站長新書 站長開講 首頁 最新文章 站長著作及審校 FreeBSD 筆記 Linux 筆記 Windows 筆記 虛擬化筆記 網管人雜誌 遊山玩水 關於本站
站長新書 VMware vSphere ICM 團購開跑了!!

Lighttpd-輕量級 Web Server

前言

[lighttpd - secure, fast, compliant, and very flexible web-server - Trac] 為輕量級 Web Server,設計目的以安全、快速、小巧、兼容為主設計而來,使用很多輕巧且靈活的特色 ((FastCGI, CGI, Auth, Output-Compression, URL-Rewriting...)來處理 Web Server 的需求。

實作環境

安裝及設定

步驟1.安裝 lighttpd 套件

安裝 lighttpd 套件

 #yum -y install lighttpd    

查尋 lighttpd 版本

 #rpm -qa lighttpd                 
 lighttpd-1.4.18-1.el5.rf

步驟2.安裝 PHP5 及 lighttpd-fastcgi 套件

安裝 PHP5 及 lighttpd-fastcgi 套件

 #yum -y install php lighttpd-fastcgi

查尋 PHP5 及 lighttpd-fastcgi 版本

 #rpm -qa php lighttpd-fastcgi
 lighttpd-fastcgi-1.4.18-1.el5.rf
 php-5.1.6-15.el5

步驟3.修改 lighttpd 設定檔

修改 lighttpd 設定檔,更改網站根目錄位置

 #vi /etc/lighttpd/lighttpd.conf
 server.document-root        = "/srv/www/lighttpd/"       //預設值
 server.document-root        = "/home/web/"               //修改後

步驟3-1.支援 PHP (FastCGI)

 #vim /etc/lighttpd/lighttpd.conf
 server.modules = (
                   "mod_fastcgi",   //這行的 mark 要拿掉(支援 PHP-FastCGI)
                  )
 #### fastcgi module
 ## read fastcgi.txt for more info
 ## for PHP don't forget to set cgi.fix_pathinfo = 1 in the php.ini
 fastcgi.server             = ( ".php" =>
                               ( "localhost" =>
                                 (
                                   #"socket" => "/var/run/lighttpd/php-fastcgi.socket",    //預設值
                                   "socket" => "/tmp/php-fastcgi.socket",                  //修改後
                                   "bin-path" => "/usr/bin/php-cgi"
                                 )
                               )
                              )

步驟3-2.支援 Perl (CGI Module)

 #vi /usr/local/etc/lighttpd.conf 
 server.modules = (
                   "mod_cgi",       //這行的 mark 要拿掉(支援 CGI Module)
                  )
 #### CGI module
 cgi.assign                 = ( ".pl"  => "/usr/bin/perl",
                                ".cgi" => "/usr/bin/perl" )

步驟3-3.支援 Rewrite Module

我使用 $HTTP["referer"] 來阻擋被盜圖,以下設定是整個網站只要附檔名是 .jpg、.jpeg、.png、.gif 都是網頁可以正常顯示,但你若直接打圖檔的網址則會得到 403 - Forbidden 拒絕存取的訊息,當然若是想要適度的開放可以配合 $HTTP["url"] 設定即可。

 #vi /usr/local/etc/lighttpd.conf 
 server.modules = (
                   "mod_rewrite",   //這行的 mark 要拿掉(支援 rewrite Module)
                   "mod_access",    //這行的 mark 要拿掉(支援 access Module)
                  )
 #### deny access the file-extensions
 $HTTP["referer"] !~ "^http://www\.weithenn\.org" {
     url.access-deny = ( ".jpg", ".jpeg", ".png", ".gif" )
 }

若是要適度的禁止,例如我只想禁止存取 [http://www.weithenn.org/images/] 下所有的圖檔,而其他資料夾若有圖檔是開放存取的你可以改成如下

 $HTTP["referer"] !~ "^http://www\.weithenn\.org" {
     $HTTP["url"] =~ "^/images/" {
     url.access-deny = ( ".jpg", ".jpeg", ".png", ".gif" )
     }
 }

