Reputation: 41
Configuring https on lighttpd
I'm configuring https on standard Alpine Linux/3.9.0, running PHP/7.2.14 and lighttpd/1.4.52 (ssl). I have my domain name up (I'll call it "mydomain.com") and I've gotten the ssl files mydomain.crt, mydomain.p7b, mydomain.ca-bundle, mydomain.key, and mydomain.pem.
-When I search with http at mydomain.com:443, I access my website.
-When I search with https at mydomain.com, the connection times out.
I have configured /etc/lighttpd/lighttpd.conf incorrectly, and I think it has something to do with my ".crt" file. I have searched around StackOverflow and by googling it, but the two most helpful sources were:
https://tecadmin.net/configure-ssl-in-lighttpd-server/
https://www.digicert.com/ssl-certificate-installation-lighttpd.htm
This was added/modified in the default configuration file /etc/lighttpd/lighttpd.conf:
server.port = 443
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/mydomain.pem"
ssl.ca-file = "/etc/lighttpd/mydomain.crt"
server.name = "mydomain"
server.document-root = "/var/www/localhost/htdocs"
}
I have also tried replacing
ssl.ca-file = "/etc/lighttpd/mydomain.crt"
with
ssl.ca-file = "/etc/lighttpd/mydomain.ca-bundle"
I was expecting /etc/lighttpd/mydomain.crt to work, but I can only access port 443 through http (successful connection), not through https (connection time out). I have one .crt file (mydomain.crt). Am I supposed to modify the file mydomain.ca-bundle as a .crt file?
Upvotes: 2
Views: 6194
Answers (2)
Reputation: 11
1)Create a directory to create CSR and public key. #mkdir /etc/lighttpd/ssl/PROJECT_NAME
2)Go to Direct #cd /etc/lighttpd/ssl/PROJECT_NAME
3)create CSR and key file. #openssl req -new -newkey rsa:2048 -nodes -keyout abc.com.key -out abc.com.csr
Warning:This command will ask to enter the details.
4)create a self-signed certificate for internal use. #openssl x509 -req -days 365 -in abc.com.csr -signkey abc.com.key -out abc.com.crt
5)Create pem file by combining key file and certificate file. #cat abc.com.key abc.com.crt > abc.com.pem
6)Verify Configuration #lighttpd -t -f /etc/lighttpd/lighttpd.conf output is >>> Syntax OK
7)Added this text to lighttpd.conf (redirect http to https)
$SERVER["socket"] == ":80" {
$HTTP["host"] =~ "(.*)" {
url.redirect = ( "^/(.*)" => "https://%1/$1" )
}
}
8)ADD this mode in lighttpd.conf "mod_redirect" "mod_openssl"
9)Rstart Lighttpd #service lighttpd restart
Upvotes: 1
Reputation: 41
Okay, so the perpetrator was this line right here:
server.port = 443
Me being a novice at this, I didn't realize you should have port 80 AND port 443 open to enable https. lighttpd uses 80 by default, so I just had to comment out the line:
# server.port = 443
Note for future readers: thus it follows, that for https, ports 80 and 443 must also be ported forward on your router.
Upvotes: 2
Related Questions
- lighttpd redirect from custom HTTP port 81 to HTTPS port 443
- Lighttpd reverse proxy HTTPS to another server on HTTP
- how to proxy from https to http with lighttpd
- lighttpd redirect http://www to https://www
- Lighttpd SSL Error
- Lighttpd: only SSLv3 enabled, but TLSv1.2 is used
- HTTPS Redirection not working in Lightppd
- lighttpd http to https
- Lighttpd redirect HTTPS to HTTP
- What is the openssl command i need to use for this?