How to Install Lighttpd with PHP and Free Let's Encrypt SSL on Debian 11

Lighttpd is a simple, fast, and secure web server. It is very small in size and doesn’t require a lot of memory and CPU usage that making it one of the best servers to host any application. It is designed for mission-critical environments. It can handle up to 10,000 connections in parallel on a single server. It offers a lot of features including, URL-Rewriting, Output-Compression, event mechanism, FastCGI, SCGI, Auth, and more.

In this tutorial, we will show you how to install Lighttpd with PHP and Let's Encrypt SSL on Debian 11.

Prerequisites

  • A server running Debian 11.
  • A valid domain name pointed with server IP.
  • A root password is configured on the server.

Install Lighttpd

By default, the Lighttpd package is included in the Debian 11 official repository. You can install it by running the following command:

apt-get install lighttpd -y

Once the Lighttpd is installed, start the Lighttpd service and enable it to start at system reboot:

systemctl start lighttpd
systemctl enable lighttpd

You can also check the status of Lighttpd with the following command:

systemctl status lighttpd

You will get the following output:

? lighttpd.service - Lighttpd Daemon
     Loaded: loaded (/lib/systemd/system/lighttpd.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2022-02-12 07:01:06 UTC; 12s ago
    Process: 4663 ExecStartPre=/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf (code=exited, status=0/SUCCESS)
   Main PID: 4668 (lighttpd)
      Tasks: 1 (limit: 2341)
     Memory: 932.0K
        CPU: 226ms
     CGroup: /system.slice/lighttpd.service
             ??4668 /usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf

Feb 12 07:01:06 debian11 systemd[1]: Starting Lighttpd Daemon...
Feb 12 07:01:06 debian11 systemd[1]: Started Lighttpd Daemon.

Now, open your web browser and access the Lighttpd web page using the URL http://your-server-ip. You should see the Lighttpd test page on the following screen:

Lighttpd default page

Once you are finished, you can proceed to the next step.

Install PHP and PHP-FPM

Next, run the following command to install the PHP and PHP-FPM packages to your system.

apt-get install php php-cgi php-fpm php-mysql -y

After the installation, edit the php.ini file and set cgi.fix_pathinfo to 1

nano /etc/php/7.4/fpm/php.ini

Change the following line:

cgi.fix_pathinfo=1

Save and close the file when you are finished.

To make the Lighttpd works with the PHP-FPM, you will need to replace the default PHP-CGI configuration and PHP-FPM socket:

First, edit the PHP-FPM configuration file:

nano /etc/php/7.4/fpm/pool.d/www.conf

Find the following line:

listen = /run/php/php7.4-fpm.sock

And replace it with the following line:

listen = 127.0.0.1:9000

Save and close the file then restart the PHP-FPM to apply the changes:

systemctl restart php7.4-fpm

You can also check the status of the PHP-FPM using the following command:

systemctl status php7.4-fpm

You will get the following output:

? php7.4-fpm.service - The PHP 7.4 FastCGI Process Manager
     Loaded: loaded (/lib/systemd/system/php7.4-fpm.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2022-02-12 07:04:35 UTC; 1min 7s ago
       Docs: man:php-fpm7.4(8)
    Process: 15141 ExecStartPost=/usr/lib/php/php-fpm-socket-helper install /run/php/php-fpm.sock /etc/php/7.4/fpm/pool.d/www.conf 74 (code=e>
   Main PID: 15138 (php-fpm7.4)
     Status: "Processes active: 0, idle: 2, Requests: 0, slow: 0, Traffic: 0req/sec"
      Tasks: 3 (limit: 2341)
     Memory: 8.8M
        CPU: 54ms
     CGroup: /system.slice/php7.4-fpm.service
             ??15138 php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
             ??15139 php-fpm: pool www
             ??15140 php-fpm: pool www

Feb 12 07:04:35 debian11 systemd[1]: Starting The PHP 7.4 FastCGI Process Manager...
Feb 12 07:04:35 debian11 systemd[1]: Started The PHP 7.4 FastCGI Process Manager.

