ラズパイでLighttpd

ラズパイにHTTPサーバを導入するならLighttpdがお薦め。

$ sudo apt install lighttpd

たったこれだけで導入完了。

設定ファイル等は

$ tree /etc/lighttpd/
/etc/lighttpd/
├── conf-available
│   ├── 05-auth.conf
│   ├── 05-setenv.conf
│   ├── 10-accesslog.conf
│   ├── 10-cgi.conf
│   ├── 10-dir-listing.conf
│   ├── 10-evasive.conf
│   ├── 10-evhost.conf
│   ├── 10-expire.conf
│   ├── 10-fastcgi.conf
│   ├── 10-flv-streaming.conf
│   ├── 10-no-www.conf
│   ├── 10-proxy.conf
│   ├── 10-rewrite.conf
│   ├── 10-rrdtool.conf
│   ├── 10-simple-vhost.conf
│   ├── 10-sockproxy.conf
│   ├── 10-ssi.conf
│   ├── 10-ssl.conf
│   ├── 10-status.conf
│   ├── 10-userdir.conf
│   ├── 10-usertrack.conf
│   ├── 11-extforward.conf
│   ├── 15-fastcgi-php.conf
│   ├── 15-fastcgi-php-fpm.conf
│   ├── 20-deflate.conf
│   ├── 90-debian-doc.conf
│   ├── 99-unconfigured.conf
│   └── README
├── conf-enabled
│   └── 99-unconfigured.conf -> ../conf-available/99-unconfigured.conf
└── lighttpd.conf

というような構成になっている。

メインの設定は

$ cat /etc/lighttpd/lighttpd.conf
server.modules = (
        "mod_indexfile",
        "mod_access",
        "mod_alias",
        "mod_redirect",
)

server.document-root        = "/var/www/html"
server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
server.errorlog             = "/var/log/lighttpd/error.log"
server.pid-file             = "/run/lighttpd.pid"
server.username             = "www-data"
server.groupname            = "www-data"
server.port                 = 80

# features
#https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_feature-flagsDetails
server.feature-flags       += ("server.h2proto" => "enable")
server.feature-flags       += ("server.h2c"     => "enable")
server.feature-flags       += ("server.graceful-shutdown-timeout" => 5)
#server.feature-flags       += ("server.graceful-restart-bg" => "enable")

# strict parsing and normalization of URL for consistency and security
# https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails
# (might need to explicitly set "url-path-2f-decode" = "disable"
#  if a specific application is encoding URLs inside url-path)
server.http-parseopts = (
  "header-strict"           => "enable",# default
  "host-strict"             => "enable",# default
  "host-normalize"          => "enable",# default
  "url-normalize-unreserved"=> "enable",# recommended highly
  "url-normalize-required"  => "enable",# recommended
  "url-ctrls-reject"        => "enable",# recommended
  "url-path-2f-decode"      => "enable",# recommended highly (unless breaks app)
 #"url-path-2f-reject"      => "enable",
  "url-path-dotseg-remove"  => "enable",# recommended highly (unless breaks app)
 #"url-path-dotseg-reject"  => "enable",
 #"url-query-20-plus"       => "enable",# consistency in query string
)

index-file.names            = ( "index.php", "index.html" )
url.access-deny             = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.conf.pl"
include "/etc/lighttpd/conf-enabled/*.conf"

#server.compat-module-load   = "disable"
server.modules += (
        "mod_dirlisting",
        "mod_staticfile",
)

と非常に少なめでシンプル。 細かい設定等はWikiを参考に。

CGIを有効にする

もし、CGIを利用したいなら

$ sudo lighttpd-enable-mod cgi

CGIの設定は、下記のファイルになる。

$ cat /etc/lighttpd/conf-available/10-cgi.conf
# /usr/share/doc/lighttpd/cgi.txt

server.modules += ( "mod_cgi" )

$HTTP["url"] =~ "^/cgi-bin/" {
        cgi.assign = ( "" => "" )
        alias.url += ( "/cgi-bin/" => "/usr/lib/cgi-bin/" )
}

## Warning this represents a security risk, as it allow to execute any file
## with a .pl/.py even outside of /usr/lib/cgi-bin.
#
#cgi.assign      = (
#       ".pl"  => "/usr/bin/perl",
#       ".py"  => "/usr/bin/python",
#)

当然、これをこのまま動かしてもダメ。
cgi.assign に有効にしたい拡張子とコマンドを設定する。

# /usr/share/doc/lighttpd/cgi.txt

server.modules += ( "mod_cgi" )

$HTTP["url"] =~ "^/cgi-bin/" {
	cgi.assign = ( ".py" => "/usr/bin/python" )
	alias.url += ( "/cgi-bin/" => "/usr/lib/cgi-bin/" )
}

## Warning this represents a security risk, as it allow to execute any file
## with a .pl/.py even outside of /usr/lib/cgi-bin.
#
#cgi.assign      = (
#	".pl"  => "/usr/bin/perl",
#	".py"  => "/usr/bin/python",
#)

pythonを利用した場合には、上記のように設定する。

あとは、再起動して有効にする。

$ sudo service lighttpd force-reload

FastCGIを有効にする

PHPなどを使用する場合などはFastCGIを有効にすると良い。

$ sudo lighttpd-enable-mod fastcgi
$ sudo lighttpd-enable-mod fastcgi-php

FastCGIの設定は、下記の2つのファイルになる。

$ cat /etc/lighttpd/conf-available/10-fastcgi.conf
# /usr/share/doc/lighttpd/fastcgi.txt.gz
# http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ConfigurationOptions#mod_fastcgi-fastcgi

server.modules += ( "mod_fastcgi" )

それと

$ cat /etc/lighttpd/conf-available/15-fastcgi-php.conf
# -*- depends: fastcgi -*-
# /usr/share/doc/lighttpd/fastcgi.txt.gz
# http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ConfigurationOptions#mod_fastcgi-fastcgi

## Start an FastCGI server for php (needs the php-cgi package)
fastcgi.server += ( ".php" =>
        ((
                "bin-path" => "/usr/bin/php-cgi",
                "socket" => "/run/lighttpd/php.socket",
                "max-procs" => 1,
                "bin-environment" => (
                        "PHP_FCGI_CHILDREN" => "4",
                        "PHP_FCGI_MAX_REQUESTS" => "10000"
                ),
                "bin-copy-environment" => (
                        "PATH", "SHELL", "USER"
                ),
                "broken-scriptfilename" => "enable"
        ))
)

FPMを利用したい場合は、fastcgi-php-fpm を利用(今回は省略)。

あとは、再起動して有効にする。

$ sudo service lighttpd force-reload

あると便利なアクセスログ

あると便利なアクセスログは下記で有効にできる。

$ sudo lighttpd-enable-mod accesslog


※Raspberry PiはRaspberry Pi財団の登録商標です。


トップ   編集 凍結 差分 履歴 添付 複製 名前変更 リロード   新規 一覧 検索 最終更新   ヘルプ   最終更新のRSS
Last-modified: 2022-11-21 (月) 14:24:22