一,为什么要使用lighttpd?
apache不可以吗?
在支持纯静态的对象时,比如图片,文件等 ,
lighttpd速度更快,更理想
至于它和apache的比较,很多文档,大家可以google一下
二,从何处下载lighttpd?
http://www.lighttpd.net/download/
这个是它的官方站
三,如何安装?
1,编译安装
./configure --prefix=/usr/local/lighttpd
make
make install
configure完毕以后,会给出一个激活的模块和没有激活模块的清单,可以检查一下,是否自己需要的模块都已经激活,在enable的模块中一定要有“mod_rewrite”这一项,否则重新检查pcre是否安装。
2,编译后配置
cp doc/sysconfig.lighttpd /etc/sysconfig/lighttpd
mkdir /etc/lighttpd
cp doc/lighttpd.conf /etc/lighttpd/lighttpd.conf
如果你的Linux是RedHat/CentOS,那么:
cp doc/rc.lighttpd.redhat /etc/init.d/lighttpd
如果你的Linux是SuSE,那么:
cp doc/rc.lighttpd /etc/init.d/lighttpd
其他Linux发行版本可以自行参考该文件内容进行修改。
然后修改/etc/init.d/lighttpd,把
LIGHTTPD_BIN=/usr/sbin/lighttpd
改为
LIGHTTPD_BIN=/usr/local/lighttpd/sbin/lighttpd
此脚本用来控制lighttpd的启动关闭和重起:
/etc/init.d/lighttpd start
/etc/init.d/lighttpd stop
/etc/init.d/lighttpd restart
3,配置
修改/etc/lighttpd/lighttpd.conf
1)server.modules
取消需要用到模块的注释,mod_rewrite,mod_access,mod_fastcgi,mod_simple_vhost,mod_cgi, mod_compress,mod_accesslog是一般需要用到的。
我们放开 "mod_rewrite"
"mod_compress",
2)server.document-root, server.error-log,accesslog.filename需要指定相应的目录
server.document-root = "/www/phc/html/"
mkdir /usr/local/lighttpd/logs
chmod 777 /usr/local/lighttpd/logs/
touch /usr/local/lighttpd/logs/error.log
chmod 777 /usr/local/lighttpd/logs/error.log
server.errorlog = "/usr/local/lighttpd/logs/error.log"
accesslog.filename = "|/usr/sbin/cronolog /usr/local/lighttpd/logs/%Y/%m/%d/accesslog.log"
3)用什么权限来运行lighttpd
server.username = "nobody"
server.groupname = "nobody"
从安全角度来说,不建议用root权限运行web server,可以自行指定普通用户权限。
4)静态文件压缩
mkdir /usr/local/lighttpd/compress
chmod 777 /usr/local/lighttpd/compress/
compress.cache-dir = "/usr/local/lighttpd/compress/"
compress.filetype = ("text/plain", "text/html","text/javascript","text/css")
可以指定某些静态资源类型使用压缩方式传输,节省带宽,
对于大量AJAX应用来说,可以极大提高页面加载速度。
5)server.port = 81
6)#$HTTP["url"] =~ ".pdf$" {
131 # server.range-requests = "disable"
132 #}
4,优化
1 最大连接数
默认是1024
修改 server.max-fds,大流量网站推荐2048.
因为lighttpd基于线程,而apache(MPM-prefork)基于子进程,
所以apache需要设置startservers,maxclients等,这里不需要
2 stat() 缓存
stat() 这样的系统调用,开销也是相当明显的.
缓存能够节约时间和环境切换次数(context switches)
一句话,lighttpd.conf加上
server.stat-cache-engine = “fam”
lighttpd还另外提供simple(缓存1秒内的stat()),disabled选项.
相信没人会选disabled吧.
3 常连接(HTTP Keep-Alive)
一般来说,一个系统能够打开的文件个数是有限制的(文件描述符限制)
常连接占用文件描述符,对非并发的访问没有什么意义.
(文件描述符的数量和许多原因有关,比如日志文件数量,并发数目等)
这是lighttpd在keep-alive方面的默认值.
server.max-keep-alive-requests = 128
server.max-keep-alive-idle = 30
换言之,lighttpd最多可以同时承受30秒长的常连接,每个连接最多请求128个文件.
