Arch + lightty, mysql, php, perl - vhost config with extras

Prerequisites: Have Arch Linux installed and updated, set hostname, have a domain pointed to your Linode IP address as well as DNS records for any sub domains you want to use. (basically follow the getting started guide: http://library.linode.com/getting-started)

NOTE: Some people will make the claim that lighttpd has a memory leak and thus should not be used. This was true a long time ago. The current release uses very few system resources and is a great lightweight web server.

Now onto the Web server installation

First you need to install the required packages:

pacman -S perl php php-cgi mysql fcgi openssl lighttpd 

Now cd to /etc/lighttpd , create the conf.d directory and download my ready made lighttpd.conf and mimetypes file:

cd /etc/lighttpd
mkdir conf.d
wget http://p.linode.com/?dl=7329 lighttpd.conf
wget http://p.linode.com/?dl=7330 conf.d/mimetypes.conf

Open lighttpd.conf with your favorite editor and change the settings to match your system, specifically change example.com to your own domain

Now we need to create the user, group and directories mentioned in the config file.

Relevant sections:

server.username            = "http"
server.groupname           = "http"
server.errorlog            = "/var/log/lighttpd/error.log"
accesslog.filename         = "/var/log/lighttpd/access.log"

...

server.document-root       = "/srv/http"
simple-vhost.server-root   = "/srv/vhosts/"
simple-vhost.default-host  = "example.com"
simple-vhost.document-root = "public"

NOTE: The document root and vhost root are different for security reasons. If you have a password protected directory at dev.example.com/private, and the server root and vhost root are the same, it would be possible for someone to gain access to your password protected directory doing this: http://example.com/dev.example.com/private

First we'll create the http user and group:

groupadd http
useradd http

For more information on users and groups see: https://wiki.archlinux.org/index.php/UsersandGroups

Then make the /var/log/lighttpd and /var/run/lighttpd directories, and change their owner:group to http

mkdir /var/log/lighttpd
mkdir /var/run/lighttpd
chown -R http:http /var/log/lighttpd
chown -R http:http /var/run/lighttpd

Create the /srv/http and /srv/vhosts directories

mkdir /srv/http
mkdir /srv/vhosts

Add some directories for your virtual hosts. Make sure each host has DNS records. In the case of test.example.com you could have a cname record pointing to example.com

mkdir /srv/vhosts/example.com
mkdir /srv/vhosts/example.com/public
mkdir /srv/vhosts/example.com/media
mkdir /srv/vhosts/test.example.com
mkdir /srv/vhosts/test.example.com/public

Now we need to tell php where your hosts are.

Open php.ini with your favorite text editor. In my case its vim:

vim /etc/php/php.ini

You need to add /srv/vhosts to the open_basedir line:

open_basedir = /srv/http/:/home/:/tmp/:/usr/share/pear/

changes to:

open_basedir = /srv/http/:/srv/vhosts/:/home/:/tmp/:/usr/share/pear/

Lets add some test files:

touch /srv/vhosts/test.example.com/test.html
touch /srv/vhosts/test.example.com/test.shtml
touch /srv/vhosts/test.example.com/test.php
touch /srv/vhosts/test.example.com/test.pl

test.html:

    <title>Test Page</title>

## Test Page

HTML test page is working!

test.shtml:

    <title>Test Page</title>

## Test Page for SSI

Server Time is: 

Your IP: 

test.php:

test.pl (you may need to make it executable with chmod +x test.pl):

#!/usr/bin/perl

print "Content-Type: text/html\n\n";
print "<title>Test Page</title>\n";
print ("

## Test Page

\n");
print "

Perl test page is working!

";
exit (1);

Now its time to start lighttpd:

systemctl start lighttpd

You can check the server status with:

systemctl status lighttpd

If everything looks good, set lighttpd to start at boot:

systemctl enable lighttpd

Debugging:

Check your configuration file with:

lighttpd -D -f /etc/lighttpd/lighttpd.conf

Lighttpd keeps it's error.log in /var/log/lighttpd/error.log so you can check there for errors. "systemctl status lighttpd" will also show any errors if lighttpd does not run.

You can use strace to find other issues. "systemctl status lighttpd" will list the processes that lighttpd opens along with their pid's so if you wanted to strace php you would do:

strace -p <pid of="" usr="" sbin="" php-cgi=""> -fF -e trace=file</pid>

Permissions:

You should check your server permissions to make sure the files you want to serve are world readable and scripts can be executed from your web directories. I like to set directories as permissions 755 and files as 644

755 permissions:

owner: read, write, execute

group: read, execute

everyone: read, execute

644 permissions:

owner: read, write

group: read

everyone: read

To change all the directories in vhosts to 755 and files to 644 do:

NOTE: only do this if you know what you are doing

find /srv/vhosts -type d -exec chmod 755 {} \;
find /srv/http -type f -exec chmod 644 {} \;

Start the mysql daemon:

systemctl start mysqld

Run secure installation:

mysql_secure_installation

Restart mysqld:

systemctl restart mysqld

Adding a Database

Open mysql console:

mysql -u root -p

In this example I added a database called testdb with user testuser and password testpswd:

CREATE SCHEMA `test_db` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci ;
CREATE USER 'test_user'@'localhost' IDENTIFIED BY 'testpswd';
GRANT ALL ON `test_db`.* TO `test_user`@`localhost`;
exit

Import a database into your test_db

mysql -u test_user -p testpswd test_db < ~/database.sql

EXTRAS:

User web directories

If you would like to give your users their own web directories, you can uncomment the following from your lighttpd.conf:

## User Directories will show up as example.com/~user ##

userdir.path = "public"
userdir.include-user = ("user1",
                        "user2 )

Change user1 and user2 to the users you want to give web directories to. You will need to create a public folder in each user's home:

mkdir /home/user1/public
mkdir /home/user2/public

Make sure those directories are owned by the user in question and have 755 permissions on the public directory. You should restart lighttpd, and then be able to navigate to http://example.com/~user1 and http://example.com/~user2

FIN

Let me know if I missed something :)

1 Reply

I'm going to add info on creating self signed certificates and enabling ssl later.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct