Mercurial > hg > rlgallery-misc

view lighttpd/lighttpd.conf @ 55:e421ea2519ec

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
dgamelaunch: define user/group by name instead of UID/GID. The user and group might not be created with the UID and GID expected, so it is better to use names. They can be changed to numeric values after installation.
author John "Elwin" Edwards
date Sun, 11 May 2014 08:32:31 -0700
parents 09ef92dc4439
children b1d3a618c254
line wrap: on
line source

#######################################################################
##
## /etc/lighttpd/lighttpd.conf
##
## check /etc/lighttpd/conf.d/*.conf for the configuration of modules.
##
#######################################################################

#######################################################################
##
## Some Variable definition which will make chrooting easier.
##
## if you add a variable here. Add the corresponding variable in the
## chroot example aswell.
##
var.log_root    = "/var/log/lighttpd"
var.server_root = "/var/www"
var.state_dir   = "/var/run"
var.home_dir    = "/var/lib/lighttpd"
var.conf_dir    = "/etc/lighttpd"

## 
## run the server chrooted.
## 
## This requires root permissions during startup.
##
## If you run Chrooted set the the variables to directories relative to
## the chroot dir.
##
## example chroot configuration:
## 
#var.log_root    = "/logs"
#var.server_root = "/"
#var.state_dir   = "/run"
#var.home_dir    = "/lib/lighttpd"
#var.vhosts_dir  = "/vhosts"
#var.conf_dir    = "/etc"
#
#server.chroot   = "/srv/www"

##
## Some additional variables to make the configuration easier
##

##
## Base directory for all virtual hosts
##
## used in:
## conf.d/evhost.conf
## conf.d/simple_vhost.conf
## vhosts.d/vhosts.template
##
var.vhosts_dir  = server_root + "/vhosts"

##
## Cache for mod_compress
##
## used in:
## conf.d/compress.conf
##
var.cache_dir   = "/var/cache/lighttpd"

##
## Base directory for sockets.
##
## used in:
## conf.d/fastcgi.conf
## conf.d/scgi.conf
##
var.socket_dir  = home_dir + "/sockets"

##
#######################################################################

#######################################################################
##
## Load the modules.
include "modules.conf"

##
#######################################################################

#######################################################################
##
##  Basic Configuration
## ---------------------
##
server.port = 80

##
## Use IPv6?
##
server.use-ipv6 = "enable"

##
## bind to a specific IP
##
#server.bind = "localhost"

##
## Run as a different username/groupname.
## This requires root permissions during startup. 
##
server.username  = "lighttpd"
server.groupname = "lighttpd"

## 
## enable core files.
##
#server.core-files = "disable"

##
## Document root
##
server.document-root = server_root + "/lighttpd"

##
## The value for the "Server:" response field.
##
## It would be nice to keep it at "lighttpd".
##
#server.tag = "lighttpd"

##
## store a pid file
##
server.pid-file = state_dir + "/lighttpd.pid"

##
#######################################################################

#######################################################################
##
##  Logging Options
## ------------------
##
## all logging options can be overwritten per vhost.
##
## Path to the error log file
##
server.errorlog             = log_root + "/error.log"

##
## If you want to log to syslog you have to unset the 
## server.errorlog setting and uncomment the next line.
##
#server.errorlog-use-syslog = "enable"

##
## Access log config
## 
include "conf.d/access_log.conf"

##
## The debug options are moved into their own file.
## see conf.d/debug.conf for various options for request debugging.
##
include "conf.d/debug.conf"

##
#######################################################################

#######################################################################
##
##  Tuning/Performance
## --------------------
##
## corresponding documentation:
## http://www.lighttpd.net/documentation/performance.html
##
## set the event-handler (read the performance section in the manual)
##
## possible options on linux are:
##
## select
## poll
## linux-sysepoll
##
## linux-sysepoll is recommended on kernel 2.6.
##
server.event-handler = "linux-sysepoll"

##
## The basic network interface for all platforms at the syscalls read()
## and write(). Every modern OS provides its own syscall to help network
## servers transfer files as fast as possible 
##
## linux-sendfile - is recommended for small files.
## writev         - is recommended for sending many large files
##
server.network-backend = "linux-sendfile"

##
## As lighttpd is a single-threaded server, its main resource limit is
## the number of file descriptors, which is set to 1024 by default (on
## most systems).
##
## If you are running a high-traffic site you might want to increase this
## limit by setting server.max-fds.
##
## Changing this setting requires root permissions on startup. see
## server.username/server.groupname.
##
## By default lighttpd would not change the operation system default.
## But setting it to 2048 is a better default for busy servers.
##
## With SELinux enabled, this is denied by default and needs to be allowed
## by running the following once : setsebool -P httpd_setrlimit on
#server.max-fds = 2048

##
## Stat() call caching.
##
## lighttpd can utilize FAM/Gamin to cache stat call.
##
## possible values are:
## disable, simple or fam.
##
server.stat-cache-engine = "simple"

##
## Fine tuning for the request handling
##
## max-connections == max-fds/2 (maybe /3)
## means the other file handles are used for fastcgi/files
##
server.max-connections = 1024

##
## How many seconds to keep a keep-alive connection open,
## until we consider it idle. 
##
## Default: 5
##
#server.max-keep-alive-idle = 5

##
## How many keep-alive requests until closing the connection.
##
## Default: 16
##
#server.max-keep-alive-requests = 16

