Lighttpd 1.4.35 with PFS on Debian 7 wheezy

Submitted by Nikolaus Polak on Sat, 04/12/2014 - 18:05

After I wrote the howto for Apache2 now a howto for lighttpd and PFS, where I couldn't use "apt-get build-dep lighttpd" because my installed MariaDB packages blocked some mysql-dev-lib packages. Tested on Debian 7 ECC keys and ECDH ciphers working. When you've already do some compiling and apt installing, it should be simple to follow:

1. Preperation - get source and needed tools

# apt-get install build-essential
# apt-get install automake libtool libpcre3-dev libbz2-dev libxml2-dev libsqlite3-dev libssl-dev liblua5.1-0-dev e2fslibs-dev uuid-dev
$ wget
$ tar xf lighttpd-1.4.35.tar.gz

2. Configure, compile

$ ./configure --with-openssl --with-openssl-libs=/usr/lib --prefix=/usr --with-webdav-props --with-webdav-locks
$ checkinstall -D

3. Change the lighttpd server configuration files - mostly like in /etc/lighttpd/conf-enabled/10-ssl.conf

ssl.use-sslv2 = "disable"
ssl.use-compression = "disable"
ssl.honor-cipher-order = "enable"

4. Installation (not perfect because we're copying the Debian scripts by hand)

# cp -r /usr/share/lighttpd/ /root/usr_share_lighttpd
# apt-get remove lighttpd lighttpd-mod-*;cp -r /root/usr_share_lighttpd /usr/share/lighttpd; dpkg -i lighttpd_1.4.35-1_amd64.deb
# service lighttpd restart
# update-rc.d lighttpd defaults

5. Done.