view lighttpd/lighttpd.conf @ 67:5b6211e2e36f

Update some static pages. The front page has been reorganized. Links and information on the downloads page are now current.
author John "Elwin" Edwards
date Sat, 21 Nov 2015 20:01:41 -0500
parents b1d3a618c254
line wrap: on
line source

## /etc/lighttpd/lighttpd.conf
## check /etc/lighttpd/conf.d/*.conf for the configuration of modules.

## Some Variable definition which will make chrooting easier.
## if you add a variable here. Add the corresponding variable in the
## chroot example aswell.
var.log_root    = "/var/log/lighttpd"
var.server_root = "/var/www"
var.state_dir   = "/var/run"
var.home_dir    = "/var/lib/lighttpd"
var.conf_dir    = "/etc/lighttpd"

## run the server chrooted.
## This requires root permissions during startup.
## If you run Chrooted set the the variables to directories relative to
## the chroot dir.
## example chroot configuration:
#var.log_root    = "/logs"
#var.server_root = "/"
#var.state_dir   = "/run"
#var.home_dir    = "/lib/lighttpd"
#var.vhosts_dir  = "/vhosts"
#var.conf_dir    = "/etc"
#server.chroot   = "/srv/www"

## Some additional variables to make the configuration easier

## Base directory for all virtual hosts
## used in:
## conf.d/evhost.conf
## conf.d/simple_vhost.conf
## vhosts.d/vhosts.template
var.vhosts_dir  = server_root + "/vhosts"

## Cache for mod_compress
## used in:
## conf.d/compress.conf
var.cache_dir   = "/var/cache/lighttpd"

## Base directory for sockets.
## used in:
## conf.d/fastcgi.conf
## conf.d/scgi.conf
var.socket_dir  = home_dir + "/sockets"


## Load the modules.
include "modules.conf"


##  Basic Configuration
## ---------------------
server.port = 80

## Use IPv6?
server.use-ipv6 = "enable"

## bind to a specific IP
#server.bind = "localhost"

## Run as a different username/groupname.
## This requires root permissions during startup. 
server.username  = "lighttpd"
server.groupname = "lighttpd"

## enable core files.
#server.core-files = "disable"

## Document root
server.document-root = server_root + "/lighttpd"

## The value for the "Server:" response field.
## It would be nice to keep it at "lighttpd".
#server.tag = "lighttpd"

## store a pid file
## = state_dir + "/"


##  Logging Options
## ------------------
## all logging options can be overwritten per vhost.
## Path to the error log file
server.errorlog             = log_root + "/error.log"

## If you want to log to syslog you have to unset the 
## server.errorlog setting and uncomment the next line.
#server.errorlog-use-syslog = "enable"

## Access log config
include "conf.d/access_log.conf"

## The debug options are moved into their own file.
## see conf.d/debug.conf for various options for request debugging.
include "conf.d/debug.conf"


##  Tuning/Performance
## --------------------
## corresponding documentation:
## set the event-handler (read the performance section in the manual)
## possible options on linux are:
## select
## poll
## linux-sysepoll
## linux-sysepoll is recommended on kernel 2.6.
server.event-handler = "linux-sysepoll"

## The basic network interface for all platforms at the syscalls read()
## and write(). Every modern OS provides its own syscall to help network
## servers transfer files as fast as possible 
## linux-sendfile - is recommended for small files.
## writev         - is recommended for sending many large files
## = "linux-sendfile"

## As lighttpd is a single-threaded server, its main resource limit is
## the number of file descriptors, which is set to 1024 by default (on
## most systems).
## If you are running a high-traffic site you might want to increase this
## limit by setting server.max-fds.
## Changing this setting requires root permissions on startup. see
## server.username/server.groupname.
## By default lighttpd would not change the operation system default.
## But setting it to 2048 is a better default for busy servers.
## With SELinux enabled, this is denied by default and needs to be allowed
## by running the following once : setsebool -P httpd_setrlimit on
#server.max-fds = 2048

## Stat() call caching.
## lighttpd can utilize FAM/Gamin to cache stat call.
## possible values are:
## disable, simple or fam.
server.stat-cache-engine = "simple"

## Fine tuning for the request handling
## max-connections == max-fds/2 (maybe /3)
## means the other file handles are used for fastcgi/files
server.max-connections = 1024

## How many seconds to keep a keep-alive connection open,
## until we consider it idle. 
## Default: 5
#server.max-keep-alive-idle = 5

## How many keep-alive requests until closing the connection.
## Default: 16
#server.max-keep-alive-requests = 16

## Maximum size of a request in kilobytes.
## By default it is unlimited (0).
## Uploads to your server cant be larger than this value.
#server.max-request-size = 0

## Time to read from a socket before we consider it idle.
## Default: 60
#server.max-read-idle = 60

## Time to write to a socket before we consider it idle.
## Default: 360
#server.max-write-idle = 360

##  Traffic Shaping 
## -----------------
## see /usr/share/doc/lighttpd/traffic-shaping.txt
## Values are in kilobyte per second.
## Keep in mind that a limit below 32kB/s might actually limit the
## traffic to 32kB/s. This is caused by the size of the TCP send
## buffer. 
## per server:
#server.kbytes-per-second = 128