但这个默认值确实不适合非并发这种多数情况.
lighttpd.conf 中减小
server.max-keep-alive-requests
server.max-keep-alive-idle
两个值,可以减缓这种现象.
甚至可以关闭lighttpd keep-alive.
server.max-keep-alive-requests = 0
4 事件处理
对于linux kernel 2.6来说,没有别的可说
lighttpd.conf中加上这一句足矣
server.event-handler = “linux-sysepoll”
另外,
linux 2.4 使用 linux-rtsig
freebsd 使用 freebsd-kqueue
unix 使用 poll
5 网络处理
lighttpd 大量使用了 sendfile() 这样一个高效的系统调用.
减少了从应用程序到网卡间的距离.
(同时也减少了lighttpd对cpu的占用,这部分占用转嫁到内核身上了)
根据平台,可以设置不同的参数.
server.network-backend = “linux-sendfile”
(linux)
freebsd: freebsd-sendfile
unix: writev
如果有兴趣的话,也可以看看lighttpd在async io(aio)上的实现,仅限 lighttpd 1.5
(linux-aio-sendfile, posix-aio, gthread-aio)
此外,网络方面,核心的参数也需要适当进行修改,
这里就不需要详细说明了.
5,启动
6,配置日志
logrotate & cronolog
logrotate很粗暴,直接把进程砍了然后移动日志
cronolog就是比较不错的方式.
lighttpd用法:
accesslog.filename = " |/usr/sbin/cronolog /var/log/lighttpd/%Y/%m/%d/access_XXXX.log"
7,安装pcre
从何处下载?
http://www.pcre.org/
wget
ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.4.tar.bz2
安装过程:
./configure
make clean
make
make install
8,支持fam
gamin默认已安装了此包
yum install gamin-devel
另外配置时需添加:
./configure --prefix=/usr/local/lighttpd --with-fam
9,测试lighttpd的启动:
/usr/local/lighttpd/sbin/lighttpd -f /usr/local/lighttpd/etc/lighttpd.conf
10,防止盗链
#$HTTP["referer"] !~ "^($|http://.*.(chinafotopress.com|chinafotopress.cn))" {
# $HTTP["url"] =~ ".(jpg|jpeg|png|gif|rar|zip|mp3)$" {
# #url.redirect = (".*" => "
http://www.baidu.com/
")
# url.access-deny = (".jpg")
# }
#}
#$HTTP["referer"] == "" {
# $HTTP["url"] =~ ".(jpg|jpeg|png|gif|rar|zip|mp3)$" {
# #url.redirect = (".*" => "
http://www.baidu.com/
")
# url.access-deny = (".jpg")
# }
#}
日志处理
Sometimes, Google Analytics just isn't enough when it comes to
keeping and interpreting server stats. After finding a suitable log
file analyzer, AWStats, the next step involved separating out the log
files on a per domain basis. When the server was first set up,
everything was shuttled to one set of access and error log files. While
AWStats could technically analyze this log, the suggested set up
involves having one set per domain. This article details the process of
separating out the log files and making sure that these new files get
rotated correctly.
Create Log Directories
While it would be possible to keep all of the files in one directory
and to just name them relative to the domain, for this tutorial we will
assume that we will create subdirectories based on the domain name. The
first step would be to create a directory for each domain.
sudo -u www-data mkdir /var/log/lighttpd/www.example1.com
sudo -u www-data mkdir /var/log/lighttpd/www.example2.com
Update lighttpd.conf
After creating the directories, it's time to update the lighttpd
conf file in /etc/lighttpd. We'll want to set the log files by host
name. We already had directives setting the server.document-root for
these domains so we only added the bolded lines.
$HTTP["host"] =~ "(^|\.)example1.com"$" {
server.document-root = "/var/www/www.example1.com",
server.errorlog = "/var/log/lighttpd/www.example1.com/error.log",
accesslog.filename = "/var/log/lighttpd/www.example1.com/access.log",
}
$HTTP["host"] =~ "(^|\.)example2.com$" {
server.document-root = "/var/www/www.example2.com",
server.errorlog = "/var/log/lighttpd/www.example2.com/error.log",
accesslog.filename = "/var/log/lighttpd/www.example2.com/access.log",
}
After adding these directives, you will need to restart the server.
sudo /etc/init.d/lighttpd restart
Update Logrotate
Finally, we will want logrotate to rotate these new directories.
