lighttpd配置介紹
來源: ChinaUnix博客 http://linux.chinaunix.net/techdoc/net/2009/06/18/1119096.shtml
一,爲什麼要使用lighttpd?
apache不可以嗎?
在支持純靜態的對象時,比如圖片,文件等 ,
lighttpd速度更快,更理想
至於它和apache的比較,很多文檔,大家可以google一下
二,從何處下載lighttpd?
這個是它的官方站
三,如何安裝?
1,編譯安裝
./configure --prefix=/usr/local/lighttpd
make
make install
configure完畢以後,會給出一個激活的模塊和沒有激活模塊的清單,可以檢查一下,是否自己需要的模塊都已經激活,在enable的模塊中一定要有“mod_rewrite”這一項,否則重新檢查pcre是否安裝。
2,編譯後配置
cp doc/sysconfig.lighttpd /etc/sysconfig/lighttpd
mkdir /etc/lighttpd
cp doc/lighttpd.conf /etc/lighttpd/lighttpd.conf
如果你的Linux是RedHat/CentOS,那麼:
cp doc/rc.lighttpd.redhat /etc/init.d/lighttpd
如果你的Linux是SuSE,那麼:
cp doc/rc.lighttpd /etc/init.d/lighttpd
其他Linux發行版本可以自行參考該文件內容進行修改。
然後修改/etc/init.d/lighttpd,把
LIGHTTPD_BIN=/usr/sbin/lighttpd
改爲
LIGHTTPD_BIN=/usr/local/lighttpd/sbin/lighttpd
此腳本用來控制lighttpd的啓動關閉和重起:
/etc/init.d/lighttpd start
/etc/init.d/lighttpd stop
/etc/init.d/lighttpd restart
3,配置
修改/etc/lighttpd/lighttpd.conf
1)server.modules
取消需要用到模塊的註釋,mod_rewrite,mod_access,mod_fastcgi,mod_simple_vhost,mod_cgi, mod_compress,mod_accesslog是一般需要用到的。
我們放開 "mod_rewrite"
"mod_compress",
2)server.document-root, server.error-log,accesslog.filename需要指定相應的目錄
server.document-root = "/www/phc/html/"
mkdir /usr/local/lighttpd/logs
chmod 777 /usr/local/lighttpd/logs/
touch /usr/local/lighttpd/logs/error.log
chmod 777 /usr/local/lighttpd/logs/error.log
server.errorlog = "/usr/local/lighttpd/logs/error.log"
accesslog.filename = "|/usr/sbin/cronolog /usr/local/lighttpd/logs/%Y/%m/%d/accesslog.log"
3)用什麼權限來運行lighttpd
server.username = "nobody"
server.groupname = "nobody"
從安全角度來說,不建議用root權限運行web server,可以自行指定普通用戶權限。
4)靜態文件壓縮
mkdir /usr/local/lighttpd/compress
chmod 777 /usr/local/lighttpd/compress/
compress.cache-dir = "/usr/local/lighttpd/compress/"
compress.filetype = ("text/plain", "text/html","text/javascript","text/css")
可以指定某些靜態資源類型使用壓縮方式傳輸,節省帶寬,
對於大量AJAX應用來說,可以極大提高頁面加載速度。
5)server.port = 81
6)#$HTTP["url"] =~ ".pdf$" {
131 # server.range-requests = "disable"
132 #}
4,優化
1 最大連接數
默認是1024
修改 server.max-fds,大流量網站推薦2048.
因爲lighttpd基於線程,而apache(MPM-prefork)基於子進程,
所以apache需要設置startservers,maxclients等,這裏不需要
2 stat() 緩存
stat() 這樣的系統調用,開銷也是相當明顯的.
緩存能夠節約時間和環境切換次數(context switches)
一句話,lighttpd.conf加上
server.stat-cache-engine = “fam”
lighttpd還另外提供simple(緩存1秒內的stat()),disabled選項.
相信沒人會選disabled吧.
3 常連接(HTTP Keep-Alive)
一般來說,一個系統能夠打開的文件個數是有限制的(文件描述符限制)
常連接佔用文件描述符,對非併發的訪問沒有什麼意義.
(文件描述符的數量和許多原因有關,比如日誌文件數量,併發數目等)
這是lighttpd在keep-alive方面的默認值.
server.max-keep-alive-requests = 128
server.max-keep-alive-idle = 30
換言之,lighttpd最多可以同時承受30秒長的常連接,每個連接最多請求128個文件.
但這個默認值確實不適合非併發這種多數情況.
lighttpd.conf 中減小
server.max-keep-alive-requests
server.max-keep-alive-idle
兩個值,可以減緩這種現象.
甚至可以關閉lighttpd keep-alive.
server.max-keep-alive-requests = 0
4 事件處理
對於linux kernel 2.6來說,沒有別的可說
lighttpd.conf中加上這一句足矣
server.event-handler = “linux-sysepoll”
另外,
linux 2.4 使用 linux-rtsig
freebsd 使用 freebsd-kqueue
unix 使用 poll
5 網絡處理
lighttpd 大量使用了 sendfile() 這樣一個高效的系統調用.