##
## Maximum size of a request in kilobytes.
## By default it is unlimited (0).
##
## Uploads to your server cant be larger than this value.
##
#server.max-request-size = 0

##
## Time to read from a socket before we consider it idle.
##
## Default: 60
##
#server.max-read-idle = 60

##
## Time to write to a socket before we consider it idle.
##
## Default: 360
##
#server.max-write-idle = 360

##
##  Traffic Shaping 
## -----------------
##
## see /usr/share/doc/lighttpd/traffic-shaping.txt
##
## Values are in kilobyte per second.
##
## Keep in mind that a limit below 32kB/s might actually limit the
## traffic to 32kB/s. This is caused by the size of the TCP send
## buffer. 
##
## per server:
##
#server.kbytes-per-second = 128

##
## per connection:
##
#connection.kbytes-per-second = 32

##
#######################################################################

#######################################################################
##
##  Filename/File handling
## ------------------------

##
## files to check for if .../ is requested
## index-file.names            = ( "index.php", "index.rb", "index.html",
##                                 "index.htm", "default.htm" )
##
#index-file.names += (
#  "index.xhtml", "index.html", "index.htm", "default.htm", "index.php"
#)
index-file.names += (
  "index.xhtml", "index.html", "index.htm", "default.htm", "index.php",
  "index.cgi"
)

##
## deny access the file-extensions
##
## ~    is for backupfiles from vi, emacs, joe, ...
## .inc is often used for code includes which should in general not be part
##      of the document-root
url.access-deny             = ( "~", ".inc" )

##
## disable range requests for pdf files
## workaround for a bug in the Acrobat Reader plugin.
##
$HTTP["url"] =~ "\.pdf$" {
  server.range-requests = "disable"
}

##
## url handling modules (rewrite, redirect)
##
#url.rewrite                = ( "^/$"             => "/server-status" )
#url.redirect               = ( "^/wishlist/(.+)" => "http://www.example.com/$1" )

##
## both rewrite/redirect support back reference to regex conditional using %n
##
#$HTTP["host"] =~ "^www\.(.*)" {
#  url.redirect            = ( "^/(.*)" => "http://%1/$1" )
#}
$HTTP["host"] =~ "^(.*)$" {
  url.redirect = ( 
    "^/scoring/highscores.html" => "http://%1/scoring/high.cgi?l=40"
  )
}

##
## which extensions should not be handle via static-file transfer
##
## .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi
##
#static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".scgi" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".cgi", ".py", ".scgi" )

##
## error-handler for status 404
##
#server.error-handler-404   = "/error-handler.html"
#server.error-handler-404   = "/error-handler.php"
server.error-handler-404   = "404.html"

##
## Format: <errorfile-prefix><status-code>.html
## -> ..../status-404.html for 'File not found'
##
#server.errorfile-prefix    = "/srv/www/htdocs/errors/status-"

##
## mimetype mapping
##
include "conf.d/mime.conf"

##
## directory listing configuration
##
include "conf.d/dirlisting.conf"

##
## Should lighttpd follow symlinks?
## 
server.follow-symlink = "enable"

##
## force all filenames to be lowercase?
##
#server.force-lowercase-filenames = "disable"

##
## defaults to /var/tmp as we assume it is a local harddisk
##
server.upload-dirs = ( "/var/tmp" )

##
#######################################################################


#######################################################################
##
##  SSL Support
## ------------- 
##
## To enable SSL for the whole server you have to provide a valid
## certificate and have to enable the SSL engine.::
##
##   ssl.engine = "enable"
##   ssl.pemfile = "/path/to/server.pem"
##
## The HTTPS protocol does not allow you to use name-based virtual
## hosting with SSL. If you want to run multiple SSL servers with
## one lighttpd instance you must use IP-based virtual hosting: ::
##
##   $SERVER["socket"] == "10.0.0.1:443" {
##     ssl.engine                  = "enable"
##     ssl.pemfile                 = "/etc/ssl/private/www.example.com.pem"
##     #
##     # Mitigate BEAST attack:
##     #
##     # A stricter base cipher suite. For details see:
##     # http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html
##     #
##     ssl.cipher-list             = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
##     #
##     # Make the server prefer the order of the server side cipher suite instead of the client suite.
##     # This is necessary to mitigate the BEAST attack (unless you disable all non RC4 algorithms).
##     # This option is enabled by default, but only used if ssl.cipher-list is set.
##     #
##     # ssl.honor-cipher-order = "enable"
##     #
##     # Mitigate CVE-2009-3555 by disabling client triggered renegotation
##     # This is enabled by default.
##     #
##     # ssl.disable-client-renegotiation = "enable"
##     #
##     server.name                 = "www.example.com"
##
##     server.document-root        = "/srv/www/vhosts/example.com/www/"
##   }
##

## If you have a .crt and a .key file, cat them together into a
## single PEM file:
## $ cat /etc/ssl/private/lighttpd.key /etc/ssl/certs/lighttpd.crt \
##   > /etc/ssl/private/lighttpd.pem
##
#ssl.pemfile = "/etc/ssl/private/lighttpd.pem"

##
## optionally pass the CA certificate here.
##
##
#ssl.ca-file = ""

##
#######################################################################

#######################################################################
##
## custom includes like vhosts.
##
#include "conf.d/config.conf"
#include_shell "cat /etc/lighttpd/vhosts.d/*.conf"
##
#######################################################################

setenv.add-environment = (
  "LC_CTYPE" => "en_US.utf8"
)