Add new comment

Lighttpd 1.4.35 with PFS on Debian 7 wheezy

Submitted by Nikolaus Polak on Sat, 04/12/2014 - 18:05
Kategorie

After I wrote the howto for Apache2 now a howto for lighttpd and PFS, where I couldn't use "apt-get build-dep lighttpd" because my installed MariaDB packages blocked some mysql-dev-lib packages. Tested on Debian 7 ECC keys and ECDH ciphers working. When you've already do some compiling and apt installing, it should be simple to follow:

1. Preperation - get source and needed tools

# apt-get install build-essential
# apt-get install automake libtool libpcre3-dev libbz2-dev libxml2-dev libsqlite3-dev libssl-dev liblua5.1-0-dev e2fslibs-dev uuid-dev
$ wget http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.35.tar.gz
$ tar xf lighttpd-1.4.35.tar.gz

2. Configure, compile

$ ./configure --with-openssl --with-openssl-libs=/usr/lib --prefix=/usr --with-webdav-props --with-webdav-locks
$ checkinstall -D

3. Change the lighttpd server configuration files - mostly like in /etc/lighttpd/conf-enabled/10-ssl.conf

ssl.use-sslv2 = "disable"
ssl.use-compression = "disable"
ssl.honor-cipher-order = "enable"
ssl.cipher-list = "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA"

4. Installation (not perfect because we're copying the Debian scripts by hand)

# cp -r /usr/share/lighttpd/ /root/usr_share_lighttpd
# apt-get remove lighttpd lighttpd-mod-*;cp -r /root/usr_share_lighttpd /usr/share/lighttpd; dpkg -i lighttpd_1.4.35-1_amd64.deb
# service lighttpd restart
# update-rc.d lighttpd defaults

5. Done.

Source/German: notizen.stephangsell.de

The content of this field is kept private and will not be shown publicly.
The comment language code.