Security, speed, compliance, and flexibility -- all of these describe lighttpd (pron. lighty) which is rapidly redefining efficiency of a webserver; as it is designed and optimized for high performance environments. With a small memory footprint compared to other web-servers, effective management of the cpu-load, and advanced feature set (FastCGI, SCGI, Auth, Output-Compression, URL-Rewriting and many more) lighttpd is the perfect solution for every server that is suffering load problems. And best of all it's Open Source licensed under the revised BSD license.

Web 2.0

lighttpd powers several popular Web 2.0 sites. Its high speed io-infrastructure allows them to scale several times better with the same hardware than with alternative web-servers.

This fast web server and its development team create a web-server with the needs of the future web in mind:

Its event-driven architecture is optimized for a large number of parallel connections (keep-alive) which is important for high performance AJAX applications.



July 16, 2016

Important changes

  • major bug-fix release; hundreds of issues resolved in issue tracker
  • git master lighttpd source repository (migrated from svn)



  • improved resource management
    • asynchronous, bidirectional streaming options to dynamic backends
    • detect client disconnects and abort request to dynamic backends
    • rework dynamic handler control flow logic for consistent clean up
    • constrained memory footprint; limit memory used by large responses
  • robustness and portability
    • fallback to traditional I/O if mmap or sendfile not available
    • update support for lua 5.2, 5.3; memcached; libressl; openssl 1.1.0
    • better cygwin support; passes tests
    • better webdav support
  • selected new features
    • lighttpd -tt performs config validation and preflight startup checks
    • lighttpd -1 process single (one) request on stdin socket (e.g. xinetd)
    • lighttpd -i graceful shutdown after of inactivity
    • config file supports include file globs (e.g. include “conf.d/*.conf”)
    • server.bsd-accept-filter (“httpready”, “dataready”)
    • server.error-handler to handle 4xx and 5xx status
    • server.http-parseopt-header-strict restrict chars allowed in HTTP headers
    • server.http-parseopt-host-strict restrict chars allowed in HTTP Host
    • server.http-parseopt-host-normalize normalize HTTP Host header
    • server.listen-backlog to configure socket listen backlog
    • server.max-request-size is now scopeable (no longer one global setting)
    • to control streaming, buffering of request
    • to control streaming, buffering of response
    • server.upload-dirs will retry in remaining dirs in list if disk full
    • accesslog.format now supports %a %A %C %D %k %{}t %{}T
    • evasive.location for 302 redirect option if limit reached
    • url.rewrite and url.redirect now short-circuit if replacement is blank
    • url.access-allow for explicit list of allowed suffixes; deny others
    • mod_cgi handles local redirect response if Location: /path?query
    • REDIRECT_URI is set for internal redirects (cgi, magnet, rewrite, errdoc)
    • REDIRECT_STATUS is set to http error status for error docs
    • mod_indexfile sets PATH_TRANSLATED_DIRINDEX if target URL begins w/ ‘/’
    • “listen-backlog” to configure socket listen backlog for FastCGI, SCGI
    • X-Sendfile for CGI and SCGI (in addition to FastCGI)

Future scheduled behavior changes in lighttpd 1.4.41

  • server.use-ipv6 = “enable” will be inherited from global scope if set, so if that is not what is desired, add server.use-ipv6 = “disable” to appropriate $SERVER[“socket”] blocks. Similar for server.set-v6only.
  • long-deprecated config directives will be removed. These directives are non-functional and emit a warning message if directives were renamed. After being removed, they will result in “directive unknown” warnings.