# HG changeset patch # User John "Elwin" Edwards # Date 1383017603 25200 # Node ID b003235abe75bbd6da31e4e27852b76d7847954b # Parent dd72d2dd923f74260e3c13662ef977748c83efe6 Add lighttpd configuration files. diff -r dd72d2dd923f -r b003235abe75 README.txt --- a/README.txt Sun Oct 20 19:05:58 2013 -0700 +++ b/README.txt Mon Oct 28 20:33:23 2013 -0700 @@ -4,6 +4,9 @@ a patch to the Git version of dgamelaunch. The patch makes it compatible with the RLGWebD player and adds properly salted passwords. +lighttpd/ contains the configuration files for lighttpd which have been +modified from the distribution versions. + py/ contains various Python scripts. py/recorder.py processes the log files and stores the data in a PostgreSQL diff -r dd72d2dd923f -r b003235abe75 lighttpd/conf.d/cgi.conf --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/lighttpd/conf.d/cgi.conf Mon Oct 28 20:33:23 2013 -0700 @@ -0,0 +1,33 @@ +####################################################################### +## +## CGI modules +## --------------- +## +## http://www.lighttpd.net/documentation/cgi.html +## +server.modules += ( "mod_cgi" ) + +## +## Plain old CGI handling +## +## For PHP don't forget to set cgi.fix_pathinfo = 1 in the php.ini. +## +cgi.assign = ( ".pl" => "/usr/bin/perl", + ".cgi" => "/usr/bin/python", + ".rb" => "/usr/bin/ruby", + ".erb" => "/usr/bin/eruby", + ".py" => "/usr/bin/python" ) + +## +## to get the old cgi-bin behavior of apache +## +## Note: make sure that mod_alias is loaded if you uncomment the +## next line. (see modules.conf) +## +#alias.url += ( "/cgi-bin" => server_root + "/cgi-bin" ) +#$HTTP["url"] =~ "^/cgi-bin" { +# cgi.assign = ( "" => "" ) +#} + +## +####################################################################### diff -r dd72d2dd923f -r b003235abe75 lighttpd/conf.d/dirlisting.conf --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/lighttpd/conf.d/dirlisting.conf Mon Oct 28 20:33:23 2013 -0700 @@ -0,0 +1,55 @@ +####################################################################### +## +## Dirlisting Module +## ------------------- +## +## See http://www.lighttpd.net/documentation/dirlisting.html +## + +## +## Enabled Directory listing +## +dir-listing.activate = "enable" + +## +## Hide dot files from the listing? +## By default they are listed. +## +dir-listing.hide-dotfiles = "disable" + +## +## list of regular expressions. Files that match any of the specified +## regular expressions will be excluded from directory listings. +## +dir-listing.exclude = ( "~$" ) + +## +## set a encoding for the generated directory listing +## +## If you file-system is not using ASCII you have to set the encoding of +## the filenames as they are put into the HTML listing AS IS (with XML +## encoding) +## +dir-listing.encoding = "UTF-8" + +## +## Specify the url to an optional CSS file. +## +#dir-listing.external-css = "/dirindex.css" + +## +## Include HEADER.txt files above the directory listing. +## You can disable showing the HEADER.txt in the listing. +## +dir-listing.hide-header-file = "disable" +dir-listing.show-header = "disable" + +## +## Include README.txt files above the directory listing. +## You can disable showing the README.txt in the listing. +## +dir-listing.hide-readme-file = "disable" +dir-listing.show-readme = "disable" + +## +####################################################################### diff -r dd72d2dd923f -r b003235abe75 lighttpd/lighttpd.conf --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/lighttpd/lighttpd.conf Mon Oct 28 20:33:23 2013 -0700 @@ -0,0 +1,453 @@ +####################################################################### +## +## /etc/lighttpd/lighttpd.conf +## +## check /etc/lighttpd/conf.d/*.conf for the configuration of modules. +## +####################################################################### + +####################################################################### +## +## Some Variable definition which will make chrooting easier. +## +## if you add a variable here. Add the corresponding variable in the +## chroot example aswell. +## +var.log_root = "/var/log/lighttpd" +var.server_root = "/var/www" +var.state_dir = "/var/run" +var.home_dir = "/var/lib/lighttpd" +var.conf_dir = "/etc/lighttpd" + +## +## run the server chrooted. +## +## This requires root permissions during startup. +## +## If you run Chrooted set the the variables to directories relative to +## the chroot dir. +## +## example chroot configuration: +## +#var.log_root = "/logs" +#var.server_root = "/" +#var.state_dir = "/run" +#var.home_dir = "/lib/lighttpd" +#var.vhosts_dir = "/vhosts" +#var.conf_dir = "/etc" +# +#server.chroot = "/srv/www" + +## +## Some additional variables to make the configuration easier +## + +## +## Base directory for all virtual hosts +## +## used in: +## conf.d/evhost.conf +## conf.d/simple_vhost.conf +## vhosts.d/vhosts.template +## +var.vhosts_dir = server_root + "/vhosts" + +## +## Cache for mod_compress +## +## used in: +## conf.d/compress.conf +## +var.cache_dir = "/var/cache/lighttpd" + +## +## Base directory for sockets. +## +## used in: +## conf.d/fastcgi.conf +## conf.d/scgi.conf +## +var.socket_dir = home_dir + "/sockets" + +## +####################################################################### + +####################################################################### +## +## Load the modules. +include "modules.conf" + +## +####################################################################### + +####################################################################### +## +## Basic Configuration +## --------------------- +## +server.port = 80 + +## +## Use IPv6? +## +server.use-ipv6 = "enable" + +## +## bind to a specific IP +## +#server.bind = "localhost" + +## +## Run as a different username/groupname. +## This requires root permissions during startup. +## +server.username = "lighttpd" +server.groupname = "lighttpd" + +## +## enable core files. +## +#server.core-files = "disable" + +## +## Document root +## +server.document-root = server_root + "/lighttpd" + +## +## The value for the "Server:" response field. +## +## It would be nice to keep it at "lighttpd". +## +#server.tag = "lighttpd" + +## +## store a pid file +## +server.pid-file = state_dir + "/lighttpd.pid" + +## +####################################################################### + +####################################################################### +## +## Logging Options +## ------------------ +## +## all logging options can be overwritten per vhost. +## +## Path to the error log file +## +server.errorlog = log_root + "/error.log" + +## +## If you want to log to syslog you have to unset the +## server.errorlog setting and uncomment the next line. +## +#server.errorlog-use-syslog = "enable" + +## +## Access log config +## +include "conf.d/access_log.conf" + +## +## The debug options are moved into their own file. +## see conf.d/debug.conf for various options for request debugging. +## +include "conf.d/debug.conf" + +## +####################################################################### + +####################################################################### +## +## Tuning/Performance +## -------------------- +## +## corresponding documentation: +## http://www.lighttpd.net/documentation/performance.html +## +## set the event-handler (read the performance section in the manual) +## +## possible options on linux are: +## +## select +## poll +## linux-sysepoll +## +## linux-sysepoll is recommended on kernel 2.6. +## +server.event-handler = "linux-sysepoll" + +## +## The basic network interface for all platforms at the syscalls read() +## and write(). Every modern OS provides its own syscall to help network +## servers transfer files as fast as possible +## +## linux-sendfile - is recommended for small files. +## writev - is recommended for sending many large files +## +server.network-backend = "linux-sendfile" + +## +## As lighttpd is a single-threaded server, its main resource limit is +## the number of file descriptors, which is set to 1024 by default (on +## most systems). +## +## If you are running a high-traffic site you might want to increase this +## limit by setting server.max-fds. +## +## Changing this setting requires root permissions on startup. see +## server.username/server.groupname. +## +## By default lighttpd would not change the operation system default. +## But setting it to 2048 is a better default for busy servers. +## +## With SELinux enabled, this is denied by default and needs to be allowed +## by running the following once : setsebool -P httpd_setrlimit on +#server.max-fds = 2048 + +## +## Stat() call caching. +## +## lighttpd can utilize FAM/Gamin to cache stat call. +## +## possible values are: +## disable, simple or fam. +## +server.stat-cache-engine = "simple" + +## +## Fine tuning for the request handling +## +## max-connections == max-fds/2 (maybe /3) +## means the other file handles are used for fastcgi/files +## +server.max-connections = 1024 + +## +## How many seconds to keep a keep-alive connection open, +## until we consider it idle. +## +## Default: 5 +## +#server.max-keep-alive-idle = 5 + +## +## How many keep-alive requests until closing the connection. +## +## Default: 16 +## +#server.max-keep-alive-requests = 16 + +## +## Maximum size of a request in kilobytes. +## By default it is unlimited (0). +## +## Uploads to your server cant be larger than this value. +## +#server.max-request-size = 0 + +## +## Time to read from a socket before we consider it idle. +## +## Default: 60 +## +#server.max-read-idle = 60 + +## +## Time to write to a socket before we consider it idle. +## +## Default: 360 +## +#server.max-write-idle = 360 + +## +## Traffic Shaping +## ----------------- +## +## see /usr/share/doc/lighttpd/traffic-shaping.txt +## +## Values are in kilobyte per second. +## +## Keep in mind that a limit below 32kB/s might actually limit the +## traffic to 32kB/s. This is caused by the size of the TCP send +## buffer. +## +## per server: +## +#server.kbytes-per-second = 128 + +## +## per connection: +## +#connection.kbytes-per-second = 32 + +## +####################################################################### + +####################################################################### +## +## Filename/File handling +## ------------------------ + +## +## files to check for if .../ is requested +## index-file.names = ( "index.php", "index.rb", "index.html", +## "index.htm", "default.htm" ) +## +#index-file.names += ( +# "index.xhtml", "index.html", "index.htm", "default.htm", "index.php" +#) +index-file.names += ( + "index.xhtml", "index.html", "index.htm", "default.htm", "index.php", + "index.cgi" +) + +## +## deny access the file-extensions +## +## ~ is for backupfiles from vi, emacs, joe, ... +## .inc is often used for code includes which should in general not be part +## of the document-root +url.access-deny = ( "~", ".inc" ) + +## +## disable range requests for pdf files +## workaround for a bug in the Acrobat Reader plugin. +## +$HTTP["url"] =~ "\.pdf$" { + server.range-requests = "disable" +} + +## +## url handling modules (rewrite, redirect) +## +#url.rewrite = ( "^/$" => "/server-status" ) +#url.redirect = ( "^/wishlist/(.+)" => "http://www.example.com/$1" ) + +## +## both rewrite/redirect support back reference to regex conditional using %n +## +#$HTTP["host"] =~ "^www\.(.*)" { +# url.redirect = ( "^/(.*)" => "http://%1/$1" ) +#} + +## +## which extensions should not be handle via static-file transfer +## +## .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi +## +#static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".scgi" ) +static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".cgi", ".py", ".scgi" ) + +## +## error-handler for status 404 +## +#server.error-handler-404 = "/error-handler.html" +#server.error-handler-404 = "/error-handler.php" +server.error-handler-404 = "404.html" + +## +## Format: .html +## -> ..../status-404.html for 'File not found' +## +#server.errorfile-prefix = "/srv/www/htdocs/errors/status-" + +## +## mimetype mapping +## +include "conf.d/mime.conf" + +## +## directory listing configuration +## +include "conf.d/dirlisting.conf" + +## +## Should lighttpd follow symlinks? +## +server.follow-symlink = "enable" + +## +## force all filenames to be lowercase? +## +#server.force-lowercase-filenames = "disable" + +## +## defaults to /var/tmp as we assume it is a local harddisk +## +server.upload-dirs = ( "/var/tmp" ) + +## +####################################################################### + + +####################################################################### +## +## SSL Support +## ------------- +## +## To enable SSL for the whole server you have to provide a valid +## certificate and have to enable the SSL engine.:: +## +## ssl.engine = "enable" +## ssl.pemfile = "/path/to/server.pem" +## +## The HTTPS protocol does not allow you to use name-based virtual +## hosting with SSL. If you want to run multiple SSL servers with +## one lighttpd instance you must use IP-based virtual hosting: :: +## +## $SERVER["socket"] == "10.0.0.1:443" { +## ssl.engine = "enable" +## ssl.pemfile = "/etc/ssl/private/www.example.com.pem" +## # +## # Mitigate BEAST attack: +## # +## # A stricter base cipher suite. For details see: +## # http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html +## # +## ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM" +## # +## # Make the server prefer the order of the server side cipher suite instead of the client suite. +## # This is necessary to mitigate the BEAST attack (unless you disable all non RC4 algorithms). +## # This option is enabled by