changeset 26:b003235abe75

Add lighttpd configuration files.
author John "Elwin" Edwards
date Mon, 28 Oct 2013 20:33:23 -0700
parents dd72d2dd923f
children d7e92cd9df0f
files README.txt lighttpd/conf.d/cgi.conf lighttpd/conf.d/dirlisting.conf lighttpd/lighttpd.conf lighttpd/modules.conf
diffstat 5 files changed, 718 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/README.txt	Sun Oct 20 19:05:58 2013 -0700
+++ b/README.txt	Mon Oct 28 20:33:23 2013 -0700
@@ -4,6 +4,9 @@
 a patch to the Git version of dgamelaunch.  The patch makes it compatible with 
 the RLGWebD player and adds properly salted passwords.
 
+lighttpd/ contains the configuration files for lighttpd which have been 
+modified from the distribution versions.
+
 py/ contains various Python scripts.
 
 py/recorder.py processes the log files and stores the data in a PostgreSQL
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/lighttpd/conf.d/cgi.conf	Mon Oct 28 20:33:23 2013 -0700
@@ -0,0 +1,33 @@
+#######################################################################
+##
+##  CGI modules
+## --------------- 
+##
+## http://www.lighttpd.net/documentation/cgi.html
+##
+server.modules += ( "mod_cgi" )
+
+##
+## Plain old CGI handling
+##
+## For PHP don't forget to set cgi.fix_pathinfo = 1 in the php.ini.
+##
+cgi.assign                 = ( ".pl"  => "/usr/bin/perl",
+                               ".cgi" => "/usr/bin/python",
+                               ".rb"  => "/usr/bin/ruby",
+                               ".erb" => "/usr/bin/eruby",
+                               ".py"  => "/usr/bin/python" )
+
+##
+## to get the old cgi-bin behavior of apache
+##
+## Note: make sure that mod_alias is loaded if you uncomment the
+##       next line. (see modules.conf)
+##
+#alias.url += ( "/cgi-bin" => server_root + "/cgi-bin" )
+#$HTTP["url"] =~ "^/cgi-bin" {
+#   cgi.assign = ( "" => "" )
+#}
+
+##
+#######################################################################
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/lighttpd/conf.d/dirlisting.conf	Mon Oct 28 20:33:23 2013 -0700
@@ -0,0 +1,55 @@
+#######################################################################
+##
+##  Dirlisting Module 
+## ------------------- 
+##
+## See http://www.lighttpd.net/documentation/dirlisting.html
+##
+
+##
+## Enabled Directory listing
+##
+dir-listing.activate      = "enable"
+
+##
+## Hide dot files from the listing?
+## By default they are listed.
+##
+dir-listing.hide-dotfiles = "disable" 
+
+##
+## list of regular expressions. Files that match any of the specified
+## regular expressions will be excluded from directory listings.
+##
+dir-listing.exclude       = ( "~$" )
+
+##
+## set a encoding for the generated directory listing
+##
+## If you file-system is not using ASCII you have to set the encoding of
+## the filenames as they are put into the HTML listing AS IS (with XML
+## encoding)
+##
+dir-listing.encoding = "UTF-8"
+
+##
+## Specify the url to an optional CSS file. 
+##
+#dir-listing.external-css  = "/dirindex.css"
+
+##
+## Include HEADER.txt files above the directory listing. 
+## You can disable showing the HEADER.txt in the listing. 
+##
+dir-listing.hide-header-file = "disable"
+dir-listing.show-header = "disable"
+
+##
+## Include README.txt files above the directory listing. 
+## You can disable showing the README.txt in the listing. 
+##
+dir-listing.hide-readme-file = "disable"
+dir-listing.show-readme = "disable"
+
+##
+#######################################################################
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/lighttpd/lighttpd.conf	Mon Oct 28 20:33:23 2013 -0700
@@ -0,0 +1,453 @@
+#######################################################################
+##
+## /etc/lighttpd/lighttpd.conf
+##
+## check /etc/lighttpd/conf.d/*.conf for the configuration of modules.
+##
+#######################################################################
+
+#######################################################################
+##
+## Some Variable definition which will make chrooting easier.
+##
+## if you add a variable here. Add the corresponding variable in the
+## chroot example aswell.
+##
+var.log_root    = "/var/log/lighttpd"
+var.server_root = "/var/www"
+var.state_dir   = "/var/run"
+var.home_dir    = "/var/lib/lighttpd"
+var.conf_dir    = "/etc/lighttpd"
+
+## 
+## run the server chrooted.
