26
|
1 #######################################################################
|
|
2 ##
|
|
3 ## /etc/lighttpd/lighttpd.conf
|
|
4 ##
|
|
5 ## check /etc/lighttpd/conf.d/*.conf for the configuration of modules.
|
|
6 ##
|
|
7 #######################################################################
|
|
8
|
|
9 #######################################################################
|
|
10 ##
|
|
11 ## Some Variable definition which will make chrooting easier.
|
|
12 ##
|
|
13 ## if you add a variable here. Add the corresponding variable in the
|
|
14 ## chroot example aswell.
|
|
15 ##
|
|
16 var.log_root = "/var/log/lighttpd"
|
|
17 var.server_root = "/var/www"
|
|
18 var.state_dir = "/var/run"
|
|
19 var.home_dir = "/var/lib/lighttpd"
|
|
20 var.conf_dir = "/etc/lighttpd"
|
|
21
|
|
22 ##
|
|
23 ## run the server chrooted.
|
|
24 ##
|
|
25 ## This requires root permissions during startup.
|
|
26 ##
|
|
27 ## If you run Chrooted set the the variables to directories relative to
|
|
28 ## the chroot dir.
|
|
29 ##
|
|
30 ## example chroot configuration:
|
|
31 ##
|
|
32 #var.log_root = "/logs"
|
|
33 #var.server_root = "/"
|
|
34 #var.state_dir = "/run"
|
|
35 #var.home_dir = "/lib/lighttpd"
|
|
36 #var.vhosts_dir = "/vhosts"
|
|
37 #var.conf_dir = "/etc"
|
|
38 #
|
|
39 #server.chroot = "/srv/www"
|
|
40
|
|
41 ##
|
|
42 ## Some additional variables to make the configuration easier
|
|
43 ##
|
|
44
|
|
45 ##
|
|
46 ## Base directory for all virtual hosts
|
|
47 ##
|
|
48 ## used in:
|
|
49 ## conf.d/evhost.conf
|
|
50 ## conf.d/simple_vhost.conf
|
|
51 ## vhosts.d/vhosts.template
|
|
52 ##
|
|
53 var.vhosts_dir = server_root + "/vhosts"
|
|
54
|
|
55 ##
|
|
56 ## Cache for mod_compress
|
|
57 ##
|
|
58 ## used in:
|
|
59 ## conf.d/compress.conf
|
|
60 ##
|
|
61 var.cache_dir = "/var/cache/lighttpd"
|
|
62
|
|
63 ##
|
|
64 ## Base directory for sockets.
|
|
65 ##
|
|
66 ## used in:
|
|
67 ## conf.d/fastcgi.conf
|
|
68 ## conf.d/scgi.conf
|
|
69 ##
|
|
70 var.socket_dir = home_dir + "/sockets"
|
|
71
|
|
72 ##
|
|
73 #######################################################################
|
|
74
|
|
75 #######################################################################
|
|
76 ##
|
|
77 ## Load the modules.
|
|
78 include "modules.conf"
|
|
79
|
|
80 ##
|
|
81 #######################################################################
|
|
82
|
|
83 #######################################################################
|
|
84 ##
|
|
85 ## Basic Configuration
|
|
86 ## ---------------------
|
|
87 ##
|
|
88 server.port = 80
|
|
89
|
|
90 ##
|
|
91 ## Use IPv6?
|
|
92 ##
|
|
93 server.use-ipv6 = "enable"
|
|
94
|
|
95 ##
|
|
96 ## bind to a specific IP
|
|
97 ##
|
|
98 #server.bind = "localhost"
|
|
99
|
|
100 ##
|
|
101 ## Run as a different username/groupname.
|
|
102 ## This requires root permissions during startup.
|
|
103 ##
|
|
104 server.username = "lighttpd"
|
|
105 server.groupname = "lighttpd"
|
|
106
|
|
107 ##
|
|
108 ## enable core files.
|
|
109 ##
|
|
110 #server.core-files = "disable"
|
|
111
|
|
112 ##
|
|
113 ## Document root
|
|
114 ##
|
|
115 server.document-root = server_root + "/lighttpd"
|
|
116
|
|
117 ##
|
|
118 ## The value for the "Server:" response field.
|
|
119 ##
|
|
120 ## It would be nice to keep it at "lighttpd".
