How To Install Lighttpd on CentOS Stream 10
In this tutorial, we will show you how to install Lighttpd on CentOS Stream 10. Lighttpd (pronounced “lighty”) is a secure, fast, and flexible web server that offers impressive performance with minimal resource consumption. With its event-driven architecture, Lighttpd handles concurrent connections efficiently, making it an excellent alternative to heavier web servers like Apache. This guide provides comprehensive instructions for installing and configuring Lighttpd on CentOS Stream 10, complete with PHP and MariaDB support for dynamic web applications.
What is Lighttpd?
Lighttpd is an open-source web server designed to be lightweight yet powerful, with a focus on speed, security, and flexibility. Developed as a solution for high-performance environments, it features a remarkably small memory footprint while maintaining the ability to handle thousands of concurrent connections efficiently.
The key advantages of Lighttpd include:
- Low resource usage compared to traditional web servers
- High-speed performance even on limited hardware
- Event-driven architecture enabling efficient connection handling
- Support for FastCGI, SCGI, and CGI interfaces
- Compatibility with popular programming languages like PHP, Python, and Ruby
Unlike Apache, which uses a process or thread for each connection, Lighttpd’s asynchronous processing model allows it to handle multiple connections simultaneously with fewer resources. This makes it particularly suitable for servers with memory constraints or websites experiencing high traffic volumes.
Prerequisites for Installation
Before proceeding with the Lighttpd installation on CentOS Stream 10, ensure you have:
- A CentOS Stream 10 system with basic installation completed
- Root access or a user account with sudo privileges
- At least 1GB of RAM and 10GB of disk space (minimum requirements)
- Basic command-line knowledge for executing installation commands
- An active internet connection for downloading packages
- Ports 80 (HTTP) and 443 (HTTPS) available for web traffic
Having these prerequisites in place will ensure a smooth installation process and help avoid common issues that might arise during setup.
Step 1: System Preparation
Before installing any new software, it’s essential to update your existing system packages to ensure compatibility and security.
Start by connecting to your server via SSH:
ssh username@your_server_ipOnce logged in, update the system packages to their latest versions:
sudo dnf update -yThis command refreshes the package database and installs available updates for all installed packages. The `-y` flag automatically confirms the installation without requiring manual interaction.
It’s also a good practice to synchronize your system time, which is important for proper logging and SSL certificate validation:
sudo dnf install chrony -y
sudo systemctl enable chronyd
sudo systemctl start chronydIf you have another web server already running on your system, it’s advisable to stop it before installing Lighttpd to avoid port conflicts:
# For Apache
sudo systemctl stop httpd
# For Nginx
sudo systemctl stop nginxFinally, verify you have sufficient disk space for the installation:
df -hStep 2: Installing Lighttpd
Lighttpd is not included in the default CentOS repositories, so we’ll need to enable the EPEL (Extra Packages for Enterprise Linux) repository first.
Install the EPEL repository using the following command:
sudo dnf install epel-release -yUpdate the package database to include packages from the newly added repository:
sudo dnf update -yNow you can install Lighttpd:
sudo dnf install lighttpd -yOnce the installation is complete, start the Lighttpd service and enable it to start automatically at system boot:
sudo systemctl start lighttpd
sudo systemctl enable lighttpdVerify the installation was successful by checking the status of the Lighttpd service:
sudo systemctl status lighttpdYou should see output indicating that the service is active and running. If you encounter an error related to IPv6 such as “socket failed: Address family not supported by protocol,” you’ll need to modify the Lighttpd configuration:
sudo nano /etc/lighttpd/lighttpd.confFind the line containing `server.use-ipv6` and change it from `enable` to `disable`:
server.use-ipv6 = "disable"Save the file and restart Lighttpd:
sudo systemctl restart lighttpdYou can also verify the installed version of Lighttpd with:
lighttpd -vStep 3: Configuring Firewall Rules
For your web server to be accessible from external networks, you need to configure the firewall to allow HTTP and HTTPS traffic.