+## 
+## This requires root permissions during startup.
+##
+## If you run Chrooted set the the variables to directories relative to
+## the chroot dir.
+##
+## example chroot configuration:
+## 
+#var.log_root    = "/logs"
+#var.server_root = "/"
+#var.state_dir   = "/run"
+#var.home_dir    = "/lib/lighttpd"
+#var.vhosts_dir  = "/vhosts"
+#var.conf_dir    = "/etc"
+#
+#server.chroot   = "/srv/www"
+
+##
+## Some additional variables to make the configuration easier
+##
+
+##
+## Base directory for all virtual hosts
+##
+## used in:
+## conf.d/evhost.conf
+## conf.d/simple_vhost.conf
+## vhosts.d/vhosts.template
+##
+var.vhosts_dir  = server_root + "/vhosts"
+
+##
+## Cache for mod_compress
+##
+## used in:
+## conf.d/compress.conf
+##
+var.cache_dir   = "/var/cache/lighttpd"
+
+##
+## Base directory for sockets.
+##
+## used in:
+## conf.d/fastcgi.conf
+## conf.d/scgi.conf
+##
+var.socket_dir  = home_dir + "/sockets"
+
+##
+#######################################################################
+
+#######################################################################
+##
+## Load the modules.
+include "modules.conf"
+
+##
+#######################################################################
+
+#######################################################################
+##
+##  Basic Configuration
+## ---------------------
+##
+server.port = 80
+
+##
+## Use IPv6?
+##
+server.use-ipv6 = "enable"
+
+##
+## bind to a specific IP
+##
+#server.bind = "localhost"
+
+##
+## Run as a different username/groupname.
+## This requires root permissions during startup. 
+##
+server.username  = "lighttpd"
+server.groupname = "lighttpd"
+
+## 
+## enable core files.
+##
+#server.core-files = "disable"
+
+##
+## Document root
+##
+server.document-root = server_root + "/lighttpd"
+
+##
+## The value for the "Server:" response field.
+##
+## It would be nice to keep it at "lighttpd".
+##
+#server.tag = "lighttpd"
+
+##
+## store a pid file
+##
+server.pid-file = state_dir + "/lighttpd.pid"
+
+##
+#######################################################################
+
+#######################################################################
+##
+##  Logging Options
+## ------------------
+##
+## all logging options can be overwritten per vhost.
+##
+## Path to the error log file
+##
+server.errorlog             = log_root + "/error.log"
+
+##
+## If you want to log to syslog you have to unset the 
+## server.errorlog setting and uncomment the next line.
+##
+#server.errorlog-use-syslog = "enable"
+
+##
+## Access log config
+## 
+include "conf.d/access_log.conf"
+
+##
+## The debug options are moved into their own file.
+## see conf.d/debug.conf for various options for request debugging.
+##
+include "conf.d/debug.conf"
+
+##
+#######################################################################
+
+#######################################################################
+##
+##  Tuning/Performance
+## --------------------
+##
+## corresponding documentation:
+## http://www.lighttpd.net/documentation/performance.html
+##
+## set the event-handler (read the performance section in the manual)
+##
+## possible options on linux are:
+##
+## select
+## poll
+## linux-sysepoll
+##
+## linux-sysepoll is recommended on kernel 2.6.
+##
+server.event-handler = "linux-sysepoll"
+
+##
+## The basic network interface for all platforms at the syscalls read()
+## and write(). Every modern OS provides its own syscall to help network
+## servers transfer files as fast as possible 
+##
+## linux-sendfile - is recommended for small files.
+## writev         - is recommended for sending many large files
+##
+server.network-backend = "linux-sendfile"
+
+##
+## As lighttpd is a single-threaded server, its main resource limit is
+## the number of file descriptors, which is set to 1024 by default (on
+## most systems).
+##
+## If you are running a high-traffic site you might want to increase this
+## limit by setting server.max-fds.
+##
+## Changing this setting requires root permissions on startup. see
+## server.username/server.groupname.
+##
+## By default lighttpd would not change the operation system default.
+## But setting it to 2048 is a better default for busy servers.
+##
+## With SELinux enabled, this is denied by default and needs to be allowed
+## by running the following once : setsebool -P httpd_setrlimit on
+#server.max-fds = 2048
+
+##
+## Stat() call caching.
+##
+## lighttpd can utilize FAM/Gamin to cache stat call.
+##
+## possible values are:
+## disable, simple or fam.
