Configuring SSL in Lighttpd
If you want to install SSL in debian you need to install openssl in debian using the following command
#apt-get openssl
lighttpd supports SSLv2 and SSLv3 if it is compiled against openssl.
Configuration
To enable SSL for the whole server you have to provide a valid certificate and have to enable the SSL engine.:
ssl.engine = "enable"
ssl.pemfile = "/path/to/server.pem"
The HTTPS protocol does not allow you to use name-based virtual hosting with SSL. If you want to run multiple SSL servers with one lighttpd instance you must use IP-based virtual hosting:
$SERVER["socket"] == "10.0.0.1:443" {
ssl.engine = "enable"
ssl.pemfile = "www.example.org.pem"
server.name = "www.example.org"
server.document-root = "/www/servers/www.example.org/pages/"
}
If you have a .crt and a .key file, cat them together into a single PEM file:
$ cat host.key host.crt > host.pem
Self-Signed Certificates
A self-signed SSL certificate can be generated like this:
$ openssl req -new -x509 \
-keyout server.pem -out server.pem \
-days 365 -nodes
Limit Bandwidth Usage in Lighttpd
Starting with 1.3.8, lighttpd supports limiting the bandwidth for a single connection or config context like a virtual host or a URL.
Options
connection.kbytes-per-second:
limit the throughput for each single connection to the given limit in kbyte/s
default: 0 (no limit)
server.kbytes-per-second:
limit the throughput for all connections to the given limit in kbyte/s
if you want to specify a limit for a special virtual server use:
$HTTP["host"] == "www.example.org" {
server.kbytes-per-second = 128
}
which will override the default for this host.
default: 0 (no limit)
Additional Notes
Keep in mind that a limit below 32kb/s might actually limit the traffic to 32kb/s. This is caused by the size of the TCP send buffer.