lighttpd (pronounced /lighty/) is a secure, fast, compliant, and very flexible web server that has been optimized for high-performance environments. lighttpd uses memory and CPU efficiently and has lower resource use than other popular web servers. Its advanced feature-set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and much more) make lighttpd the perfect web server for all systems, small and large. lighttpd is released under the Open Source revised BSD license.

lighttpd wiki and documentation



January 19, 2022

Important changes

  • remove deprecated modules, bugfixes, CVE-2022-22707 (rare configs)


Behavior Changes

(previously announced and scheduled)

  • graceful restart/shutdown timeout changed from 0 (disabled) to 8 seconds
    configure an alternative with:
    server.feature-flags += (“server.graceful-shutdown-timeout” => 8)
  • build: lighttpd defaults to —with-pcre2 instead of —with-pcre
    pcre2 is current. pcre is no longer maintained.
    Explicitly specify —with-pcre in build to use pcre instead of pcre2.
  • deprecated modules (previously announced) have been removed
    • mod_authn_mysql
    • mod_mysql_vhost
    • mod_cml
    • mod_flv_streaming
    • mod_geoip
    • mod_trigger_b4_dl
      suggests migration steps for replacements, if needed