+##
+server.stat-cache-engine = "simple"
+
+##
+## Fine tuning for the request handling
+##
+## max-connections == max-fds/2 (maybe /3)
+## means the other file handles are used for fastcgi/files
+##
+server.max-connections = 1024
+
+##
+## How many seconds to keep a keep-alive connection open,
+## until we consider it idle. 
+##
+## Default: 5
+##
+#server.max-keep-alive-idle = 5
+
+##
+## How many keep-alive requests until closing the connection.
+##
+## Default: 16
+##
+#server.max-keep-alive-requests = 16
+
+##
+## Maximum size of a request in kilobytes.
+## By default it is unlimited (0).
+##
+## Uploads to your server cant be larger than this value.
+##
+#server.max-request-size = 0
+
+##
+## Time to read from a socket before we consider it idle.
+##
+## Default: 60
+##
+#server.max-read-idle = 60
+
+##
+## Time to write to a socket before we consider it idle.
+##
+## Default: 360
+##
+#server.max-write-idle = 360
+
+##
+##  Traffic Shaping 
+## -----------------
+##
+## see /usr/share/doc/lighttpd/traffic-shaping.txt
+##
+## Values are in kilobyte per second.
+##
+## Keep in mind that a limit below 32kB/s might actually limit the
+## traffic to 32kB/s. This is caused by the size of the TCP send
+## buffer. 
+##
+## per server:
+##
+#server.kbytes-per-second = 128
+
+##
+## per connection:
+##
+#connection.kbytes-per-second = 32
+
+##
+#######################################################################
+
+#######################################################################
+##
+##  Filename/File handling
+## ------------------------
+
+##
+## files to check for if .../ is requested
+## index-file.names            = ( "index.php", "index.rb", "index.html",
+##                                 "index.htm", "default.htm" )
+##
+#index-file.names += (
+#  "index.xhtml", "index.html", "index.htm", "default.htm", "index.php"
+#)
+index-file.names += (
+  "index.xhtml", "index.html", "index.htm", "default.htm", "index.php",
+  "index.cgi"
+)
+
+##
+## deny access the file-extensions
+##
+## ~    is for backupfiles from vi, emacs, joe, ...
+## .inc is often used for code includes which should in general not be part
+##      of the document-root
+url.access-deny             = ( "~", ".inc" )
+
+##
+## disable range requests for pdf files
+## workaround for a bug in the Acrobat Reader plugin.
+##
+$HTTP["url"] =~ "\.pdf$" {
+  server.range-requests = "disable"
+}
+
+##
+## url handling modules (rewrite, redirect)
+##
+#url.rewrite                = ( "^/$"             => "/server-status" )
+#url.redirect               = ( "^/wishlist/(.+)" => "http://www.example.com/$1" )
+
+##
+## both rewrite/redirect support back reference to regex conditional using %n
+##
+#$HTTP["host"] =~ "^www\.(.*)" {
+#  url.redirect            = ( "^/(.*)" => "http://%1/$1" )
+#}
+
+##
+## which extensions should not be handle via static-file transfer
+##
+## .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi
+##
+#static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".scgi" )
+static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".cgi", ".py", ".scgi" )
+
+##
+## error-handler for status 404
+##
+#server.error-handler-404   = "/error-handler.html"
+#server.error-handler-404   = "/error-handler.php"
+server.error-handler-404   = "404.html"
+
+##
+## Format: <errorfile-prefix><status-code>.html
+## -> ..../status-404.html for 'File not found'
+##
+#server.errorfile-prefix    = "/srv/www/htdocs/errors/status-"
+
+##
+## mimetype mapping
+##
+include "conf.d/mime.conf"
+
+##
+## directory listing configuration
+##
+include "conf.d/dirlisting.conf"
+
+##
+## Should lighttpd follow symlinks?
+## 
+server.follow-symlink = "enable"
+
+##
+## force all filenames to be lowercase?