## per connection:
#connection.kbytes-per-second = 32


##  Filename/File handling
## ------------------------

## files to check for if .../ is requested
## index-file.names            = ( "index.php", "index.rb", "index.html",
##                                 "index.htm", "default.htm" )
#index-file.names += (
#  "index.xhtml", "index.html", "index.htm", "default.htm", "index.php"
index-file.names += (
  "index.xhtml", "index.html", "index.htm", "default.htm", "index.php",

## deny access the file-extensions
## ~    is for backupfiles from vi, emacs, joe, ...
## .inc is often used for code includes which should in general not be part
##      of the document-root
url.access-deny             = ( "~", ".inc" )

## disable range requests for pdf files
## workaround for a bug in the Acrobat Reader plugin.
$HTTP["url"] =~ "\.pdf$" {
  server.range-requests = "disable"

## url handling modules (rewrite, redirect)
#url.rewrite                = ( "^/$"             => "/server-status" )
#url.redirect               = ( "^/wishlist/(.+)" => "$1" )

## both rewrite/redirect support back reference to regex conditional using %n
#$HTTP["host"] =~ "^www\.(.*)" {
#  url.redirect            = ( "^/(.*)" => "http://%1/$1" )
$HTTP["host"] =~ "^(.*)$" {
  url.redirect = ( 
    "^/scoring/highscores.html" => "http://%1/scoring/high.cgi?l=40"

## which extensions should not be handle via static-file transfer
## .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi
#static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".scgi" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".cgi", ".py", ".scgi" )

## error-handler for status 404
#server.error-handler-404   = "/error-handler.html"
#server.error-handler-404   = "/error-handler.php"
server.error-handler-404   = "404.html"

## Format: <errorfile-prefix><status-code>.html
## -> ..../status-404.html for 'File not found'
#server.errorfile-prefix    = "/srv/www/htdocs/errors/status-"

## mimetype mapping
include "conf.d/mime.conf"

## directory listing configuration
include "conf.d/dirlisting.conf"

## Should lighttpd follow symlinks?
server.follow-symlink = "enable"

## force all filenames to be lowercase?
#server.force-lowercase-filenames = "disable"

## defaults to /var/tmp as we assume it is a local harddisk
server.upload-dirs = ( "/var/tmp" )


##  SSL Support
## ------------- 
## To enable SSL for the whole server you have to provide a valid
## certificate and have to enable the SSL engine.::
##   ssl.engine = "enable"
##   ssl.pemfile = "/path/to/server.pem"
## The HTTPS protocol does not allow you to use name-based virtual
## hosting with SSL. If you want to run multiple SSL servers with
## one lighttpd instance you must use IP-based virtual hosting: ::
## Mitigate CVE-2009-3555 by disabling client triggered renegotation
## This is enabled by default.
## IMPORTANT: this setting can only be used in the global scope.
## It does *not* work inside conditionals
#   ssl.disable-client-renegotiation = "enable"
##   $SERVER["socket"] == "" {
##     ssl.engine                  = "enable"
##     ssl.pemfile                 = "/etc/ssl/private/"
##     #
##     # (Following SSL/TLS Deployment Best Practices 1.3 / 17 September 2013 from:
##     #
##     # - BEAST is considered mitigaed on client side now, and new weaknesses have been found in RC4,
##     #   so it is strongly advised to disable RC4 ciphers (HIGH doesn't include RC4)
##     # - It is recommended to disable 3DES too (although disabling RC4 and 3DES breaks IE6+8 on Windows XP,
##     #   so you might want to support 3DES for now - just remove the '!3DES' parts below).
##     # - The examples below prefer ciphersuites with "Forward Secrecy" (and ECDHE over DHE (alias EDH)), remove '+kEDH +kRSA'
##     #   if you don't want that.
##     # - SRP and PSK are not supported anyway, excluding those ('!kSRP !kPSK') just keeps the list smaller (easier to review)
##     # Check your cipher list with: openssl ciphers -v '...' (use single quotes as your shell won't like ! in double quotes)
##     #
##     # If you know you have RSA keys (standard), you can use:
##     ssl.cipher-list             = "PROFILE=SYSTEM"
##     # The more generic version (without the restriction to RSA keys) is
##     # ssl.cipher-list           = "HIGH !aNULL !3DES +kEDH +kRSA !kSRP !kPSK"
##     #
##     # Make the server prefer the order of the server side cipher suite instead of the client suite.
##     # This option is enabled by default, but only used if ssl.cipher-list is set.
##     #
##     # ssl.honor-cipher-order = "enable"
##     #
##                 = ""
##     server.document-root        = "/srv/www/vhosts/"
##   }

## If you have a .crt and a .key file, cat them together into a
## single PEM file:
## $ cat /etc/ssl/private/lighttpd.key /etc/ssl/certs/lighttpd.crt \
##   > /etc/ssl/private/lighttpd.pem
#ssl.pemfile = "/etc/ssl/private/lighttpd.pem"

## optionally pass the CA certificate here.
## = ""


## custom includes like vhosts.
#include "conf.d/config.conf"
#include_shell "cat /etc/lighttpd/vhosts.d/*.conf"

setenv.add-environment = (
  "LC_CTYPE" => "en_US.utf8"