Contents

Open-Xchange Server with lighttpd

What is lighttpd?

Security, speed, compliance, and flexibility -- all of these describe lighttpd (pron. lighty) which is rapidly redefining efficiency of a webserver; as it is designed and optimized for high performance environments. With a small memory footprint compared to other web-servers, effective management of the cpu-load, and advanced feature set (FastCGI, SCGI, Auth, Output-Compression, URL-Rewriting and many more) lighttpd is the perfect solution for every server that is suffering load problems. And best of all it's Open Source licensed under the revised BSD license.

-- lighttpd.net

Introduction

Open-Xchange Server is designed to work with any webserver which provides a AJP13 compliant backend. Since version 1.5, lighttpd offers such a interface - that's a good chance to proof that the application server is no apache/mod_jk-only-show. It also provides a chance to check and measure performance differences for such a kind of application on different webservers. By concept, the Open-Xchange Server requires a very simple webserver setup and helps to get rid of highly complex systems in the frontend which slow down performance and are potential security risks. This means we just need roughly two services from a webserver:

  1. A simple http(s) connection to the client to serve static html/js/css files
  2. An AJP13 compatible backend to serve connectivity to the OX application server

This helps to reduce overhead and increase performance as every required module at the frontend consumes memory and configuration which may sound like finickiness but when it comes to (ten/hundred)-thousands of concurrent user sessions - which the Open-Xchange Server is capable to handle - all those small aspects sum up to a crucial factor.

Installation

Lighttpd can be downloaded from the developers website at www.lighttpd.net as well as it is contained to various Linux or BSD distributions. Keep in mind that AJP13 connectivity has been introduced by the 1.5 release which is at pre-release status as of today, version 1.4.x will not work at all as it lacks an AJP13 interface.

I will outline the installation and configuration of lighttpd on a Debian GNU/Linux system.

Download the latest lighttpd sourcecode (1.5 r1992 as of today)

wget http://www.lighttpd.net/download/lighttpd-1.5.0-r1992.tar.gz

Download the "Debianized" sourcecode of lighttpd 1.4.7

wget http://dl.fkb.wormulon.net/lighttpd/lighttpd-1.4.7.tar.gz

Extract both to the build directory

tar xzf lighttpd-1.5.0-r1992.tar.gz
tar xzf lighttpd-1.4.7.tar.gz

Copy the debian build information from 1.4.7 to 1.5.0

cp -R lighttpd-1.4.7/debian lighttpd-1.5.0/

Modify the changes file to let the 1.4.7 buildfiles look like 1.5.0

vim lighttpd-1.5.0/debian/changelog

Add the following line to the top of the changelog file, note that this is very character sensitive:

lighttpd (1.5.0) unstable; urgency=low
 
  * updated to 1.5.0
 
 -- Somebody <somebody@example.com>  Sun, 09 May 2007 13:37:00 +0200

Patching lighttpd <= r2001 due to of a bug at the session handler which rejected setting cookies via AJP13. Accoring to the changeset this fix will be upstreamed to the r2001 release of lighttpd

vim lighttpd-1.5.0/src/mod_proxy_backend_ajp13.c
line 287: - p = keyvalue_get_value(response_headers, len); 
line 287: + p = keyvalue_get_value(response_headers, len & ~AJP13_COMMON_HEADER_CODE); 

Create a Debian package from the lighttpd 1.5.0 sources

cd lighttpd-1.5.0
dpkg-buildpackage

The ready-to-use packages are placed one directory level below and can be installed now

cd ..
dpkg -i lighttpd_1.5.0_i386.deb

After installation is complete, you'll find the lighttpd configuration at /etc/lighttpd/ and a start-stop script at /etc/init.d/lighttpd

To enable logging, you should create a corresponding directory and assign proper rights to it. If the user and group www-data does not yet exist on your system, you'll have to create them:

mkdir -p /var/log/lighttpd
chown www-data:www-data /var/log/lighttpd

Configuration

In order to use the newly installed lighttpd 1.5 in combination with Open-Xchange Server, some configuration work needs to be done at lighttpd. The following listing is a minimal example configuration which lacks optimization like deflate or expires as well as ssl support. Note that this is a complete lighttpd.conf file, no code-snipped - lighttpd configuration fits to a coaster ;)

server.modules = ("mod_proxy_core", "mod_proxy_backend_http", "mod_proxy_backend_ajp13" )
server.document-root = "/var/www/"
server.errorlog = "/var/log/lighttpd/error.log"
server.indexfiles = ( "index.html", "index.htm" )
server.port = 80
server.pid-file = "/var/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"

mimetype.assign            = (
 ".css"          =>      "text/css",
 ".html"         =>      "text/html",
 ".htm"          =>      "text/html",
 ".js"           =>      "text/javascript",
 ".dtd"          =>      "text/xml",
 ".xml"          =>      "text/xml",
)

server.modules += ( "mod_proxy_backend_ajp13" )
       $HTTP["url"] =~ "^/servlet/|^/ajax/|^/oxadmin/" {
       proxy-core.balancer = "round-robin"
       proxy-core.protocol = "ajp13"
       proxy-core.backends = ( "localhost:8009" )
       proxy-core.max-pool-size = 16
       }

This configuration requires the Open-Xchange Server application server running at "localhost". If you run a distributed setup, just replace "localhost" by the hostname or ip address of the groupware server. You also need to bind the groupware AJP listener to accept connections from remote hosts (ajp.properties). Please note that you cannot run two applications at the same port, if you are already using apache as a webserver at port 80, you should chose another port for lighttpd or migrate from apache to lighttpd and keep port 80.

Finishing Up

If we login to the groupware server now, a quick look at the http header shows that we are using lighttpd:

GET http://www.example.com/ajax/login?action=autologin
Pragma: no-cache
Content-Type: text/javascript; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate,post-check=0, pre-check=0
Transfer-Encoding: chunked
Connection: close
Date: Fri, 12 Oct 2007 22:28:57 GMT
Server: lighttpd/1.5.0

After all installation and configuration stuff has been finished, you just need to (re)start lighttpd and check the functionality of the setup. If something does not work like expected, please feel free to visit the #lighttpd and/or #open-xchange IRC channels at irc.freenode.net or the corresponding forums.


Resources