What is Lighttpd? Features, architecture, and how to deploy and configure

Lighttpd is a lightweight web server that has a minimalistic design and an efficient architecture. Unlike some of its “heavyweight” counterparts, Lighttpd is remarkably small in size, with the latest release requiring only a few MBs of memory.

In this article, we will explore the important aspects of Lighttpd, including its core features, architecture, installation, deployment, and configuration. We’ll also discuss ways to tune and monitor its performance.

What is Lighttpd?

Lighttpd, often referred to as Lighty, is an open-source, high-performance web server that has a small memory footprint. Like NGINX, Lighttpd was originally developed to solve the c10k problem — to efficiently process 10,000 concurrent connections on one server. Over time, it gained widespread popularity, not only for solving the c10k problem, but also for its nimbleness and speed.

As per the official website, the “typical scenario” for using Lighttpd is as an offload server for delivering static content. In such an architecture, the main server handles complex processing, whereas Lighttpd serves static files like images and videos. For example, YouTube uses a cluster of Lighttpd servers to serve static thumbnails to its users.

Lighttpd Architecture

Lighttpd has an inherently efficient event-driven architecture that uses a single process and a limited number of threads. Unlike some other web servers, Lighttpd doesn’t create new threads or processes for each incoming connection.

This approach leads to many advantages. First, it optimizes CPU and memory utilization, making Lighttpd a top choice for resource-constrained and resource-intensive deployments. Whether your server has limited hardware resources or you are trying to maximize the efficiency of a more robust system, Lighttpd fits in perfectly.

Moreover, this design also enables Lighttpd to excel in high concurrency scenarios. It can handle a large number of concurrent clients without creating many short-lived threads (which would cause memory spikes or compromise performance).

Use cases of Lighttpd

Lighttpd is a versatile web server that can cater to a wide range of use cases. Here are a few examples:

  • For high-traffic websites: Whether you are running a popular blog, an e-commerce platform, or a news site, Lighttpd can handle a large number of incoming requests without loading latency.
  • For intensive web applications: Lighttpd can handle dynamic content efficiently and scale up to accommodate growing user bases and traffic surges. This makes it a top choice for hosting intensive web applications.
  • For IoT devices: The small memory footprint makes Lighttpd suitable for IoT devices and embedded systems. For example, if you have to run a web app on an IoT device, you can host it using Lighttpd.
  • For real-time applications: Since Lighttpd supports WebSockets, it can be used to power real-time applications that require fast and reliable two-way communication, such as online gaming and chat applications.
  • As a reverse proxy: Lighttpd is also a powerful reverse proxy server. In this role, it handles requests on behalf of other web or application servers and provides load balancing, caching, and other features.

Lighttpd vs. NGINX

Lighttpd and NGINX are two highly regarded web servers, each with unique characteristics.

In terms of architecture, both platforms share more similarities than differences. Lighttpd uses a single-process, event-driven design with a limited number of threads. NGINX also uses an event-driven architecture with a finite number of worker threads that handle connections in a non-blocking manner.

Both NGINX and Lighttpd are able to handle a large number of connections with small memory footprints. However, in most cases, Lighttpd typically consumes less memory and CPU than NGINX when dealing with similar workloads.

If we talk about configurability, both systems provide flexibility and ease of configuration. However, NGINX offers a much larger set of features and modules. To implement advanced proxying, caching, or load balancing features with Lighttpd, you may have to make changes to its source code.

Lighttpd vs. Apache

Lighttpd and Apache are also often compared with each other. While there are areas of overlap in their functionalities, there are also some key distinctions to consider.

Apache has a per-request architecture, which means that a new thread or process is spawned for each request. This approach, while flexible, is much more resource-intensive compared to the single-process approach that Lighttpd takes.

While both Lighttpd and Apache offer dynamic content processing, Apache comes with a broader feature set and a richer module library. Apache also provides native support for directory-level configurations, a valuable feature that’s not present in Lighttpd.

In Apache, you can dynamically add or remove modules without having to recompile the entire server. Conversely, Lighttpd modules must be compiled at build time. While the static loading approach enhances security, it limits your ability to change the server’s functionality on the fly.

Main Lighttpd features

Lighttpd offers a host of features that cater to a wide range of web server requirements. Here are a few:

HTTP proxy

The mod_proxy module of Lighttpd allows you to deploy it as a reverse proxy. Even though this module currently doesn’t support SSL offloading, it offers basic load-balancing capabilities. For example, you can do prefix matching, update paths, and work with WebSockets.

WebSockets

The mod_wstunnel module can be used to process WebSockets traffic with Lighttpd. The module termiates WebSockets data from clients, forwards plain HTTP data to the backend, and then transforms the response from the backend back to WebSockets format before sending it to the client.

