How to Install Lighttpd with PHP and Free Let's Encrypt SSL on Debian 11
This tutorial exists for these OS versions
- Debian 11 (Bullseye)
- Debian 8 (Jessie)
- Debian 7 (Wheezy)
- Debian 6 (Squeeze)
- Debian 5 (Lenny)
- Debian 4 (Etch)
On this page
Lighttpd is a simple, fast, and secure web server. It is very small in size and doesn’t require a lot of memory and CPU usage that making it one of the best servers to host any application. It is designed for mission-critical environments. It can handle up to 10,000 connections in parallel on a single server. It offers a lot of features including, URL-Rewriting, Output-Compression, event mechanism, FastCGI, SCGI, Auth, and more.
In this tutorial, we will show you how to install Lighttpd with PHP and Let's Encrypt SSL on Debian 11.
Prerequisites
- A server running Debian 11.
- A valid domain name pointed with server IP.
- A root password is configured on the server.
Install Lighttpd
By default, the Lighttpd package is included in the Debian 11 official repository. You can install it by running the following command:
apt-get install lighttpd -y
Once the Lighttpd is installed, start the Lighttpd service and enable it to start at system reboot:
systemctl start lighttpd
systemctl enable lighttpd
You can also check the status of Lighttpd with the following command:
systemctl status lighttpd
You will get the following output:
? lighttpd.service - Lighttpd Daemon Loaded: loaded (/lib/systemd/system/lighttpd.service; enabled; vendor preset: enabled) Active: active (running) since Sat 2022-02-12 07:01:06 UTC; 12s ago Process: 4663 ExecStartPre=/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf (code=exited, status=0/SUCCESS) Main PID: 4668 (lighttpd) Tasks: 1 (limit: 2341) Memory: 932.0K CPU: 226ms CGroup: /system.slice/lighttpd.service ??4668 /usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf Feb 12 07:01:06 debian11 systemd[1]: Starting Lighttpd Daemon... Feb 12 07:01:06 debian11 systemd[1]: Started Lighttpd Daemon.
Now, open your web browser and access the Lighttpd web page using the URL http://your-server-ip. You should see the Lighttpd test page on the following screen:
Once you are finished, you can proceed to the next step.
Install PHP and PHP-FPM
Next, run the following command to install the PHP and PHP-FPM packages to your system.
apt-get install php php-cgi php-fpm php-mysql -y
After the installation, edit the php.ini file and set cgi.fix_pathinfo to 1
nano /etc/php/7.4/fpm/php.ini
Change the following line:
cgi.fix_pathinfo=1
Save and close the file when you are finished.
To make the Lighttpd works with the PHP-FPM, you will need to replace the default PHP-CGI configuration and PHP-FPM socket:
First, edit the PHP-FPM configuration file:
nano /etc/php/7.4/fpm/pool.d/www.conf
Find the following line:
listen = /run/php/php7.4-fpm.sock
And replace it with the following line:
listen = 127.0.0.1:9000
Save and close the file then restart the PHP-FPM to apply the changes:
systemctl restart php7.4-fpm
You can also check the status of the PHP-FPM using the following command:
systemctl status php7.4-fpm
You will get the following output:
? php7.4-fpm.service - The PHP 7.4 FastCGI Process Manager Loaded: loaded (/lib/systemd/system/php7.4-fpm.service; enabled; vendor preset: enabled) Active: active (running) since Sat 2022-02-12 07:04:35 UTC; 1min 7s ago Docs: man:php-fpm7.4(8) Process: 15141 ExecStartPost=/usr/lib/php/php-fpm-socket-helper install /run/php/php-fpm.sock /etc/php/7.4/fpm/pool.d/www.conf 74 (code=e> Main PID: 15138 (php-fpm7.4) Status: "Processes active: 0, idle: 2, Requests: 0, slow: 0, Traffic: 0req/sec" Tasks: 3 (limit: 2341) Memory: 8.8M CPU: 54ms CGroup: /system.slice/php7.4-fpm.service ??15138 php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf) ??15139 php-fpm: pool www ??15140 php-fpm: pool www Feb 12 07:04:35 debian11 systemd[1]: Starting The PHP 7.4 FastCGI Process Manager... Feb 12 07:04:35 debian11 systemd[1]: Started The PHP 7.4 FastCGI Process Manager.
