Lighttpd is a secure, fast, standards-compliant web server designed for speed-critical environments. This tutorial shows how you can install Lighttpd on a Centos 6.4 server with PHP5 support (through PHP-FPM) and MySQL support. PHP-FPM (FastCGI Process Manager) is an alternative PHP FastCGI implementation with some additional features useful for sites of any size, especially busier sites. I use PHP-FPM in this tutorial instead of Lighttpd’s spawn-fcgi.
I do not issue any guarantee that this will work for you!
1 Preliminary Note
In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100. These settings might differ for you, so you have to replace them where appropriate.
2 Installing MySQL 5
First we install MySQL 5 like this:
yum install mysql mysql-server
Then we create the system startup links for MySQL (so that MySQL starts automatically whenever the system boots) and start the MySQL server:
chkconfig –levels 235 mysqld on
Set passwords for the MySQL root account:
[[email protected] ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MySQL to secure it, we’ll need the current
password for the root user. If you’ve just installed MySQL, and
you haven’t set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on…
Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.
Set root password? [Y/n] <– ENTER
New password: <– yourrootsqlpassword
Re-enter new password: <– yourrootsqlpassword
Password updated successfully!
Reloading privilege tables..
By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
Remove anonymous users? [Y/n] <– ENTER
Normally, root should only be allowed to connect from ‘localhost’. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] <– ENTER
By default, MySQL comes with a database named ‘test’ that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] <– ENTER
– Dropping test database…
– Removing privileges on test database…
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] <– ENTER
All done! If you’ve completed all of the above steps, your MySQL
installation should now be secure.
Thanks for using MySQL!
[[email protected] ~]#
3 Installing Lighttpd
Because Lighttpd and PHP-FPM are not available from the official CentOS repositories, we need to enable the Remi RPM repository plus the EPEL repository:
rpm –import https://fedoraproject.org/static/0608B895.txt
rpm -ivh epel-release-6-8.noarch.rpm
rpm –import http://rpms.famillecollet.com/RPM-GPG-KEY-remi
rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
yum install yum-priorities
… and add the line priority=10 to the [epel] section:
[epel] name=Extra Packages for Enterprise Linux 6 - $basearch #baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch failovermethod=priority enabled=1 priority=10 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 [...]
Then do the same for the [remi] section in /etc/yum.repos.d/remi.repo, plus change enabled to 1:
[remi] name=Les RPM de remi pour Enterprise Linux $releasever - $basearch #baseurl=http://rpms.famillecollet.com/enterprise/$releasever/remi/$basearch/ mirrorlist=http://rpms.famillecollet.com/enterprise/$releasever/remi/mirror enabled=1 priority=10 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi failovermethod=priority [remi-test] name=Les RPM de remi en test pour Enterprise Linux $releasever - $basearch #baseurl=http://rpms.famillecollet.com/enterprise/$releasever/test/$basearch/ mirrorlist=http://rpms.famillecollet.com/enterprise/$releasever/test/mirror enabled=0 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi
Afterwards, we can install Lighttpd like this:
yum install lighttpd
Then we create the system startup links for Lighttpd (so that Lighttpd starts automatically whenever the system boots) and start it:
chkconfig –levels 235 lighttpd on
If Lighttpd fails to start with the following error message…
(network.c.203) socket failed: Address family not supported by protocol
… open /etc/lighttpd/lighttpd.conf…
… and change server.use-ipv6 from enable to disable:
[...] ## ## Use IPv6? ## server.use-ipv6 = "disable" [...]
Then try to start Lighttpd again – it should now work without any problem:
Now direct your browser to http://192.168.0.100, and you should see the following page:
Lighttpd’s default document root is /var/www/lighttpd/ on CentOS 6.4, and the configuration file is /etc/lighttpd/lighttpd.conf.
4 Installing PHP5
We can make PHP5 work in Lighttpd through PHP-FPM which we install like this:
yum install php-fpm lighttpd-fastcgi
PHP-FPM is a daemon process that runs a FastCGI server on port 9000.
… and set user and group to lighttpd:
[...] ; Unix user/group of processes ; Note: The user is mandatory. If the group is not set, the default user's group ; will be used. ; RPM: apache Choosed to be able to access some dir as httpd user = lighttpd ; RPM: Keep a group allowed to write in log dir. group = lighttpd [...]
