Skip to main content

Lighttpd with fastCGI for ROR 1.2.1


Lighttpd Installation:

As of now (18-Feb-2011) the version 1.4.28 is the current version of lighttpd, which we need yo downloaded from http://www.lighttpd.net/

tar -zxvf lighttpd-1.4.28.tar.gz
cd lighttpd-1.4.28
./configure
./configure --with-openssl

Look at lighttpd is automatically mapped at /usr/local/sbin/lighttpd , so try to execute the version check command and the output will be very similar as:

[root@kannan ~]# /usr/local/sbin/lighttpd -v
lighttpd/1.4.28 (ssl) - a light and fast webserver
Build-Date: Feb 17 2011 16:37:02

Then, note that there might be a new directory called /etc/lighttpd/ which will contains a default configuration file called "lighttpd.conf" This is the file which will contains the information about how  (ROR based) web application is going to act along with script/server. This file is same as

  • webrick/config.rb  for Webricks,
  • httpd.conf for Apche,
  • web.config for IIS etc.,

Note: 
  • The file <RAILIS_LIB>/commands/server.rb act as a hub which will decides which server is going to serve for the specified web applications
  • You can refer the supported or available servers for the current rails version at <RAILIS_LIB>/commands/servers
  • In our case, RAILS_LIB in server is /usr/lib/ruby/gems/1.8/gems/rails-1.2.1/lib/

edit the file /etc/lighttpd/lighttpd.conf there you need to setup few of the server things

  • port
  • modules
  • error-handler-404
  • document-root
  • errorlog
  • accesslog.filename
  • url.rewrite
  • fastcgi server settings
  • mime type assignment

If you want any sample

Ste2 : FastCGI Library & Gem installation:

This step is entirely optional, but it will give you a performance boost, particularly when running larger Rails applications.

First you need to install the fastcgi libraries:

    cd /tmp
    tar -zxvf fcgi-2.4.0.tar.gz
    cd fcgi-2.4.0
    ./configure --prefix=/usr/local/fcgi --exec-prefix=/usr/local/fcgi
    make
    make install

fcgi gem

Now you can install the fcgi gem (this is a long command which your browser may line-wrap here -- beware that the command is all on the same line):

    gem install fcgi -r -- --with-fcgi-lib=/usr/local/fcgi/lib --with-fcgi-include=/usr/local/fcgi/include

Step3: Secure socked implementation

Please refer the article which is located http://kannannadarajan.blogspot.com/2012/03/why-https-and-what-is-ssl-certificate.html

There exists two certificates 1. Signed and 2. Self signed

First we will go with the self-signed certificate  then we will see the signed version in our next post.

Lets see the self-signed certificate creation in UNIX:

This is done through the tool openssl, so check whether your unix environment supports the command openssl, otherwise you need to install it.

[root@kannan ~]# openssl version
-bash: openssl: command not found

[root@kannan ~]# yum install openssl

In any case you can update openssl
[root@kannan ~]# yum update openssl
[root@kannan ~]# openssl version
OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008

New certificate creation

[root@kannan ~]# openssl req -new > server.cert.csr

This is a certificate request command. This will ask few question and answer it accurately about you and your site as much as possible. The main thing is PEM pass phrase. you need to remember this and the system will ask to enter when the time of certificate and private key generation by the following command.

[root@kannan ~]# openssl rsa -in privkey.pem -out server.cert.key

Self sign process

This step will differentiates the ssl is whether signed or self signed.

[root@kannan ~]# openssl x509 -in server.cert.csr -out server.cert.crt -req -signkey server.cert.key -days 365

The final feedback of the above command should be

Signature ok
subject=/C=US/ST=California/O=MNK Inc.,/OU=IT/CN=kannan/emailAddress=kannan@mysite.net
Getting Private key

Now look at in your current directory there you can se three new files called:

1. server.cert.csr
2. server.cert.crt => this is certificate
3. server.cert.key => this is private key

So, Certificate creation process is over. Now we need to tell lighttpd about this certificate.

Lighttpd: SSL configuration

create two new files files at /etc/lighttpd/kannan.net, note that kannan.net is a new directory

kannan.net.pem 
kannan.net.crt

copy the contents from server.cert.crt  and server.cert.key to kannan.net.pem and copy then content from server.cert.key to kannan.net.crt

A small modification in the existing lighttpd.conf file will change everything. The modification is

  1. 443 is the default port for https so change it in lighttpd.conf
  server.port = 443
  2. Dnable the ssl engine
  ssl.engine = "enable"
  3. certificate and private key file location setup
  ssl.pemfile = "/etc/lighttpd/kannan.net/kannan.net.pem"
  ssl.ca-file = "/etc/lighttpd/kannan.net/kannan.net.crt"

Look at the attached modified lighttpd.conf which is named as lighttpd-omie_dev-ssl.conf

Thats all. stop the existing lighttpd server if anything running

pkill -9 lighttpd

Start the server

/usr/local/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf

Now your browser is ready to server https version of omie_dev just type https://yoursite.com

Look at your browser raises an alert that the certificate is invalid because it is self signed. If it is signed by any CA then this will not happens.

If you want any clarification, please feel free to ask.

Thanks, 
Kannan

Comments

Post a Comment

Popular posts from this blog

Errno::ENOENT: No such file or directory

HTML to PDF conversion is very easy in rails and pdfkit will be useful in this case, wkhtmltopdf tool will be supporting tool so you can easily convert an html to pdf.  In my experience I used the following steps: gem install pdfkit -v 0.5.0 gem install wkhtmltopdf -v 0.1.2 gem install wkhtmltopdf-binary Some times this sequence will not work, so I use the following as per the instruction from  https://github.com/pdfkit/pdfkit/wiki/Installing-WKHTMLTOPDF Be careful to download the appropriate wkhtmltopdf tar ball, it depends on your os architecture, like i386 or 64 wget http://wkhtmltopdf.googlecode.com/files/wkhtmltopdf-0.9.9-static-amd64.tar.bz2 tar xvjf wkhtmltopdf-0.9.9-static-amd64.tar.bz2 mv wkhtmltopdf-amd64 /usr/local/bin/wkhtmltopdf chmod +x /usr/local/bin/wkhtmltopdf Try to convert html to pdf after restarting your web servers.  If you get any error like: Errno::ENOENT: No such file or directory then I have a str...
2 comments
Read more

Redis & nginx configuration for websocket/actionCable

Start redis server => redis-server redis console => redis-cli view available databases => config get databases pubsub channels global* pubsub channels global_notification_2 pubsub channels global_notification pubsub channels * => Lists all the available channels pubsub numsub global_notification_2 => returns the number of subscribers From unix command line directly redis-cli PUBSUB CHANNELS redis-cli PUBSUB NUMSUB global_notification_2 [root@api prod-openmednet-api]# redis-cli PUBSUB CHANNELS 1) "_action_cable_internal" 2) "global_notification_2" [root@api prod-openmednet-api]# redis-cli PUBSUB CHANNELS global_notification_2 1) "global_notification_2" [root@api prod-openmednet-api]# redis-cli PUBSUB NUMSUB global_notification_2 1) "global_notification_2" 2) (integer) 2 NGINX configuration:  worker_processes   auto; worker_rlimit_nofile 500000;  #=> refer RLIM...
Post a Comment
Read more

Postgres points

Export sql data to file copy (select * from table-name) to '/tmp/cta.pl.list' in root dnf install postgresql-server postgresql-devel service postgresql start mkdir /home/pgdir chown postgres:postgres /home/pgdir -R chmod 777 /home/pgdir -R  su postgres initdb -D /home/pgdir pg_ctl -D /home/pgdir -l /home/pgdir/log start 
Post a Comment
Read more