Just as an additional remark, I stumbled across this guide but wasn't able to get ssl working. I noticed with the more recent versions there are more steps necessary. I have put them together here:
- The openssl module is not part of the default installation anymore, you need to manually install it:
sudo apt-get reinstall lighttpd-mod-openssl - Add an ssl folder in your lighttpd folder:
sudo mkdir etc/lighttpd/ssl
- Copy your fullchain.pem and privkey.pem to your ssl folder (its not necessary to create a combined .pem anymore)
- Change the owner of the files to be read by lighttpd
sudo chown www-data -R etc/lighttpd/ssl
- Create your external.conf with an editor of your choice directly in the folder conf-enabled:
sudo nano /etc/lighttpd/conf-enabled/external.conf- I used the config of ravron , thanks for that
server.modules += ( "mod_openssl" )
var.fqdn = "ENTER_YOUR_DOMAIN_HERE"
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
# Public cert and intermediate cert chain
ssl.pemfile = "/etc/lighttpd/ssl/fullchain.pem"
ssl.privkey = "/etc/lighttpd/ssl/privkey.pem"
ssl.ca-file = "/etc/lighttpd/ssl/fullchain.pem"
# Require TLS 1.3
ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1.3")
}
$HTTP["host"] == fqdn {
# Set redirect code for any redirects we do
url.redirect-code = 308
# Redirect all http to https
$HTTP["scheme"] == "http" {
url.redirect = ("" => "https://" + fqdn + "${url.path}${qsa}")
# Redirect root to admin
} else $HTTP["url"] == "/" {
url.redirect = ("" => "/admin/")
}
}
In my case, the 10-ssl.conf file in the conf-enabled folder was causing issues with my config, so i removed it:
sudo rm etc/lighttpd/conf-enabled/10-ssl.conf
Finally, test your config with
sudo /usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf
If no error occured, the output will be empty.
Then you can restart your service:
sudo service lighttpd restart