Since our main goal is to integrate the logs with AWStats, it made
sense to add a separate entry for each log directory. However, if you
don't need call different scripts for the different domains, feel free
to create one directive. We just copied the existing logrotate
configuration and editted it for each of the domains. Below are
examples of what this might look like.
/var/log/lighttpd/*.log {
daily
missingok
copytruncate
rotate 60
compress
notifempty
sharedscripts
postrotate
if [ -f /var/run/lighttpd.pid ]; then \
kill -HUP $(
fi;
endscript
}
/var/log/lighttpd/www.example1.com/*.log {
daily
missingok
copytruncate
rotate 60
compress
notifempty
sharedscripts
postrotate
if [ -f /var/run/lighttpd.pid ]; then \
kill -HUP $(
fi;
endscript
}
/var/log/lighttpd/www.example2.com/*.log {
daily
missingok
copytruncate
rotate 60
compress
notifempty
sharedscripts
postrotate
if [ -f /var/run/lighttpd.pid ]; then \
kill -HUP $(
fi;
endscript
}
To make just one configuration entry, it would look like this:
"/var/log/lighttpd/*.log" "/var/log/lighttpd/www.example1.com/*.log" "/var/log/lighttpd/www.example2.com/*.log" {
daily
missingok
copytruncate
rotate 60
compress
notifempty
sharedscripts
postrotate
if [ -f /var/run/lighttpd.pid ]; then \
kill -HUP $(
fi;
endscript
}
Sources
* Lighttpd rotating log files with logrotate tool
* Howto: Lighttpd web server setting up virtual hosting
Trackback URL for this post:
http://tracy.hurleyit.com/trackback/1140
lighttpd虚拟主机配置
$HTTP["host"] == "bbs.xxx.com" {
server.name = "bbs.xxx.com"
server.document-root = "/var/www/bbs"
server.errorlog = "/var/www/bbs/error.log"
accesslog.filename = "/var/www/bbs/access.log"
}
else
lighttpd.conf解释
server.use-ipv6 = "disable" # 缺省为禁用
server.event-handler = "linux-sysepoll" # Linux环境下epoll系统调用可提高吞吐量
#server.max-worker = 10 # 如果你的系统资源没跑满,可考虑调高 lighttpd进程数
server.max-fds = 4096 # 默认的,应该够用了,可根据实际情况调整
server.max-connections = 4096 # 默认等于 server.max-fds
server.network-backend = "linux-sendfile"
server.max-keep-alive-requests = 0 # 在一个keep-alive会话终止连接前能接受处理的最大请求数。0为禁止
# 设置要加载的module
server.modules = (
"mod_rewrite",
"mod_redirect",
# "mod_alias",
"mod_access",
# "mod_cml",
# "mod_trigger_b4_dl",
"mod_auth",
"mod_expire",
# "mod_status",
# "mod_setenv",
"mod_proxy_core",
"mod_proxy_backend_http",
"mod_proxy_backend_fastcgi",
# "mod_proxy_backend_scgi",
# "mod_proxy_backend_ajp13",
# "mod_simple_vhost",
"mod_evhost",
# "mod_userdir",
# "mod_cgi",
"mod_compress",
# "mod_ssi",
# "mod_usertrack",
# "mod_secdownload",
# "mod_rrdtool",
"mod_accesslog" )
# 网站根目录
server.document-root = "/var/www/"
# 错误日志位置
server.errorlog = "/var/log/lighttpd/error.log"
# 网站Index
index-file.names = ( "index.php", "index.html",
"index.htm", "default.htm" )
# 访问日志, 以及日志格式 (combined), 使用X-Forwarded-For可越过代理读取真实ip
accesslog.filename = "/var/log/lighttpd/access.log"
accesslog.format = "%{X-Forwarded-For}i %v %u %t \"%r\" %s %b \"%{User-Agent}i\" \"%{Referer}i\""
# 设置禁止访问的文件扩展名
url.access-deny = ( "~", ".inc", ".tpl" )
# 服务监听端口
server.port = 80
# 进程id记录位置
server.pid-file = "/var/run/lighttpd.pid"
