December 27, 2014

Django and Lighttpd configuration for smooth SSL

I use and prefer Lighttpd for serving my Django applications. Tonight I worked out a nearly perfect configuration which allows me to serve the app through fastcgi in both http, and SSL-enabled https. The media files are directly served by Lighty, without hitting the django backend at all, for maximum speed.

Better yet, this configuration allows me to directly serve the media files through ssl without having to get a separate certificate for the web server. Lastly, it serves both “www” and “non-www” versions of the domain, automatically redirecting “www” traffic.

The Commented Lighttpd Configuration


server.modules = ("mod_rewrite", "mod_redirect", "mod_alias",
    "mod_access", "mod_fastcgi", "mod_accesslog" )

server.document-root = "/www/static/"

# set up the fastcgi server on 11666
fastcgi.server = ( "/tribe.fcgi" =>
  ((
	"check-local" => "disable",
	"host" => "127.0.0.1",
	"port" => 11666,
	"min-proces" => 4,
	"max-load-per-proc" => 3,
	"broken-scriptfilename" => "enable",
  )),
)

# strip "www" - redirecting to non-www
$HTTP["host"] =~ "www\.ebooktribe\.com(.*)" {
    url.redirect = ( "^/(.*)" => "http://ebooktribe.com/$1" )
}

# serve ebooktribe.com, both static and dynamic
$HTTP["host"] == "ebooktribe.com" {
    server.bind = "75.126.217.231"

    # here we are mapping /media/ for admin media
    # and /static/ for the standard media_url
    alias.url = (
       "/media/" => "/usr/local/pythonlibs/django/django/contrib/admin/media/",
       "/static/" => "/www/media.ebooktribe/",
    )

    # this is key.  We use rewrite-once to trap out the media and static urls
    # so that they don't get sent to the fastcgi server.
    # the last rewrite rule here acts as a trap, collecting all the urls not
    # caught be previous rules
    url.rewrite-once = (
        "^(/media.*)$" => "$1",
        "^(/static.*)$" => "$1",
        "^/favicon\.ico$" => "/static/favicon.ico",
        "^(/.*)$" => "/tribe.fcgi$1",
    )

    server.errorlog = "/wwww/logs/ebooktribe.error.log"
    accesslog.filename = "/www/logs/ebooktribe.access.log"
}

# here is where I bind the ssl server to "secure.ebooktribe.com" on my
# reserved IP address.
$SERVER["socket"] == "75.126.217.230:443" {
    ssl.engine = "enable"
    ssl.pemfile = "/etc/lighttpd/ebooktribe.com/secure.ebooktribe.com.pem"
    ssl.ca-file = "/etc/lighttpd/ebooktribe.com/secure.ebooktribe.com.crt"
    server.name = "secure.ebooktribe.com"
    server.document-root = "/www/static"
    server.errorlog = "/webapps/logs/ebooktribe-ssl.error.log"
    accesslog.filename = "/webapps/logs/ebooktribe-ssl.access.log"

    alias.url = (
       "/media/" => "/usr/local/pythonlibs/django/django/contrib/admin/media/",
       "/static/" => "/www/media.ebooktribe/",
    )

    url.rewrite-once = (
        "^(/media.*)$" => "$1",
        "^(/static.*)$" => "$1",
        "^/favicon\.ico$" => "/static/favicon.ico",
        "^(/.*)$" => "/tribe.fcgi$1",
    )
}

accesslog.filename = "/www/logs/access.log"
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
server.username = "lighttpd"
server.groupname = "devel"
server.errorlog = "/www/logs/lighttpd.error.log"
index-file.names = ("index.html")

[tags]lighttpd,django,ssl[/tags]

Share and Enjoy:
  • services sprite Django and Lighttpd configuration for smooth SSL
  • services sprite Django and Lighttpd configuration for smooth SSL
  • services sprite Django and Lighttpd configuration for smooth SSL
  • services sprite Django and Lighttpd configuration for smooth SSL
  • services sprite Django and Lighttpd configuration for smooth SSL
  • services sprite Django and Lighttpd configuration for smooth SSL
  • services sprite Django and Lighttpd configuration for smooth SSL
  • services sprite Django and Lighttpd configuration for smooth SSL

Related posts:

  1. Lighttpd 1.5 prerelease doesn't like Django Whew. I spent quite a bit more time debugging this...
  2. Lighttpd on Cpanel VPS Working on a new project for a client, I need...
  3. Django and Dreamhost – not now Argh! I simply cannot get Django to work on Dreamhost....
  4. Django on Rimuhosting This is just a quick post to confirm that Django...
  5. Howto Reset The Admin Password in Django I keep needing to do this, darn it! I leave...

About Bruce Kroeze

Comments

  1. Chris says:

    Bruce,

    How are you running Satchmo? Are you using the threaded or forking fcgi server? I’ve been using threaded but may switch. Details of your script might be helpful to include.

    Thanks,
    Chris

  2. Brad says:

    Nice. I agree with Chris: can we take a peek at tribe.fcgi?

  3. Bruce says:

    That’s the beauty of this setup, Brad. There is no tribe.fcgi script. It is all in the config file. “/tribe.fcgi” is just an address that means “send this request to the FastCGI server.”

    I simply start the FastCGI server using an init script, and leave it to respond to Lighttpd requests. I’ll post the init script separately today.

  4. I try to have a custom php error_logs without having different php.ini files, but I cannot find the solution.

  5. Nice set of codes well I say I worked with the codes lately but I haven’t got it working yet. Can someone help me with these?

  6. Alex says:

    I gave this a go and yet despite no errors being thrown, when I navigate to my url, I am redirected to “/login?next=/tribe.fcgi/” then receiving a 404 error. Do you perhaps know what I am doing wrong?

    Regardless, thanks for the post, it’s the closest I have gotten so far to a working django installation on lighttpd.

  7. Alex says:

    Scratch that. Turns out… and I hope this saves others the god-knows-how-many-hours I spent on this but to solve the login redirect 404 error, I just had to put the following in my django project settings:

    FORCE_SCRIPT_NAME=”"

    and everything just worked.

Speak Your Mind

*