FastCGI support

Lighttpd offers a powerful FastCGI interface (via the mod_fastcgi module), which enhances its ability to handle dynamic content generation. Its internal FastCGI load balancer allows you to distribute load across different FastCGI servers.

Support for different event mechanisms

Unlike other web servers, Lighttpd allows you to configure the best event handling mechanism available on a server. You can select from a range of mechanisms based on your operating system, including select, poll, epoll, kqueue, and libev. This flexibility enables you to maximize the performance and throughput of the event-based architecture to best suit your needs.

Conditional URL rewriting

Conditional URL rewriting is another powerful feature that allows you to manipulate URLs based on predefined conditions. This can be used to create SEO-friendly URLs, implement complex URL routing, or implement other custom logic.

TLS/SSL support

If you want to encrypt sensitive data, secure online transactions, or provide secure access to web applications, you can configure Lighttpd to run with TLS/SSL. The available modules for this support are: mod_openssl, mod_nss, mod_gnutls, and mod_wolfssl.

HTTP compression

Lighttpd's lightweight and space-efficient design are further complemented by its strong support for HTTP compression. This feature reduces the size of data exchanged between the server and clients, which not only accelerates load times but also improves the overall performance of the web stack. You can enable HTTP compression by loading the mod_deflate module.

RRDtool statistics

Lighttpd offers a module, mod_rrdtool, to integrate with RRDtool, a data logging and graphing system that stores and displays in-depth statistics and insights related to server performance. The module also allows you to generate and view graphs for collected metrics on a webpage.

Installing and deploying Lighttpd

The simplest way to install Lighttpd is via the default package manager on your Linux system. Let’s look at the steps involved.

Update the package repository

Start by updating the package repository so that you have access to all the latest packages and updates. For Debian/Ubuntu, run:

sudo apt update

For CentOS/RHEL, use:

sudo yum update

Install Lighttpd

Use the relevant package manager to install the Lighttpd package.

For Debian/Ubuntu, use:

sudo apt install lighttpd

For CentOS/RHEL, run this command:

sudo yum install lighttpd

Initial config

Before we start the Lighttpd service, it’s important to tweak a few configuration parameters. The default configuration file is usually present at /etc/lighttpd/lighttpd.conf. Open this file in a text editor to set the appropriate configuration values. Here are a few initial configurations to consider:

  • The document root: The server.document-root property specifies the directory that will contain your website’s files. It defaults to /var/www/, but you may consider setting a different directory.
  • Server port: The server.port defines the port on which Lighttpd listens to incoming connections. If you have multiple HTTP services running on the server, you may want to specify a custom value here.
  • The bound IP address/hostname: You can specify the relevant IP address or hostname in the server.bind parameter. For example, you may put www.sample.org or 127.0.0.1 as the value.
  • Loaded modules: server.modules is another important field to consider. Based on the values specified in this field, you can enable or disable server modules according to your specific needs. For example, you may remove mod_rewrite from the list if you don’t need URL rewriting.
  • Log files: You may also want to tweak the default values for the server.errorlog and accesslog.filename parameters. These settings define the log file path for the error logs and the access logs, respectively.

Start Lighttpd

After you have successfully installed and configured Lighttpd, you can now start its service and enable it to run at startup automatically. Use these commands:

sudo systemctl start lighttpd
sudo systemctl enable lighttpd

Check if the service is running

To check if the service has started, use the following command:

(Note: It works on both Debian/Ubuntu and CentOS/RHEL systems)

sudo systemctl status lighttpd

You can also use the following command to check whether Lighttpd is indeed listening for connections on the configured port:

sudo netstat -anp | grep lighttpd

This command filters out the lighttpd process from a list of all processes that are listening on network ports. If Lighttpd is running, you will see a line in the output that looks like this:


tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 11615/lighttpd

This output shows that the server is listening on port 80.

Configuring Lighttpd

Lighttpd is a highly configurable system that can be extended via modules. In this section, we will be looking at more configuration parameters at our disposal.

Denying access to source code

A recommended security practice is to deny access to source code files. Lighttpd makes this simple to implement by offering the static-file.exclude-extensions parameter. A sample value for this parameter can be:


static-file.exclude-extensions = ( ".py", ".pl", ".php", “.cgi”, ".fcgi" )

The HTTP compression module

Consider enabling the HTTP compression module (mod_deflate) to increase performance and reduce the chances of bottlenecks. To do so, simply add mod_deflate to the value of the server.modules field.


server.modules = (
"mod_access",
"mod_alias",
….[other modules you need are here],
"mod_deflate"
)

Set up virtual hosts

Virtual hosts are typically used to manage multiple websites on a single server. They are important when you have to serve multiple domains or subdomains from a single node. You can use the mod_simple_vhost module to manage virtual hosts in Lighttpd.