減少了從應用程序到網卡間的距離.
(同時也減少了lighttpd對cpu的佔用,這部分佔用轉嫁到內核身上了)
根據平臺,可以設置不同的參數.
server.network-backend = “linux-sendfile”
(linux)
freebsd: freebsd-sendfile
unix: writev
如果有興趣的話,也可以看看lighttpd在async io(aio)上的實現,僅限 lighttpd 1.5
(linux-aio-sendfile, posix-aio, gthread-aio)
此外,網絡方面,核心的參數也需要適當進行修改,
這裏就不需要詳細說明了.
5,啓動
6,配置日誌
logrotate & cronolog
logrotate很粗暴,直接把進程砍了然後移動日誌
cronolog就是比較不錯的方式.
lighttpd用法:
accesslog.filename = " |/usr/sbin/cronolog /var/log/lighttpd/%Y/%m/%d/access_XXXX.log"
7,安裝pcre
從何處下載?
http://www.pcre.org/
wget
ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.4.tar.bz2
安裝過程:
./configure
make clean
make
make install
8,支持fam
gamin默認已安裝了此包
yum install gamin-devel
另外配置時需添加:
./configure --prefix=/usr/local/lighttpd --with-fam
9,測試lighttpd的啓動:
/usr/local/lighttpd/sbin/lighttpd -f /usr/local/lighttpd/etc/lighttpd.conf
10,防止盜鏈
#$HTTP["referer"] !~ "^($|http://.*.(chinafotopress.com|chinafotopress.cn))" {
# $HTTP["url"] =~ ".(jpg|jpeg|png|gif|rar|zip|mp3)$" {
# #url.redirect = (".*" => "
http://www.baidu.com/
")
# url.access-deny = (".jpg")
# }
#}
#$HTTP["referer"] == "" {
# $HTTP["url"] =~ ".(jpg|jpeg|png|gif|rar|zip|mp3)$" {
# #url.redirect = (".*" => "
http://www.baidu.com/
")
# url.access-deny = (".jpg")
# }
#}
日誌處理
Sometimes, Google Analytics just isn't enough when it comes to
keeping and interpreting server stats. After finding a suitable log
file analyzer, AWStats, the next step involved separating out the log
files on a per domain basis. When the server was first set up,
everything was shuttled to one set of access and error log files. While
AWStats could technically analyze this log, the suggested set up
involves having one set per domain. This article details the process of
separating out the log files and making sure that these new files get
rotated correctly.
Create Log Directories
While it would be possible to keep all of the files in one directory
and to just name them relative to the domain, for this tutorial we will
assume that we will create subdirectories based on the domain name. The
first step would be to create a directory for each domain.
sudo -u www-data mkdir /var/log/lighttpd/www.example1.com
sudo -u www-data mkdir /var/log/lighttpd/www.example2.com
Update lighttpd.conf
After creating the directories, it's time to update the lighttpd
conf file in /etc/lighttpd. We'll want to set the log files by host
name. We already had directives setting the server.document-root for
these domains so we only added the bolded lines.
$HTTP["host"] =~ "(^|\.)example1.com"$" {
server.document-root = "/var/www/www.example1.com",
server.errorlog = "/var/log/lighttpd/www.example1.com/error.log",
accesslog.filename = "/var/log/lighttpd/www.example1.com/access.log",
}
$HTTP["host"] =~ "(^|\.)example2.com$" {
server.document-root = "/var/www/www.example2.com",
server.errorlog = "/var/log/lighttpd/www.example2.com/error.log",
accesslog.filename = "/var/log/lighttpd/www.example2.com/access.log",
}
After adding these directives, you will need to restart the server.
sudo /etc/init.d/lighttpd restart
Update Logrotate
Finally, we will want logrotate to rotate these new directories.
Since our main goal is to integrate the logs with AWStats, it made
sense to add a separate entry for each log directory. However, if you
don't need call different scripts for the different domains, feel free
to create one directive. We just copied the existing logrotate
configuration and editted it for each of the domains. Below are
examples of what this might look like.
