Ubuntu Reference Guide

part of the WillPowered Inc. network
© 2011 William Hall <5/> - This site uses HTML5

Lighttpd

First install everything by running the following commands.

$ sudo apt-get install lighttpd $ sudo apt-get install mysql-server mysql-client $ sudo apt-get install php5-cgi php5-mysql

You may also want support for IMAP and the GD Image Library so run the following command.

$ sudo apt-get install php5-imap php5-gd

Other PHP packages are:

php5-cli php5-curl php5-idn php-pear php5-imagick php5-mcrypt php5-memcache php5-mhash php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl

Remember that codeigniter encryption works better with mcrypt installed.

Note that the below "disable_functions" disables the bulk of curl.

If you want to be able to email from your PHP and haven't already picked up Postfix, you could use sendmail. You might have to change your hostname to one that resolves in DNS and re run sendmailconfig but sendmailconfig will let you know if anything is wrong. Remember that you can easily use Webmin to change your hostname.

$ sudo apt-get install sendmail && sudo sendmailconfig

Note that you cannot currently install phpmyadmin because it installs apache and thus the two webservers collide. Use webmin to administrate your system and mysql databases easily.

Now we have to combine the lighttpd webserver and the PHP elements.

$ sudo nano /etc/php5/cgi/php.ini

Change the following setting if it is not already.

cgi.fix_pathinfo = 1

Find the disable_function and add the following to safeguard your server from malicious PHP.

disable_functions=exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source

Also make sure the following are set to off to block remote file opening.

allow_url_fopen = Off allow_url_include = Off

Find zlib.output and set the following parameters.

zlib.output_handler = On zlib.output_compression = On zlib.output_compression_level = -1

Turn on PHP short tags (if you absolutely have to) and set date.timezone to Europe/London.

Now that PHP is ready, we have to prep lighttpd.

Enable modules with the following command:

$ sudo lighty-enable-mod <module>

Modules:

accesslog
Tell lighttpd to maintain a log of who accesses the system
expire
Make use of expires headers.
fastcgi
fastcgi-php
Used for PHP
no-www
Gets lighttpd to redirect all www. addresses to their top level counterparts (i.e. removes the www from browsers accessing the server).

Edit the expire module file to include the following (to apply an expires property to a folder and subfolders of static content):

$HTTP["url"] =~ "^/assets/" { expire.url = ( "" => "access plus 1 weeks" ) }

Now we need a few final tweaks to the lighttpd config.

$ sudo nano /etc/lighttpd/lighttpd.conf

Uncomment the compress, rewrite and redirect modules.

Change index.file-names to limit default pages to index.php and index.html (remove the silly .lighttpd.html and .htm entries).

Set server.dir-listing to "disable" to stop any directory listings (you can activate it for individual vhosts if you want).

Check that the username and groupname are www-data.

Set the compress.cache_dir and make sure that directory exists later. Find the lighttpd script in /etc/cron.daily and change the compress line from +30 to +10. This will empty the cache for files older than 10days which is an appropriate amount of time. If this script doesn't exist check this out.

Update the compressed filetypes to include:

Now you have to restart lighttpd.

$ sudo service lighttpd restart

If you want to play around with mysql, then make a backup copy of the mysql configuration so you can tweak it and have a backup.

$ sudo cp /etc/mysql/my.cnf /etc/mysql/my.cnf.orig $ sudo nano /etc/mysql/my.cnf

After "skip-external-locking" and add "skip-locking"

Change the fine tuning values so they look like this:

key_buffer = 16K max_allowed_packet = 1M thread_stack = 64K thread_cache_size = 4 sort_buffer = 64K net_buffer_length = 2K #max_connections = 100 #table_cache = 64 #thread_concurrency = 10

Now restart mysql and you're ready to add files to /var/www

$ sudo service mysql restart
References