|
|
121 ##
|
|
122 #server.tag = "lighttpd"
|
|
123
|
|
124 ##
|
|
125 ## store a pid file
|
|
126 ##
|
|
127 server.pid-file = state_dir + "/lighttpd.pid"
|
|
128
|
|
129 ##
|
|
130 #######################################################################
|
|
131
|
|
132 #######################################################################
|
|
133 ##
|
|
134 ## Logging Options
|
|
135 ## ------------------
|
|
136 ##
|
|
137 ## all logging options can be overwritten per vhost.
|
|
138 ##
|
|
139 ## Path to the error log file
|
|
140 ##
|
|
141 server.errorlog = log_root + "/error.log"
|
|
142
|
|
143 ##
|
|
144 ## If you want to log to syslog you have to unset the
|
|
145 ## server.errorlog setting and uncomment the next line.
|
|
146 ##
|
|
147 #server.errorlog-use-syslog = "enable"
|
|
148
|
|
149 ##
|
|
150 ## Access log config
|
|
151 ##
|
|
152 include "conf.d/access_log.conf"
|
|
153
|
|
154 ##
|
|
155 ## The debug options are moved into their own file.
|
|
156 ## see conf.d/debug.conf for various options for request debugging.
|
|
157 ##
|
|
158 include "conf.d/debug.conf"
|
|
159
|
|
160 ##
|
|
161 #######################################################################
|
|
162
|
|
163 #######################################################################
|
|
164 ##
|
|
165 ## Tuning/Performance
|
|
166 ## --------------------
|
|
167 ##
|
|
168 ## corresponding documentation:
|
|
169 ## http://www.lighttpd.net/documentation/performance.html
|
|
170 ##
|
|
171 ## set the event-handler (read the performance section in the manual)
|
|
172 ##
|
|
173 ## possible options on linux are:
|
|
174 ##
|
|
175 ## select
|
|
176 ## poll
|
|
177 ## linux-sysepoll
|
|
178 ##
|
|
179 ## linux-sysepoll is recommended on kernel 2.6.
|
|
180 ##
|
|
181 server.event-handler = "linux-sysepoll"
|
|
182
|
|
183 ##
|
|
184 ## The basic network interface for all platforms at the syscalls read()
|
|
185 ## and write(). Every modern OS provides its own syscall to help network
|
|
186 ## servers transfer files as fast as possible
|
|
187 ##
|
|
188 ## linux-sendfile - is recommended for small files.
|
|
189 ## writev - is recommended for sending many large files
|
|
190 ##
|
|
191 server.network-backend = "linux-sendfile"
|
|
192
|
|
193 ##
|
|
194 ## As lighttpd is a single-threaded server, its main resource limit is
|
|
195 ## the number of file descriptors, which is set to 1024 by default (on
|
|
196 ## most systems).
|
|
197 ##
|
|
198 ## If you are running a high-traffic site you might want to increase this
|
|
199 ## limit by setting server.max-fds.
|
|
200 ##
|
|
201 ## Changing this setting requires root permissions on startup. see
|
|
202 ## server.username/server.groupname.
|
|
203 ##
|
|
204 ## By default lighttpd would not change the operation system default.
|
|
205 ## But setting it to 2048 is a better default for busy servers.
|
|
206 ##
|
|
207 ## With SELinux enabled, this is denied by default and needs to be allowed
|
|
208 ## by running the following once : setsebool -P httpd_setrlimit on
|
|
209 #server.max-fds = 2048
|
|
210
|
|
211 ##
|
|
212 ## Stat() call caching.
|
|
213 ##
|
|
214 ## lighttpd can utilize FAM/Gamin to cache stat call.
|
|
215 ##
|
|
216 ## possible values are:
|
|
217 ## disable, simple or fam.
|
|
218 ##
|
|
219 server.stat-cache-engine = "simple"
|
|
220
|
|
221 ##
|
|
222 ## Fine tuning for the request handling
|
|
223 ##
|
|
224 ## max-connections == max-fds/2 (maybe /3)
|
|
225 ## means the other file handles are used for fastcgi/files
|
|
226 ##
|
|
227 server.max-connections = 1024
|
|
228
|
|
229 ##
|
|
230 ## How many seconds to keep a keep-alive connection open,
|
|
231 ## until we consider it idle.
|
|
232 ##
|
|
233 ## Default: 5
|
|
234 ##
|
|
235 #server.max-keep-alive-idle = 5
|
|
236
|
|
237 ##
|
|
238 ## How many keep-alive requests until closing the connection.
|
|
239 ##
|
|
240 ## Default: 16
|
|
241 ##
|
|
242 #server.max-keep-alive-requests = 16
|
|
243
|
|
244 ##
|
|
245 ## Maximum size of a request in kilobytes.
|
|
246 ## By default it is unlimited (0).
|
|
247 ##
|
|
248 ## Uploads to your server cant be larger than this value.
|
|
249 ##
|
|
250 #server.max-request-size = 0
|
|
251
|
|
252 ##
|
|
253 ## Time to read from a socket before we consider it idle.
|
|
254 ##
|
|
255 ## Default: 60
|
|
256 ##
|
|
257 #server.max-read-idle = 60
|
|
258
|
|
259 ##
|
|
260 ## Time to write to a socket before we consider it idle.
|
|
261 ##
|
|
262 ## Default: 360
|
|
263 ##
|
|
264 #server.max-write-idle = 360
|
|
265
|
|
266 ##
|
|
267 ## Traffic Shaping
|
|
268 ## -----------------
|
|
269 ##
|
|
270 ## see /usr/share/doc/lighttpd/traffic-shaping.txt
|
|
271 ##
|
|
272 ## Values are in kilobyte per second.
|
|
273 ##
|
|
274 ## Keep in mind that a limit below 32kB/s might actually limit the
|
|
275 ## traffic to 32kB/s. This is caused by the size of the TCP send
|
|
276 ## buffer.
|
|
277 ##
|
|
278 ## per server:
|
|
279 ##
|
|
280 #server.kbytes-per-second = 128
|
|
281
|
|
282 ##
|
|
283 ## per connection:
|
|
284 ##
|
|
285 #connection.kbytes-per-second = 32
|
|
286
|
|
287 ##
|
|
288 #######################################################################
|
|
289
|
|
290 #######################################################################
|
|
291 ##
|
|
292 ## Filename/File handling
|
|
293 ## ------------------------
|
|
294
|
|
295 ##
|
|
296 ## files to check for if .../ is requested
|
|
297 ## index-file.names = ( "index.php", "index.rb", "index.html",
|
|
298 ## "index.htm", "default.htm" )
|
|
299 ##
|
|
300 #index-file.names += (
|
|
301 # "index.xhtml", "index.html", "index.htm", "default.htm", "index.php"
|
|
302 #)
|
|
303 index-file.names += (
|
|
304 "index.xhtml", "index.html", "index.htm", "default.htm", "index.php",
|
|
305 "index.cgi"
|
|
306 )
|
|
307
|
|
308 ##
|
|
309 ## deny access the file-extensions
|
|
310 ##
|
|
311 ## ~ is for backupfiles from vi, emacs, joe, ...
|
|
312 ## .inc is often used for code includes which should in general not be part
|
|
313 ## of the document-root
|
|
314 url.access-deny = ( "~", ".inc" )
|
|
315
|
|
316 ##
|
|
317 ## disable range requests for pdf files
|
|
318 ## workaround for a bug in the Acrobat Reader plugin.
|
|
319 ##
|
|
320 $HTTP["url"] =~ "\.pdf$" {
|
|
321 server.range-requests = "disable"
|
|
322 }
|
|
323
|
|
324 ##
|
|
325 ## url handling modules (rewrite, redirect)
|
|
326 ##
|
|
327 #url.rewrite = ( "^/$" => "/server-status" )
|
|
328 #url.redirect = ( "^/wishlist/(.+)" => "http://www.example.com/$1" )
|
|
329
|
|
330 ##
|
|
331 ## both rewrite/redirect support back reference to regex conditional using %n
|
|
332 ##
|
|
333 #$HTTP["host"] =~ "^www\.(.*)" {
|
|
334 # url.redirect = ( "^/(.*)" => "http://%1/$1" )
|
|
335 #}
|
|
336
|
|
337 ##
|
|
338 ## which extensions should not be handle via static-file transfer
|
|
339 ##
|
|
340 ## .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi
|
|
341 ##
|
|
342 #static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".scgi" )
|
|
343 static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".cgi", ".py", ".scgi" )
|
|
344
|
|
345 ##
|
|
346 ## error-handler for status 404
|
|
347 ##
|
|
348 #server.error-handler-404 = "/error-handler.html"
|
|
349 #server.error-handler-404 = "/error-handler.php"
|
|
350 server.error-handler-404 = "404.html"
|
|
351
|
|
352 ##
|
|
353 ## Format: <errorfile-prefix><status-code>.html
|
|
354 ## -> ..../status-404.html for 'File not found'
|
|
355 ##
|
|
356 #server.errorfile-prefix = "/srv/www/htdocs/errors/status-"
|
|
357
|
|
358 ##
|
|
359 ## mimetype mapping
|
|
360 ##
|
|
361 include "conf.d/mime.conf"
|
|
362
|
|
363 ##
|
|
364 ## directory listing configuration
|
|
365 ##
|
|
366 include "conf.d/dirlisting.conf"
|
|
367
|
|
368 ##
|
|
369 ## Should lighttpd follow symlinks?
