Matt Borja

lighttpd Walkthrough

Configuring SSL

Add the following to bottom of /etc/lighttpd/lighttpd.conf

# SSL
server.modules += (
  "mod_openssl",
)

$SERVER["socket"] == "0.0.0.0:443" {
  ssl.engine = "enable"
  ssl.pemfile = "/etc/lighttpd/ssl/pi-local-combined.pem"
  server.name = "pi.local"
  server.document-root = "/var/www/html/"
}

Need a self-signed certificate?

Note: The following command specifies the passwordless -nodes option generally used to sustain autorecovery during server reboot.

openssl req -x509 -newkey rsa:4096 -keyout pi-local.key -out pi-local.crt -days 365 -nodes -subj "/CN=pi.local"

Combine private and public keys to produce PEM file for lighttpd and set appropriate permissions:

mkdir -p /etc/lighttpd/ssl/
cat pi-local.key pi-local.crt > /etc/lighttpd/ssl/pi-local-combined.pem

chown -R lighttpd:lighttpd /etc/lighttpd/ssl
find /etc/lighttpd/ssl -type d | xargs chmod 0500
find /etc/lighttpd/ssl -type f | xargs chmod 0400