/var/log/lighttpd/*.log {
daily
missingok
copytruncate
rotate 60
compress
notifempty
sharedscripts
postrotate
if [ -f /var/run/lighttpd.pid ]; then \
kill -HUP $(
fi;
endscript
}
/var/log/lighttpd/www.example1.com/*.log {
daily
missingok
copytruncate
rotate 60
compress
notifempty
sharedscripts
postrotate
if [ -f /var/run/lighttpd.pid ]; then \
kill -HUP $(
fi;
endscript
}
/var/log/lighttpd/www.example2.com/*.log {
daily
missingok
copytruncate
rotate 60
compress
notifempty
sharedscripts
postrotate
if [ -f /var/run/lighttpd.pid ]; then \
kill -HUP $(
fi;
endscript
}
To make just one configuration entry, it would look like this:
"/var/log/lighttpd/*.log" "/var/log/lighttpd/www.example1.com/*.log" "/var/log/lighttpd/www.example2.com/*.log" {
daily
missingok
copytruncate
rotate 60
compress
notifempty
sharedscripts
postrotate
if [ -f /var/run/lighttpd.pid ]; then \
kill -HUP $(
fi;
endscript
}
Sources
* Lighttpd rotating log files with logrotate tool
* Howto: Lighttpd web server setting up virtual hosting
Trackback URL for this post:
http://tracy.hurleyit.com/trackback/1140
lighttpd虛擬主機配置
$HTTP["host"] == "bbs.xxx.com" {
server.name = "bbs.xxx.com"
server.document-root = "/var/www/bbs"
server.errorlog = "/var/www/bbs/error.log"
accesslog.filename = "/var/www/bbs/access.log"
}
else
lighttpd.conf解釋
server.use-ipv6 = "disable" # 缺省爲禁用
server.event-handler = "linux-sysepoll" # Linux環境下epoll系統調用可提高吞吐量
#server.max-worker = 10 # 如果你的系統資源沒跑滿,可考慮調高 lighttpd進程數
server.max-fds = 4096 # 默認的,應該夠用了,可根據實際情況調整
server.max-connections = 4096 # 默認等於 server.max-fds
server.network-backend = "linux-sendfile"
server.max-keep-alive-requests = 0 # 在一個keep-alive會話終止連接前能接受處理的最大請求數。0爲禁止
# 設置要加載的module
server.modules = (
"mod_rewrite",
"mod_redirect",
# "mod_alias",
"mod_access",
# "mod_cml",
# "mod_trigger_b4_dl",
"mod_auth",
"mod_expire",
# "mod_status",
# "mod_setenv",
"mod_proxy_core",
"mod_proxy_backend_http",
"mod_proxy_backend_fastcgi",
# "mod_proxy_backend_scgi",
# "mod_proxy_backend_ajp13",
# "mod_simple_vhost",
"mod_evhost",
# "mod_userdir",
# "mod_cgi",
"mod_compress",
# "mod_ssi",
# "mod_usertrack",
# "mod_secdownload",
# "mod_rrdtool",
"mod_accesslog" )
# 網站根目錄
server.document-root = "/var/www/"
# 錯誤日誌位置
server.errorlog = "/var/log/lighttpd/error.log"
# 網站Index
index-file.names = ( "index.php", "index.html",
"index.htm", "default.htm" )
# 訪問日誌, 以及日誌格式 (combined), 使用X-Forwarded-For可越過代理讀取真實ip
accesslog.filename = "/var/log/lighttpd/access.log"
accesslog.format = "%{X-Forwarded-For}i %v %u %t \"%r\" %s %b \"%{User-Agent}i\" \"%{Referer}i\""
# 設置禁止訪問的文件擴展名
url.access-deny = ( "~", ".inc", ".tpl" )
# 服務監聽端口
server.port = 80
# 進程id記錄位置
server.pid-file = "/var/run/lighttpd.pid"
# virtual directory listings 如果沒有找到index文件就列出目錄。建議disable。
dir-listing.activate = "disable"
# 服務運行使用的用戶及用戶組
server.username = "www"
server.groupname = "www"
# gzip壓縮存放的目錄以及需要壓縮的文件類型
compress.cache-dir = "/tmp/lighttpd/cache/compress/"
compress.filetype = ("text/plain", "text/html")
# fastcgi module
# for PHP don't forget to set cgi.fix_pathinfo = 1 in the php.ini
$HTTP["url"] =~ "\.php$" {
proxy-core.balancer = "round-robin"
proxy-core.allow-x-sendfile = "enable"
# proxy-core.check-local = "enable"
proxy-core.protocol = "fastcgi"
proxy-core.backends = ( "unix:/tmp/php-fastcgi1.sock","unix:/tmp/php-fastcgi2.sock" )
proxy-core.max-pool-size = 16
}
# 權限控制
auth.backend = "htpasswd"
auth.backend.htpasswd.userfile = "/var/www/htpasswd.userfile"
# 基於 evhost 的虛擬主機 針對域名
$HTTP["host"] == "a.lostk.com" {
server.document-root = "/var/www/lostk/"
server.errorlog = "/var/log/lighttpd/lostk-error.log"
accesslog.filename = "/var/log/lighttpd/lostk-access.log"
# 設定文件過期時間
expire.url = (
"/css/" => "access 2 hours",
"/js/" => "access 2 hours",
)
# url 跳轉
url.redirect = (
"^/$" => "/xxx/index.html",
)
# url 重寫 (cakephp可用)
url.rewrite = (
"^/(css|js)/(.*)$" => "/$1/$2",
"^/([^.]+)$" => "/index.php?url=$1",
)
# 權限控制
auth.require = ( "" =>
(
"method" => "basic",
"realm" => "admin only",
"require" => "user=admin1|user=admin2" # 允許的用戶, 用戶列表文件 在上面配置的auth.backend.htpasswd.userfile 裏
),
)
}
# 針對端口的虛擬主機
$SERVER["socket"] == "192.168.0.1:8000" {
server.document-root = "/var/www/xxx/"
server.errorlog = "/var/log/lighttpd/test-error.log"
accesslog.filename = "/var/log/lighttpd/test-access.log"
# ...
}