# virtual directory listings 如果没有找到index文件就列出目录。建议disable。
dir-listing.activate = "disable"
# 服务运行使用的用户及用户组
server.username = "www"
server.groupname = "www"
# gzip压缩存放的目录以及需要压缩的文件类型
compress.cache-dir = "/tmp/lighttpd/cache/compress/"
compress.filetype = ("text/plain", "text/html")
# fastcgi module
# for PHP don't forget to set cgi.fix_pathinfo = 1 in the php.ini
$HTTP["url"] =~ "\.php$" {
proxy-core.balancer = "round-robin"
proxy-core.allow-x-sendfile = "enable"
# proxy-core.check-local = "enable"
proxy-core.protocol = "fastcgi"
proxy-core.backends = ( "unix:/tmp/php-fastcgi1.sock","unix:/tmp/php-fastcgi2.sock" )
proxy-core.max-pool-size = 16
}
# 权限控制
auth.backend = "htpasswd"
auth.backend.htpasswd.userfile = "/var/www/htpasswd.userfile"
# 基于 evhost 的虚拟主机 针对域名
$HTTP["host"] == "a.lostk.com" {
server.document-root = "/var/www/lostk/"
server.errorlog = "/var/log/lighttpd/lostk-error.log"
accesslog.filename = "/var/log/lighttpd/lostk-access.log"
# 设定文件过期时间
expire.url = (
"/css/" => "access 2 hours",
"/js/" => "access 2 hours",
)
# url 跳转
url.redirect = (
"^/$" => "/xxx/index.html",
)
# url 重写 (cakephp可用)
url.rewrite = (
"^/(css|js)/(.*)$" => "/$1/$2",
"^/([^.]+)$" => "/index.php?url=$1",
)
# 权限控制
auth.require = ( "" =>
(
"method" => "basic",
"realm" => "admin only",
"require" => "user=admin1|user=admin2" # 允许的用户, 用户列表文件 在上面配置的auth.backend.htpasswd.userfile 里
),
)
}
# 针对端口的虚拟主机
$SERVER["socket"] == "192.168.0.1:8000" {
server.document-root = "/var/www/xxx/"
server.errorlog = "/var/log/lighttpd/test-error.log"
accesslog.filename = "/var/log/lighttpd/test-access.log"
# ...
}
------------------------------------------------------------------------------------------------------------------------------------------------------------
另一篇
Linux系统下Lighttpd的安装配置
lighttpd(http://lighttpd.net/)和apache一样是开源的,与apache相比,虽然功能不及apache完善,稳定性也不如apache,但是,不管是服务静态页面,还是服务动态内容(CGI,PHP),它都比apache快,用于ad banner之类的WEB服务器是最恰当不过了。
本文从应用的角度,说明如何安装、配置lighttpd。
(1) 安装
可从http://lighttpd.net/download/下载最新的源码(.tar.gz)或者rpm包。如果下载的是.tar.gz文件,则和GNU的其他软件一样,先./configure一下,然后 make && make install就搞定了。但是如果你想定制一些功能,就得好好看看解压后README, INSTALL以及./configure --help的输出结果了。这里仅仅说一下如何从源码安装,其他安装方式可参考 http://trac.lighttpd.net/trac/wiki/TutorialInstallation。
$ gzip -cd lighttpd-1.4.9.tar.gz tar xf -
...
$ cd lighttpd-1.4.9
$ ./configure --help
`configure' configures lighttpd 1.4.9 to adapt to many kinds of systems.
Usage: ./configure [OPTION]... [VAR=VALUE]...
To assign environment variables (e.g., CC, CFLAGS...), specify them as
VAR=VALUE. See below for descriptions of some of the useful variables.
Defaults for the options are specified in brackets.
Configuration:
...
Installation directories:
--prefix=PREFIX install architecture-independent files in PREFIX
[/usr/local]
--exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
[PREFIX]
By default, `make install' will install all the files in
`/usr/local/bin', `/usr/local/lib' etc. You can specify
an installation prefix other than `/usr/local' using `--prefix',
for instance `--prefix=$HOME'.
