|
version 1.1, 2011/11/21 03:22:58
|
version 1.4, 2018/11/09 19:39:38
|
|
Line 1
|
Line 1
|
| **Contents**
|
**Contents** |
|
|
|
| [[!toc]]
|
[[!toc]] |
|
|
|
| ## Prelude
|
## Prelude |
|
|
|
| How to deploy a high performance webserver using NetBSD and Lighttpd.
|
How to deploy a high performance webserver using NetBSD and Lighttpd. |
|
|
|
| ## Installation
|
## Installation |
|
|
|
| We will install it from pkgsrc because we need some fetures which are not enabled in the binary.
|
We will install it from pkgsrc because we need some fetures which are not enabled in the binary. |
|
|
|
| First of all, let's use gamin as the default file alteration monitor instead of fam:
|
First of all, let's use gamin as the default file alteration monitor instead of fam: |
|
|
|
| # FAM_DEFAULT=gamin
|
# FAM_DEFAULT=gamin |
|
|
|
|
|
|
| Of course you can stick with fam if you'd like.
|
Of course you can stick with fam if you'd like. |
|
|
|
| After that we will enable fam support in lighty:
|
After that we will enable fam support in lighty: |
|
|
|
| # echo PKG_OPTIONS.lighttpd=fam >> /etc/mk.conf
|
# echo PKG_OPTIONS.lighttpd=fam >> /etc/mk.conf |
|
|
|
|
|
|
| Now the good old magic words:
|
Now the good old magic words: |
|
|
|
| # cd /usr/pkgsrc/www/lighttpd/
|
# cd /usr/pkgsrc/www/lighttpd/ |
| # make install clean clean-depends
|
# make install clean clean-depends |
|
|
|
|
|
|
| Install the rc.d files if you dont do that automaticaly:
|
Install the rc.d files if you dont do that automaticaly: |
|
|
|
| # cp /usr/pkg/share/examples/rc.d/lighttpd /etc/rc.d/
|
# cp /usr/pkg/share/examples/rc.d/lighttpd /etc/rc.d/ |
|
|
|
|
|
|
| ## The lighttpd user
|
## The lighttpd user |
|
|
|
| By default there is no user created for lighttpd, thus you will have to create one:
|
By default there is no user created for lighttpd, thus you will have to create one: |
|
|
|
| # groupadd lighttpd
|
# groupadd lighttpd |
| # useradd -s /sbin/nologin -g lighttpd lighttpd
|
# useradd -s /sbin/nologin -g lighttpd lighttpd |
|
|
|
|
|
|
| ## Configuration
|
## Configuration |
|
|
|
| Set the docroot whereever you want:
|
Set the docroot whereever you want: |
|
|
|
| server.document-root = "/srv/lighttpd/htdocs"
|
server.document-root = "/srv/lighttpd/htdocs" |
|
|
|
|
|
|
| Set the default location for logs:
|
Set the default location for logs: |
|
|
|
| server.errorlog = "/var/log/lighttpd/error.log"
|
server.errorlog = "/var/log/lighttpd/error.log" |
| accesslog.filename = "/var/log/lighttpd/access.log"
|
accesslog.filename = "/var/log/lighttpd/access.log" |
|
|
|
|
|
|
| You need to create the directory /var/log/lighttpd with proper permissions:
|
You need to create the directory /var/log/lighttpd with proper permissions: |
|
|
|
| # install -d -o lighttpd -g lighttpd /var/log/lighttpd
|
# install -d -o lighttpd -g lighttpd /var/log/lighttpd |
|
|
|
|
|
|
| Let's use the user we have created for lighttpd:
|
Let's use the user we have created for lighttpd: |
|
|
|
| server.username = "lighttpd"
|
server.username = "lighttpd" |
| server.groupname = "lighttpd"
|
server.groupname = "lighttpd" |
|
|
|
|
|
|
| Enable kqueue:
|
Enable kqueue: |
|
|
|
| server.event-handler = "kqueue"
|
server.event-handler = "kqueue" |
|
|
|
|
|
|
| Enable fam:
|
Enable fam: |
|
|
|
| server.stat-cache-engine = "fam"
|
server.stat-cache-engine = "fam" |
|
|
|
|
|
|
| ## Testing the setup
|
## Testing the setup |
|
|
|
| You can start the webserver with:
|
You can start the webserver with: |
|
|
|
| /etc/rc.d/lighttpd start
|
/etc/rc.d/lighttpd start |
|
|
|
|
|
|
| Check your logs if you encounter any problem.
|
Check your logs if you encounter any problem. |
|
|
|
| ## Setting up authentication
|
## Setting up authentication |
|
|
|
| ### Directory server
|
### Directory server |
|
|
|
| We will use OpenLdap.
|
We will use OpenLdap. |
|
|
|
| First of all deploy a working ldap server, and populate it with the the users. For more information on this, read [OpenLDAP Authentication on NetBSD][10].
|
First of all deploy a working ldap server, and populate it with the the users. For more information on this, read [[OpenLDAP Authentication on NetBSD|tutorials/openldap_authentication_on_netbsd]]. |
|
|
|
| [10]: /OpenLDAP_Authentication_on_NetBSD (OpenLDAP Authentication on NetBSD)
|
Be sure to load mod_auth and include the following in your lighttpd.conf file: |
|
|
|
| Be sure to load mod_auth and include the following in your lighttpd.conf file:
|
|
|
|
# ldap authentication |
|
|
auth.backend = "ldap" |
| # ldap authentication
|
|
| auth.backend = "ldap"
|
auth.backend.ldap.hostname = "grimnismal.local" |
|
|
auth.backend.ldap.base-dn = "dc=grimnismal,dc=local" |
| auth.backend.ldap.hostname = "grimnismal.local"
|
auth.backend.ldap.filter = "(uid=$)" |
| auth.backend.ldap.base-dn = "dc=grimnismal,dc=local"
|
|
| auth.backend.ldap.filter = "(uid=$)"
|
auth.backend.ldap.bind-dn = "cn=Manager,dc=grimnismal,dc=local" |
|
|
|
| auth.backend.ldap.bind-dn = "cn=Manager,dc=grimnismal,dc=local"
|
# passwd for bind-dn, separated for security reasons |
|
|
# contains: auth.backend.ldap.bind-pw = "your-password" |
| # passwd for bind-dn, separated for security reasons
|
# It must NOT be word readable! |
| # contains: auth.backend.ldap.bind-pw = "your-password"
|
# |
| # It must NOT be word readable!
|
include "ldapsecret" |
| #
|
|
| include "ldapsecret"
|
auth.require = ( "/server-status" => |
|
|
( |
| auth.require = ( "/server-status" =>
|
"method" => "basic", |
| (
|
"realm" => "Admin only page", |
| "method" => "basic",
|
"require" => "user=replaced" |
| "realm" => "Admin only page",
|
), |
| "require" => "user=replaced"
|
"/server-config" => |
| ),
|
( |
| "/server-config" =>
|
"method" => "basic", |
| (
|
"realm" => "Staff only page", |
| "method" => "basic",
|
"require" => "valid-user" |
| "realm" => "Staff only page",
|
) |
| "require" => "valid-user"
|
) |
| )
|
|
| )
|
|
|
|
|
|
|
|
![[BACK]](/icons/back.gif){kind=icon}
Return to lighttpd_on_netbsd.mdwn CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [NetBSD Developer Wiki] / wikisrc