How to configure lighttpd reverse proxy with backend as apache
Lighttpd is a secure, fast, compliant, and very flexible web-server that has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make lighttpd the perfect webserver-software for every server that suffers load problems.
We can improve the performance by setting lighttpd reverse proxy with backend as apache. First of all change the http non-secure port to 81 and secure port to 444. Then install lighttpd server by following the steps in "http://techies-world.com/how-to-install-lighttpd-in-linux-server/".
Once completed the installation, we need to configure the reverse proxy.
Step1: Open the lighttpd configuration and enable vhosts directory
#vi /etc/lighttpd/lighttpd.conf
Then uncomment the below line from this file.
include_shell "cat /etc/lighttpd/vhosts.d/*.conf"
Step2: Open the domain virtualhost file
#vi /etc/lighttpd/vhosts.d/domain.com.conf
Update the virtualhost entries in this file.
$HTTP["host"] =~ "domain.com" {
proxy.server = (
"" => (
"PB" => (
"host" => "ip",
"port" => 81
)
)
)
}
Here we need to replace domain.com and ip accordingly.
Step3: Restart lighttpd service
#/etc/init.d/lighttpd restart
Note:
If ssl required for this domain there is change in the virtualhost configuration and the entries as below.
$SERVER["socket"] == "ip:443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl/domain.com.pem"
ssl.ca-file = "/etc/lighttpd/ssl/domain.com.cert"
ssl.cipher-list = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"
ssl.honor-cipher-order = "enable"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
}
$HTTP["host"] =~ "domain.com" {
proxy.server = (
"" => (
"PB" => (
"host" => "ip",
"port" => 81
)
)
)
}
Here the ssl related files are,
/etc/lighttpd/ssl/domain.com.pem = private key + ssl cert
/etc/lighttpd/ssl/domain.com.cert = ca bundle