步驟3-4.支援 Using Authentication - Methods digest

詳細內容可參考 [Docs:ModAuth - lighttpd - Trac]

 #vi /etc/lighttpd/lighttpd.conf 
 server.modules = (
                   "mod_auth",       //這行的 mark 要拿掉(支援 Auth Module)
                  )
 #### auth module
 auth.backend                   = "htdigest"                        //使用username,realm,md5 password backend
 auth.backend.htdigest.userfile = "/home/web/.lighttpdpwd"          //指定身份認證檔存放路徑
 auth.require                   = ( "/lightsquid" =>                    //指定需要身份認證的網頁路徑
                                   (
                                    "method"  => "digest",          //指定認證方式
                                    "realm"   => "Authentication LightSquid Login",    //認證視窗說明文字
                                    "require" => "valid-user"       //.lighttpdpwd內定義的認證使用者
                                   )
                                  )

htdigest.sh 內容如下:使用 hash 加上 md5sum 指令來建立密碼檔 (不用安裝 apache mod_auth_digest)

 #!/bin/sh
 user=$1
 realm=$2
 pass=$3
 hash=`echo -n "$user:$realm:$pass" | /usr/bin/md5sum | cut -b -32`
 echo "$user:$realm:$hash"

使用 htdigest.sh 來建立認證密碼檔案及設定使用者帳號密碼,輸入順序為使用者帳號(User)、認證視窗說明文字(realm)、使用者密碼(password-hash),下面指令就是這三者輸出字串寫入到我們的認證密碼檔案內。所以若是要新增第二個使用者記得使用 >> 來導入不然會把認證密碼檔案內容全部覆蓋掉。

 #sh htdigest.sh 'weithenn' 'Authentication LightSquid Login' '111' > /home/web/.lighttpdpwd

步驟4.設定開機自動啟動 lighttpd 服務

使用 chkconfig 指令來查看 lighttpd 在各 runlevel 下狀態

 #chkconfig --list |grep lighttpd
 lighttpd        0:off   1:off   2:off   3:off   4:off   5:off   6:off

設定 lighttpd 在 runlevel 為 2、3、5 時會啟動服務

 #chkconfig --levels 235 lighttpd on     

檢查剛才的設定是否生效

 #chkconfig --list |grep lighttpd
 lighttpd        0:off   1:off   2:on    3:on    4:off   5:on    6:off

步驟5.啟動 lighttpd 服務

 #/etc/rc.d/init.d/lighttpd start
 Starting lighttpd:                                         [  OK  ]

檢查一下 lighttpd process 是否執行

 #ps ax |grep lighttpd
 4266 ?        S      0:00 /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf

檢查是否 LISTEN Port 80

 #netstat -tnl |grep :80
 tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN

補充1:支援 RRDTool Module

lighttpd 內建支援 rrdtool module 所以你可以很方便的來畫出網站的流量圖 (Traffic) 及回應時間圖 (Request),前提是安裝 rrdtool 套件及設定 lighttpd.conf 把 mod_rrdtool 載入即可。

首先必須安裝 rrdtool 套件

 #yum -y install rrdtool

建立放置 rrdtool 流量圖檔資料夾及存放 rrd-database 資料夾,且更改權限讓 lighttpd 可寫入否則將會發生 Permission denied 的問題。

 #mkdir /home/web/rrdtool                //屆時存放流量圖檔資料夾
 #mkdir /var/lib/lighttpd                //存放 rrd-database 資料夾
 #chown lighttpd /home/web/rrdtool       //否則 lighttpd 無法更新圖檔
 #chown lighttpd /var/lib/lighttpd       //否則 lighttpd 無法產生 rrd-database

修改 lighttpd.conf

 #vi /etc/lighttpd/lighttpd.conf         //修改 lighttpd 設定檔
 "mod_rrdtool",                          //將此行 mark (#) 拿掉
 #### rrdtool
 rrdtool.binary             = "/usr/bin/rrdtool"                   //將此行 mark (#) 拿掉
 rrdtool.db-name            = "/var/lib/lighttpd/lighttpd.rrd"     //將此行 mark (#) 拿掉