+##
+#server.force-lowercase-filenames = "disable"
+
+##
+## defaults to /var/tmp as we assume it is a local harddisk
+##
+server.upload-dirs = ( "/var/tmp" )
+
+##
+#######################################################################
+
+
+#######################################################################
+##
+##  SSL Support
+## ------------- 
+##
+## To enable SSL for the whole server you have to provide a valid
+## certificate and have to enable the SSL engine.::
+##
+##   ssl.engine = "enable"
+##   ssl.pemfile = "/path/to/server.pem"
+##
+## The HTTPS protocol does not allow you to use name-based virtual
+## hosting with SSL. If you want to run multiple SSL servers with
+## one lighttpd instance you must use IP-based virtual hosting: ::
+##
+##   $SERVER["socket"] == "10.0.0.1:443" {
+##     ssl.engine                  = "enable"
+##     ssl.pemfile                 = "/etc/ssl/private/www.example.com.pem"
+##     #
+##     # Mitigate BEAST attack:
+##     #
+##     # A stricter base cipher suite. For details see:
+##     # http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html
+##     #
+##     ssl.cipher-list             = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
+##     #
+##     # Make the server prefer the order of the server side cipher suite instead of the client suite.
+##     # This is necessary to mitigate the BEAST attack (unless you disable all non RC4 algorithms).
+##     # This option is enabled by default, but only used if ssl.cipher-list is set.
+##     #
+##     # ssl.honor-cipher-order = "enable"
+##     #
+##     # Mitigate CVE-2009-3555 by disabling client triggered renegotation
+##     # This is enabled by default.
+##     #
+##     # ssl.disable-client-renegotiation = "enable"
+##     #
+##     server.name                 = "www.example.com"
+##
+##     server.document-root        = "/srv/www/vhosts/example.com/www/"
+##   }
+##
+
+## If you have a .crt and a .key file, cat them together into a
+## single PEM file:
+## $ cat /etc/ssl/private/lighttpd.key /etc/ssl/certs/lighttpd.crt \
+##   > /etc/ssl/private/lighttpd.pem
+##
+#ssl.pemfile = "/etc/ssl/private/lighttpd.pem"
+
+##
+## optionally pass the CA certificate here.
+##
+##
+#ssl.ca-file = ""
+
+##
+#######################################################################
+
+#######################################################################
+##
+## custom includes like vhosts.
+##
+#include "conf.d/config.conf"
+#include_shell "cat /etc/lighttpd/vhosts.d/*.conf"
+##
+#######################################################################
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/lighttpd/modules.conf	Mon Oct 28 20:33:23 2013 -0700
@@ -0,0 +1,174 @@
+#######################################################################
+##
+##  Modules to load
+## -----------------
+##
+## at least mod_access and mod_accesslog should be loaded
+## all other module should only be loaded if really neccesary
+##
+## - saves some time
+## - saves memory
+##
+## the default module set contains:
+##
+## "mod_indexfile", "mod_dirlisting", "mod_staticfile"
+##
+## you dont have to include those modules in your list
+##
+## Modules, which are pulled in via conf.d/*.conf
+##
+## NOTE: the order of modules is important.
+##
+## - mod_accesslog     -> conf.d/access_log.conf
+## - mod_compress      -> conf.d/compress.conf
+## - mod_status        -> conf.d/status.conf
+## - mod_webdav        -> conf.d/webdav.conf
+## - mod_cml           -> conf.d/cml.conf
+## - mod_evhost        -> conf.d/evhost.conf
+## - mod_simple_vhost  -> conf.d/simple_vhost.conf
+## - mod_mysql_vhost   -> conf.d/mysql_vhost.conf
+## - mod_trigger_b4_dl -> conf.d/trigger_b4_dl.conf
+## - mod_userdir       -> conf.d/userdir.conf
+## - mod_rrdtool       -> conf.d/rrdtool.conf
+## - mod_ssi           -> conf.d/ssi.conf
+## - mod_cgi           -> conf.d/cgi.conf
+## - mod_scgi          -> conf.d/scgi.conf
+## - mod_fastcgi       -> conf.d/fastcgi.conf
+## - mod_proxy         -> conf.d/proxy.conf
+## - mod_secdownload   -> conf.d/secdownload.conf
+## - mod_expire        -> conf.d/expire.conf
+##
+
+server.modules = (
+  "mod_access",
+  "mod_accesslog",
+  "mod_cgi",
+#  "mod_alias",
+#  "mod_auth",
+#  "mod_evasive",
+#  "mod_redirect",
+#  "mod_rewrite",
+#  "mod_setenv",
+#  "mod_usertrack",
+)
+
+##
+#######################################################################
+
+#######################################################################
+##
+##  Config for various Modules
+##
+
+##
+## mod_ssi
+##
+#include "conf.d/ssi.conf"
+
+##
+## mod_status
+##
+#include "conf.d/status.conf"
+
+##
+## mod_webdav
+##
+#include "conf.d/webdav.conf"
+
+##
+## mod_compress