Once you are finished, you can proceed to the next step.

Configure Lighttpd for PHP-FPM

Next, you will need to edit the Lighttpd configuration file and change it using the Fast CGI:

nano /etc/lighttpd/conf-available/15-fastcgi-php.conf

Find the following lines:

"bin-path" => "/usr/bin/php-cgi",
"socket" => "/var/run/lighttpd/php.socket",

And, replaced them with the following lines:

"host" => "127.0.0.1",
"port" => "9000",

Save and close the file then enable the Fast CGI modules using the following commands:

lighty-enable-mod fastcgi
lighty-enable-mod fastcgi-php

Finally, restart the Lighttpd service to apply the changes:

systemctl restart lighttpd

Create Lighttpd Virtual Host

Lighttpd also allows you to host multiple websites using virtual hosting. Let's create a new virtual host configuration file to host a website named test.example.com.

nano /etc/lighttpd/conf-available/test.conf

Add the following lines:

$HTTP["host"] == "test.example.com" {
    server.document-root = "/var/www/html/"
    server.errorlog      = "/var/log/lighttpd/example.com-error.log"
}

Save and close the file then activate the virtual host with the following command:

ln -s /etc/lighttpd/conf-available/test.conf /etc/lighttpd/conf-enabled/

Next, create an index.php file:

nano /var/www/html/index.php

Add the following line:

<?php
phpinfo();
?>

Save and close the file then set proper permission and ownership with the following command:

chown -R www-data:www-data /var/www/html/
chmod -R 755 /var/www/html

Next, restart the Lighttpd service to apply the changes:

systemctl restart lighttpd

Now, open your web browser and verify your website using the URL http://test.example.com. You should see the PHP test page on the following screen:

PHP info

Secure Lighttpd with Let's Encrypt

Lighttpd also allows you to secure the website with Let's Encrypt SSL. To do so, first install the Certbot client with the following command:

apt-get install certbot -y

Next, run the followiing command to download the Let's Encrypt SSL for your website:

certbot certonly --webroot -w /var/www/html/ -d test.example.com

You will be asked to provide your email address and accept the term of license as shown below:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Once the certificates are downloaded successfully, you should see the following output:

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/test.example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/test.example.com/privkey.pem
   Your cert will expire on 2022-05-11. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Next, you will need to combine both the certificate and private key in one file. You can do it with the following command:

cat /etc/letsencrypt/live/test.example.com/cert.pem /etc/letsencrypt/live/test.example.com/privkey.pem > /etc/letsencrypt/live/test.example.com/web.pem

Next, you will need to edit the Lighttpd virtual host file and define the Let's Encrypt SSL certificate path.

You can do it with the following command:

nano /etc/lighttpd/conf-enabled/test.conf

Change the file as shown below:

$HTTP["host"] == "test.example.com" {
    server.document-root = "/var/www/html/"
}

$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/letsencrypt/live/test.example.com/web.pem" 
ssl.ca-file = "/etc/letsencrypt/live/test.example.com/chain.pem"
server.name = "test.example.com" 
server.document-root = "/var/www/html/"
server.errorlog = "/var/log/lighttpd/example.com_error.log"
accesslog.filename = "/var/log/lighttpd/example.com_access.log"
}

$HTTP["scheme"] == "http" {
$HTTP["host"] == "test.example.com" { 
url.redirect = ("/.*" => "https://test.example.com$0")
}
}

Save and close the file. Then restart the Lighttpd service to apply the configuration changes:

systemctl restart lighttpd

You can now access your website securely using the URL https://test.example.com.

Conclusion

Congratulations! you have successfully installed Lighttpd with PHP and Let's Encrypt SSL on Debian 11. You can now start deploying your website using the Lighttpd web server. Feel free to ask me if you have any questions.

Share this page:

0 Comment(s)