how to disable unencrypted traffic(port 80) on lighttpd

Question

We want to run an SSL only lighttpd process. Which configuration option should be used to turn off port 80 with its unencrypted traffic ?

Lighttpd documents only provide a "redirection" to https traffic, but we want a complete silence on port 80. We want to keep lighttpd listening only on 443 for encrypted(https) traffic.

Update [Solution]

Setting only "server.port = 443" does not help. SSL config was :

$SERVER["socket"] == "0.0.0.0:443" {
                  ssl.engine                  = "enable"
                  ssl.pemfile                 = "/etc/cert.pem"
}

That gave the error.

can't bind to port: 0.0.0.0 443 Address already in use

Removing the conditional SSL altogether solved the issue, the config became:

server.port                 = 443
ssl.engine                  = "enable"
ssl.pemfile                 = "myweb.pem"

Answer 1

you have to set server.port = 443 in lighttpd.conf and comment the conditional $SERVER["socket"] == "0.0.0.0:443" { } in 10-ssl.conf

keep ssl.engine = "enable" and ssl.pemfile = "/etc/lighttpd/server.pem" in 10-ssl.conf

Answer 2

How about, commenting out

# /etc/rc.d/lighttpd start

Or, you could comment out the fastcgi.server lines in

/etc/lighttpd/lighttpd.conf  

---

Ok, this is the reference I was looking for, are you using these things?

I think the bottom line is, if you just make the server.port 443 and
remove the port 80 config entirely instead of a redirect, the server would respond only on 443.

Answer 3

Not a solution but still a work around would be to install a firewall such as Iptables and completely block traffic on port 80.

Answer 4

In my case, I had to comment:

   include_shell "/usr/share/lighttpd/use-ipv6.pl" 

to disable additional SSL pre-configuration.