Setting up secure certificates with lighttpd

apache, https, java, lighttpd

Of late, I’ve started to prefer lighttpd to nginx and Apache for several reasons. The configuration of lighttpd is incredibly easy to get running and I’ve found that speed wise, lighttpd doesn’t run any slower than Apache.

I need to setup secure certificates on lighttpd and so I have written up some basic instructions to get this up and running.

Under the “SSL Support” section, you will find some nice exampls for getting this running. This kind of worked for me, but I wanted to forward all requests on the default port 80 to the HTTPS default port 443.

Once you have your pem file and your ca file, you will need to make sure that every request to port 443 will locate the correct private key as well as the CA.

$SERVER[“socket”] == “:443” {
ssl.engine = “enable”
ssl.pemfile = “/etc/lighttpd/certs/meltwater.pem”
ssl.ca-file = “/etc/lighttpd/certs/chain.crt”
}

From there, it will be important that for each individual host, you will redirect all traffic onto port 80 to 443, whilst also specifying where the actual tomcat port is (if necessary).

$HTTP[“host”] =~ “your.domain.com” {

  1. the below ensures that the hostname is extracted using a regexp, so that the user can be re-directed to https (port 443)

$HTTP[“scheme”] == “http” {
$HTTP[“host”] =~ “.*” {
url.redirect = (“.*” => “https://%0$0”)
}
}

  1. this is of course, optional for if you are running a java application on tomcat, but can be adjusted for any other port or application.

proxy.server = (
“” => (
“tomcat” => (
“host” => “127.0.0.1”,
“port” => 8080,
“fix-redirects” => 1
)
)
)

  1. and finally, where your document root is for the app/page

server.document-root = “/var/app”
accesslog.filename = “/var/log/app/application.log”
}