For better control, use the options below.
Fine tuning of the installation directories:
...
Program names:
...
System types:
...
Optional Features:
--disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
--enable-FEATURE[=ARG] include FEATURE [ARG=yes]
--enable-maintainer-mode enable make rules and dependencies not useful
(and sometimes confusing) to the casual installer
--disable-dependency-tracking speeds up one-time build
--enable-dependency-tracking do not reject slow dependency extractors
--enable-static[=PKGS]
build static libraries [default=no]
--enable-shared[=PKGS]
build shared libraries [default=yes]
--enable-fast-install[=PKGS]
optimize for fast installation [default=yes]
--disable-libtool-lock avoid locking (might break parallel builds)
--enable-lfs Turn on Large File System (default)
--disable-ipv6 disable IPv6 support
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--with-gnu-ld assume the C compiler uses GNU ld [default=no]
--with-pic try to use only PIC/non-PIC objects [default=use
both]
--with-tags[=TAGS]
include additional configurations [automatic]
--with-mysql[=PATH]
Include MySQL support. PATH is the path to
'mysql_config'
--with-ldap enable LDAP support
--with-attr enable extended attribute support
--with-valgrind enable internal support for valgrind
--with-openssl[=DIR]
Include openssl support (default no)
--with-openssl-includes=DIR
OpenSSL includes
--with-openssl-libs=DIR OpenSSL libraries
--with-kerberos5 use Kerberos5 support with OpenSSL
--with-pcre Enable pcre support (default yes)
--with-bzip2 Enable bzip2 support for mod_compress
--with-fam fam/gamin for reducing number of stat() calls
--with-webdav-props properties in mod_webdav
--with-gdbm gdbm storage for mod_trigger_b4_dl
--with-memcache memcached storage for mod_trigger_b4_dl
--with-lua lua engine for mod_cml
Some influential environment variables:
...
如上所述,可通过--prefix指定安装路径,默认安装在/usr/local下。可以指定启用哪些特征(插件),禁用哪些特征(插件)。假定我们要把lighttpd安装到/usr/local/lighttpd-1.4.9下面。
$ ./configure --prefix=/usr/local/lighttpd-1.4.9
$ make
$ make install
$ cp doc/lighttpd.conf /usr/local/lighttpd-1.4.9/ # 拷贝配置文件
$ cd /usr/local/lighttpd-1.4.9
$ vi lighttpd.conf # 修改配置文件
配置文件很直观明了,一般只要把server.document-root、server.errorlog、accesslog.filename改成你的实际目录和文件名字就可以了。
$ sbin/lighttpd -f lighttpd.conf # 启动lighttpd服务
$ ps aux grep lighttpd
www 15403 0.0 0.9 2860 1148 ? S 00:15 0:00 sbin/lighttpd -f
这就完成了从安装到启动的整个过程,很简单吧。从最后一行的输出可以看出,lighttpd是单进程服务的,这和apache不一样(也许是它的稳定性不如apache的一个原因)。
(2) 整合php和fastcgi
以php-4.3.11为例,编译PHP的时候,不能指定 --with-apxs选项,编译命令行大致如下:
$ ./configure ... --enable-force-cgi-redirect --enable-fastcgi
$ make
$ sapi/cgi/php -v
PHP 4.3.11 (cgi-fcgi) (built: Jan 30 2006 00:12:34)
Copyright (c) 1997-2004 The PHP Group
Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies
make完了后,会在sapi/cli目录生成命令行下的php程序,sapi/cgi下生成fastcgi下的php程序。如果执行sapi/cgi下的php显示版本号,你会发现有 cgi-fcgi的说明,这就表明你成功了。
$ mkdir /usr/local/lighttpd-1.4.9/fcgi
$ cp sapi/cgi/php /usr/local/lighttpd-1.4.9/fcgi/
$ vi /usr/local/lighttpd-1.4.9/lighttpd.conf
我们建立一个子目录fcgi用来保存所有的fast-cgi程序,然后把php拷贝到该目录下。编辑lighttpd.conf,如下所示:
...
server.modules = (
...
"mod_fastcgi",
...)