Once you are finished, you can proceed to the next step.
Configure Lighttpd for PHP-FPM
Next, you will need to edit the Lighttpd configuration file and change it using the Fast CGI:
nano /etc/lighttpd/conf-available/15-fastcgi-php.conf
Find the following lines:
"bin-path" => "/usr/bin/php-cgi", "socket" => "/var/run/lighttpd/php.socket",
And, replaced them with the following lines:
"host" => "127.0.0.1", "port" => "9000",
Save and close the file then enable the Fast CGI modules using the following commands:
lighty-enable-mod fastcgi
lighty-enable-mod fastcgi-php
Finally, restart the Lighttpd service to apply the changes:
systemctl restart lighttpd
Create Lighttpd Virtual Host
Lighttpd also allows you to host multiple websites using virtual hosting. Let's create a new virtual host configuration file to host a website named test.example.com.
nano /etc/lighttpd/conf-available/test.conf
Add the following lines:
$HTTP["host"] == "test.example.com" { server.document-root = "/var/www/html/" server.errorlog = "/var/log/lighttpd/example.com-error.log" }
Save and close the file then activate the virtual host with the following command:
ln -s /etc/lighttpd/conf-available/test.conf /etc/lighttpd/conf-enabled/
Next, create an index.php file:
nano /var/www/html/index.php
Add the following line:
<?php phpinfo(); ?>
Save and close the file then set proper permission and ownership with the following command:
chown -R www-data:www-data /var/www/html/
chmod -R 755 /var/www/html
Next, restart the Lighttpd service to apply the changes:
systemctl restart lighttpd
Now, open your web browser and verify your website using the URL http://test.example.com. You should see the PHP test page on the following screen:
Secure Lighttpd with Let's Encrypt
Lighttpd also allows you to secure the website with Let's Encrypt SSL. To do so, first install the Certbot client with the following command:
apt-get install certbot -y
Next, run the followiing command to download the Let's Encrypt SSL for your website:
certbot certonly --webroot -w /var/www/html/ -d test.example.com
You will be asked to provide your email address and accept the term of license as shown below:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): [email protected] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y Once the certificates are downloaded successfully, you should see the following output: IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/test.example.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/test.example.com/privkey.pem Your cert will expire on 2022-05-11. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Next, you will need to combine both the certificate and private key in one file. You can do it with the following command:
cat /etc/letsencrypt/live/test.example.com/cert.pem /etc/letsencrypt/live/test.example.com/privkey.pem > /etc/letsencrypt/live/test.example.com/web.pem
Next, you will need to edit the Lighttpd virtual host file and define the Let's Encrypt SSL certificate path.
You can do it with the following command:
nano /etc/lighttpd/conf-enabled/test.conf
Change the file as shown below:
$HTTP["host"] == "test.example.com" { server.document-root = "/var/www/html/" } $SERVER["socket"] == ":443" { ssl.engine = "enable" ssl.pemfile = "/etc/letsencrypt/live/test.example.com/web.pem" ssl.ca-file = "/etc/letsencrypt/live/test.example.com/chain.pem" server.name = "test.example.com" server.document-root = "/var/www/html/" server.errorlog = "/var/log/lighttpd/example.com_error.log" accesslog.filename = "/var/log/lighttpd/example.com_access.log" } $HTTP["scheme"] == "http" { $HTTP["host"] == "test.example.com" { url.redirect = ("/.*" => "https://test.example.com$0") } }
Save and close the file. Then restart the Lighttpd service to apply the configuration changes:
systemctl restart lighttpd
You can now access your website securely using the URL https://test.example.com.
Conclusion
Congratulations! you have successfully installed Lighttpd with PHP and Let's Encrypt SSL on Debian 11. You can now start deploying your website using the Lighttpd web server. Feel free to ask me if you have any questions.