|
|
370 ##
|
|
371 server.follow-symlink = "enable"
|
|
372
|
|
373 ##
|
|
374 ## force all filenames to be lowercase?
|
|
375 ##
|
|
376 #server.force-lowercase-filenames = "disable"
|
|
377
|
|
378 ##
|
|
379 ## defaults to /var/tmp as we assume it is a local harddisk
|
|
380 ##
|
|
381 server.upload-dirs = ( "/var/tmp" )
|
|
382
|
|
383 ##
|
|
384 #######################################################################
|
|
385
|
|
386
|
|
387 #######################################################################
|
|
388 ##
|
|
389 ## SSL Support
|
|
390 ## -------------
|
|
391 ##
|
|
392 ## To enable SSL for the whole server you have to provide a valid
|
|
393 ## certificate and have to enable the SSL engine.::
|
|
394 ##
|
|
395 ## ssl.engine = "enable"
|
|
396 ## ssl.pemfile = "/path/to/server.pem"
|
|
397 ##
|
|
398 ## The HTTPS protocol does not allow you to use name-based virtual
|
|
399 ## hosting with SSL. If you want to run multiple SSL servers with
|
|
400 ## one lighttpd instance you must use IP-based virtual hosting: ::
|
|
401 ##
|
|
402 ## $SERVER["socket"] == "10.0.0.1:443" {
|
|
403 ## ssl.engine = "enable"
|
|
404 ## ssl.pemfile = "/etc/ssl/private/www.example.com.pem"
|
|
405 ## #
|
|
406 ## # Mitigate BEAST attack:
|
|
407 ## #
|
|
408 ## # A stricter base cipher suite. For details see:
|
|
409 ## # http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html
|
|
410 ## #
|
|
411 ## ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
|
|
412 ## #
|
|
413 ## # Make the server prefer the order of the server side cipher suite instead of the client suite.
|
|
414 ## # This is necessary to mitigate the BEAST attack (unless you disable all non RC4 algorithms).
|
|
415 ## # This option is enabled by default, but only used if ssl.cipher-list is set.
|
|
416 ## #
|
|
417 ## # ssl.honor-cipher-order = "enable"
|
|
418 ## #
|
|
419 ## # Mitigate CVE-2009-3555 by disabling client triggered renegotation
|
|
420 ## # This is enabled by default.
|
|
421 ## #
|
|
422 ## # ssl.disable-client-renegotiation = "enable"
|
|
423 ## #
|
|
424 ## server.name = "www.example.com"
|
|
425 ##
|
|
426 ## server.document-root = "/srv/www/vhosts/example.com/www/"
|
|
427 ## }
|
|
428 ##
|
|
429
|
|
430 ## If you have a .crt and a .key file, cat them together into a
|
|
431 ## single PEM file:
|
|
432 ## $ cat /etc/ssl/private/lighttpd.key /etc/ssl/certs/lighttpd.crt \
|
|
433 ## > /etc/ssl/private/lighttpd.pem
|
|
434 ##
|
|
435 #ssl.pemfile = "/etc/ssl/private/lighttpd.pem"
|
|
436
|
|
437 ##
|
|
438 ## optionally pass the CA certificate here.
|
|
439 ##
|
|
440 ##
|
|
441 #ssl.ca-file = ""
|
|
442
|
|
443 ##
|
|
444 #######################################################################
|
|
445
|
|
446 #######################################################################
|
|
447 ##
|
|
448 ## custom includes like vhosts.
|
|
449 ##
|
|
450 #include "conf.d/config.conf"
|
|
451 #include_shell "cat /etc/lighttpd/vhosts.d/*.conf"
|
|
452 ##
|
|
453 #######################################################################
|
30
|
454
|
|
455 setenv.add-environment = (
|
|
456 "LC_CTYPE" => "en_US.utf8"
|
|
457 )
|