sslhttpslighttpdalpine-linuxca

Configuring https on lighttpd


I'm configuring https on standard Alpine Linux/3.9.0, running PHP/7.2.14 and lighttpd/1.4.52 (ssl). I have my domain name up (I'll call it "mydomain.com") and I've gotten the ssl files mydomain.crt, mydomain.p7b, mydomain.ca-bundle, mydomain.key, and mydomain.pem.

-When I search with http at mydomain.com:443, I access my website.

-When I search with https at mydomain.com, the connection times out.

I have configured /etc/lighttpd/lighttpd.conf incorrectly, and I think it has something to do with my ".crt" file. I have searched around StackOverflow and by googling it, but the two most helpful sources were:

https://tecadmin.net/configure-ssl-in-lighttpd-server/
https://www.digicert.com/ssl-certificate-installation-lighttpd.htm

This was added/modified in the default configuration file /etc/lighttpd/lighttpd.conf:

server.port = 443
$SERVER["socket"] == ":443" {
   ssl.engine = "enable"
   ssl.pemfile = "/etc/lighttpd/mydomain.pem"
   ssl.ca-file = "/etc/lighttpd/mydomain.crt"
   server.name = "mydomain"
   server.document-root = "/var/www/localhost/htdocs"
}

I have also tried replacing
ssl.ca-file = "/etc/lighttpd/mydomain.crt"
with
ssl.ca-file = "/etc/lighttpd/mydomain.ca-bundle"

I was expecting /etc/lighttpd/mydomain.crt to work, but I can only access port 443 through http (successful connection), not through https (connection time out). I have one .crt file (mydomain.crt). Am I supposed to modify the file mydomain.ca-bundle as a .crt file?


Solution

  • Okay, so the perpetrator was this line right here:

    server.port = 443
    

    Me being a novice at this, I didn't realize you should have port 80 AND port 443 open to enable https. lighttpd uses 80 by default, so I just had to comment out the line:

    # server.port = 443
    

    Note for future readers: thus it follows, that for https, ports 80 and 443 must also be ported forward on your router.