default, but only used if ssl.cipher-list is set. +## # +## # ssl.honor-cipher-order = "enable" +## # +## # Mitigate CVE-2009-3555 by disabling client triggered renegotation +## # This is enabled by default. +## # +## # ssl.disable-client-renegotiation = "enable" +## # +## server.name = "www.example.com" +## +## server.document-root = "/srv/www/vhosts/example.com/www/" +## } +## + +## If you have a .crt and a .key file, cat them together into a +## single PEM file: +## $ cat /etc/ssl/private/lighttpd.key /etc/ssl/certs/lighttpd.crt \ +## > /etc/ssl/private/lighttpd.pem +## +#ssl.pemfile = "/etc/ssl/private/lighttpd.pem" + +## +## optionally pass the CA certificate here. +## +## +#ssl.ca-file = "" + +## +####################################################################### + +####################################################################### +## +## custom includes like vhosts. +## +#include "conf.d/config.conf" +#include_shell "cat /etc/lighttpd/vhosts.d/*.conf" +## +####################################################################### diff -r dd72d2dd923f -r b003235abe75 lighttpd/modules.conf --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/lighttpd/modules.conf Mon Oct 28 20:33:23 2013 -0700 @@ -0,0 +1,174 @@ +####################################################################### +## +## Modules to load +## ----------------- +## +## at least mod_access and mod_accesslog should be loaded +## all other module should only be loaded if really neccesary +## +## - saves some time +## - saves memory +## +## the default module set contains: +## +## "mod_indexfile", "mod_dirlisting", "mod_staticfile" +## +## you dont have to include those modules in your list +## +## Modules, which are pulled in via conf.d/*.conf +## +## NOTE: the order of modules is important. +## +## - mod_accesslog -> conf.d/access_log.conf +## - mod_compress -> conf.d/compress.conf +## - mod_status -> conf.d/status.conf +## - mod_webdav -> conf.d/webdav.conf +## - mod_cml -> conf.d/cml.conf +## - mod_evhost -> conf.d/evhost.conf +## - mod_simple_vhost -> conf.d/simple_vhost.conf +## - mod_mysql_vhost -> conf.d/mysql_vhost.conf +## - mod_trigger_b4_dl -> conf.d/trigger_b4_dl.conf +## - mod_userdir -> conf.d/userdir.conf +## - mod_rrdtool -> conf.d/rrdtool.conf +## - mod_ssi -> conf.d/ssi.conf +## - mod_cgi -> conf.d/cgi.conf +## - mod_scgi -> conf.d/scgi.conf +## - mod_fastcgi -> conf.d/fastcgi.conf +## - mod_proxy -> conf.d/proxy.conf +## - mod_secdownload -> conf.d/secdownload.conf +## - mod_expire -> conf.d/expire.conf +## + +server.modules = ( + "mod_access", + "mod_accesslog", + "mod_cgi", +# "mod_alias", +# "mod_auth", +# "mod_evasive", +# "mod_redirect", +# "mod_rewrite", +# "mod_setenv", +# "mod_usertrack", +) + +## +####################################################################### + +####################################################################### +## +## Config for various Modules +## + +## +## mod_ssi +## +#include "conf.d/ssi.conf" + +## +## mod_status +## +#include "conf.d/status.conf" + +## +## mod_webdav +## +#include "conf.d/webdav.conf" + +## +## mod_compress +## +#include "conf.d/compress.conf" + +## +## mod_userdir +## +#include "conf.d/userdir.conf" + +## +## mod_magnet +## +#include "conf.d/magnet.conf" + +## +## mod_cml +## +#include "conf.d/cml.conf" + +## +## mod_rrdtool +## +#include "conf.d/rrdtool.conf" + +## +## mod_proxy +## +#include "conf.d/proxy.conf" + +## +## mod_expire +## +#include "conf.d/expire.conf" + +## +## mod_secdownload +## +#include "conf.d/secdownload.conf" + +## +####################################################################### + +####################################################################### +## +## CGI modules +## + +## +## SCGI (mod_scgi) +## +#include "conf.d/scgi.conf" + +## +## FastCGI (mod_fastcgi) +## +#include "conf.d/fastcgi.conf" + +## +## plain old CGI (mod_cgi) +## +include "conf.d/cgi.conf" + +## +####################################################################### + +####################################################################### +## +## VHost Modules +## +## Only load ONE of them! +## ======================== +## + +## +## You can use conditionals for vhosts aswell. +## +## see http://www.lighttpd.net/documentation/configuration.html +## + +## +## mod_evhost +## +#include "conf.d/evhost.conf" + +## +## mod_simple_vhost +## +#include "conf.d/simple_vhost.conf" + +## +## mod_mysql_vhost +## +#include "conf.d/mysql_vhost.conf" + +## +#######################################################################