重新啟動 lighttpd 服務 (此時會產生 rrd-database file 也就是 lighttpd.rrd),若未產生此檔可能就是剛才 /var/lib/lighttpd 權限設定有問題或查看 /var/log/lighttpd/error.log 了解哪裡出問題,此檔一定要產生成功否則後面圖檔便畫不出來了。

 #/etc/rc.d/init.d/lighttpd restart
 Stopping lighttpd:                                         [  OK  ]
 Starting lighttpd:                                         [  OK  ]

編輯 [rrdtool.sh] 及下載 [lightygraph.cgi] 此二個檔案內容取自 [Docs:ModRRDTool - lighttpd - secure, fast, compliant, and very flexible web-server - Trac]

rrdtool.sh:指定產生流量分析圖檔的路徑及 rrd-database file 路徑

 #vi /etc/lighttpd/rrdtool.sh                     //編輯 rrdtool.sh 內容如下
 #!/bin/sh
 RRDTOOL=/usr/bin/rrdtool
 OUTDIR=/home/web/rrdtool                         //指定產生圖檔的路徑
 INFILE=/var/lib/lighttpd/lighttpd.rrd            //指定 rrd-database file 路徑
 OUTPRE=lighttpd-traffic
 WIDTH=600
 HEIGHT=350
 DISP="-v bytes --title TrafficWebserver \
        DEF:binraw=$INFILE:InOctets:AVERAGE \
        DEF:binmaxraw=$INFILE:InOctets:MAX \
        DEF:binminraw=$INFILE:InOctets:MIN \
        DEF:bout=$INFILE:OutOctets:AVERAGE \
        DEF:boutmax=$INFILE:OutOctets:MAX \
        DEF:boutmin=$INFILE:OutOctets:MIN \
        CDEF:bin=binraw,-1,* \
        CDEF:binmax=binmaxraw,-1,* \
        CDEF:binmin=binminraw,-1,* \
        CDEF:binminmax=binmaxraw,binminraw,- \
        CDEF:boutminmax=boutmax,boutmin,- \
        AREA:binmin#ffffff: \
        STACK:binmax#f00000: \
        LINE1:binmin#a0a0a0: \
        LINE1:binmax#a0a0a0: \
        LINE2:bin#efb71d:incoming \
        GPRINT:bin:MIN:%.2lf \
        GPRINT:bin:AVERAGE:%.2lf \
        GPRINT:bin:MAX:%.2lf \
        AREA:boutmin#ffffff: \
        STACK:boutminmax#00f000: \
        LINE1:boutmin#a0a0a0: \
        LINE1:boutmax#a0a0a0: \
        LINE2:bout#a0a735:outgoing \
        GPRINT:bout:MIN:%.2lf \
        GPRINT:bout:AVERAGE:%.2lf \
        GPRINT:bout:MAX:%.2lf \
        "
 $RRDTOOL graph $OUTDIR/$OUTPRE-hour.png -a PNG --start -14400 $DISP -w $WIDTH -h $HEIGHT
 $RRDTOOL graph $OUTDIR/$OUTPRE-day.png -a PNG --start -86400 $DISP -w $WIDTH -h $HEIGHT
 $RRDTOOL graph $OUTDIR/$OUTPRE-month.png -a PNG --start -2592000 $DISP -w $WIDTH -h $HEIGHT
 OUTPRE=lighttpd-requests
 DISP="-v req --title RequestsperSecond -u 1 \
        DEF:req=$INFILE:Requests:AVERAGE \
        DEF:reqmax=$INFILE:Requests:MAX \
        DEF:reqmin=$INFILE:Requests:MIN \
        CDEF:reqminmax=reqmax,reqmin,- \
        AREA:reqmin#ffffff: \
        STACK:reqminmax#00f000: \
        LINE1:reqmin#a0a0a0: \
        LINE1:reqmax#a0a0a0: \
        LINE2:req#00a735:requests"
 $RRDTOOL graph $OUTDIR/$OUTPRE-hour.png -a PNG --start -14400 $DISP -w $WIDTH -h $HEIGHT
 $RRDTOOL graph $OUTDIR/$OUTPRE-day.png -a PNG --start -86400 $DISP -w $WIDTH -h $HEIGHT
 $RRDTOOL graph $OUTDIR/$OUTPRE-month.png -a PNG --start -2592000 $DISP -w $WIDTH -h $HEIGHT

lightygraph.cgi:指定去暫存流量分析圖檔路徑及 rrd-database file 路徑

 #vi /home/web/rrdtool/lightygraph.cgi            //編輯 lightygraph.cgi 內容如下
 #!/usr/bin/perl -w
 # lightygraph -- a lighttpd statistics rrdtool frontend
 # copyright (c) 2008 Joe Nahmias <joe@nahmias.net>
 # based on mailgraph by David Schweikert <dws@ee.ethz.ch>
 # released under the GNU General Public License
 use RRDs;
 use POSIX qw(uname);
 my $VERSION = "0.50";
 my $host = (POSIX::uname())[1];
 my $scriptname = 'lightygraph';
 my $xpoints = 600;
 my $ypoints = 350;
 my $rrd = '/var/lib/lighttpd/lighttpd.rrd';     //指定 rrd-database file 路徑
 my $tmp_dir = '/home/web/rrdtool';              //指定暫存分析圖檔路徑
 my @graphs = (
        { title => 'Last 4 Hours',   seconds => 60 * 60 *  4     ,   },
        { title => 'Daily Graphs',   seconds => 60 * 60 * 24     ,   },
        { title => 'Monthly Graphs', seconds => 60 * 60 * 24 * 30,   },
 );
 my %color = (         # rrggbb in hex
        areamin     => 'ffffff',
        instack     => 'f00000',
        minmax      => 'a0a0a0',
        incoming    => 'efb71d',
        outstack    => '00f000',
        outgoing    => 'a0a735',
        reqstack    => '00f000',
        requests    => '00a735',
 );
 sub rrd_graph(@)
 {
        my ($range, $file, $ypoints, @rrdargs) = @_;
        # choose carefully the end otherwise rrd will maybe pick the wrong RRA:
        my $date = localtime(time);
        $date =~ s|:|\\:|g unless $RRDs::VERSION < 1.199908;
        my ($graphret,$xs,$ys) = RRDs::graph($file,
                '--imgformat', 'PNG',
                '--width', $xpoints,
                '--height', $ypoints,
                '--start', "-$range",
                '--lazy',
                @rrdargs,
                'COMMENT:['.$date.']\r',
        );
        my $ERR=RRDs::error;
        die "ERROR: $ERR\n" if $ERR;
 }
 sub graph_traffic($$)
 {
        my ($range, $file) = @_;
        rrd_graph($range, $file, $ypoints,
            "-v bytes",
            "-t TrafficWebserver",
            "DEF:binraw=$rrd:InOctets:AVERAGE",
            "DEF:binmaxraw=$rrd:InOctets:MAX",
            "DEF:binminraw=$rrd:InOctets:MIN",
            "DEF:bout=$rrd:OutOctets:AVERAGE",
            "DEF:boutmax=$rrd:OutOctets:MAX",
            "DEF:boutmin=$rrd:OutOctets:MIN",
            "CDEF:bin=binraw,-1,*",
            "CDEF:binmax=binmaxraw,-1,*",
            "CDEF:binmin=binminraw,-1,*",
            "CDEF:binminmax=binmaxraw,binminraw,-",
            "CDEF:boutminmax=boutmax,boutmin,-",
            "AREA:binmin#$color{areamin}:",
            "STACK:binmax#$color{instack}:",
            "LINE1:binmin#$color{minmax}:",
            "LINE1:binmax#$color{minmax}:",
            "LINE2:bin#$color{incoming}:incoming",
            "GPRINT:bin:MIN:%.2lf",
            "GPRINT:bin:AVERAGE:%.2lf",
            "GPRINT:bin:MAX:%.2lf",
            "AREA:boutmin#$color{areamin}:",
            "STACK:boutminmax#$color{outstack}:",
            "LINE1:boutmin#$color{minmax}:",
            "LINE1:boutmax#$color{minmax}:",
            "LINE2:bout#$color{outgoing}:outgoing",
            "GPRINT:bout:MIN:%.2lf",
            "GPRINT:bout:AVERAGE:%.2lf",
            "GPRINT:bout:MAX:%.2lf",
        );
 }
 sub graph_requests($$)
 {
        my ($range, $file) = @_;
        rrd_graph($range, $file, $ypoints,
            "-v req",
            "-t RequestsperSecond",
            "-u 1",
            "DEF:req=$rrd:Requests:AVERAGE",
            "DEF:reqmax=$rrd:Requests:MAX",
            "DEF:reqmin=$rrd:Requests:MIN",
            "CDEF:reqminmax=reqmax,reqmin,-",
            "AREA:reqmin#$color{areamin}:",
            "STACK:reqminmax#$color{reqstack}:",
            "LINE1:reqmin#$color{minmax}:",
            "LINE1:reqmax#$color{minmax}:",
            "LINE2:req#$color{requests}:requests",
        );
 }
 sub print_html()
 {
        print "Content-Type: text/html\n\n";
        print <<HEADER;
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
 <HTML>
 <HEAD>
 <TITLE>Webserver Statistics for $host</TITLE>
 <META HTTP-EQUIV="Refresh" CONTENT="300">
 <META HTTP-EQUIV="Pragma" CONTENT="no-cache">
 </HEAD>
 <BODY BGCOLOR="#FFFFFF">
 HEADER
        print "<H1>WebServer Statistics for $host</H1>\n";
        for my $n (0..$#graphs) {
                print '<div style="background: #dddddd; width: 632px">';
                print "<H2>$graphs[$n]{title}</H2>\n";
                print "</div>\n";
                print "<P><IMG BORDER=\"0\" SRC=\"$scriptname.cgi?${n}-t\" ALT=\"$scriptname\">\n";
                print "<P><IMG BORDER=\"0\" SRC=\"$scriptname.cgi?${n}-r\" ALT=\"$scriptname\">\n";
        }
        print "</BODY></HTML>\n";
 }
 sub send_image($)
 {
        my ($file)= @_;
        -r $file or do {
                print "Content-type: text/plain\n\nERROR: can't find $file\n";
                exit 1;
        };
        print "Content-type: image/png\n";
        print "Content-length: ".((stat($file))[7])."\n";
        print "\n";
        open(IMG, $file) or die;
        my $data;
        print $data while read(IMG, $data, 16384)>0;
 }
 sub main()
 {
        my $uri = $ENV{REQUEST_URI} || '';
        $uri =~ s/\/[^\/]+$//;
        $uri =~ s/\//,/g;
        $uri =~ s/(\~|\%7E)/tilde,/g;
        mkdir $tmp_dir, 0777 unless -d $tmp_dir;
        my $img = $ENV{QUERY_STRING};
        if(defined $img and $img =~ /\S/) {
                if($img =~ /^(\d+)-t$/) {
                        my $file = "$tmp_dir/${scriptname}_traffic_$1.png";
                        graph_traffic($graphs[$1]{seconds}, $file);
                        send_image($file);
                }
                elsif($img =~ /^(\d+)-r$/) {
                        my $file = "$tmp_dir/${scriptname}_requests_$1.png";
                        graph_requests($graphs[$1]{seconds}, $file);
                        send_image($file);
                }
                else {
                        die "ERROR: invalid argument\n";
                }
        }
        else {
                print_html;
        }
 }
 main;

