Lighttpd Advanced security: Difference between revisions

From Alpine Linux
m (Lighttp Https access moved to Lighttpd Https access: correct misspelling)
(Category:Server)
Line 59: Line 59:
* [http://redmine.lighttpd.net/wiki/1/Docs:SSL Lighttpd documentation]
* [http://redmine.lighttpd.net/wiki/1/Docs:SSL Lighttpd documentation]


[[Category:Networking]]
[[Category:Server]]

Revision as of 16:13, 24 March 2012

For higher security Lighttpd can be configured to allow https access.

Generate the certificates with openssl

To generate certificates, openssl is needed.

apk add openssl

Change to the lighttpd configuration directory

cd /etc/lighttpd

With the command below the certificates are generated. Answer all questions.

openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes

Adjust the permissions

chmod 400 /etc/lighttpd/server.pem

Generate the certificates with acf

Install the ACF

setup-acf

Copy the generated certificate to the lighttpd configuration directory.

mv /etc/ssl/mini_httpd/server.pem /etc/lighttpd/server.pem

Adjust the permissions

chown root:root /etc/lighttpd/server.pem

chmod 400 /etc/lighttpd/server.pem

mini_http is no longer needed.

/etc/init.d/mini_httpd stop && rc-update del mini_httpd

Removing the mini_http package

apk del mini_httpd

Configure Lighttpd

The configuration of lighttpd needs be be modified.

nano /etc/lighttpd/lighttpd.conf

Uncomment this section and adjust the path. Or copy the example below into your configuration file.

ssl.engine    = "enable"
ssl.pemfile   = "/etc/lighttpd/server.pem"

Restart lighttpd

/etc/init.d/lighttpd restart

More details