View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions Lighty and SSL. Works good - separately..
Log in to Ask a Question

Lighty and SSL. Works good - separately..

general

Hi,

I'm a bit out of my league here so I was wondering how I might go about this.. First, my goal: run 2 instances of lighttpd - one SSL and the other non-SSL.

I got instructions here:

http://wiki.archlinux.org/index.php/Lig … ghttpd_SSL">http://wiki.archlinux.org/index.php/LighttpdForBothSSLAndNon-SSL#LighttpdSSL

Only problem is that the instructions don't seem to work with Debian. Specifically:

> Step 2: Copy things

Now we need to setup a seperate config script, and init script for the ssl version.

[[root@computer]]$ cp /usr/sbin/lighttpd /usr/sbin/lighttpd-ssl

[[root@computer]]$ cp /etc/rc.d/lighttpd /etc/rc.d/lighttpd-ssl

[[root@computer]]$ cp /etc/conf.d/lighttpd /etc/conf.d/lighttpd-ssl

[[root@computer]]$ cp /etc/lighttpd/lighttpd.conf /etc/lighttpd/lighttpd-ssl.conf

rc.d and conf.d don't exist on my Debian system. Only rc.local, rc0.d, rc1.d, etc.. Is there a way to copy & manage all the K20lighttpd's in each of these directories or am I going to have to manually copy & edit every single one of them?

5 Replies

On Debian, startup scripts go into /etc/init.d. You can use update-rc.d to set up the symbolic links from /etc/rcN.d, e.g.

update-rc.d lighttpd-ssl defaults

If you installed lighttpd using apt-get, there will already be one startup script installed. That script references a .conf file in /etc/lighttpd.

Roy

You don't need to run 2 instances of lighttpd for non-ssl/ssl. Setting up some checks on $SERVER["socket"] you can have one process do non-ssl and ssl.

@A32:

I got instructions here:

http://wiki.archlinux.org/index.php/Lig … ghttpd_SSL">http://wiki.archlinux.org/index.php/LighttpdForBothSSLAndNon-SSL#LighttpdSSL

Only problem is that the instructions don't seem to work with Debian.
Well look for notes on distro's resource site first, then look at the software's project page. The latter has all the details needed in this case:

http://trac.lighttpd.net/trac/wiki/Docs%3ASSL

Debian's wiki is unfortunately one of the poorest, they only have a generic section on web servers:

http://wiki.debian.org/WebServers

Which points to a Debian LUG site in the UK with very minimal details:

http://www.debianhelp.co.uk/lighttpd.htm

Note that Ubuntu doesn't do much better either, it borrows from Gentoo's wiki:

https://wiki.ubuntu.com/Lighttpd+PHP

Thanks guys.. I think I should be able to run 2 servers now.

The reason I have to run 2 separate servers is because I need to serve a secure subdomain on a non secure domain.

> $SERVER["socket"] == "10.0.0.1:443" {

ssl.engine = "enable"

ssl.pemfile = "www.example.org.pem"

ssl.ca-file = "/etc/CA.crt"

server.name = "www.example.org"

server.document-root = "/www/servers/www.example.org/pages/"

}

I am thick headed so I tried anyways. It didn't work because I host example.org, www.example.org AND secure.example.org .. secure.example.org is the only SSL one.

With both, socket & host declared, it just defaults to the example.org's document root.

@A32:

I need to serve a secure subdomain on a non secure domain.
Try this:

$HTTP["host"] == "chocco.org" {
        url.redirect = ( "^/.*" => "http://www.chocco.org/" )
}
$HTTP["host"] == "www.chocco.org" {
        server.document-root = "/srv/www.chocco.org"
}
$HTTP["host"] == "secure.chocco.org" {
        url.redirect = ( "^/.*" => "https://secure.chocco.org/" )
}
$SERVER["socket"] == "10.0.0.1:443" {
        ssl.engine = "enable"
        ssl.ca-file = "/etc/ssl/certs/ca-certs.crt"
        ssl.pemfile = "/etc/ssl/certs/ssl.pem"

       $HTTP["host"] == "secure.chocco.org" {
               server.document-root = "/srv/secure.chocco.org"
       }
}

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct