Linux

Compile Lighttpd with LibreSSL

As LibreSSL is gaining popularity you might want to switch your compiled Lighttpd version with one that uses LibreSSL for your https.

Tested on Debian Squeeze, but should work on Wheezy/Ubuntu in a similar way.

Prerequisites

$ sudo apt-get install make gcc libev-dev libpcre3-dev zlib1g-dev libbz2-dev gamin libgamin-dev liblua5.1-0-dev
$ wget
http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.35.tar.gz
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.0.5.tar.gz
$ tar xvfz libressl-2.0.5.tar.gz && tar xvfz lighttpd-1.4.35.tar.gz

Compile & Install LibreSSL

We are installing it in a non-standard path so it won’t interfer with your existing openssl/libssl(-dev)

$ cd libressl-2.0.5
$ ./configure --prefix=/opt/libressl
$ make
$ sudo make install

Verify the LibreSSL Installation

$ /opt/libressl/bin/openssl version
LibreSSL 2.0

Compile Lighttpd with LibreSSL

$ cd ../lighttpd-1.4.35
$ wget https://gist.github.com/lifeofguenter/7ef3fe9e089fcb24baed/raw/316108a350f69d622c17d0801cc429388cf36cef/lighttpd-libressl.patch
$ patch -p1 < lighttpd-libressl.patch
$ ./configure
--prefix=/usr
--sysconfdir=/etc
--localstatedir=/var
--with-libev
--with-pcre
--with-zlib
--with-bzip2
--with-fam
--with-lua
--with-openssl=/opt/libressl
$ make
$ sudo make install

Verify the Lighttpd Installation

$ lighttpd -v
lighttpd/1.4.35 (ssl) - a light and fast webserver
Build-Date: Aug 11 2014 12:54:04

Please have a look at the following URLs for further Documentation on configuring Lighttpd + SSL:

Compile tinyproxy as anonymous proxy

Tinyproxy is a small light-weight proxy daemon for Linux environments. Espescially usefull if you have some spare dedicated/virtual servers running with multiple IPs. In this tutorial I will show you how to compile it from source on a Debian server – as the current official .deb package does not allow running it in complete anonymous mode.

Additionally if you don’t want to install asciidoc (1GB!!!) you can use the modified patch from my compile steps (original). My version of the patch works with the current stable (1.8.3) version of tinyproxy. Not using the patch might give you following error:

checking for a2x... no
configure: error: Test for asciidoc failed. See the file 'INSTALL' for help.

 

Compile


$ wget --no-check-certificate https://banu.com/pub/tinyproxy/1.8/tinyproxy-1.8.3.tar.bz2
$ wget --no-check-certificate https://github.com/lifeofguenter/patches/raw/master/tinyproxy/tinyproxy-1.8.3-no-asciidoc.patch
$ tar xvfj tinyproxy-1.8.3.tar.bz2
$ cd tinyproxy-1.8.3/
$ patch -p1 < ../tinyproxy-1.8.3-no-asciidoc.patch
$ ./configure
--prefix=/usr
--sysconfdir=/etc
--localstatedir=/var
--disable-xtinyproxy
--disable-filter
--disable-upstream
--disable-reverse
--enable-transparent
$ make && sudo make install

Config


$ sudo nano /etc/tinyproxy.conf
User nobody
Group nogroup

Port 8888
BindSame yes
Timeout 600
DefaultErrorFile "/usr/share/tinyproxy/default.html"
StatFile "/usr/share/tinyproxy/stats.html"
Syslog On
LogLevel Error
PidFile "/var/run/tinyproxy/tinyproxy.pid"
MaxClients 100
MinSpareServers 5
MaxSpareServers 20
StartServers 10
MaxRequestsPerChild 10000
Allow 127.0.0.1
DisableViaHeader Yes
ConnectPort 443
ConnectPort 563

Run


$ sudo mkdir /var/run/tinyproxy
$ sudo chown nobody:nogroup /var/run/tinyproxy/
$ sudo tinyproxy