how to disable unencrypted traffic(port 80) on lighttpd

Question

We want to run an SSL only lighttpd process. Which configuration option should be used to turn off port 80 with its unencrypted traffic ?

Lighttpd documents only provide a "redirection" to https traffic, but we want a complete silence on port 80. We want to keep lighttpd listening only on 443 for encrypted(https) traffic.

Update [Solution]

Setting only "server.port = 443" does not help. SSL config was :

$SERVER["socket"] == "0.0.0.0:443" {
                  ssl.engine                  = "enable"
                  ssl.pemfile                 = "/etc/cert.pem"
}

That gave the error.

can't bind to port: 0.0.0.0 443 Address already in use

Removing the conditional SSL altogether solved the issue, the config became:

server.port                 = 443
ssl.engine                  = "enable"
ssl.pemfile                 = "myweb.pem"

score 6 · Accepted Answer · edited Jun 20 '17 at 22:28

6

you have to set server.port = 443 in lighttpd.conf and comment the conditional $SERVER["socket"] == "0.0.0.0:443" { } in 10-ssl.conf

keep ssl.engine = "enable" and ssl.pemfile = "/etc/lighttpd/server.pem" in 10-ssl.conf

edited Jun 20 '17 at 22:28

garethTheRed

4,539
14
22

answered Nov 09 '10 at 11:02

nik · Answer 2 · 2009-07-28T10:35:24.947

2

How about, commenting out

# /etc/rc.d/lighttpd start

Or, you could comment out the fastcgi.server lines in

/etc/lighttpd/lighttpd.conf

Ok, this is the reference I was looking for, are you using these things?

I think the bottom line is, if you just make the server.port 443 and
remove the port 80 config entirely instead of a redirect, the server would respond only on 443.

edited Jul 28 '09 at 10:35

answered Jul 28 '09 at 10:22

nik

7,100
2
25
30

we want to disable http traffic and keep only http**s** traffic. We are not even using fastcgi or php. – hayalci Jul 28 '09 at 10:35
Ok, then does the last part I just added work on your configuration? – nik Jul 28 '09 at 10:39
changing server port only with the recommended ssl config snippet didn't work. See the question for working solution. thanks for the pointer. – hayalci Jul 28 '09 at 10:56

score 0 · Answer 3 · answered Jul 28 '09 at 10:30

0

Not a solution but still a work around would be to install a firewall such as Iptables and completely block traffic on port 80.

answered Jul 28 '09 at 10:30

Adam Benayoun

1,138
2
14
26

An `iptables` trick should also stop incoming port-80 traffic. Unless, you want to run something else there. – nik Jul 28 '09 at 10:37

score 0 · Answer 4 · answered Mar 12 '13 at 20:06

0

In my case, I had to comment:

   include_shell "/usr/share/lighttpd/use-ipv6.pl"

to disable additional SSL pre-configuration.

answered Mar 12 '13 at 20:06

kagali-san

1,991
5
17
20

how to disable unencrypted traffic(port 80) on lighttpd

4 Answers4