Debianhelp.co.uk


Configuring SSL in Lighttpd

If you want to install SSL in debian you need to install openssl in debian using the following command

#apt-get openssl

lighttpd supports SSLv2 and SSLv3 if it is compiled against openssl.

Configuration

To enable SSL for the whole server you have to provide a valid certificate and have to enable the SSL engine.:

ssl.engine = "enable"
ssl.pemfile = "/path/to/server.pem"

The HTTPS protocol does not allow you to use name-based virtual hosting with SSL. If you want to run multiple SSL servers with one lighttpd instance you must use IP-based virtual hosting:

$SERVER["socket"] == "10.0.0.1:443" {
ssl.engine = "enable"
ssl.pemfile = "www.example.org.pem"
server.name = "www.example.org"

server.document-root = "/www/servers/www.example.org/pages/"
}

If you have a .crt and a .key file, cat them together into a single PEM file:

$ cat host.key host.crt > host.pem

Self-Signed Certificates

A self-signed SSL certificate can be generated like this:

$ openssl req -new -x509 \
-keyout server.pem -out server.pem \
-days 365 -nodes

Limit Bandwidth Usage in Lighttpd

Starting with 1.3.8, lighttpd supports limiting the bandwidth for a single connection or config context like a virtual host or a URL.

Options

connection.kbytes-per-second:

limit the throughput for each single connection to the given limit in kbyte/s

default: 0 (no limit)

server.kbytes-per-second:

limit the throughput for all connections to the given limit in kbyte/s

if you want to specify a limit for a special virtual server use:

$HTTP["host"] == "www.example.org" {
server.kbytes-per-second = 128
}

which will override the default for this host.

default: 0 (no limit)

Additional Notes

Keep in mind that a limit below 32kb/s might actually limit the traffic to 32kb/s. This is caused by the size of the TCP send buffer.