Guide to install lighttpd, php, and MariaDB on Ubuntu 20.
Lighttpd or often read as lighty is an open-source web server that is very lightweight, and can be installed together with php and MariaDB. In theory, lighttpd is superior to Apache because it tends to be lighter and has many modules.
Beforehand, make sure your operating system is updated to the latest version. Then restart the server.
# apt update
# apt upgrade -y
# reboot
Install Supporting Repository
To get the latest php updates, add the following repository.
# apt install software-properties-common -y
# add-apt-repository -y ppa:ondrej/php
# apt update
Start installing lighttpd
# apt install -y lighttpd
# lighttpd -v
Then check your current lighttpd version. When this article was created, the latest version should be lighttpd/1.4.55. When you access your server using an IP address or a hostname/domain it should display the default page of lighttpd.
Then add the group of lighttpd.
# groupadd lighttpd
# useradd -g lighttpd -d /var/www/html -s /sbin/nologin lighttpd
Then change the ownsession of the public folder path
# chown -R lighttpd:lighttpd /var/www/html/
Install MariaDB and supporting php
# apt install -y php-{cli,gd,fpm,mysql,curl,json,xml} mariadb-server
Then setup MariaDB.
# mysql_secure_installation
~# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] Y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] Y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
Then make sure you have saved the root password because it is very important. Make sure not to lose or forget.
Make minor adjustments to the php-fpm settings that will be used.
# mv /etc/php/8.1/fpm/pool.d/www.conf /etc/php/8.1/fpm/pool.d/lighttpd.conf
Change some of the following parameters:
# nano /etc/php/8.1/fpm/pool.d/lighttpd.conf
Change [www] to [lighttpd]
Change user = www-data to user = lighttpd
Change group = www-data to group = lighttpd
Change listen = /run/php/php8.1-fpm.sock to listen = /run/php/php8.1-lighttpd-fpm.sock
Then restart the php-fpm service.
# service php8.1-fpm restart
Configure lighttpd
Enable cgi and php modules on lighttpd. Then force reload the lighttpd service.
# lighttpd-enable-mod fastcgi
# lighttpd-enable-mod fastcgi-php
# service lighttpd force-reload
Then configure PHP and do a little customization. We backup first.
# cp -p /etc/lighttpd/conf-enabled/15-fastcgi-php.conf /etc/lighttpd/conf-enabled/15-fastcgi-php.conf-ori
Clear the previous configuration.
# >/etc/lighttpd/conf-enabled/15-fastcgi-php.conf
# nano /etc/lighttpd/conf-enabled/15-fastcgi-php.conf
Then fill in the following text
fastcgi.server += ( ".php" =>
((
"socket" => "/run/php/php8.1-lighttpd-fpm.sock",
"broken-scriptfilename" => "enable"
))
)
Then restart the lighttpd service
# service lighttpd restart
Now lighttpd is ready to use. But if you want to add SSL, then there are some additional adjustments.
Install Cerbot. Then install it on the domain, where this domain is the name of your website.
# apt install -y certbot
# certbot certonly --webroot -w /var/www/html/ -d domain
Now enable the ssl module and then update the ssl configuration
# lighttpd-enable-mod ssl
# nano /etc/lighttpd/conf-enabled/10-ssl.conf
$HTTP["scheme"] == "http" {
$HTTP["host"] == "nama.domain.anda" {
url.redirect = ("/.*" => "https://nama.domain.anda$0")
}
}
$SERVER["socket"] == "0.0.0.0:443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/letsencrypt/live/nama.domain.anda/fullchain.pem"
ssl.privkey = "/etc/letsencrypt/live/nama.domain.anda/privkey.pem"
ssl.cipher-list = "HIGH"
}
Save the file and then restart lighttpd.
# service lighttpd restart
Your domain name is now equipped with SSL. And by default, when accessed without https it will automatically point to https.