Review of Lighttpd by Andre Bogus

I’ve just finished reading Lighttpd by Andre Bogus and published by Packt Publishing, and this is a great book for anyone interested in lighttpd. This is a good read and it will explain all the features of lighttpd and how you can use it from just serving static files to a complete apache replacement. And all these in a pretty compact book, at 223 pages.

The topics are as follows:

  • Introduction to Lighttpd
  • Configuring and Running Lighttpd
  • More Virtual Hosting and CGI
  • Downloads and Streams
  • Big Brother Lighttpd
  • Encryption: SSL
  • Securing Lighttpd
  • Containing Lighttpd
  • Optimizing Lighttpd
  • Migration from Apache
  • CGI Revisited
  • Using Lua with Lighttpd
  • Writing Lighttpd Modules

Read the rest of this entry »

Tags: , , ,

Posted in General, Linux |March 8th, 2009 No Comments »

Lighttpd server.max-worker option… is this a joke?

I’ve been using lighttpd for various projects with great results. A few days ago I had to optimize a server that was running lighttpd but has degraded its performance during the past weeks. I was able to see quite easily that the problem was IO bound as the number of files was growing very fast, while the folders were not arranged very well. Lighttpd was starting to slowdown while blocked on disk IO requests.  We needed a quick solution to buy us some time while we improve the backend files layout.

Having used nginx for some time now on some bigger sites that this one, my first thought for a quick solution was to increase the number of lighttpd workers as I have done with nginx. Lighttpd supports this, but looking at their documentation page we can see:
“DO NOT USE THIS OPTION IF YOU DON’T UNDERSTAND WHAT IT DOES
DO NOT REPORT ERRORS OR BUGS IF YOU DID NOT TEST WITHOUT THIS OPTION SET
THIS OPTION MOST LIKELY WILL NOT BOOST YOUR PERFORMANCE, ITS MOST LIKELY YOUR BACKEND”
wow… talk about a warning ;-)

Read the rest of this entry »

Tags: , , ,

Posted in Linux |March 3rd, 2009 No Comments »

Lighty Tips & Tricks: Hide lighttpd software version

Description: This will show how to hide the lighttpd version to remote requests.

Useful: there is really no need to disclose this information to everyone. As shown in “Discover the web server software and version of a remote server” anyone can find valuable information from our web server banner. Hiding it  will not protect in any way from real vulnerabilities if they exist, but it will at least make their life harder. This will also not stop more complex fingerprinting programs to detect some information on the web server, but at least we should not make their life easier ;) .

Read the rest of this entry »

Tags: ,

Posted in Linux, Security, Tips & Tricks |February 8th, 2009 No Comments »


Marius on Twitter

Recent Posts

Archives