A quick guide/howtos to get lighttpd up and running with SSL/vhosts so its easy to copy paste from one place.

On SSL

  • Enable mod_openssl in modules.conf
  • You need to set a global SSL cert in lighttpd if multiple vhosts, and THEN you can override them per vhost in each vhost conf file.
  • certbot doesnt have a module for lighttpd, but it is easy to just config yourself following this.
    • Use the following command to create a Let’s Encrypt certificate. certbot certonly --webroot -w {your web root} -d {your domain}
    • Make sure to listen on 443 so certbot can make the correct DNS guesses before giving the certs
    • Combine the pub and priv key into a pem file, :
cat /etc/letsencrypt/live/{your domain}/cert.pem /etc/letsencrypt/live/{your domain}/privkey.pem > /etc/letsencrypt/live/{your domain}web.pem
  • Then attach the chain/pem file like
ssl.pemfile = "/etc/letsencrypt/live/{your domain}/web.pem" # Combined Certificate
ssl.ca-file = "/etc/letsencrypt/live/{your domain}/chain.pem" # Root CA

On vhosts

  • They can each be set up with their own conf file that can override the global lighttpd.conf

On redirecting non-www to www

  • Enable mod_redirect in modules.conf
  • Add something like this to vhost to redirect to www domain
    $HTTP["host"] == "{non www domain}" {
      url.redirect = (
          "^/(.*)" => "https://{www domain}/$1"
        )
    }