Hiawatha or lighttpd

[gpatrick]

I am considering moving from Apache to Hiawatha or lighttpd, but have a question about virtual hosts. Currently with Apache I use IP-based virtual hosting, but looking at the configuration examples for both Hiawatha and lighttpd it seems it searches for a match until found.

Does that mean I would no longer need my Pound reverse proxy and multiple IPs to serve multiple sites? So my firewall will redirect port 80 to my NAT'd address which is bound for Hiawatha, for example, and then it searches through the config file for a match of a domain name until found?

Because presently I rdr for port 80 to Pound and then Pound sends requests to the correct NAT'd IP for the correct domain.

Am I correct or incorrect about my assumption for virtual hosting with Hiawatha and lighttpd?

# VIRTUAL HOSTS
VirtualHost {
	RequiredBinding = LOCALSGS
	Hostname = 127.0.0.1
	WebsiteRoot = /home/pvg/webdmn/www/hiawatha
	UseFastCGI = FCGI1
	TimeForCGI = 20
	UseToolkit = to_fcgi
}
VirtualHost {
	RequiredBinding = HTTP
	Hostname = www.ssl.example.net
	WebsiteRoot = /home/pvg/webdmn/www/hiawatha/www/server
}
VirtualHost {
	RequiredBinding = SSL
	Hostname = www.nossl.example.net
	WebsiteRoot = /home/pvg/webdmn/www/hiawatha
	UseFastCGI = FCGI1
	TimeForCGI = 20
	UseToolkit = to_fcgi
	PasswordFile = digest:/home/pvg/hiawatha/.digest
}

This is the virtual host configuration example from the Hiawatha site.

$HTTP["host"] == “test1.example.org” {

server.document-root = “/home/user/sites/test1.example.org/”

accesslog.filename = “/home/user/sites/logs/test1.example.org.access.log”

}

$HTTP["host"] == “test2.example.org” {

server.document-root = “/home/user/sites/test2.example.org”

accesslog.filename = “/home/user/sites/logs/test2.example.org.access.log”

}

This is an example I found for lighttpd which seems similar for other examples for using vhosts with it.

I don't see anywhere to use an IP to listen for something from Pound. I know I asked above, but would this eliminate using multiple IPs and no more Pound reverse proxy?

This is how I currently do it for Pound:

Service
  HeadRequire "Host:.*mydomain1.com*"
  BackEnd
    Address 192.168.1.100
    Port 8000
  End
End

Service
  HeadRequire "Host:.*mydomain2.net*"
  BackEnd
    Address 192.168.1.101
    Port 8000
  End
End

And for Apache I do:

<VirtualHost 192.168.1.100:8000>

 

[arp242]

Personally, I wouldn't recommend lighttpd. We have 4 fairly busy lighttpd servers at work, and we need to restart lighttpd every day because it leaks memory like a sieve.
To make matters worse, it would seem that the lighttpd developers aren't overfly concerned about these issues, in one instance someone made a clear bugreport on how to reproduce a memory leak, which was promptly closed as "don't use this feature in this manner". What the ... ?

We're currently looking at moving to nginx, which looks very promising.

I also use Hiawatha on my personal server, it has a few shortcomings, but in general it's pretty solid and has a few unique features.

Anyhow, on to your question.

Does that mean I would no longer need my Pound reverse proxy and multiple IPs to serve multiple sites? So my firewall will redirect port 80 to my NAT'd address which is bound for Hiawatha, for example, and then it searches through the config file for a match of a domain name until found?

Hostname-based virtual hosting works by Getting the value of the HTTP Host header. A basic request looks like this:

GET /showthread.php?t=31989 HTTP/1.1
Host: forums.freebsd.org

You can try it with telnet if you want.

For normal HTTP virtual hosting the IP address doesn't matter, the webserver looks at the value of the Host header, and uses this value to determine which virtual host to serve.

HTTPS is a bit of a different story. The server needs to know which certificate to present to the client (Which is different for every host), but it can't know the Host until it decrypt the HTTP request. This is a catch 22!

This is why you will always need to use either separate IP addresses for HTTPS sites, or a SSL Proxy (Pound is an excellent choice). It doesn't matter which webserver you use, it's a limitation of the HTTP(s) protocol.

 

[drhowarddrfine]

fwiw, in the past I tried lighttpd but had a hard time getting anyone to answer my questions when I had trouble and known bugs weren't well documented. It's been a few years but carpetsmoker's comment about lack of concern rang a bell to me.