lighttpd⚓
We are (most probably) moving from lighttpd 1.4.26 to nginx. Here are some notes of our setup, for the posterity.
Mass virtual hosting⚓
We were using mod_evhost as an elegant solution to our “mass virtual hosting” problem.
The relevant line of lighttpd.conf
is:
evhost.path-pattern = "/home/vhost/%0/%3/root/"
Hardly simpler.
And we had a directory tree like:
# tree /home/vhost
/home/vhost/
┊
├─ example.com
│ ├─ root -> /home/user1/directory
│ ╰─ www
│ ╰─ root -> /home/user1/directory
├─ example.net
│ ├─ root -> /home/user1/another-directory/web
│ ╰─ www
│ ╰─ root -> /home/user1/another-directory/web
├─ p0d.org
│ ┊
│ ├─ root -> /home/user2/web/p0d.org
│ ├─ user
│ │ ╰─ root -> /home/user2/web/user.p0d.org/www
│ ╰─ www
│ ╰─ root -> ../root
├─ pariscotedazur.com -> pariscotedazur.fr
╰─ pariscotedazur.fr
├─ root -> /home/user3/web/pariscotedazur.fr
╰─ www
╰─ root -> ../root
The base (/home/vhost
) rights were:
chmod 0770
chown vhost:vhost
This enabled all unix users in the “vhost” group to create their directories describing their DNS configuration, and adding a symlink to their document root in any fashion they like.
Jail⚓
Obviously lighttpd was put in a chroot as soon as possible.
That meant to have in lighttpd.conf
:
server.chroot = "/srv/lighttpd/jail"
server.username = "httpd"
server.groupname = "httpd"
server.pid-file = "/srv/lighttpd/lighttpd.pid"
server.upload-dirs = ( "/tmp" )
server.document-root = "/www"
server.errorlog = "/var/log/error.log"
accesslog.filename = "/var/log/access.log"
userdir.path = "www"
userdir.exclude-user = ( "root" )
userdir.basepath = "/home"
The directory tree was:
# mount | grep lighttpd
/lib64 on /srv/lighttpd/jail/lib type none (ro,bind)
/srv/jail/home on /srv/lighttpd/jail/home type none (rw,bind)
/srv/jail/tmp on /srv/lighttpd/jail/tmp type none (rw,bind)
/srv/mysqld/var/run/mysql on /srv/lighttpd/jail/var/run/mysql type none (ro,bind)
/usr/lib64 on /srv/lighttpd/jail/usr/lib type none (ro,bind)
/usr/local/etc on /srv/lighttpd/jail/usr/local/etc type none (ro,bind)
/usr/local/lib64 on /srv/lighttpd/jail/usr/local/lib type none (ro,bind)
roarfs on /srv/lighttpd/jail/etc type fuse.roarfs (rw,allow_other)
roarfs on /srv/lighttpd/jail/usr/local/bin type fuse.roarfs (rw,allow_other)
# tree -d /srv/lighttpd
/srv/lighttpd/
╰─ jail
├─ bin
├─ dev
├─ etc
├─ home
┊ ╰─ ...
├─ lib
├─ lib64 -> lib
├─ tmp
┊ ╰─ ...
├─ usr
┊ ╰─ ...
├─ var
╰─ www
Note
The fuse file system roarfs
is a Read-Only Alterable Replica File
System made by Maz for our needs, it should be made publicly available
soon (a note will be posted on this page).