The complete document root for a virtual host is determined by concatenating either the server root + hostname + document root values or the server root + default host + document root values. For example, the complete document root for the following values will be /var/www/test/test.org/testPages:


test-vhost.server-root = "/var/www/test/"
test-vhost.default-host = "test.org"
test-vhost.document-root = "testPages"

Enabling TLS/SSL

You can use the mod_openssl module to configure Lighttpd to use TLS for socket connections. It can be loaded and configured to run with client certificate validation, as follows:


setup {
module_load "mod_openssl";
openssl (
"listen" => "0.0.0.0:443",
"listen" => "[::]:443",
"pemfile" => "/etc/certs/samplePem.pem",
"client-ca-file" => "/etc/certs/sampleCA.pem",
"verify" => true,
"verify-require" => true
);
}

Validate and restart Lighttpd

Once you have made all your desired configuration tweaks, you can validate that the modified configuration file is correct by running this command:


lighttpd -tt -f /etc/lighttpd/lighttpd.conf

If everything is okay, restart Lighttpd:


sudo systemctl restart lighttpd

Monitoring Lighttpd for performance and security

Regular monitoring of Lighttpd is important to ensure that it’s operating and performing as expected. Here are a few steps you can take to monitor a Lighttpd instance:

Keep an eye on the logs

Regularly monitor access and error logs for any anomalies. Access logs record client requests. They can help you analyze traffic patterns and identify potential security issues. Error logs capture server errors and warnings, which can assist in early detection of problems and bottlenecks.

Performance metrics

Enable the mod_rrdtool module and configure it to start collecting the most important performance metrics, including total requests, total responses, total errors, total timeouts, and max response time. These metrics will enable you to track the performance of the server in real time and identify performance bottlenecks.

Additionally, you can also use the Site24x7 monitoring plugin for comprehensive monitoring of your Lighttpd instance. The plugin tracks several metrics by default, including accesses, traffic, busy servers, idle servers, and uptime.

Access control

Lighttpd offers several configuration parameters and modules to implement robust access control. For example, you can use the mod_evasive module to limit the number of requests from a single IP address. Or you can use the mod_access module to restrict access to specific directories or resources.

Security audits

It’s important to audit server activity regularly to identify vulnerabilities and suspicious behavior. Security scanning tools can help you identify needlessly open ports, vulnerable third-party libraries, or outdated software.

Sensitive data storage

If you are using TLS/SSL, ensure that you store sensitive data like private keys and certificates in a secure location with restricted access. It’s also crucial to:

  • Keep SSL/TLS libraries and dependencies up to date, so that your server stays safe from any exploitable vulnerabilities.
  • Use cryptographically strong encryption algorithms.
  • Regularly rotate cryptographic keys to reduce chances of compromise.

Fine-tuning Lighttpd for (even) better performance

Here are a few best practices that can help you scale your Lighttpd for optimal performance:

Enable streaming (if applicable)

Lighttpd offers streaming features to control how it buffers request and response bodies with dynamic backends. By default, streaming is disabled for efficient offloading. To enable streaming, set the server.stream-request-body and server.stream-response-body options to non-zero values in the configuration file.

Prefer defaults

Other than for the basic configuration parameters like hostname, port, and log file locations, use default settings unless you have a specific reason to change them. Make one change at a time, test it, and then benchmark its impact in real-world scenarios. Revert changes that don't provide measurable benefits.

Optimize caching

Test the performance of your instance with different values for the server.stat-cache-engine parameter, and settle on the option that gives the best results. Possible values for the parameter are: “simple”, “inotify”, and “kqueue”.

Choose appropriate timeout values

Adjust the values for the idle timeout and keep-alive parameters to free up connections efficiently. This will help you further optimize the memory footprint of the server.

For low-memory systems

If you are running a low-memory system, the Lighttpd documentation recommends setting the specified values for the following parameters:


server.max-fds = 128 (or lower)
server.max-connections = 16 (or lower)
server.listen-backlog = 16 (or lower)
ssl.read-ahead = "disable"

Conclusion

Lighttpd is a nimble yet powerful web server that suits different kinds of web applications. Despite being much smaller in size than its counterparts, it offers an array of valuable features that ensure optimized performance, high availability, and seamless scalability for your infrastructure.

If you want to get the most out of Lighttpd, you need to monitor its performance to reduce lags, downtime and troubleshoot issues. Get insightful visualizations and timely alerts to ensure optimal functioning of your Lighttpd web server through Site24x7 plugins.

Was this article helpful?

Related Articles

Write For Us

Write for Site24x7 is a special writing program that supports writers who create content for Site24x7 "Learn" portal. Get paid for your writing.

Write For Us

Write for Site24x7 is a special writing program that supports writers who create content for Site24x7 “Learn” portal. Get paid for your writing.

Apply Now
Write For Us