2. Configurer son serveur web avec Lighttp

Modérateurs : TEAM THE C@TZ, MODERATEURS

N4T0R4
TEAM THE C@TZ
TEAM THE C@TZ
Messages : 30
Enregistré le : dim. 28 juil. 2019 09:36

2. Configurer son serveur web avec Lighttp

Message non lu par N4T0R4 »

TODO

Installation de Lighttp et outils pour mail :

Pour désactiver Apache si présent :

systemctl disable apache2

apt install -y lighttpd mailutils

nano /etc/lighttpd/lighttpd.conf

server.modules = (
"mod_indexfile",
"mod_auth",
"mod_setenv",
"mod_access",
"mod_accesslog",
"mod_alias",
"mod_redirect",
)

server.document-root = "/var/www"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 80

# strict parsing and normalization of URL for consistency and security
# https://redmine.lighttpd.net/projects/l ... ptsDetails
# (might need to explicitly set "url-path-2f-decode" = "disable"
# if a specific application is encoding URLs inside url-path)
server.http-parseopts = (
"header-strict" => "enable",# default
"host-strict" => "enable",# default
"host-normalize" => "enable",# default
"url-normalize-unreserved"=> "enable",# recommended highly
"url-normalize-required" => "enable",# recommended
"url-ctrls-reject" => "enable",# recommended
"url-path-2f-decode" => "enable",# recommended highly (unless breaks app)
#"url-path-2f-reject" => "enable",
"url-path-dotseg-remove" => "enable",# recommended highly (unless breaks app)
#"url-path-dotseg-reject" => "enable",
#"url-query-20-plus" => "enable",# consistency in query string
)

index-file.names = ( "index.html", "index.php" )
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )

## Directory listings
dir-listing.encoding = "utf-8"
server.dir-listing = "disable"

# Deny access to version control system directories.
$HTTP["url"] =~ "/\.svn|/\.git" {
url.access-deny = ( "" )
}

# Deny access to apache configuration files.
$HTTP["url"] =~ "/\.htaccess|/\.htpasswd|/\.htgroups" {
url.access-deny = ( "" )
}

## javascript alias
alias.url += ("/javascript" => "/usr/share/javascript")

# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.conf.pl"
include "/etc/lighttpd/conf-enabled/*.conf"

#server.compat-module-load = "disable"
server.modules += (
"mod_compress",
"mod_dirlisting",
"mod_staticfile",
)


cd /var/www

rm -rf html

mkdir mondomaine.net

cd mondomaine.net
echo 'Hello World!' > index.html
echo '<?php phpinfo(); ?>' > info.php


chown -R www-data:www-data .

Activer / désactiver un module avec Lighttp :

Les modules disponibles se trouvent sous /etc/lighttpd/conf-available/

lighty-enable-mod <module>

Liste des modules :
  • accesslog
  • autgh
  • cgi debian-doc
  • dir-listing
  • evasive evhost
  • expire
  • extforward
  • fastcgi
  • fastcgi-php
  • flv-streaming
  • no-www
  • proxy
  • rewrite
  • rrdtool
  • simple-vhost
  • sockproxy
  • ssi
  • ssl
  • status
  • unconfigured
  • userdir
  • usertrack
Création d'un host virtuel

On créer un dossier pour nos hosts :

mkdir /etc/lighttpd/conf-hosts
nano /etc/lighttpd/conf-hosts/mondomaine.net.conf


$HTTP["host"] == "www.mondomaine.net" {
server.name = "www.mondomaine.net"
server.document-root = "/var/www/mondomaine.net/"
}


service lighttpd force-reload

Répondre