Setting up secure certificates with lighttpd

apache, https, java, lighttpd

Of late, I’ve started to prefer lighttpd to nginx and Apache for several reasons. The configuration of lighttpd is incredibly easy to get running and I’ve found that speed wise, lighttpd doesn’t run any slower than Apache.

I need to setup secure certificates on lighttpd and so I have written up some basic instructions to get this up and running.

Under the “SSL Support” section, you will find some nice exampls for getting this running. This kind of worked for me, but I wanted to forward all requests on the default port 80 to the HTTPS default port 443.

Once you have your pem file and your ca file, you will need to make sure that every request to port 443 will locate the correct private key as well as the CA.

$SERVER[“socket”] == “:443” {
ssl.engine = “enable”
ssl.pemfile = “/etc/lighttpd/certs/meltwater.pem”
ssl.ca-file = “/etc/lighttpd/certs/chain.crt”
}

From there, it will be important that for each individual host, you will redirect all traffic onto port 80 to 443, whilst also specifying where the actual tomcat port is (if necessary).

$HTTP[“host”] =~ “your.domain.com” {

  1. the below ensures that the hostname is extracted using a regexp, so that the user can be re-directed to https (port 443)

$HTTP[“scheme”] == “http” {
$HTTP[“host”] =~ “.*” {
url.redirect = (“.*” => “https://%0$0”)
}
}

  1. this is of course, optional for if you are running a java application on tomcat, but can be adjusted for any other port or application.

proxy.server = (
“” => (
“tomcat” => (
“host” => “127.0.0.1”,
“port” => 8080,
“fix-redirects” => 1
)
)
)

  1. and finally, where your document root is for the app/page

server.document-root = “/var/app”
accesslog.filename = “/var/log/app/application.log”
}

Downloading the JDK from Oracle’s page from the command line

java, jdk, oracle

Since earlier in 2012, Oracle included a non-optional requirement that you need to Accept the T&C’s when downloading the JDK from their site. As you already agree the terms and conditions once you actually install or run the bin file, it isn’t absolutely necessary.

There’s a way around it using cookies, and I was able to download the file I needed when including the following cookie:

wget –no-cookies –header “Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F”http://download.oracle.com/otn-pub/java/jdk/6u37-b06/jdk-6u37-linux-i586.bin

Installing jdk6+ and setting update-alternatives for java

java

wget –no-cookies –header “Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F” http://download.oracle.com/otn-pub/java/jdk/6u37-b06/jdk-6u37-linux-i586.bin
chmod a+x jdk-6u37-linux-i586.bin
./jdk-6u37-linux-i586.bin
mv jdk1.6.0_37/ java-6-oracle
mv java-6-oracle/ /usr/lib
sudo mkdir /usr/lib/jvm
cd /usr/lib
mv java-6-oracle/ jvm
sudo update-alternatives –install “/usr/bin/java” “java” “/usr/lib/jvm/java-6-oracle/bin/java” 1
sudo update-alternatives –install “/usr/bin/javac” “javac” “/usr/lib/jvm/java-6-oracle/bin/javac” 1
sudo update-alternatives –install “/usr/bin/javaws” “javaws” “/usr/lib/jvm/java-6-oracle/bin/javaws” 1

installing java and maven on CentOS

java, maven

installed java:

yum install java-1.6.0-openjdk

yum install java-1.6.0-openjdk-devel
installed maven:
wget http://ftp.tsukuba.wide.ad.jp/software/apache/maven/maven-3/3.0.4/binaries/apache-maven-3.0.4-bin.tar.gz
tar xzvf apache-maven-3.0.4-bin.tar.gz
mv apache-maven-3.0.4 /usr/local
cd /usr/local
ln -s apache-maven-3.0.4 maven
vim ~/.bashrc
>> added:
export M2_HOME=/usr/local/maven
export M2=$M2_HOME/bin
export PATH=$M2:$PATH
touch /etc/profile.d/maven.sh
>> added:
export M2_HOME=/usr/local/maven

export PATH=${M2_HOME}/bin:${PATH}