--- wikisrc/Attic/lighttpd_on_netbsd.mdwn 2011/11/21 03:22:58 1.1 +++ wikisrc/Attic/lighttpd_on_netbsd.mdwn 2018/11/09 19:36:13 1.3 @@ -1,129 +1,127 @@ -**Contents** - -[[!toc]] - -## Prelude - -How to deploy a high performance webserver using NetBSD and Lighttpd. - -## Installation - -We will install it from pkgsrc because we need some fetures which are not enabled in the binary. - -First of all, let's use gamin as the default file alteration monitor instead of fam: - - # FAM_DEFAULT=gamin - - -Of course you can stick with fam if you'd like. - -After that we will enable fam support in lighty: - - # echo PKG_OPTIONS.lighttpd=fam >> /etc/mk.conf - - -Now the good old magic words: - - # cd /usr/pkgsrc/www/lighttpd/ - # make install clean clean-depends - - -Install the rc.d files if you dont do that automaticaly: - - # cp /usr/pkg/share/examples/rc.d/lighttpd /etc/rc.d/ - - -## The lighttpd user - -By default there is no user created for lighttpd, thus you will have to create one: - - # groupadd lighttpd - # useradd -s /sbin/nologin -g lighttpd lighttpd - - -## Configuration - -Set the docroot whereever you want: - - server.document-root = "/srv/lighttpd/htdocs" - - -Set the default location for logs: - - server.errorlog = "/var/log/lighttpd/error.log" - accesslog.filename = "/var/log/lighttpd/access.log" - - -You need to create the directory /var/log/lighttpd with proper permissions: - - # install -d -o lighttpd -g lighttpd /var/log/lighttpd - - -Let's use the user we have created for lighttpd: - - server.username = "lighttpd" - server.groupname = "lighttpd" - - -Enable kqueue: - - server.event-handler = "kqueue" - - -Enable fam: - - server.stat-cache-engine = "fam" - - -## Testing the setup - -You can start the webserver with: - - /etc/rc.d/lighttpd start - - -Check your logs if you encounter any problem. - -## Setting up authentication - -### Directory server - -We will use OpenLdap. - -First of all deploy a working ldap server, and populate it with the the users. For more information on this, read [OpenLDAP Authentication on NetBSD][10]. - - [10]: /OpenLDAP_Authentication_on_NetBSD (OpenLDAP Authentication on NetBSD) - -Be sure to load mod_auth and include the following in your lighttpd.conf file: - - - # ldap authentication - auth.backend = "ldap" - - auth.backend.ldap.hostname = "grimnismal.local" - auth.backend.ldap.base-dn = "dc=grimnismal,dc=local" - auth.backend.ldap.filter = "(uid=$)" - - auth.backend.ldap.bind-dn = "cn=Manager,dc=grimnismal,dc=local" - - # passwd for bind-dn, separated for security reasons - # contains: auth.backend.ldap.bind-pw = "your-password" - # It must NOT be word readable! - # - include "ldapsecret" - - auth.require = ( "/server-status" => - ( - "method" => "basic", - "realm" => "Admin only page", - "require" => "user=replaced" - ), - "/server-config" => - ( - "method" => "basic", - "realm" => "Staff only page", - "require" => "valid-user" - ) - ) - - +**Contents** + +[[!toc]] + +## Prelude + +How to deploy a high performance webserver using NetBSD and Lighttpd. + +## Installation + +We will install it from pkgsrc because we need some fetures which are not enabled in the binary. + +First of all, let's use gamin as the default file alteration monitor instead of fam: + + # FAM_DEFAULT=gamin + + +Of course you can stick with fam if you'd like. + +After that we will enable fam support in lighty: + + # echo PKG_OPTIONS.lighttpd=fam >> /etc/mk.conf + + +Now the good old magic words: + + # cd /usr/pkgsrc/www/lighttpd/ + # make install clean clean-depends + + +Install the rc.d files if you dont do that automaticaly: + + # cp /usr/pkg/share/examples/rc.d/lighttpd /etc/rc.d/ + + +## The lighttpd user + +By default there is no user created for lighttpd, thus you will have to create one: + + # groupadd lighttpd + # useradd -s /sbin/nologin -g lighttpd lighttpd + + +## Configuration + +Set the docroot whereever you want: + + server.document-root = "/srv/lighttpd/htdocs" + + +Set the default location for logs: + + server.errorlog = "/var/log/lighttpd/error.log" + accesslog.filename = "/var/log/lighttpd/access.log" + + +You need to create the directory /var/log/lighttpd with proper permissions: + + # install -d -o lighttpd -g lighttpd /var/log/lighttpd + + +Let's use the user we have created for lighttpd: + + server.username = "lighttpd" + server.groupname = "lighttpd" + + +Enable kqueue: + + server.event-handler = "kqueue" + + +Enable fam: + + server.stat-cache-engine = "fam" + + +## Testing the setup + +You can start the webserver with: + + /etc/rc.d/lighttpd start + + +Check your logs if you encounter any problem. + +## Setting up authentication + +### Directory server + +We will use OpenLdap. + +First of all deploy a working ldap server, and populate it with the the users. For more information on this, read [[tutorials/openldap_authentication_on_netbsd|OpenLDAP Authentication on NetBSD]]. + +Be sure to load mod_auth and include the following in your lighttpd.conf file: + + + # ldap authentication + auth.backend = "ldap" + + auth.backend.ldap.hostname = "grimnismal.local" + auth.backend.ldap.base-dn = "dc=grimnismal,dc=local" + auth.backend.ldap.filter = "(uid=$)" + + auth.backend.ldap.bind-dn = "cn=Manager,dc=grimnismal,dc=local" + + # passwd for bind-dn, separated for security reasons + # contains: auth.backend.ldap.bind-pw = "your-password" + # It must NOT be word readable! + # + include "ldapsecret" + + auth.require = ( "/server-status" => + ( + "method" => "basic", + "realm" => "Admin only page", + "require" => "user=replaced" + ), + "/server-config" => + ( + "method" => "basic", + "realm" => "Staff only page", + "require" => "valid-user" + ) + ) + +