How to install a web server on a router

In this page I describe how to install a full-featured web server on a router (Asus RT-AC56U) - we use some Entware packages, so please refer to this page on how to install Entware on a router.
We will use the "Lighttpd" web server, an alternative to Apache, the most used web server in Linux environments. Logically I will provide with a brief overview of features of this web server, just helping to install it and configure it. This web server is really a full-featured web server, so I suggest to refer to the its wiki page for further details and additional features. For a better understanding, I will divide this page into several step-after-step sections.

How to install the Lighttpd web server

In order to install the Lighttpd web server, we have to execute the following steps:

1. Firstly we install the web server using the command line "opkg install lighttpd";
2. We make a backup of file "/opt/etc/lighttpd/lighttpd.conf";
3. We change the file "/opt/etc/lighttpd/lighttpd.conf" changing the following line:
   server.document-root = "/opt/share/www/lighttpd"
   And adding the following line:
   server.port = 8080
   With the first line we tell the web server's daemon that the root folder of web server is "/opt/share/www/lighttpd", while the additional last line just is required to tell the daemon that the server port is 8080. Please take note that we must change the server port, as the default port, 80, is already used by the router for its management web server. Logically you can change the two lines as per your needs, in this page I will continue to use my values.
4. We create the root folder of the web server with following command line:
   mkdir /opt/share/www/lighttpd
5. Copy your sample "index.htm" file to folder "/opt/share/www/lighttpd";
6. We start the web server using the following command line:
   /opt/etc/init.d/S80lighttpd start
7. We open a web browser and input the address "http://[router address]:8080", the web index page should be shown.

Please refer to Lighttpd's website for further details about configuration file options.

How to run Lighttpd web server as "nobody" user

Normally the Lighttpd web server is executed as a full-privilege user ("root" or "admin"). I really discourage to do it due to security reasons. In most of the routers a safer low-privilege user is included, it is called "nobody", under group "nobody". This user is included in file "/etc/passwd", together with all other users of the router.
In order to run Lighttpd web server as "nobody" user, we have to execute the following steps:

1. We change the file "/opt/etc/lighttpd/lighttpd.conf" adding the following lines:
   server.username = "nobody"
   server.groupname = "nobody"
2. We execute the following command lines:
   chown -R nobody:nobody /opt/share/www/lighttpd/
   chown -R nobody:nobody /opt/var/log/lighttpd/
   
3. We restart the web server using the following command line:
   /opt/etc/init.d/S80lighttpd restart

To check if Lighttpd is running as "nobody" user, we use the following command line:
ps | grep -i lighttpd
The second column ("USER") should be "nobody".

NOTE : remember that, whenever you add a file into root web folder "/opt/share/www/lighttpd/", you have to set the owner of the new file to "nobody:nobody", using the command "chown" - you may even use the following command line:
chown -R nobody:nobody /opt/share/www/lighttpd/

How to enable directory listing

Normally the Lighttpd web server does not allow the directory listing due to security reasons, so we need to have at least one index file ("index.php", "index.html", "index.htm", "default.htm") in each folder of the web server, otherwise the web server returns the error "403 - forbidden". To avoid this error, we need to enable directory listing, in order to make web server show a list of all files included in each web folder.
In order to enable directory listing in Lighttpd web server, we have to execute the following steps:

1. We change the file "/opt/etc/lighttpd/lighttpd.conf" adding the following line:
   server.dir-listing = "enable"
2. We restart the web server using the following command line:
   /opt/etc/init.d/S80lighttpd restart

To check if Lighttpd web server shows a list of files included in each web folder, we rename all index files so to keep the web folder without index files (so to have the web folder without any of files "index.php", "index.html", "index.htm", "default.htm"). If we open the browser and we input the address of the web server, now the web server should show a list of files included in a web folder, instead of error "403 - forbidden".

Please refer to Lighttpd's website for further details about directory listing.

