Installing lighttpd+ldap

From Fyzix
Jump to: navigation, search

Reference: http://doc.owncloud.org/server/5.0/admin_manual/installation/installation_others.html

This will install lighttpd with php5 and a lot of other useful features.

Prerequisites

Dependencies: lighttpd, lighttpd-mod-fastcgi, php5-cgi, php5-zip and php5-gd

apt-get  install -y build-essential pkg-config libcurl4-openssl-dev  libsigc++-2.0-dev libncurses5-dev lighttpd nano screen 

apt-get install -y subversion libterm-readline-gnu-perl php5-cgi apache2-utils libtool automake openssl 

apt-get install -y libcurl4-openssl-dev libssl-dev php5 libcurl3 php5-cgi php5-cli php5-common php5-curl php5-dev 

apt-get install -y php5-cgi php5-cli php5-common php5-gd php-xml-parser php5-intl php5-sqlite php5-mysql smbclient 

apt-get install -y php5-geoip php5-sqlite php5-xmlrpc curl 

apt-get install -y libcurl4-openssl-dev libssl-dev libapache2-mod-fcgid spawn-fcgi psmisc

lighttpd-enable-mod fastcgi fastcgi-php

Make sure apache2 is uninstalled with prejudice.

service apache2 stop
apt-get remove --purge apache2
update-rc.d -f apache2 remove
rm /etc/init.d/apache2

Start lighttpd service

service lighttpd restart

Configuration

Copy and paste into console

if [ -e /etc/lighttpd/conf-available/10-fastcgi-php5.conf ]; then
/usr/sbin/lighty-enable-mod fastcgi-php5
else
/usr/sbin/lighty-enable-mod fastcgi
fi

Force reload lighttpd

/etc/init.d/lighttpd force-reload

SSL

Create SSL certificates.

mkdir /etc/lighttpd/certs
cd /etc/lighttpd/certs
openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout lighttpd.pem -out lighttpd.pem

Fill in the proper information.

Next modify lighttpd.conf one last time to use SSL.

Paste the following code into lighttpd.conf.

$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/certs/lighttpd.pem"
}

Reload the lighttpd daemon

/etc/init.d/lighttpd force-reload

lighttpd.conf (with ldap)

Here is a finished lighttpd.conf with LDAP commented out.

# Debian lighttpd configuration file
#

############ Options you really have to take care of ####################

## modules to load
# mod_access, mod_accesslog and mod_alias are loaded by default
# all other module should only be loaded if neccesary
# - saves some time
# - saves memory

server.modules = (
        "mod_access",
        "mod_alias",
        "mod_compress",
        "mod_redirect",
        "mod_auth",
#       "mod_rewrite",
)
server.modules += ( "mod_scgi" )
scgi.server = (
"/RPC2" =>
( "127.0.0.1" =>
(
"socket" => "/tmp/rpc.socket",
"check-local" => "disable",
"disable-time" => 0,  # don't disable scgi if connection fails
)
)
)
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/certs/lighttpd.pem"
}
auth.debug = 2
# LDAP or modify for different access system
#auth.backend = "ldap"
#auth.backend.ldap.hostname = "10.1.38.93"
#auth.backend.ldap.base-dn = "dc=fyzix,dc=net"
#auth.backend.ldap.filter = "(uid=$)"
#auth.require               = ( "/access/" =>
#                               (
#                                 "method"  => "basic",
#                                 "realm"   => "Authorized users only",
#                                 "require" => "valid-user"
#                               )
#
#                        )
## a static document-root, for virtual-hosting take look at the
## server.virtual-* options
server.document-root       = "/var/www/"

## where to upload files to, purged daily.
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )

## where to send error-messages to
server.errorlog            = "/var/log/lighttpd/error.log"

## files to check for if .../ is requested
index-file.names           = ( "index.php", "index.html",
                               "index.htm", "default.htm",
                               "index.lighttpd.html" )


## Use the "Content-Type" extended attribute to obtain mime type if possible
# mimetype.use-xattr = "enable"

#### accesslog module
accesslog.filename         = "/var/log/lighttpd/access.log"

## deny access the file-extensions
#
# ~    is for backupfiles from vi, emacs, joe, ...
# .inc is often used for code includes which should in general not be part
#      of the document-root
url.access-deny            = ( "~", ".inc" )

##
# which extensions should not be handle via static-file transfer
#
# .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )


######### Options that are good to be but not neccesary to be changed #######

## Use ipv6 only if available.
#include_shell "/usr/share/lighttpd/use-ipv6.pl"

## bind to port (default: 80)
server.port               = 80

## bind to localhost only (default: all interfaces)
## server.bind                = "localhost"

## error-handler for status 404
server.error-handler-404  = "/missing.html"
#server.error-handler-404  = "/error-handler.html"
#server.error-handler-404  = "/error-handler.php"

## to help the rc.scripts
server.pid-file            = "/var/run/lighttpd.pid"

##
## Format: <errorfile-prefix><status>.html
## -> ..../status-404.html for 'File not found'
#server.errorfile-prefix    = "/var/www/"

## virtual directory listings
dir-listing.encoding        = "utf-8"
server.dir-listing          = "enable"

## send unhandled HTTP-header headers to error-log
#debug.dump-unknown-headers  = "enable"

### only root can use these options
#
# chroot() to directory (default: no chroot() )
#server.chroot            = "/"

## change uid to <uid> (default: don't care)
server.username            = "www-data"

## change uid to <uid> (default: don't care)
server.groupname           = "www-data"

#### compress module
compress.cache-dir          = "/var/cache/lighttpd/compress/"
compress.filetype           = ("text/plain", "text/html", "application/x-javascript", "text/css")


#### url handling modules (rewrite, redirect, access)
# url.rewrite                 = ( "^/$"             => "/server-status" )
# url.redirect                = ( "^/wishlist/(.+)" => "http://www.123.org/$1" )

#
# define a pattern for the host url finding
# %% => % sign
# %0 => domain name + tld
# %1 => tld
# %2 => domain name without tld
# %3 => subdomain 1 name
# %4 => subdomain 2 name
#
# evhost.path-pattern = "/home/storage/dev/www/%3/htdocs/"

#### expire module
# expire.url                  = ( "/buggy/" => "access 2 hours", "/asdhas/" => "access plus 1 seconds 2 minutes")

#### rrdtool
# rrdtool.binary = "/usr/bin/rrdtool"
# rrdtool.db-name = "/var/www/lighttpd.rrd"

#### variable usage:
## variable name without "." is auto prefixed by "var." and becomes "var.bar"
#bar = 1
#var.mystring = "foo"

## integer add
#bar += 1
## string concat, with integer cast as string, result: "www.foo1.com"
#server.name = "www." + mystring + var.bar + ".com"
## array merge
#index-file.names = (foo + ".php") + index-file.names
#index-file.names += (foo + ".php")


#### external configuration files
## mimetype mapping
include_shell "/usr/share/lighttpd/create-mime.assign.pl"

## load enabled configuration files,
## read /etc/lighttpd/conf-available/README first
include_shell "/usr/share/lighttpd/include-conf-enabled.pl"

#### handle Debian Policy Manual, Section 11.5. urls
## by default allow them only from localhost
## (This must come last due to #445459)
## Note: =~ "127.0.0.1" works with ipv6 enabled, whereas == "127.0.0.1" doesn't
$HTTP["remoteip"] =~ "127.0.0.1" {
        alias.url += (
                "/doc/" => "/usr/share/doc/",
                "/images/" => "/usr/share/images/"
        )
        $HTTP["url"] =~ "^/doc/|^/images/" {
                dir-listing.activate = "enable"
        }
}

htdigest example

To create users

htdigest -c /etc/lighttpd/.auth 'Authorized users only' fyzix

Placed in /etc/lighttpd/lighttpd.conf

server.modules += ( "mod_auth" )
auth.backend = "htdigest"
auth.backend.htdigest.userfile = "/etc/lighttpd/.auth"
auth.debug = 2

auth.require               = ( "/equinox/" =>
                               (
                                 "method"  => "digest",
                                 "realm"   => "Authorized users only",
                                 "require" => "valid-user"
                               ),
                              "/fyzix/" =>
                               (
                                 "method"  => "digest",
                                 "realm"   => "Music Torrents",
                                 "require" => "valid-user"
                               ),
                               "/closed_files/" =>
                               (
                                 "method"  => "digest",
                                 "realm"   => "Closed Files",
                                 "require" => "valid-user"
                               ),
                               "/portal/" =>
                               (
                                 "method"  => "digest",
                                 "realm"   => "webdav",
                                 "require" => "valid-user"
                               ),
                               "/backup/" =>
                               (
                                 "method"  => "digest",
                                 "realm"   => "Backup",
                                 "require" => "valid-user"
                               )

                        )