Skip to end of metadata
Go to start of metadata

Originally written back in 2014, settings may have changed since then

Lighttpd is a great webserver software, and in this tutorial I'll be showing you how to setup SSL Encryption on Lighttpd with your own self-signed certificate. Please note, if your looking to setup SSL with a purchased certificate, please refer to this article, which better explains how to setup a site with SSL encryption with a trusted certificate. This tutorial is for a self-generated certificate, which means every time someone visits the site they'll get an error saying the site is not valid. But if your like me and your only doing development testing, then this makes more sense then buying a SSL Certificate for a site that is only for testing.

Step 1: Generate the keys and certificates. First, lets create a directory for them.

mkdir /etc/lighttpd/ssl/
cd /etc/lighttpd/ssl/

Now to generate both the key and certificate.

openssl req -x509 -newkey rsa:4096 -keyout ssl.key -out ssl.crt -days 365

This command will use OpenSSL to generate the key and certificate pair. Once you run this command, you'll see OpenSSL begin the generation process. It will ask you for a"PEM Pass phrase". Enter a password you can easily remember. Now you will be asked questions about your location, organization, etc... Leave these default as we don't need them for a self signed certificate. Congratulations! Your key and certificate are now generated.

Now we need to "unlock" the key. We can do this by running the command below:

openssl rsa -in ssl.key.bak -out ssl.key

You'll be asked for your password that you typed in earlier above. Enter it, and your key should now be unlocked.

Now you have to convert the .key file and .crt file into a .pem file for lighttpd. This can be done by typing:

cat ssl.key ssl.crt > ssl.pem

Make sure you move the keys to the directory we made earlier.This part is essential for getting lighttpd to work with ssl. You may already have them in the right spot, but just to be sure you can always go to "/etc/lighttpd/ssl" and type "ls" to be sure. Run the following commands to move the files if they're not there already:

mv ssl.key /etc/lighttpd/ssl/
mv ssl.crt /etc/lighttpd/ssl/

Step 2: Configuring Lighttpd Now we need to setup the Lighttpd config file to accept SSL connections. Edit the file /etc/lighttpd/lighttpd.conf. Use your favorite text editor.

Scroll to the bottom of the file, and add the following lines:

$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl/ssl.pem"
ssl.ca-file = "/etc/lighttpd/ssl/ssl.crt"
server.name = "example.com"
server.document-root = "/sites/vhosts/example.com/public"
server.errorlog = "/var/log/lighttpd/example.error.log"
accesslog.filename = "/var/log/lighttpd/example.access.log"
}

Configure the above to fit your custom needs.

Step 3: Test and restart lighttpd

Now, test the config file for lighttpd by typing the command:

lighttpd -t -f /etc/lighttpd/lighttpd.conf

If you see the text"Syntax OK", then lighttpd is ready to go. If you did not see this message, please re-read the tutorial and make sure that everything was copied correctly. Now all you have to do is restart lighttpd, just type:

service lighttpd restart

Congratulations! You can now visit your newly encrypted site!

  • No labels