...
fastcgi.server = (".php" =>
( "127.0.0.1" =>
(
"socket" => "/tmp/fcgi_php.sock",
"bin-path" => "/usr/local/lighttpd-1.4.9/fcgi/php"
)
)
)
重新启动lighttpd就可以了。Lighttpd和fastcgi通信有两种方式:通过Unix socket通信,如以上PHP的启动;通过TCP/IP socket通信。Lighttpd支持基于fastcgi的负载均衡,不过我没尝试过。
关于fastcgi的协议规范,请参考http://www.fastcgi.com/,以下是我自己写的一个fastcgi的配置样例:
fastcgi.server = ( "/fastcgi/adsim" =>
( "127.0.0.1" =>
(
"host" => "127.0.0.1",
"port" => 4000,
"bin-path" => "/usr/local/lighttpd-1.4.9/fcgi/adsim",
"check-local" => "disable"
)
)
check-local必须设置为disable,否则因为找不到/fastcgi/adsim会导致请求失败。
(3) 制作lighttpd启动脚本
每次启动lighttpd时我们要指定配置文件的位置,停止lighttpd时要先找到进程号,然后用kill发送停止信号,有点太麻烦了。好在lighttpd自带了一个脚本程序能辅助完成这些操作,只要稍微改改就能用了,那就是源码目录doc/rc.lighttpd和doc/rc.lighttpd.redhat,后者专用于RedHat Linux。主要的改动之处在于:
...
if [ -z "$LIGHTTPD_CONF_PATH" ]; then
LIGHTTPD_CONF_PATH="/usr/local/lighttpd-1.4.9/lighttpd.conf"
fi
...
lighttpd="/usr/local/lighttpd-1.4.9/usr/sbin/lighttpd"
...
用这个脚本管理lighttpd是不是方便多了。
(4) Lighttpd和OpenSSL
Lighttpd默认不编译ssl模块,所以必须在编译的时候明确指定 --with-openssl,然后再生成自签署的服务器证书或者从CA那里获取。生成自签署证书的方法如下:
$ openssl req -new -x509 -keyout server.pem \
-out server.pem -days 365 -nodes
Lighttpd要求证书和私匙保存在同一个文件里,如果是分开的,则需要合并:
$ cat host.key host.crt > host.pem
配置lighttpd.conf,大致样子如下:
ssl.engine = "enable"
ssl.pemfile = "server.pem"
你可以针对某个虚拟主机做这样的设置,但是由于SSL工作在TCP层,所以不能设置基于名称的虚拟主机,只能设置基于端口的。 以下是一个配置样例:
$SERVER["socket"] == "192.168.146.128:443" {
ssl.engine = "enable"
ssl.pemfile = "/usr/local/lighttpd/certs/server.pem"
server.document-root = "/home/www/wfs/www"
}
(5) 配置目录列表
修改 lighttpd.conf,大致如下所示:
server.module = {
...
"mod_dirlisting",
...}
dir-listing.activate = "enable"
(6) 配置CGI
修改lighttpd.conf,首先需要启动mod_cgi,然后在static-file.exclude-extensions中指定cgi文件的扩展名,最后通过cgi.assign配置指令进行关联。
对于带扩展名且需要特定解析程序执行的CGI,可以指定解析程序的路径,比如:
cgi.assign = ( ".pl" => "/usr/bin/perl",
".cgi" => "/usr/bin/perl" )
对于带扩展名切不需要特定解析程序就能执行的CGI,可指定解析程序为空,比如:
cgi.assign = (".cgi" => "")
对于不带扩展名的CGI程序,只能通过固定路径存取了,比如:
cgi.assgin = ( "/cgi-bin/mycgi" => "/usr/local/cgi/mycgi )
(7) 配置虚拟主机
配置基于端口的虚拟主机上文有所描述,基于名称的虚拟主机也很简单。修改lighttpd.conf,启动模块mod_simple_vhost,然后指定你的虚拟主机信息,比如:
$HTTP["host"] == "news.example.org" {
server.document-root = "/var/www/servers/news2.example.org/pages/"
}
Lighttpd注重于速度,而Apache注重于稳定性和功能,怎么选择还得看具体的应用。