Book Image

Lighttpd

By : Andre Bogus
Book Image

Lighttpd

By: Andre Bogus

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Lighttpd
Andre Bogus
Oct, 2008 | 240 pages
No titles found
Table of Contents (20 chapters)
Lighttpd
Lighttpd
Credits
Credits
About the Author
About the Author
About the Reviewer
About the Reviewer
Preface
Preface
Free Chapter
1
Introduction to Lighttpd
Introduction to Lighttpd
Installing Lighttpd
Building Lighttpd using Autotools
Building Lighttpd using CMake
Summary
2
Configuring and Running Lighttpd
Configuring and Running Lighttpd
Starting Lighttpd by Hand
Other Core Options
Mime Types
Selectors
Rewriting and Redirecting Requests
Including Variables, Files, and Shell-code
Summary
3
More Virtual Hosting and CGI
More Virtual Hosting and CGI
Extended Virtual Hosting
MySQL based Virtual Hosting
Going Dynamic
CGI with mod_cgi
FastCGI
SCGI
mod_proxy_core and backends
Summary
4
Downloads and Streams
Downloads and Streams
Core Settings
Traffic Shaping
Showing Directory Contents
Securing Downloads
Streaming Content
Putting it All Together
Summary
5
Big Brother Lighttpd
Big Brother Lighttpd
Privacy
O Browser, Where Art Thou?
Access Logging
Tracking Users
Other Data Points
Summary
6
Encryption: SSL
Encryption: SSL
Self-Signed Keys
Being our own Certificate Authority
Obtaining a Key Pair from a Third-Party Supplier
Configuring Lighttpd to use SSL
Summary
7
Securing Lighttpd
Securing Lighttpd
Barriers to Entry
Evading Denial of Service Attacks
Know Your Foe
Summary
8
Containing Lighttpd
Containing Lighttpd
Giving up Privileges
Changing Root
Separating the Backend
Summary
9
Optimizing Lighttpd
Optimizing Lighttpd
Installing http_load
Specific Optimizations
Profiling with gprof
Summary
10
Migration from Apache
Migration from Apache
Adding Lighttpd to the Mix
Excursion: mod_proxy
Reducing Apache Load
mod_perl, mod_php, and mod_python
.htaccess
Rewriting Rules
WebDAV
Summary
11
CGI Revisited
CGI Revisited
Ruby on Rails
WordPress
phpMyAdmin
MediaWiki
Trac
AWStats
AjaxTerm
Summary
12
Using Lua with Lighttpd
Using Lua with Lighttpd
Lua: A small Primer
Useful Lua Libraries
Lua/FastCGI
Running mod_magnet
Example: A Shoutbox
Summary
13
Writing Lighttpd Modules
Writing Lighttpd Modules
Handling Configuration
Rewriting the Request
Manipulating the Response
Summary
HTTP Status Codes
HTTP Status Codes
Module/Configuration Index
Module/Configuration Index
Internal
mod_access
mod_accesslog
mod_alias
mod_auth
mod_cgi
mod_cml
mod_chunked
mod_compress
mod_deflate
mod_dirlisting
mod_evasive
mod_evhost
mod_expire
mod_fastcgi
mod_flv_streaming
mod_indexfile
mod_magnet
mod_proxy
mod_proxy_core
mod_redirect
mod_rewrite
mod_rrdtool
mod_scgi
mod_secure_download
mod_setenv
mod_simple_vhost
mod_sql_vhost_core, mod_mysql_vhost
mod_ssi
mod_staticfile
mod_status
mod_trigger_b4_dl
mod_uploadprogress
mod_userdir
mod_usertrack
mod_webdav

Giving up Privileges

I must admit that I lied a little when I told you that Lighttpd needs to run with root privileges—the only thing requiring them is binding to Port 80. After binding, Lighttpd can change the user, thus giving up privileges and making it a lesser target for attack. The configuration is so simple that most installation packages enable it by default:

server.username = "lighttpd"
server.groupname = "lighttpd"

This will make Lighttpd run as user lighttpd in the group lighttpd. The only thing we have to care about is that all of the files we want to serve need to be accessible, and all web applications we want to spawn need to be executable to this user or group.

It's so easy, that there is little reason not to do it. In fact, we may need to do nothing at all, because most installations do it for us by default. Just look into our lighttpd.conf file to see if the above statements, possibly with other user and group name, are there and not commented out.

Note

No user or group—no...

Previous Section
End of Section 2
Next Section