Update, 23/08/08:
This guide works on Ubuntu 22.04 LTS. Note that this guide will work for Ubuntu 20.04, but the configuration for 10-ssl.conf will have to change. The version of lighttpd that this version uses will not support symlinks or global privkey/pemfile settings. Paths to cert files have to be defined for each specific implementation of the ssl socket (one for IPv4 and one for IPv6), and the paths must link to the physical file on the system.
This guide may have errors as of right now (I haven’t fully tested this since today’s update, so YMMV. If you run into issues, leave a comment and I’ll see if I can help you. I’ll test this setup soon to make sure it works correctly.
Install
apt install lighttpd lighttpd-mod-openssl
Enabling https on IPv4 and IPv6:
Add the following to lighttpd.conf:
To redirect all http to https, add the following to the bottom of lighttpd.conf:
$HTTP["scheme"] == "http" {
url.redirect = ("" => "https://${url.authority}${url.path}${qsa}")
}
Add the following lines to the server.modules list:
"mod_redirect", "mod_rewrite", "mod_auth"
To enable IPv6 support, add the following below the server.port line:
$SERVER["socket"] == "[::]:80" { }
To install letsencrypt:
apt install letsencrypt
Run certbot and follow the certbot instructions, mark down the path of the fullchain.pem and privkey.pem files.
certbot certonly
Edit /etc/lighttpd/conf-available/10-ssl.conf file, change or add the lines below:
ssl.privkey = "<PATH>/privkey.pem" ssl.pemfile = "<PATH>/fullchain.pem" # Enforces lowest TLS Protocol ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1.2") # IPv4 HTTPS $SERVER["socket"] == "0.0.0.0:443" { ssl.engine = "enable" } # IPv6 HTTPS $SERVER["socket"] == "[::]:443" { ssl.engine = "enable" }
Comment the line:
#include_shell "/usr/share/lighttpd/use-ipv6.pl 443"
Enable the SSL configuration:
ln -s /etc/lighttpd/conf-available/10-ssl.conf /etc/lighttpd/conf-enabled/10-ssl.conf
Install PHP:
Install:
apt install php php-cgi php-fpm php-cli php-curl php-gd php-mysql php-mbstring zip unzip
Enable the configuration:
lighty-enable-mod fastcgi fastcgi-php
Create info.php in your webroot:
<?php
phpinfo();
?>
Start the server
Enable the system service and run it:
systemctl enable lighttpd
systemctl start lighttpd