First, check if firewalld is running:
sudo systemctl status firewalldIf it’s not running, start and enable it:
sudo systemctl start firewalld
sudo systemctl enable firewalldNow, add rules to allow HTTP (port 80) and HTTPS (port 443) traffic:
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=httpsReload the firewall to apply the changes:
sudo firewall-cmd --reloadVerify that the rules have been applied correctly:
sudo firewall-cmd --zone=public --list-servicesThe output should include both `http` and `https` among the listed services.
Step 4: Basic Lighttpd Configuration
The main Lighttpd configuration file is located at `/etc/lighttpd/lighttpd.conf`, and additional module-specific configurations can be found in the `/etc/lighttpd/conf.d/` directory.
Let’s explore some essential configuration parameters:
To modify the main configuration file:
sudo nano /etc/lighttpd/lighttpd.confHere are important settings you might want to adjust:
# Server port
server.port = 80
# Document root (where website files are stored)
server.document-root = "/var/www/lighttpd"
# Server user and group
server.username = "lighttpd"
server.groupname = "lighttpd"
# Index files
index-file.names = ( "index.html", "index.htm", "index.php" )
# Error log location
server.errorlog = "/var/log/lighttpd/error.log"
# Performance settings
server.event-handler = "poll"
server.network-backend = "sendfile"
server.max-connections = 1024
server.max-fds = 2048
server.max-worker = 8For improved performance and to avoid potential CPU usage issues, consider using these settings as recommended in the Lighttpd community:
server.stream-response-body = 1
server.stream-request-body = 1After making changes, check the configuration syntax for errors:
sudo lighttpd -t -f /etc/lighttpd/lighttpd.confIf no errors are reported, restart Lighttpd to apply the changes:
sudo systemctl restart lighttpdThe default document root for Lighttpd is `/var/www/lighttpd/`. Let’s create a simple HTML file to test the server:
sudo mkdir -p /var/www/lighttpd
sudo nano /var/www/lighttpd/index.htmlAdd a basic HTML content:
<!DOCTYPE html>
<html>
<head>
<title>Welcome to Lighttpd on CentOS Stream 10</title>
</head>
<body>
<h1>Success! Lighttpd is working!</h1>
<p>This page confirms that your Lighttpd server is functioning correctly on CentOS Stream 10.</p>
</body>
</html>Set the correct permissions:
sudo chown -R lighttpd:lighttpd /var/www/lighttpd
sudo chmod -R 755 /var/www/lighttpdNow, access your server’s IP address in a web browser to verify that Lighttpd is serving content correctly.
Step 5: Installing MariaDB Database
For dynamic websites that require database functionality, we’ll install MariaDB, a popular open-source database server.
Install MariaDB using the following command:
sudo dnf install mariadb-server mariadb -yOnce installed, start and enable the MariaDB service:
sudo systemctl start mariadb
sudo systemctl enable mariadbSecure your MariaDB installation by running the security script:
sudo mysql_secure_installationThis interactive script will guide you through several security-related questions:
- Set a root password
- Remove anonymous users
- Disallow root login remotely
- Remove test database and access to it
- Reload privilege tables
For optimal security, answer “Y” (yes) to all these questions.
Let’s create a database and user for your web applications:
sudo mysql -u root -pEnter the root password you set earlier. At the MariaDB prompt, execute:
CREATE DATABASE mywebsite;
CREATE USER 'webuser'@'localhost' IDENTIFIED BY 'your_strong_password';
GRANT ALL PRIVILEGES ON mywebsite.* TO 'webuser'@'localhost';
FLUSH PRIVILEGES;
EXIT;Replace ‘your_strong_password’ with a secure password of your choice.
Step 6: Installing PHP and PHP-FPM
To serve dynamic PHP content with Lighttpd, you need PHP and PHP-FPM (FastCGI Process Manager).
Install PHP and necessary extensions:
sudo dnf install php php-cli php-fpm php-mysqlnd php-json php-gd php-mbstring php-xml php-common -yAfter installation, configure PHP-FPM to work with Lighttpd:
sudo nano /etc/php-fpm.d/www.confMake the following changes:
1. Change the user and group from `apache` to `lighttpd`:
user = lighttpd
group = lighttpd2. Configure the listen directive to use a socket file:
listen = /var/run/php-fpm/php-fpm.sock3. Set appropriate socket permissions:
listen.owner = lighttpd
listen.group = lighttpd
listen.mode = 0660Create the directory for the socket file:
sudo mkdir -p /var/run/php-fpm
sudo chown lighttpd:lighttpd /var/run/php-fpmYou can also adjust PHP settings by editing the main php.ini file:
sudo nano /etc/php.iniCommon adjustments include:
memory_limit = 128M
upload_max_filesize = 20M
post_max_size = 20M
max_execution_time = 30Start and enable PHP-FPM:
sudo systemctl start php-fpm
sudo systemctl enable php-fpmStep 7: Configuring Lighttpd with PHP-FPM and FastCGI
Now, we’ll configure Lighttpd to work with PHP-FPM using FastCGI.
First, ensure the necessary modules are enabled:
sudo nano /etc/lighttpd/modules.confMake sure the following line is uncommented:
include "conf.d/fastcgi.conf"Next, configure FastCGI by editing:
sudo nano /etc/lighttpd/conf.d/fastcgi.confReplace the content with:
server.modules += ( "mod_fastcgi" )
fastcgi.server = (
".php" => (
"php-local" => (
"socket" => "/var/run/php-fpm/php-fpm.sock",
"broken-scriptfilename" => "enable"
)
)
)This configuration tells Lighttpd to use PHP-FPM for processing PHP files through the socket we configured earlier.
Check the configuration syntax:
sudo lighttpd -t -f /etc/lighttpd/lighttpd.confIf there are no errors, restart Lighttpd:
sudo systemctl restart lighttpdStep 8: Testing the Installation
Let’s create a test PHP file to verify PHP functionality:
sudo nano /var/www/lighttpd/phpinfo.phpAdd this code:
<?php
phpinfo();
?>Set appropriate permissions:
sudo chown lighttpd:lighttpd /var/www/lighttpd/phpinfo.php
sudo chmod 644 /var/www/lighttpd/phpinfo.phpAccess `http://your_server_ip/phpinfo.php` in your browser. You should see the PHP information page with details about your PHP installation.
To test the MariaDB connection, create another PHP file:
sudo nano /var/www/lighttpd/db-test.phpAdd this code (using your database credentials):
<?php
$conn = new mysqli('localhost', 'webuser', 'your_strong_password', 'mywebsite');
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
echo "Database connection successful!";
$conn->close();
?>Access `http://your_server_ip/db-test.php` to verify your database connection.
Step 9: Securing Your Lighttpd Installation
Security is critical for any web server. Let’s implement basic security measures for Lighttpd.
Setting Proper File Permissions
Ensure web files have appropriate permissions:
sudo find /var/www/lighttpd -type d -exec chmod 755 {} \;
sudo find /var/www/lighttpd -type f -exec chmod 644 {} \;
sudo chown -R lighttpd:lighttpd /var/www/lighttpdConfiguring SSL/TLS for HTTPS
To enable HTTPS, install required packages:
sudo dnf install openssl -yGenerate a self-signed certificate (for testing):
sudo mkdir -p /etc/lighttpd/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/lighttpd/ssl/server.key -out /etc/lighttpd/ssl/server.crtCreate an SSL configuration file:
sudo nano /etc/lighttpd/conf.d/ssl.confAdd this configuration:
server.modules += ( "mod_openssl" )
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl/server.pem"
ssl.ca-file = "/etc/lighttpd/ssl/server.crt"
server.document-root = "/var/www/lighttpd"
}Combine the key and certificate into a PEM file:
sudo cat /etc/lighttpd/ssl/server.key /etc/lighttpd/ssl/server.crt > /etc/lighttpd/ssl/server.pemSet appropriate permissions:
sudo chmod -R 400 /etc/lighttpd/ssl
sudo chown -R lighttpd:lighttpd /etc/lighttpd/sslUpdate modules configuration:
sudo nano /etc/lighttpd/modules.confAdd:
include "conf.d/ssl.conf"Restart Lighttpd:
sudo systemctl restart lighttpdImplementing Security Headers
Create a security headers configuration:
sudo nano /etc/lighttpd/conf.d/security.confAdd:
server.modules += ( "mod_setenv" )
setenv.add-response-header = (
"X-Content-Type-Options" => "nosniff",
"X-XSS-Protection" => "1; mode=block",
"X-Frame-Options" => "SAMEORIGIN",
"Content-Security-Policy" => "default-src 'self'",
"Referrer-Policy" => "no-referrer-when-downgrade"
)Update modules configuration to include this file and restart Lighttpd.
Step 10: Performance Tuning
To optimize Lighttpd’s performance, consider these adjustments:
Adjust Worker Processes
Edit the main configuration:
sudo nano /etc/lighttpd/lighttpd.confAdd or modify:
server.max-worker = 4 # Set to the number of CPU coresEnable Compression
Add compression settings:
server.modules += ( "mod_compress" )
compress.cache-dir = "/var/cache/lighttpd/compress"
compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )Create the cache directory:
sudo mkdir -p /var/cache/lighttpd/compress
sudo chown lighttpd:lighttpd /var/cache/lighttpd/compressOptimize Keep-Alive Settings
Adjust keep-alive settings:
server.max-keep-alive-requests = 100
server.max-keep-alive-idle = 30After making changes, restart Lighttpd.
Step 11: Implementing Advanced Features
Lighttpd offers several advanced features to enhance functionality:
URL Rewriting with mod_rewrite
Enable URL rewriting for clean URLs and SEO-friendly links:
sudo nano /etc/lighttpd/conf.d/rewrite.confAdd sample rewrite rules:
server.modules += ( "mod_rewrite" )
url.rewrite-once = (
"^/articles/([0-9]+)/([a-z]+)" => "/article.php?id=$1&category=$2",
"^/([a-z]+)$" => "/$1.php"
)Update modules configuration to include this file.
Virtual Hosts for Multiple Websites
Configure virtual hosts for hosting multiple websites:
sudo nano /etc/lighttpd/conf.d/vhosts.confAdd:
$HTTP["host"] == "example1.com" {
server.document-root = "/var/www/example1"
server.errorlog = "/var/log/lighttpd/example1-error.log"
accesslog.filename = "/var/log/lighttpd/example1-access.log"
}
$HTTP["host"] == "example2.com" {
server.document-root = "/var/www/example2"
server.errorlog = "/var/log/lighttpd/example2-error.log"
accesslog.filename = "/var/log/lighttpd/example2-access.log"
}Create document roots and set permissions:
sudo mkdir -p /var/www/example1 /var/www/example2
sudo chown -R lighttpd:lighttpd /var/www/example1 /var/www/example2Update modules configuration and restart Lighttpd.
Common Issues and Troubleshooting
Despite careful installation, you might encounter issues. Here are solutions to common problems:
Permission-Related Problems
If you get “403 Forbidden” errors, check file permissions:
sudo find /var/www/lighttpd -type d -exec chmod 755 {} \;
sudo find /var/www/lighttpd -type f -exec chmod 644 {} \;
sudo chown -R lighttpd:lighttpd /var/www/lighttpdIPv6 Issues
If Lighttpd fails to start with IPv6-related errors, disable IPv6 in the configuration as mentioned earlier.
PHP Files Not Being Processed
If PHP files aren’t working properly, verify your FastCGI configuration and ensure the socket path is correct.
CPU Usage Problems
If Lighttpd is using excessive CPU resources, try these settings to avoid processing loops:
server.stream-response-body = 1
server.stream-request-body = 1
server.event-handler = "poll"Log Analysis
Check logs for troubleshooting:
sudo tail -f /var/log/lighttpd/error.logCongratulations! You have successfully installed Lighttpd. Thanks for using this tutorial for installing the Lighttpd web server on your CentOS Stream 10 system. For additional or useful information, we recommend you check the official Lighttpd website.
