A quick guide/howtos to get lighttpd up and running with SSL/vhosts so its easy to copy paste from one place.
On SSL
- Enable
mod_opensslin modules.conf - You need to set a global SSL cert in lighttpd if multiple vhosts, and THEN you can override them per vhost in each vhost conf file.
certbotdoesnt have a module for lighttpd, but it is easy to just config yourself following this.- Use the following command to create a Let’s Encrypt certificate.
certbot certonly --webroot -w {your web root} -d {your domain} - Make sure to listen on 443 so certbot can make the correct DNS guesses before giving the certs
- Combine the pub and priv key into a pem file, :
- Use the following command to create a Let’s Encrypt certificate.
cat /etc/letsencrypt/live/{your domain}/cert.pem /etc/letsencrypt/live/{your domain}/privkey.pem > /etc/letsencrypt/live/{your domain}web.pem
- Then attach the chain/pem file like
ssl.pemfile = "/etc/letsencrypt/live/{your domain}/web.pem" # Combined Certificate
ssl.ca-file = "/etc/letsencrypt/live/{your domain}/chain.pem" # Root CA
On vhosts
- They can each be set up with their own conf file that can override the global lighttpd.conf
On redirecting non-www to www
- Enable
mod_redirectin modules.conf - Add something like this to vhost to redirect to www domain
$HTTP["host"] == "{non www domain}" { url.redirect = ( "^/(.*)" => "https://{www domain}/$1" ) }
Helpful Links
- https://tecadmin.net/setup-virtualhosts-in-lighttpd-server/
- https://www.digitalocean.com/community/tutorials/how-to-install-lighttpd-with-mysql-and-php-on-freebsd-11-0
- https://www.itzgeek.com/how-tos/linux/how-to-configure-lets-encrypt-ssl-in-lighttpd-server.html
- https://tecadmin.net/configure-ssl-in-lighttpd-server/