Install Lighttpd + MySQL + PHP5-CGI on Debian

Posted on November 21, 2013 at 5:13 pm

In my opinion, Lighttpd + PHP5-CGI is the best arsenal for high traffic websites.

Install the needed packages:

apt-get install mysql-server lighttpd php5-cgi php5-mysql

The default WWW path for Lighttpd is:

/var/www/

The configuration file is located here:

/etc/lighttpd/lighttpd.conf

Edit the php.ini file:

vi /etc/php5/cgi/php.ini

And uncomment:

[...]
cgi.fix_pathinfo = 1

Edit the lighttpd.conf file:

vi /etc/lighttpd/lighttpd.conf

Enable needed modules:

server.modules = (
	"mod_access",
	"mod_alias",
	"mod_compress",
 	"mod_redirect",
        "mod_rewrite", 
        "mod_accesslog",
        "mod_fastcgi",
)

Append the following lines to configure fastCGI:

fastcgi.server = ( ".php" => ((
                     "bin-path" => "/usr/bin/php5-cgi",
                     "socket" => "/tmp/php.socket",
		"max-procs" => 6,
		"bin-environment" => ( 
			"PHP_FCGI_CHILDREN" => "20",
			"PHP_FCGI_MAX_REQUESTS" => "10000"
		),
		"bin-copy-environment" => (
			"PATH", "SHELL", "USER"
		),
		"broken-scriptfilename" => "enable"
                 )))

To hide the server signature in the HTTP response header, add this line:

server.tag = "Private Server"

To increase the max connections limit on high traffic websites, add:

server.max-fds = 8192
server.max-connections = 4096

Protect .htaccess and .htpasswd files:

url.access-deny             = ( "~", ".inc", ".htaccess", ".htpasswd" )

The final lighttpd.conf file should look like this:

server.modules = (
	"mod_access",
	"mod_alias",
	"mod_compress",
 	"mod_redirect",
 	"mod_rewrite",
 	"mod_accesslog",
 	"mod_fastcgi",
)
 
server.document-root        = "/var/www"
server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
server.errorlog             = "/var/log/lighttpd/error.log"
server.pid-file             = "/var/run/lighttpd.pid"
server.username             = "www-data"
server.groupname            = "www-data"
server.port                 = 80
server.tag                  = "Private Server"
server.max-fds              = 8192
server.max-connections      = 4096
 
index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
url.access-deny             = ( "~", ".inc", ".htaccess", ".htpasswd", "password.txt", "username.txt", "login.txt" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
 
compress.cache-dir          = "/var/cache/lighttpd/compress/"
compress.filetype           = ( "application/javascript", "text/css", "text/html", "text/plain" )
 
# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.assign.pl"
include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
 
fastcgi.server = ( ".php" => ((
                     "bin-path" => "/usr/bin/php5-cgi",
                     "socket" => "/tmp/php.socket",
		"max-procs" => 5,
		"bin-environment" => ( 
			"PHP_FCGI_CHILDREN" => "40",
			"PHP_FCGI_MAX_REQUESTS" => "10000"
		),
		"bin-copy-environment" => (
			"PATH", "SHELL", "USER"
		),
		"broken-scriptfilename" => "enable"
                 )))

To add vhosts, add this line:

include "test.com.conf"

Create the file test.com.conf in this directory:

/etc/lighttpd/

Add this text in test.com.conf:

$HTTP["host"] =~ "test\.com" {
            server.document-root = "/var/www/test.com/html"
            accesslog.filename = "/var/www/test.com/logs/access.log"
}

If you want to filter access logs, for example to not log images, javascript and css files, use:

$HTTP["host"] =~ "test\.com" {
            server.document-root = "/var/www/test.com/public"
 
            $HTTP["url"] !~ "(\.css|\.jpg|\.js|\.ico|\.png|\.jpeg|\.gif)$" {
              accesslog.filename = "/var/www/test.com/logs/access.log"
            }
 
}

Create directories needed for the vhost:

mkdir -p /var/www/test.com/html
mkdir -p /var/www/test.com/logs

Restart Lighttpd:

/etc/init.d/lighttpd restart

All errors generated by Lighttpd are saved, by default, in this file:

/var/log/lighttpd/error.log

Make sure the path /var/www/ is owned by your web server user ( www-data or lighttpd):

chown -R www-data:www-data /var/www

Useful links

Documentation :: Module: mod_fastcgi
Increase the number of open files under Linux
Install jessie packages on wheezy

Updated on December 11, 2013 at 7:31 pm

Stay Updated

Other Posts

Updated Posts