How to configure lighttpd reverse proxy with backend as apache

Lighttpd is a secure, fast, compliant, and very flexible web-server that has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make lighttpd the perfect webserver-software for every server that suffers load problems.

We can improve the performance by setting lighttpd reverse proxy with backend as apache. First of all change the http non-secure port to 81 and secure port to 444. Then install lighttpd server by following the steps in "http://techies-world.com/how-to-install-lighttpd-in-linux-server/".

Once completed the installation, we need to configure the reverse proxy.

Step1: Open the lighttpd configuration and enable vhosts directory

#vi /etc/lighttpd/lighttpd.conf

Then uncomment the below line from this file.

include_shell "cat /etc/lighttpd/vhosts.d/*.conf"

Step2: Open the domain virtualhost file

#vi /etc/lighttpd/vhosts.d/domain.com.conf

Update the virtualhost entries in this file.


$HTTP["host"] =~ "domain.com" {
proxy.server = (
"" => (
"PB" => (
"host" => "ip",
"port" => 81
)
)
)
}


Here we need to replace domain.com and ip accordingly.

Step3: Restart lighttpd service

#/etc/init.d/lighttpd restart
Note:
If ssl required for this domain there is change in the virtualhost configuration and the entries as below.


$SERVER["socket"] == "ip:443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl/domain.com.pem"
ssl.ca-file = "/etc/lighttpd/ssl/domain.com.cert"
ssl.cipher-list = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"
ssl.honor-cipher-order = "enable"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
}

$HTTP["host"] =~ "domain.com" {
proxy.server = (
"" => (
"PB" => (
"host" => "ip",
"port" => 81
)
)
)
}


Here the ssl related files are,
/etc/lighttpd/ssl/domain.com.pem = private key + ssl cert
/etc/lighttpd/ssl/domain.com.cert = ca bundle

 

Leave a Reply

Your email address will not be published. Required fields are marked *