lighttpd

We are (most probably) moving from lighttpd 1.4.26 to nginx. Here are some notes of our setup, for the posterity.

Mass virtual hosting

We were using mod_evhost as an elegant solution to our “mass virtual hosting” problem.

The relevant line of lighttpd.conf is:

evhost.path-pattern = "/home/vhost/%0/%3/root/"

Hardly simpler.

And we had a directory tree like:

# tree /home/vhost
/home/vhost/
┊
├─ example.com
│   ├─ root -> /home/user1/directory
│   ╰─ www
│       ╰─ root -> /home/user1/directory
├─ example.net
│   ├─ root -> /home/user1/another-directory/web
│   ╰─ www
│       ╰─ root -> /home/user1/another-directory/web
├─ p0d.org
│   ┊
│   ├─ root -> /home/user2/web/p0d.org
│   ├─ user
│   │   ╰─ root -> /home/user2/web/user.p0d.org/www
│   ╰─ www
│       ╰─ root -> ../root
├─ pariscotedazur.com -> pariscotedazur.fr
╰─ pariscotedazur.fr
    ├─ root -> /home/user3/web/pariscotedazur.fr
    ╰─ www
        ╰─ root -> ../root

The base (/home/vhost) rights were:

chmod 0770
chown vhost:vhost

This enabled all unix users in the “vhost” group to create their directories describing their DNS configuration, and adding a symlink to their document root in any fashion they like.

Jail

Obviously lighttpd was put in a chroot as soon as possible. That meant to have in lighttpd.conf:

server.chroot = "/srv/lighttpd/jail"
server.username = "httpd"
server.groupname = "httpd"
server.pid-file = "/srv/lighttpd/lighttpd.pid"
server.upload-dirs = ( "/tmp" )
server.document-root = "/www"
server.errorlog = "/var/log/error.log"
accesslog.filename = "/var/log/access.log"
userdir.path = "www"
userdir.exclude-user = ( "root" )
userdir.basepath = "/home"

The directory tree was:

# mount | grep lighttpd
/lib64 on /srv/lighttpd/jail/lib type none (ro,bind)
/srv/jail/home on /srv/lighttpd/jail/home type none (rw,bind)
/srv/jail/tmp on /srv/lighttpd/jail/tmp type none (rw,bind)
/srv/mysqld/var/run/mysql on /srv/lighttpd/jail/var/run/mysql type none (ro,bind)
/usr/lib64 on /srv/lighttpd/jail/usr/lib type none (ro,bind)
/usr/local/etc on /srv/lighttpd/jail/usr/local/etc type none (ro,bind)
/usr/local/lib64 on /srv/lighttpd/jail/usr/local/lib type none (ro,bind)
roarfs on /srv/lighttpd/jail/etc type fuse.roarfs (rw,allow_other)
roarfs on /srv/lighttpd/jail/usr/local/bin type fuse.roarfs (rw,allow_other)

# tree -d /srv/lighttpd
/srv/lighttpd/
╰─ jail
   ├─ bin
   ├─ dev
   ├─ etc
   ├─ home
   ┊  ╰─ ...
   ├─ lib
   ├─ lib64 -> lib
   ├─ tmp
   ┊  ╰─ ...
   ├─ usr
   ┊  ╰─ ...
   ├─ var
   ╰─ www

Note

The fuse file system roarfs is a Read-Only Alterable Replica File System made by Maz for our needs, it should be made publicly available soon (a note will be posted on this page).