Configuring SSL in Lighttpd

If you want to install SSL in debian you need to install openssl in debian using the following command

#apt-get openssl

lighttpd supports SSLv2 and SSLv3 if it is compiled against openssl.


To enable SSL for the whole server you have to provide a valid certificate and have to enable the SSL engine.:

ssl.engine = "enable"
ssl.pemfile = "/path/to/server.pem"

The HTTPS protocol does not allow you to use name-based virtual hosting with SSL. If you want to run multiple SSL servers with one lighttpd instance you must use IP-based virtual hosting:

$SERVER["socket"] == "" {
ssl.engine = "enable"
ssl.pemfile = "" = ""

server.document-root = "/www/servers/"

If you have a .crt and a .key file, cat them together into a single PEM file:

$ cat host.key host.crt > host.pem

Self-Signed Certificates

A self-signed SSL certificate can be generated like this:

$ openssl req -new -x509 \
-keyout server.pem -out server.pem \
-days 365 -nodes

Limit Bandwidth Usage in Lighttpd

Starting with 1.3.8, lighttpd supports limiting the bandwidth for a single connection or config context like a virtual host or a URL.



limit the throughput for each single connection to the given limit in kbyte/s

default: 0 (no limit)


limit the throughput for all connections to the given limit in kbyte/s

if you want to specify a limit for a special virtual server use:

$HTTP["host"] == "" {
server.kbytes-per-second = 128

which will override the default for this host.

default: 0 (no limit)

Additional Notes

Keep in mind that a limit below 32kb/s might actually limit the traffic to 32kb/s. This is caused by the size of the TCP send buffer.