:
 
find / -user apache
find / -group apache
 
Change owner and/or user apache to lighttpd:
 
chown -R lighttpd:lighttpd /srv/www
in php.ini
mkdir /var/lib/php/session -p
session.save_path = "/var/lib/php/session" 
 
chown root:lighttpd /var/lib/php/session
 
vim /etc/php-fpm.d/www.conf
or archlinux
vim /etc/php/php-fpm.d/www.conf
 
user = lighttpd
group = lighttpd 
 
mkdir /etc/lighttpd/ssl/
cd /etc/lighttpd/ssl/
 
openssl req -new -newkey rsa:2048 -nodes -keyout myhost.com.key -out myhost.com.csr
 
After creating CSR, Request an SSL certificate from any certificate providers like Geotrust, Comodo, Digicert or GoDaddy etc.  or create a self signed certificate for internal use. We do not recommend this for production sites.
 
openssl x509 -req -days 365 -in myhost.com.csr -signkey myhost.com.key -out myhost.com.crt
 
Now create pem file by combining key file and certificate in one file
 
cat myhost.com.key  myhost.com.crt > myhost.com.pem
 
save then test configuration
 
lighttpd -t -f /etc/lighttpd/lighttpd.conf
 
service nginx stop
service lighttpd start
service php-fpm restart
 
chkconfig nginx off
chkconfig lighttpd on