Home / server / Questions / 46887
Accepted
hayalci
Asked: 2009-07-29 02:16:04 +0800 CST

how to disable unencrypted traffic(port 80) on lighttpd

  • 772

We want to run an SSL only lighttpd process. Which configuration option should be used to turn off port 80 with its unencrypted traffic ?

Lighttpd documents only provide a "redirection" to https traffic, but we want a complete silence on port 80. We want to keep lighttpd listening only on 443 for encrypted(https) traffic.

Update [Solution]

Setting only "server.port = 443" does not help. SSL config was :

$SERVER["socket"] == "0.0.0.0:443" {
                  ssl.engine                  = "enable"
                  ssl.pemfile                 = "/etc/cert.pem"
}

That gave the error.

can't bind to port: 0.0.0.0 443 Address already in use

Removing the conditional SSL altogether solved the issue, the config became:

server.port                 = 443
ssl.engine                  = "enable"
ssl.pemfile                 = "myweb.pem"
http ssl lighttpd https

4 Answers

  1. Best Answer

    you have to set server.port = 443 in lighttpd.conf and comment the conditional $SERVER["socket"] == "0.0.0.0:443" { } in 10-ssl.conf

    keep ssl.engine = "enable" and ssl.pemfile = "/etc/lighttpd/server.pem" in 10-ssl.conf

    • 6

  2. How about, commenting out 

    # /etc/rc.d/lighttpd start

    Or, you could comment out the fastcgi.server lines in 

    /etc/lighttpd/lighttpd.conf

    Ok, this is the reference I was looking for, are you using these things?

    I think the bottom line is, if you just make the server.port 443 and
    remove the port 80 config entirely instead of a redirect, the server would respond only on 443.

    • 2

  3. Not a solution but still a work around would be to install a firewall such as Iptables and completely block traffic on port 80.

    • 0

  4. In my case, I had to comment:

       include_shell "/usr/share/lighttpd/use-ipv6.pl"

    to disable additional SSL pre-configuration.

    • 0