一般情况下是用nginx来做这些事,lighttpd也是可以完成的。

记录一下过程:

安装就不说了。

做proxy的话,修改lighttpd.conf:

proxy.server = (  
 "/terminal" =>
  ( (
    "host" => "127.0.0.1",
    "port" => 4200
  ) )
)

做ssl证书的话比较复杂一些:

首先生成私钥并去掉密码:

openssl genrsa -des3 -out pi.example.org.key 2048  
cp -pr pi.example.org.key pi.example.org.key.passwd  
openssl rsa -in pi.example.org.key.passwd -out pi.example.org.key  

用私钥生成证书请求:

openssl req -new -key pi.example.org.key -out pi.example.org.csr  

生成后可以去正式的地方签发,比如trustwave或者verysign。穷,没钱,自签好了。

自签证书,把私钥改个名:

openssl x509 -in pi.example.org.csr -out pi.example.org.pem -req -signkey pi.example.org.key -days 365  
cat pi.example.org.key >> pi.example.org.pem  

配置lighttpd.conf

$SERVER["socket"] == "10.0.0.10:443" {
  ssl.engine = "enable"
  ssl.pemfile = "/etc/lighttpd/ssl/pi.example.org/pi.example.org.pem"
  server.name = "pi.example.org"
  server.document-root = "/home/lighttpd/pi.example.org/https"
  server.errorlog = "/var/log/lighttpd/pi.example.org_serror.log"
  accesslog.filename = "/var/log/lighttpd/pi.example.org_saccess.log"
}

给个完整的代理端口+ssl+httpass认证的例子:

$SERVER["socket"] == "10.0.0.10:443" {
  ssl.engine = "enable"
  ssl.pemfile = "/etc/lighttpd/ssl/pi.example.org/pi.example.org.pem"

  server.name = "pi.example.org"
  server.document-root = "/home/lighttpd/pi.example.org/https"
  server.errorlog = "/var/log/lighttpd/pi.example.org_serror.log"
  accesslog.filename = "/var/log/lighttpd/pi.example.org_saccess.log"

  auth.debug = 2
  auth.backend = "htpasswd"
  auth.backend.htpasswd.userfile = "/etc/lighttpd/shellinabox-htpasswd"

  auth.require = ( "/terminal/" =>
    (
      "method" => "basic",
      "realm" => "Password protected area",
      "require" => "user=zhangrr"
    )
  )
}
comments powered by Disqus