排程更新流量圖時間,以下為每20分鐘更新一次 (每小時的準點、20分、40分)

 #crontab -e
 0,20,40 * * * * nice -n 10 /etc/lighttpd/rrdtool.sh >& /dev/null

成果連結共六個分析圖檔 (Last 4 Hours、Daily Graphs、Monthly Graphs)

[http://your_FQDN/rrdtool/lightygraph.cgi]

參考

[Installing Lighttpd With PHP5 And MySQL Support On CentOS 5.0]

[Docs - lighttpd - secure, fast, compliant, and very flexible web-server - Trac]

[DAG: Frequently Asked Questions]

[lighttpd forum - Need Guide For Centos]

[How to install mod_fastcgi on CentOS 4.x]

[RPM Search mod_fastcgi-2.4.0-1.i386.rpm]

[Docs:Configuration - lighttpd - secure, fast, compliant, and very flexible web-server - Trac]

[#803 (nesting $HTTP "referer" inside of $HTTP "url" does not work) - lighttpd - secure, fast, compliant, and very flexible web-server - Trac]

[在 lighttpd 上擋圖片盜連 at Gea-Suan Lin’s BLOG]

[#984 (error matching null http referrer) - lighttpd - secure, fast, compliant, and very flexible web-server - Trac]

Me FAQ

Q1./usr/lib/lighttpd/mod_fastcgi.so: cannot open shared object file: No such file or directory?

Error Meaage:

修改 lighttpd 設定檔內容支援 PHP (FastCGI) 但啟動 lighttpd 時卻失敗,錯誤訊息如下

 #/etc/rc.d/init.d/lighttpd start
 Starting lighttpd: 2008-01-15 10:41:04: (plugin.c.165) dlopen() failed for: /usr/lib/lighttpd/mod_fastcgi.so 
 /usr/lib/lighttpd/mod_fastcgi.so: cannot open shared object file: No such file or directory
 2008-01-15 10:41:04: (server.c.621) loading plugins finally failed
                                                           [FAILED]

Ans:

原因是未安裝 lighttpd-fastcgi 套件,所以 /usr/lib/lighttpd 下沒有 mod_fastcgi.so 模組檔案,安裝 lighttpd-fastcgi 套件後就可了。

 #yum -y install lighttpd-fastcgi

Q2./usr/lib/lighttpd/mod_fastcgi.so: undefined symbol: ap_user_id?

Error Meaage:

安裝了[RPM Search mod_fastcgi-2.4.0-1.i386.rpm] 後啟動 lighttpd 失敗錯誤訊息如下

 #/etc/rc.d/init.d/lighttpd start
 Starting lighttpd: 2008-01-15 10:56:19: (plugin.c.165) dlopen() failed for: /usr/lib/lighttpd/mod_fastcgi.so 
 /usr/lib/lighttpd/mod_fastcgi.so: undefined symbol: ap_user_id
 2008-01-15 10:56:19: (server.c.621) loading plugins finally failed
                                                           [FAILED]

Ans:

原因為 [RPM Search mod_fastcgi-2.4.0-1.i386.rpm] 是給 Apache 用的,不是給 LigHttpd 用的所以會有問題。將此 rpm 移除後安裝 lighttpd-fastcgi 套件吧。

 #rpm -e mod_fastcgi-2.4.0-1.i386
 #yum -y install lighttpd-fastcgi

Q3./var/run/lighttpd/php-fastcgi.socket-0 No such file or directory?

Error Meaage:

修改 lighttpd 設定檔內容支援 PHP (FastCGI) 但啟動 lighttpd 時卻失敗,錯誤訊息如下

 #/etc/rc.d/init.d/lighttpd start
 Starting lighttpd: 2008-01-15 11:02:36: (mod_fastcgi.c.900) bind failed for:
 unix:/var/run/lighttpd/php-fastcgi.socket-0 No such file or directory
 2008-01-15 11:02:36: (mod_fastcgi.c.1336) [ERROR]: spawning fcgi failed.
 2008-01-15 11:02:36: (server.c.895) Configuration of plugins failed. Going down.
                                                           [  OK  ]

Ans:

原因在於無法產生 php-fastcgi.socket 檔案,要麻就去 /var/run 下建 lighttpd 資料夾,不然就像我一樣懶人法直接指到 /tmp 下也可以。

 #vim /etc/lighttpd/lighttpd.conf
 server.modules = (
                   "mod_fastcgi",   //這行的 mark 要拿掉(支援 PHP-FastCGI)
                  )
 #### fastcgi module
 ## read fastcgi.txt for more info
 ## for PHP don't forget to set cgi.fix_pathinfo = 1 in the php.ini
 fastcgi.server             = ( ".php" =>
                               ( "localhost" =>
                                 (
                                   #"socket" => "/var/run/lighttpd/php-fastcgi.socket",    //預設值
                                   "socket" => "/tmp/php-fastcgi.socket",                  //修改後
                                   "bin-path" => "/usr/bin/php-cgi"
                                 )
                               )
                              )

Q4.ERROR: creating '/var/lib/lighttpd/lighttpd.rrd': Permission denied?

Error Meaage:

修改 lighttpd 設定檔內容支援 rrdtool 但啟動 lighttpd 卻沒有產生 rrd-database file(lighttpd.rrd) 查看 lighttpd 錯誤訊息如下

 #tail /var/log/lighttpd/error.log
 2008-04-28 13:55:00: (mod_rrdtool.c.243) rrdtool-response: create /var/lib/lighttpd/lighttpd.rrd --step 60 DS:InOctets:ABSOLUTE:600:U:U 
 DS:OutOctets:ABSOLUTE:600:U:U DS:Requests:ABSOLUTE:600:U:U  RRA:AVERAGE:0.5:1:600 RRA:AVERAGE:0.5:6:700 RRA:AVERAGE:0.5:24:775 RRA:AVERAGE:0.5:288:797 
 RRA:MAX:0.5:1:600 RRA:MAX:0.5:6:700 RRA:MAX:0.5:24:775 RRA:MAX:0.5:288:797 RRA:MIN:0.5:1:600 RRA:MIN:0.5:6:700 RRA:MIN:0.5:24:775 RRA:MIN:0.5:288:797
 ERROR: creating '/var/lib/lighttpd/lighttpd.rrd': Permission denied
 2008-04-28 13:55:00: (server.c.1193) one of the triggers failed

Ans:

原因為存放 rrd-database 資料夾,lighttpd 無法寫入導致所以更改權限讓 lighttpd 可寫入即可。

 #chown lighttpd /var/lib/lighttpd       //否則 lighttpd 無法產生 rrd-database

Q5.裝完 lighttpd 後打 top 發現 prelink 佔用 CPU 97 %?

Error Meaage:

裝完了 lighttpd 後想說打個 top 看一下記憶體使用情況剛好看到 prelink 佔用了 CPU 97 % 大約五分鐘左右才結束,如下圖

prelink issue

Ans:

什麼是 Prelink?可以從以下這幾篇文章了解,簡單說就是每天 (/etc/cron.daily/prelink) 固定幫你把函式庫連結起來。

[www.centos.org - Forums - CentOS 4 - General Support - Prelink: What is it?]

[Red Hat Linux 8.0 發行版本公告]

[prelink - Wikipedia, the free encyclopedia]

[Gentoo Linux 文件 -- Gentoo Linux Prelink 指南]

[Jing's House: linux prelink]

Q6.$HTTP["referer"] 功能似乎失效,無法禁止整個網站圖檔盜連?

Error Meaage:

有開啟 mod_rewrite、mod_access 及設定,但功能似乎沒有用還是可以連到相關圖檔,並不會得到 403 - Forbidden 拒絕存取的訊息?

 # deny access for all image stealers (anti-hotlinking for images)
 $HTTP["referer"] !~ "^($|http://www\.example\.org)" {
  url.access-deny = ( ".jpg", ".jpeg", ".png" )
 }

Ans:

原因就參考這篇吧 [#984 (error matching null http referrer) - lighttpd - secure, fast, compliant, and very flexible web-server - Trac] 改成如下後就可以整個網站禁止圖檔盜連了。

 #vi /usr/local/etc/lighttpd.conf 
 server.modules = (
                   "mod_rewrite",   //這行的 mark 要拿掉(支援 rewrite Module)
                   "mod_access",    //這行的 mark 要拿掉(支援 access Module)
                  )
 #### deny access the file-extensions
 $HTTP["referer"] !~ "^http://www\.weithenn\.org" {
     url.access-deny = ( ".jpg", ".jpeg", ".png", ".gif" )
 }
Go To Oddmuse OrgGo To FreeBSD OrgCreative Commons 2.5 Taiwansitestates.com