Henry's picture

Is it possible to have lighttpd for plone rather than Apache?

I did some research and it looks like Apache has a few thousand CVEs, whereas lighttpd seems to only have about 40, and half of those look like they are relatively minor.  From this cursory investigation, I conclude that lighttpd might be a better choice if security is a concern.

Am I right or wrong?  Can Plone even be implemented under lighty, or is Plone hardwired somehow to Apache?

One issue I already note is that the Plone configuration would have to be modified slightly because some of the options are Apache-specific (though I wonder if lighty actually might support those also).


Jeremy Davis's picture

TBH I don't know for a fact, but I'd be surprised if it couldn't be hosted via Lighty (on Nginx for that matter). From what I gather it actually has it's own development server built in, so the webserver is essentially just a front end reverse proxy.

As for security, Apache is generally ok and it is the most popular and therefore the best documented and arguably the most user friendly (especially for newbs).

According to the Debian security tracker the only CVEs unpatched Apache CVEs are "unimportant" (see here). Lighty definitely has less though (see here).

Add new comment