Create the system startup links for PHP-FPM and start it:
chkconfig –levels 235 php-fpm on
5 Configuring Lighttpd And PHP5
To enable PHP5 in Lighttpd, we must modify two files, /etc/php.ini and /etc/lighttpd/lighttpd.conf. First we open /etc/php.ini and uncomment the linecgi.fix_pathinfo=1:
[...] ; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's ; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok ; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting ; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting ; of zero causes PHP to behave as before. Default is 1. You should fix your scripts ; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. ; http://www.php.net/manual/en/ini.core.php#ini.cgi.fix-pathinfo cgi.fix_pathinfo=1 [...]
Then we open /etc/lighttpd/modules.conf and uncomment the line include “conf.d/fastcgi.conf”:
[...] ## ## FastCGI (mod_fastcgi) ## include "conf.d/fastcgi.conf" [...]
Next open /etc/lighttpd/conf.d/fastcgi.conf:
There’s a fastcgi.server stanza – leave it commented and add your own fastcgi.server stanza as follows:
[...] ## PHP Example ## For PHP don't forget to set cgi.fix_pathinfo = 1 in the php.ini. ## ## The number of php processes you will get can be easily calculated: ## ## num-procs = max-procs * ( 1 + PHP_FCGI_CHILDREN ) ## ## for the php-num-procs example it means you will get 17*5 = 85 php ## processes. you always should need this high number for your very ## busy sites. And if you have a lot of RAM. :) ## fastcgi.server += ( ".php" => (( "host" => "127.0.0.1", "port" => "9000", "broken-scriptfilename" => "enable" )) ) #fastcgi.server = ( ".php" => # ( "php-local" => # ( # "socket" => socket_dir + "/php-fastcgi-1.socket", # "bin-path" => server_root + "/cgi-bin/php5", # "max-procs" => 1, # "broken-scriptfilename" => "enable", # ) # ), [...]
Then we restart Lighttpd:
6 Testing PHP5 / Getting Details About Your PHP5 Installation
The document root of the default web site is /var/www/lighttpd/. We will now create a small PHP file (info.php) in that directory and call it in a browser. The file will display lots of useful details about our PHP installation, such as the installed PHP version.
<?php phpinfo(); ?> Now we call that file in a browser (e.g. http://192.168.0.100/info.php):
As you see, PHP5 is working, and it’s working through FPM/FastCGI, as shown in the Server API line. If you scroll further down, you will see all modules that are already enabled in PHP5. MySQL is not listed there which means we don’t have MySQL support in PHP5 yet.
7 Getting MySQL Support In PHP5
To get MySQL support in PHP, we can install the php-mysql package. It’s a good idea to install some other PHP5 modules as well as you might need them for your applications. You can search for available PHP5 modules like this:
yum search php
Pick the ones you need and install them like this:
yum install php-mysql php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc
APC is a free and open PHP opcode cacher for caching and optimizing PHP intermediate code. It’s similar to other PHP opcode cachers, such as eAccelerator and Xcache. It is strongly recommended to have one of these installed to speed up your PHP page.
APC can be installed as follows:
yum install php-pecl-apc
Now reload PHP-FPM:
Now reload http://192.168.0.100/info.php in your browser and scroll down to the modules section again. You should now find lots of new modules there, including the MySQL module:
8 Making PHP-FPM Use A Unix Socket
By default PHP-FPM is listening on port 9000 on 127.0.0.1. It is also possible to make PHP-FPM use a Unix socket which avoids the TCP overhead. To do this, open /etc/php-fpm.d/www.conf…
… and make the listen line look as follows:
[...] ;listen = 127.0.0.1:9000 listen = /tmp/php5-fpm.sock [...]
Then reload PHP-FPM:
Next open Lighttpd’s PHP configuration file /etc/lighttpd/conf.d/fastcgi.conf and replace the host and port lines with “socket” => “/tmp/php5-fpm.sock”:
fastcgi.server += ( ".php" => (( "socket" => "/tmp/php5-fpm.sock", "broken-scriptfilename" => "enable" )) )
Finally restart Lighttpd: