How to Install Lighttpd, PHP, and MariaDB on Ubuntu 20.04 LTS

Annonse 1

Annonse 1

Introduction

Lighttpd, also known as Lighty, is an open-source web server with a small footprint, and when installed alongside PHP and MySQL or MariaDB it can serve millions of connections reliably. Lighty also has many modules that extend its capabilities.

This document walks you through the installation of lighttpd from the core Ubuntu distribution and then explains how to update it to the latest version. It also covers installing PHP, securing PHP with an FastCGI Process Manager (FPM) pool, installing MariaDB, and securing the web server with an SSL certificate from Let’s Encrypt.

Prerequisites

  • A fresh Vultr Ubuntu 20.04 LTS x64 server instance
  • SSH, HTTP, and HTTPS connectivity to the instance
  • A DNS record that points to the IP address of the instance. This document uses build.example.com.

1. Add PHP Repository

To support PHP’s latest version, add the public repository hosted by one of the Ubuntu and PHP developers.

# add-apt-repository -y ppa:ondrej/php

After adding the repository, update the local apt cache.

# apt update

2. Install Lighttpd

To get the core install of lighttpd, install the apt version:

# apt install -y lighttpd

After this completes, check the version of lighttpd you have installed.

# lighttpd -v

If you are running Ubuntu 20.04 it should return lighttpd/1.4.55 (ssl) - a light and fast webserver. Ensure the installation was successful by visiting your site, such as http://build.example.com. You should get the lighttpd placeholder page.

Add a lighttpd user and group:

# groupadd lighttpd
# useradd -g lighttpd -d /var/www/html -s /sbin/nologin lighttpd

Make the lighttpd user and group the owner of the /var/www/html directory:

# chown -R lighttpd:lighttpd /var/www/html/

3. Install MariaDB and PHP

Alongside lighttp, install MariaDB & PHP:

# apt install -y php-{cli,gd,fpm,mysql,curl,json,xml} mariadb-server

After the installation of MariaDB, secure the MariaDB installation.

# mysql_secure_installation
  • Confirm the blank root password by hitting ENTER
  • Agree to change the password by entering Y followed by ENTER
  • Enter a new secure password.
  • Remove the anonymous user by entering Y followed by ENTER
  • Disallow root login by entering Y followed by ENTER
  • Remove the test database by entering Y followed by ENTER
  • Reload the privilege table by entering Y followed by ENTER

Rename the default PHP FPM Pool to align with the web server name:

# mv /etc/php/8.0/fpm/pool.d/www.conf /etc/php/8.0/fpm/pool.d/lighttpd.conf

Change the associated user and Unix socket associated with the pool by editing the configuration file:

# nano /etc/php/8.0/fpm/pool.d/lighttpd.conf

Change four lines:

  • Change the top line inside the brackets that sets the pool name from [www] to [lighttpd]
  • Change the line user = www-data to user = lighttpd
  • Change the line group = www-data to group = lighttpd
  • Change the line listen = /run/php/php8.0-fpm.sock to listen = /run/php/php8.0-lighttpd-fpm.sock

Save the file and restart the PHP FPM Service:

# service php8.0-fpm restart

4. Upgrade Lighttpd

Add some packages required to build the latest version of lighttpd from source code.

# apt install -y gcc libpcre3 libpcre3-dev zlib1g-dev checkinstall libssl-dev

From the command prompt, download the latest tarball for lighttpd. At the time of writing, the latest version is 1.4.59. You can find the latest download link here.

# wget https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.59.tar.gz

Extract the tarball.

# tar xzf lighttpd-1.4.59.tar.gz

Change to the lighttpd working directory.

# cd lighttpd-1.4.59

Configure the package to include SSL and install in the /usr/sbin directory.

# ./configure --with-openssl --sbindir=/usr/sbin

After configuration, make the package and install it.

# make
# make install

Run lighttpd -v to ensure the successful installation of version 1.4.59. The command should return lighttpd/1.4.59 (ssl) - a light and fast webserver

5. Configure Lighttpd

The older 1.4.55 version packaged with Ubuntu 20.04 has a deprecated mod_compress module that you must replace with mod_deflate. To alter the module load, edit the default configuration:

# nano /etc/lighttpd/lighttpd.conf

Change the following three lines:

  • Change the line containing compress.cache-dir to be deflate.cache-dir
  • Remove the line containing compress.filetype
  • Change the module configuration from mod_compress to mod_deflate and save the file.

Check the configuration by running:

# /usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf

6. Configure PHP for Lighttpd

Enable the cgi and php modules.

# lighttpd-enable-mod fastcgi
# lighttpd-enable-mod fastcgi-php

Edit the PHP configuration.

# nano /etc/lighttpd/conf-enabled/15-fastcgi-php.conf

Remove the entire file contents and replace it with the following, which configures the php module for the sock setting you made in step 3.

fastcgi.server += ( ".php" =>
        ((
                "socket" => "/run/php/php8.0-lighttpd-fpm.sock",
                "broken-scriptfilename" => "enable"
        ))
)

Restart the server to take the new configuration changes:

# service lighttpd restart

Add a test PHP file to ensure that PHP is running:

# nano /var/www/html/pi.php

In the file add the following contents:

<?php phpinfo();

To check the configuration, visit http://build.example.com/pi.php and find a PHP information page. In the PHP Variables section, ensure the $_SERVER['USER'] is lighttpd.

7. Secure Lighttpd

To secure the web server, add a Let’s Encrypt TLS certificate and enable HTTPS protocol.

Install Let’s Encrypt.

# apt install -y certbot

Request a certificate. Make sure to change build.example.com to your server’s domain name.

# certbot certonly --webroot -w /var/www/html/ -d build.example.com

The wizard asks for your email address, to agree to the terms of service, and if you want to be part of the Electronic Frontier Foundation.

Enable the Lighttpd ssl module.

# lighttpd-enable-mod ssl

Edit the Lighttpd SSL configuration.

# nano /etc/lighttpd/conf-enabled/10-ssl.conf

Replace the entire $SERVER["socket"] section with the following. Change build.example.com in four places to your server’s domain name.

$HTTP["scheme"] == "http" {
        $HTTP["host"] == "build.example.com" {
                url.redirect = ("/.*" => "https://build.example.com$0")
        }
}

$SERVER["socket"] == "0.0.0.0:443" {
        ssl.engine  = "enable"
        ssl.pemfile = "/etc/letsencrypt/live/build.example.com/fullchain.pem"
        ssl.privkey = "/etc/letsencrypt/live/build.example.com/privkey.pem"
        ssl.cipher-list = "HIGH"
}

Save the file and then restart lighttpd.

# service lighttpd restart

Visit http://build.example.com to ensure it now redirects to https://build.example.com and uses the SSL certificate.

8. Update the Server

After ensuring the configuration is correct, update the Ubuntu server with the latest patches.

# apt update -y && apt dist-upgrade -y && apt autoremove -y

Reboot the server to apply the updates.

# reboot now

9. More Settings

As well as creating a unique PHP FPM pool, it’s also possible to change settings to further optimize for performance and speed. These settings are in the /etc/php/8.0/fpm/pool.d configuration file. The main setting that is often changed is the pm setting, which controls how the processes get created, be it dynamicstatic or ondemand. Altering this also affects other settings in the file. As with any application, the proper server settings depend on the intended use, load, and configuration.

Conclusion

Lighttpd is a robust and simple web server that, when integrated with PHP and MariaDB, serves thousands of requests with a minimal footprint. Securing it with Lets Encrypt is simple and easy and adds another layer of protection to you and your visitors.

References

Comments

comments

Annonse 2

Annonse 2

Be the first to comment

Leave a Reply