How to enable user authentication on web server

Normally the Lighttpd web server allows all users to access to web server without any kind of authentication. Due to security reasons, in this section we try to enable the user authentication in this web server.
In order to enable user authentication in Lighttpd web server, we have to execute the following steps:

1. We have to create a file with the userid/password values. For this job, we use the same utility "mini_httpd-htpasswd" used in page "How to install a mini web server on a router", section "How to setup an userid and a password on web server". We follow the same instructions of the above-mentioned page, but the output file ".htpasswd" must be saved in folder "/opt/etc/lighttpd/". From above-mentioned page we have to download also the .zip file in order to extract the utility "mini_httpd-htpasswd
2. We install two additional modules of the web server using the command line
   opkg install lighttpd-mod-auth lighttpd-mod-authn_file
3. We change the file "/opt/etc/lighttpd/conf.d/20-auth.conf" adding all the following lines:
   
   

   auth.backend = "htpasswd"
   auth.backend.htpasswd.userfile = "/opt/share/www/lighttpd/.htpasswd"
   auth.require = ( "/" =>
       (
       "method"  => "basic",
       "realm"   => "Please enter your Password.",
       "require" => "valid-user"
       ),
   )

4. We change the file "/opt/etc/lighttpd/conf.d/20-authn_file.conf" inserting a "#" digit before the line:
   server.modules += ( "mod_authn_file" )
5. We change the file "/opt/etc/lighttpd/lighttpd.conf" adding the following line:
   server.modules += ( "mod_auth" )
6. We restart the web server using the following command line:
   /opt/etc/init.d/S80lighttpd restart

Now the Lighttpd web server, if we open the browser and we input the web address of the web server, should show a window requesting the user name and the password to access to the web server.

Please refer to Lighttpd's website for further details about authentication.

How to enable PHP interpreter on web server

This is an optional section reserved to the users that want to enable the PHP interpreter on Lighttpd web server. This section uses the newest PHP7 Entware's packages instead of the older PHP5 packages. Due to the large amounts of features and functions of PHP interpreter, please refer to PHP manual.
In order to enable PHP interpreter in Lighttpd web server, we have to execute the following steps:

1. We install the basic packages of PHP interpreter using the command line
   opkg install php7 php7-cgi php7-cli php7-fastcgi
2. We install two additional modules of the web server using the command line
   opkg install lighttpd-mod-cgi lighttpd-mod-fastcgi
3. We make a backup copy of file "/opt/etc/php.ini";
4. We create a new empty file "/opt/etc/php.ini" adding all the following lines:
   
   

   post_max_size = 500M
   display_errors = Off
   error_log = /opt/var/log/php_errors.log
   output_buffering = Off
   
   ; Resource Limits
   
   max_execution_time = 30 ; Maximum execution time of each script, in seconds.
   max_input_time = 60 ; Maximum amount of time each script may spend parsing request data.
   ;max_input_nesting_level = 64
   memory_limit = 32M ; Maximum amount of memory a script may consume.
   
   ; Paths and Directories
   
   ;doc_root = "/opt/share/www/lighttpd"
   ;user_dir =
   extension_dir = "/opt/lib/php"
   enable_dl = On
   ;cgi.force_redirect = 1
   ;cgi.nph = 1
   ;cgi.redirect_status_env = ;
   cgi.fix_pathinfo=1
   
   ; File Uploads
   
   file_uploads = On
   upload_tmp_dir = "/opt/tmp"
   upload_max_filesize = 500M
   max_file_uploads = 50
   

5. We change the file "/opt/etc/lighttpd/conf.d/30-fastcgi.conf" adding all the following lines:
   
   

   fastcgi.server = ( ".php" =>
                      ( "localhost" =>
                        (
                          "socket" => "/tmp/php-fcgi.sock",
                          "bin-path" => "/opt/bin/php-cgi",
                          "max-procs" => 1,
                          "broken-scriptfilename" => "enable",
                          "bin-environment" =>
                            ( "PHP_FCGI_CHILDREN" => "1",
                              "PHP_FCGI_MAX_REQUESTS" => "1000" )
                        )
                      )
                    )

6. We create a testing PHP empty file, called "test.php", in root web folder "/opt/share/www/lighttpd/", inserting all the following lines:
   
   

   <?php
   phpinfo();
   ?>

7. We restart the web server using the following command line:
   /opt/etc/init.d/S80lighttpd restart

Remember to install the "php7-mod-*" Entware's packages as per your needs, you can get a list of available packages with following command:
opkg list | grep -i php7-mod

Please refer to Lighttpd's website for further details about FastCGI.