Diff for /wikisrc/lighttpd_on_netbsd.mdwn between versions 1.1 and 1.2

version 1.1, 2011/11/21 03:22:58 version 1.2, 2012/02/05 07:14:36
Line 1 Line 1
 **Contents**  **Contents**
   
 [[!toc]]  [[!toc]]
   
 ##  Prelude  ##  Prelude 
   
 How to deploy a high performance webserver using NetBSD and Lighttpd.  How to deploy a high performance webserver using NetBSD and Lighttpd. 
   
 ##  Installation  ##  Installation 
   
 We will install it from pkgsrc because we need some fetures which are not enabled in the binary.  We will install it from pkgsrc because we need some fetures which are not enabled in the binary. 
   
 First of all, let's use gamin as the default file alteration monitor instead of fam:  First of all, let's use gamin as the default file alteration monitor instead of fam: 
          
     # FAM_DEFAULT=gamin      # FAM_DEFAULT=gamin
          
   
 Of course you can stick with fam if you'd like.  Of course you can stick with fam if you'd like. 
   
 After that we will enable fam support in lighty:  After that we will enable fam support in lighty: 
          
     # echo PKG_OPTIONS.lighttpd=fam >> /etc/mk.conf      # echo PKG_OPTIONS.lighttpd=fam >> /etc/mk.conf
          
   
 Now the good old magic words:  Now the good old magic words: 
          
     # cd /usr/pkgsrc/www/lighttpd/      # cd /usr/pkgsrc/www/lighttpd/
     # make install clean clean-depends      # make install clean clean-depends
          
   
 Install the rc.d files if you dont do that automaticaly:  Install the rc.d files if you dont do that automaticaly: 
          
     # cp /usr/pkg/share/examples/rc.d/lighttpd /etc/rc.d/      # cp /usr/pkg/share/examples/rc.d/lighttpd /etc/rc.d/
          
   
 ##  The lighttpd user  ##  The lighttpd user 
   
 By default there is no user created for lighttpd, thus you will have to create one:  By default there is no user created for lighttpd, thus you will have to create one: 
          
     # groupadd lighttpd      # groupadd lighttpd
     # useradd -s /sbin/nologin -g lighttpd lighttpd      # useradd -s /sbin/nologin -g lighttpd lighttpd
          
   
 ##  Configuration  ##  Configuration 
   
 Set the docroot whereever you want:  Set the docroot whereever you want: 
          
     server.document-root        = "/srv/lighttpd/htdocs"      server.document-root        = "/srv/lighttpd/htdocs"
          
   
 Set the default location for logs:  Set the default location for logs: 
          
     server.errorlog             = "/var/log/lighttpd/error.log"      server.errorlog             = "/var/log/lighttpd/error.log"
     accesslog.filename          = "/var/log/lighttpd/access.log"      accesslog.filename          = "/var/log/lighttpd/access.log"
          
   
 You need to create the directory /var/log/lighttpd with proper permissions:  You need to create the directory /var/log/lighttpd with proper permissions: 
          
     # install -d -o lighttpd -g lighttpd /var/log/lighttpd      # install -d -o lighttpd -g lighttpd /var/log/lighttpd
          
   
 Let's use the user we have created for lighttpd:  Let's use the user we have created for lighttpd: 
          
     server.username            = "lighttpd"      server.username            = "lighttpd"
     server.groupname           = "lighttpd"      server.groupname           = "lighttpd"
          
   
 Enable kqueue:  Enable kqueue: 
          
     server.event-handler        = "kqueue"      server.event-handler        = "kqueue"
          
   
 Enable fam:  Enable fam: 
          
     server.stat-cache-engine    = "fam"      server.stat-cache-engine    = "fam"
          
   
 ##  Testing the setup  ##  Testing the setup 
   
 You can start the webserver with:  You can start the webserver with: 
          
     /etc/rc.d/lighttpd start      /etc/rc.d/lighttpd start
          
   
 Check your logs if you encounter any problem.  Check your logs if you encounter any problem. 
   
 ##  Setting up authentication  ##  Setting up authentication 
   
 ###  Directory server  ###  Directory server 
   
 We will use OpenLdap.  We will use OpenLdap. 
   
 First of all deploy a working ldap server, and populate it with the the users. For more information on this, read [OpenLDAP Authentication on NetBSD][10].  First of all deploy a working ldap server, and populate it with the the users. For more information on this, read [OpenLDAP Authentication on NetBSD][10]. 
   
    [10]: /OpenLDAP_Authentication_on_NetBSD (OpenLDAP Authentication on NetBSD)     [10]: /OpenLDAP_Authentication_on_NetBSD (OpenLDAP Authentication on NetBSD)
   
 Be sure to load mod_auth and include the following in your lighttpd.conf file:  Be sure to load mod_auth and include the following in your lighttpd.conf file: 
          
          
     # ldap authentication      # ldap authentication
     auth.backend               = "ldap"      auth.backend               = "ldap"
             
     auth.backend.ldap.hostname = "grimnismal.local"      auth.backend.ldap.hostname = "grimnismal.local"
     auth.backend.ldap.base-dn  = "dc=grimnismal,dc=local"      auth.backend.ldap.base-dn  = "dc=grimnismal,dc=local"
     auth.backend.ldap.filter   = "(uid=$)"      auth.backend.ldap.filter   = "(uid=$)"
             
     auth.backend.ldap.bind-dn  = "cn=Manager,dc=grimnismal,dc=local"      auth.backend.ldap.bind-dn  = "cn=Manager,dc=grimnismal,dc=local"
          
     # passwd for bind-dn, separated for security reasons      # passwd for bind-dn, separated for security reasons
     # contains: auth.backend.ldap.bind-pw  = "your-password"      # contains: auth.backend.ldap.bind-pw  = "your-password"
     # It must NOT be word readable!      # It must NOT be word readable!
     #      #
     include "ldapsecret"      include "ldapsecret"
             
     auth.require               = ( "/server-status" =>      auth.require               = ( "/server-status" =>
                                    (                                     (
                                      "method"  => "basic",                                       "method"  => "basic",
                                      "realm"   => "Admin only page",                                       "realm"   => "Admin only page",
                                      "require" => "user=replaced"                                       "require" => "user=replaced"
                                    ),                                     ),
                                    "/server-config" =>                                     "/server-config" =>
                                    (                                     (
                                      "method"  => "basic",                                             "method"  => "basic",      
                                      "realm"   => "Staff only page",                                       "realm"   => "Staff only page",
                                      "require" => "valid-user"                                         "require" => "valid-user"  
                                    )                                     )
                                  )                                   )
          
   

Removed from v.1.1  
changed lines
  Added in v.1.2


CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb