Lighttpd is a free open-source web server built for high-performance environments. It provides low memory and resource requirements compared to other web servers such as Apache and Nginx.
Lighttpd also provides security features such as the ability to execute scripts safely and the support for HTTPS protocols.
SSL provides a secure and encrypted communication channel between the client and the server. SSL traffic is served on port 443. This guide will discuss how to set up SSL on the Lighttpd server.
Step 1 – Install Lighttpd Server
To install the Lighttpd server, update your system and use the APT package manager as shown in the commands below:
sudo apt-get update -y
sudo apt-get install lighttpd -yOnce the installation is complete, start the web server as:
sudo service lighttpd start
sudo service lighttpd statusStep 2 – Create Certificate Signing Request
A certificate signing request, or CSR for short, is a signing message used by the Certificate Authority to generate your SSL certificate. It contains information such as the common name, organization, location, etc.
Start by creating a directory where to store the CSR and key.
sudo mkdir /etc/lighttpd/sslNavigate into the directory created.
cd /etc/lighttpd/sslThe next step is to create a CSR and the public key. In this tutorial, we will use the OpenSSL package.
sudo openssl req -new -newkey rsa:4096 -nodes -keyout domain.local.key -out domain.local.csrNote: Replace domain.local.key and domain.localwith the target domains.
The above command should prompt you to provide information for the CSR as shown in the example:
Step 3 – Create an SSL certificate from CA
Once you have the CSR and the key generated, as shown in the examples above, creating an SSL certificate is next.
You can order a certificate from providers such as DigiCert, GoDaddy or generate a self-signed one with OpenSSL.
Enter the command as shown below to generate a self-signed certificate.
sudo openssl x509 -req -days 365 -in domain.local.csr -signkey domain.local.key -out domain.local.crtThe command above should generate a certificate using the information from the CSR and KEY generated in the previous step.
The next step is to create a file combining the contents of the key and certificate as shown in the command below:
sudo cat domain.local.key domain.local.crt > domain.local.pemStep 4 – Setup Lighttpd SSL
The next step is to configure Lighttpd for the SSL protocol. We will do this by editing the configuration file.
sudo vim /etc/lighttpd/lighttpd.confEnter the configuration as shown below to set up SSL support.
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl/domain.local.pem"
server.name = "domain.local"
server.document-root = "/var/www/html/"
}Next, verify the configuration file and restart the Lighttpd server to apply the changes.
sudo lighttpd -tf /etc/lighttpd/lighttpd.confIf the command returns “Syntax OK”, proceed to restart the Lighttpd service as:
sudo service lighttpd restartConclusion
This article discussed setting up the SSL certificate on your Lighttpd web server using simple steps. It is good to remember that the procedure may vary slightly depending on the distribution where the server is installed.
