Configuring SSL in Lighttpd and Limit Bandwidth Usage in Lighttpd

Configuring SSL in Lighttpd

If you want to install SSL in debian you need to install openssl in debian using the following command

#apt-get openssl

lighttpd supports SSLv2 and SSLv3 if it is compiled against openssl.

Configuration

To enable SSL for the whole server you have to provide a valid certificate and have to enable the SSL engine.:

ssl.engine = "enable"
ssl.pemfile = "/path/to/server.pem"

The HTTPS protocol does not allow you to use name-based virtual hosting with SSL. If you want to run multiple SSL servers with one lighttpd instance you must use IP-based virtual hosting:

$SERVER["socket"] == "10.0.0.1:443" {
ssl.engine = "enable"
ssl.pemfile = "www.example.org.pem"
server.name = "www.example.org"

server.document-root = "/www/servers/www.example.org/pages/"
}

If you have a .crt and a .key file, cat them together into a single PEM file:

$ cat host.key host.crt > host.pem

Self-Signed Certificates

A self-signed SSL certificate can be generated like this:

$ openssl req -new -x509 \
-keyout server.pem -out server.pem \
-days 365 -nodes

Limit Bandwidth Usage in Lighttpd

Starting with 1.3.8, lighttpd supports limiting the bandwidth for a single connection or config context like a virtual host or a URL.

Options

connection.kbytes-per-second:

limit the throughput for each single connection to the given limit in kbyte/s

default: 0 (no limit)

server.kbytes-per-second:

limit the throughput for all connections to the given limit in kbyte/s

if you want to specify a limit for a special virtual server use:

$HTTP["host"] == "www.example.org" {
server.kbytes-per-second = 128
}

which will override the default for this host.

default: 0 (no limit)

Additional Notes

Keep in mind that a limit below 32kb/s might actually limit the traffic to 32kb/s. This is caused by the size of the TCP send buffer.