Raspberry Pi and Lighttpd

I’m familiar with apache but not lighttpd. There is very little I could find on how to setup lighttpd with ssl. I don’t have time todo a full blog post but here’s my example lighttpd.conf file for those of you who it might help. It has 2 virtual servers both using ssl. It does not listen on port 80 (non-ssl) at all.

I also followed this tutorial from the Nwgat blog to setup letsencrypt ssl certificates (the only one I could find that worked for me). I’m copying the steps below in case that link goes dead:

https://nwgat.ninja/setting-up-letsencrypt-with-lighttpd/

  1. Stop lighttpd
  2. combine files into ssl.pem
  3. Forward Secrecy & Diffie Hellman Ephemeral Parameters
  4. Copy and paste the following into /etc/lighttpd/lighttpd.conf dont forget to change yourdomain to your domain
    or you can put it into /etc/lighttpd/conf-enabled as letsencrypt.yourdomain.conf
  5. now open port and start lighttpd

  6. <pre class="lang:default decode:true " >

    sudo ufw allow 443
    sudo service lighttpd start

Port Forwarding Http/Https to Different Computers Within Your Home Network

So you want to have different web servers on your home network that are exposed to the outside world?  How do you do that?  Most web servers listen on port 80 for non-ssl and port 443 for ssl. 

Say your home network is setup like this:

Home Network Computers
Router: 192.168.1.1 Your Study: 192.168.1.2 (running your personal wordpress blog )

Wife’s Office: 192.168.1.2 (running your personal wordpress blog

Living Room Computer: 192.168.1.3 (Running Home Assistant web server)

1. Setup a dynamic dns service. 

               Go to duckdns.org (super simple) to create a subdomain url for each computer you’d like to access in your internal network from any computer in the world.   I won’t explain it here as the duckdns site does a good job.  In my example you would need to setup 3 subdomains for your home network, I’ll use the following:

Example Dynamic DNS URLs

http://blog.duckdns.org -> your blog in your study

http://wifesblog.duckdns.org -> wife’s blog in her office

http://homey.duckdns.org -> home automation server at

2.  Setup Port Forwarding

                  Normally, if you are outside your home network, say at a coffee shop, and plug “http://homey.duckdns.org” in your browser you most likely will end up either with blank page/unauthorized page or will get the control panel login for your router which is at 192.168.1.1. 

To setup port forwarding within your home network go into your router (192.168.1.1 in my example) and navigate to the port forwarding section. I use ddwrt so in my home network I would point  my browser to NAT/QoS and set the port forwarding as follows:

Port From (incoming set by url, e.g.: http://blog.duckdns.org:202) Ip Address Port To (This is port server is listening on)
80 192.168.1.1 804 (fake port, nothing is listening here)
202 192.168.1.2 80
203 192.168.1.3 80
204 192.168.1.4 8123

Here’s a screen shot of my example setup:

 
Once Saved, you access your sites as follows:

URL -> Server

http://blog.duckdns.org:202 -> your blog in your study at 192.168.1.2 port 80

http://wifesblog.duckdns.org:203 -> wife’s blog in her office at 192.168.1.3 port 80

http://homey.duckdns.org:204 -> home automation server at 192.168.1.4 port 8123

If someone leaves the port out (http://blog.duckdns.org) it would just go to a blank page because it would be forewarded to 192.168.1.1:804  which is a fake port with nothing listening.

In actual practice you should use SSL for each of these,but for simplicity of explanation I’ve left that out. However, it would work the same way. You would turn off port 80 on each of the servers, and substitue 443 for 80 above, with an additional fake port for 443, such as the following:

Port From (incoming set by url, e.g.: http://blog.duckdns.org:202) Ip Address Port To (This is port server is listening on)
443 192.168.1.1 804 (fake port, nothing is listening here)
202 192.168.1.2 443
203 192.168.1.3 443
204 192.168.1.4 8123


Also, if you’re using ssl you’ll need to set up ssl certificates (use letsencrypt for free ssl certifices)

As a final note, if could have all of these sites on one computer (personally I’m doing this on raspberry pi 3 using lighttpd and homeassistent), but you would have to change the default  ports for each server; e.g., instead of your blog listening to 443, you would have the ssl port listen to say 452.  , your wife’s ssl port listening to say 574, etc. .