File:  [NetBSD Developer Wiki] / wikisrc / Attic / lighttpd_on_netbsd.mdwn
Revision 1.4: download - view: text, annotated - select for diffs
Fri Nov 9 19:39:38 2018 UTC (2 years ago) by plunky
Branches: MAIN
CVS tags: HEAD
fix link to "OpenLDAP Authentication on NetBSD" properly this time

    1: **Contents**
    2: 
    3: [[!toc]]
    4: 
    5: ##  Prelude 
    6: 
    7: How to deploy a high performance webserver using NetBSD and Lighttpd. 
    8: 
    9: ##  Installation 
   10: 
   11: We will install it from pkgsrc because we need some fetures which are not enabled in the binary. 
   12: 
   13: First of all, let's use gamin as the default file alteration monitor instead of fam: 
   14:     
   15:     # FAM_DEFAULT=gamin
   16:     
   17: 
   18: Of course you can stick with fam if you'd like. 
   19: 
   20: After that we will enable fam support in lighty: 
   21:     
   22:     # echo PKG_OPTIONS.lighttpd=fam >> /etc/mk.conf
   23:     
   24: 
   25: Now the good old magic words: 
   26:     
   27:     # cd /usr/pkgsrc/www/lighttpd/
   28:     # make install clean clean-depends
   29:     
   30: 
   31: Install the rc.d files if you dont do that automaticaly: 
   32:     
   33:     # cp /usr/pkg/share/examples/rc.d/lighttpd /etc/rc.d/
   34:     
   35: 
   36: ##  The lighttpd user 
   37: 
   38: By default there is no user created for lighttpd, thus you will have to create one: 
   39:     
   40:     # groupadd lighttpd
   41:     # useradd -s /sbin/nologin -g lighttpd lighttpd
   42:     
   43: 
   44: ##  Configuration 
   45: 
   46: Set the docroot whereever you want: 
   47:     
   48:     server.document-root        = "/srv/lighttpd/htdocs"
   49:     
   50: 
   51: Set the default location for logs: 
   52:     
   53:     server.errorlog             = "/var/log/lighttpd/error.log"
   54:     accesslog.filename          = "/var/log/lighttpd/access.log"
   55:     
   56: 
   57: You need to create the directory /var/log/lighttpd with proper permissions: 
   58:     
   59:     # install -d -o lighttpd -g lighttpd /var/log/lighttpd
   60:     
   61: 
   62: Let's use the user we have created for lighttpd: 
   63:     
   64:     server.username            = "lighttpd"
   65:     server.groupname           = "lighttpd"
   66:     
   67: 
   68: Enable kqueue: 
   69:     
   70:     server.event-handler        = "kqueue"
   71:     
   72: 
   73: Enable fam: 
   74:     
   75:     server.stat-cache-engine    = "fam"
   76:     
   77: 
   78: ##  Testing the setup 
   79: 
   80: You can start the webserver with: 
   81:     
   82:     /etc/rc.d/lighttpd start
   83:     
   84: 
   85: Check your logs if you encounter any problem. 
   86: 
   87: ##  Setting up authentication 
   88: 
   89: ###  Directory server 
   90: 
   91: We will use OpenLdap. 
   92: 
   93: First of all deploy a working ldap server, and populate it with the the users. For more information on this, read [[OpenLDAP Authentication on NetBSD|tutorials/openldap_authentication_on_netbsd]]. 
   94: 
   95: Be sure to load mod_auth and include the following in your lighttpd.conf file: 
   96:     
   97:     
   98:     # ldap authentication
   99:     auth.backend               = "ldap"
  100:      
  101:     auth.backend.ldap.hostname = "grimnismal.local"
  102:     auth.backend.ldap.base-dn  = "dc=grimnismal,dc=local"
  103:     auth.backend.ldap.filter   = "(uid=$)"
  104:      
  105:     auth.backend.ldap.bind-dn  = "cn=Manager,dc=grimnismal,dc=local"
  106:     
  107:     # passwd for bind-dn, separated for security reasons
  108:     # contains: auth.backend.ldap.bind-pw  = "your-password"
  109:     # It must NOT be word readable!
  110:     #
  111:     include "ldapsecret"
  112:      
  113:     auth.require               = ( "/server-status" =>
  114:                                    (
  115:                                      "method"  => "basic",
  116:                                      "realm"   => "Admin only page",
  117:                                      "require" => "user=replaced"
  118:                                    ),
  119:                                    "/server-config" =>
  120:                                    (
  121:                                      "method"  => "basic",      
  122:                                      "realm"   => "Staff only page",
  123:                                      "require" => "valid-user"  
  124:                                    )
  125:                                  )
  126:     
  127: 

CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb