Statistics
| Revision:

root / branches / lighttpd-1.4.x / doc / config / lighttpd.conf

History | View | Annotate | Download (11.5 KB)

1
#######################################################################
2
##
3
## /etc/lighttpd/lighttpd.conf
4
##
5
## check /etc/lighttpd/conf.d/*.conf for the configuration of modules.
6
##
7
#######################################################################
8

    
9
#######################################################################
10
##
11
## Some Variable definition which will make chrooting easier.
12
##
13
## if you add a variable here. Add the corresponding variable in the
14
## chroot example aswell.
15
##
16
var.log_root    = "/var/log/lighttpd"
17
var.server_root = "/srv/www"
18
var.state_dir   = "/var/run"
19
var.home_dir    = "/var/lib/lighttpd"
20
var.conf_dir    = "/etc/lighttpd"
21

    
22
## 
23
## run the server chrooted.
24
## 
25
## This requires root permissions during startup.
26
##
27
## If you run Chrooted set the the variables to directories relative to
28
## the chroot dir.
29
##
30
## example chroot configuration:
31
## 
32
#var.log_root    = "/logs"
33
#var.server_root = "/"
34
#var.state_dir   = "/run"
35
#var.home_dir    = "/lib/lighttpd"
36
#var.vhosts_dir  = "/vhosts"
37
#var.conf_dir    = "/etc"
38
#
39
#server.chroot   = "/srv/www"
40

    
41
##
42
## Some additional variables to make the configuration easier
43
##
44

    
45
##
46
## Base directory for all virtual hosts
47
##
48
## used in:
49
## conf.d/evhost.conf
50
## conf.d/simple_vhost.conf
51
## vhosts.d/vhosts.template
52
##
53
var.vhosts_dir  = server_root + "/vhosts"
54

    
55
##
56
## Cache for mod_compress
57
##
58
## used in:
59
## conf.d/compress.conf
60
##
61
var.cache_dir   = "/var/cache/lighttpd"
62

    
63
##
64
## Base directory for sockets.
65
##
66
## used in:
67
## conf.d/fastcgi.conf
68
## conf.d/scgi.conf
69
##
70
var.socket_dir  = home_dir + "/sockets"
71

    
72
##
73
#######################################################################
74

    
75
#######################################################################
76
##
77
## Load the modules.
78
include "modules.conf"
79

    
80
##
81
#######################################################################
82

    
83
#######################################################################
84
##
85
##  Basic Configuration
86
## ---------------------
87
##
88
server.port = 80
89

    
90
##
91
## Use IPv6?
92
##
93
server.use-ipv6 = "enable"
94

    
95
##
96
## bind to a specific IP
97
##
98
#server.bind = "localhost"
99

    
100
##
101
## Run as a different username/groupname.
102
## This requires root permissions during startup. 
103
##
104
server.username  = "lighttpd"
105
server.groupname = "lighttpd"
106

    
107
## 
108
## enable core files.
109
##
110
#server.core-files = "disable"
111

    
112
##
113
## Document root
114
##
115
server.document-root = server_root + "/htdocs"
116

    
117
##
118
## The value for the "Server:" response field.
119
##
120
## It would be nice to keep it at "lighttpd".
121
##
122
#server.tag = "lighttpd"
123

    
124
##
125
## store a pid file
126
##
127
server.pid-file = state_dir + "/lighttpd.pid"
128

    
129
##
130
#######################################################################
131

    
132
#######################################################################
133
##
134
##  Logging Options
135
## ------------------
136
##
137
## all logging options can be overwritten per vhost.
138
##
139
## Path to the error log file
140
##
141
server.errorlog             = log_root + "/error.log"
142

    
143
##
144
## If you want to log to syslog you have to unset the 
145
## server.errorlog setting and uncomment the next line.
146
##
147
#server.errorlog-use-syslog = "enable"
148

    
149
##
150
## Access log config
151
## 
152
include "conf.d/access_log.conf"
153

    
154
##
155
## The debug options are moved into their own file.
156
## see conf.d/debug.conf for various options for request debugging.
157
##
158
include "conf.d/debug.conf"
159

    
160
##
161
#######################################################################
162

    
163
#######################################################################
164
##
165
##  Tuning/Performance
166
## --------------------
167
##
168
## corresponding documentation:
169
## http://www.lighttpd.net/documentation/performance.html
170
##
171
## set the event-handler (read the performance section in the manual)
172
##
173
## possible options on linux are:
174
##
175
## select
176
## poll
177
## linux-sysepoll
178
##
179
## linux-sysepoll is recommended on kernel 2.6.
180
##
181
server.event-handler = "linux-sysepoll"
182

    
183
##
184
## The basic network interface for all platforms at the syscalls read()
185
## and write(). Every modern OS provides its own syscall to help network
186
## servers transfer files as fast as possible 
187
##
188
## linux-sendfile - is recommended for small files.
189
## writev         - is recommended for sending many large files
190
##
191
server.network-backend = "linux-sendfile"
192

    
193
##
194
## As lighttpd is a single-threaded server, its main resource limit is
195
## the number of file descriptors, which is set to 1024 by default (on
196
## most systems).
197
##
198
## If you are running a high-traffic site you might want to increase this
199
## limit by setting server.max-fds.
200
##
201
## Changing this setting requires root permissions on startup. see
202
## server.username/server.groupname.
203
##
204
## By default lighttpd would not change the operation system default.
205
## But setting it to 2048 is a better default for busy servers.
206
##
207
server.max-fds = 2048
208

    
209
##
210
## Stat() call caching.
211
##
212
## lighttpd can utilize FAM/Gamin to cache stat call.
213
##
214
## possible values are:
215
## disable, simple or fam.
216
##
217
server.stat-cache-engine = "simple"
218

    
219
##
220
## Fine tuning for the request handling
221
##
222
## max-connections == max-fds/2 (maybe /3)
223
## means the other file handles are used for fastcgi/files
224
##
225
server.max-connections = 1024
226

    
227
##
228
## How many seconds to keep a keep-alive connection open,
229
## until we consider it idle. 
230
##
231
## Default: 5
232
##
233
#server.max-keep-alive-idle = 5
234

    
235
##
236
## How many keep-alive requests until closing the connection.
237
##
238
## Default: 16
239
##
240
#server.max-keep-alive-requests = 16
241

    
242
##
243
## Maximum size of a request in kilobytes.
244
## By default it is unlimited (0).
245
##
246
## Uploads to your server cant be larger than this value.
247
##
248
#server.max-request-size = 0
249

    
250
##
251
## Time to read from a socket before we consider it idle.
252
##
253
## Default: 60
254
##
255
#server.max-read-idle = 60
256

    
257
##
258
## Time to write to a socket before we consider it idle.
259
##
260
## Default: 360
261
##
262
#server.max-write-idle = 360
263

    
264
##
265
##  Traffic Shaping 
266
## -----------------
267
##
268
## see /usr/share/doc/lighttpd/traffic-shaping.txt
269
##
270
## Values are in kilobyte per second.
271
##
272
## Keep in mind that a limit below 32kB/s might actually limit the
273
## traffic to 32kB/s. This is caused by the size of the TCP send
274
## buffer. 
275
##
276
## per server:
277
##
278
#server.kbytes-per-second = 128
279

    
280
##
281
## per connection:
282
##
283
#connection.kbytes-per-second = 32
284

    
285
##
286
#######################################################################
287

    
288
#######################################################################
289
##
290
##  Filename/File handling
291
## ------------------------
292

    
293
##
294
## files to check for if .../ is requested
295
## index-file.names            = ( "index.php", "index.rb", "index.html",
296
##                                 "index.htm", "default.htm" )
297
##
298
index-file.names += (
299
  "index.xhtml", "index.html", "index.htm", "default.htm", "index.php"
300
)
301

    
302
##
303
## deny access the file-extensions
304
##
305
## ~    is for backupfiles from vi, emacs, joe, ...
306
## .inc is often used for code includes which should in general not be part
307
##      of the document-root
308
url.access-deny             = ( "~", ".inc" )
309

    
310
##
311
## disable range requests for pdf files
312
## workaround for a bug in the Acrobat Reader plugin.
313
##
314
$HTTP["url"] =~ "\.pdf$" {
315
  server.range-requests = "disable"
316
}
317

    
318
##
319
## url handling modules (rewrite, redirect)
320
##
321
#url.rewrite                = ( "^/$"             => "/server-status" )
322
#url.redirect               = ( "^/wishlist/(.+)" => "http://www.example.com/$1" )
323

    
324
##
325
## both rewrite/redirect support back reference to regex conditional using %n
326
##
327
#$HTTP["host"] =~ "^www\.(.*)" {
328
#  url.redirect            = ( "^/(.*)" => "http://%1/$1" )
329
#}
330

    
331
##
332
## which extensions should not be handle via static-file transfer
333
##
334
## .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi
335
##
336
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".scgi" )
337

    
338
##
339
## error-handler for status 404
340
##
341
#server.error-handler-404   = "/error-handler.html"
342
#server.error-handler-404   = "/error-handler.php"
343

    
344
##
345
## Format: <errorfile-prefix><status-code>.html
346
## -> ..../status-404.html for 'File not found'
347
##
348
#server.errorfile-prefix    = "/srv/www/htdocs/errors/status-"
349

    
350
##
351
## mimetype mapping
352
##
353
include "conf.d/mime.conf"
354

    
355
##
356
## directory listing configuration
357
##
358
include "conf.d/dirlisting.conf"
359

    
360
##
361
## Should lighttpd follow symlinks?
362
## 
363
server.follow-symlink = "enable"
364

    
365
##
366
## force all filenames to be lowercase?
367
##
368
#server.force-lowercase-filenames = "disable"
369

    
370
##
371
## defaults to /var/tmp as we assume it is a local harddisk
372
##
373
server.upload-dirs = ( "/var/tmp" )
374

    
375
##
376
#######################################################################
377

    
378

    
379
#######################################################################
380
##
381
##  SSL Support
382
## ------------- 
383
##
384
## To enable SSL for the whole server you have to provide a valid
385
## certificate and have to enable the SSL engine.::
386
##
387
##   ssl.engine = "enable"
388
##   ssl.pemfile = "/path/to/server.pem"
389
##
390
## The HTTPS protocol does not allow you to use name-based virtual
391
## hosting with SSL. If you want to run multiple SSL servers with
392
## one lighttpd instance you must use IP-based virtual hosting: ::
393
##
394
## Mitigate CVE-2009-3555 by disabling client triggered renegotation
395
## This is enabled by default.
396
##
397
## IMPORTANT: this setting can only be used in the global scope.
398
## It does *not* work inside conditionals
399
##
400
#   ssl.disable-client-renegotiation = "enable"
401
##
402
##   $SERVER["socket"] == "10.0.0.1:443" {
403
##     ssl.engine                  = "enable"
404
##     ssl.pemfile                 = "/etc/ssl/private/www.example.com.pem"
405
##     #
406
##     # (Following SSL/TLS Deployment Best Practices 1.3 / 17 September 2013 from:
407
##     # https://www.ssllabs.com/projects/best-practices/index.html)
408
##     # - BEAST is considered mitigaed on client side now, and new weaknesses have been found in RC4,
409
##     #   so it is strongly advised to disable RC4 ciphers (HIGH doesn't include RC4)
410
##     # - It is recommended to disable 3DES too (although disabling RC4 and 3DES breaks IE6+8 on Windows XP,
411
##     #   so you might want to support 3DES for now - just remove the '!3DES' parts below).
412
##     # - The examples below prefer ciphersuites with "Forward Secrecy" (and ECDHE over DHE (alias EDH)), remove '+kEDH +kRSA'
413
##     #   if you don't want that.
414
##     # - SRP and PSK are not supported anyway, excluding those ('!kSRP !kPSK') just keeps the list smaller (easier to review)
415
##     # Check your cipher list with: openssl ciphers -v '...' (use single quotes as your shell won't like ! in double quotes)
416
##     #
417
##     # If you know you have RSA keys (standard), you can use:
418
##     ssl.cipher-list             = "aRSA+HIGH !3DES +kEDH +kRSA !kSRP !kPSK"
419
##     # The more generic version (without the restriction to RSA keys) is
420
##     # ssl.cipher-list           = "HIGH !aNULL !3DES +kEDH +kRSA !kSRP !kPSK"
421
##     #
422
##     # Make the server prefer the order of the server side cipher suite instead of the client suite.
423
##     # This option is enabled by default, but only used if ssl.cipher-list is set.
424
##     #
425
##     # ssl.honor-cipher-order = "enable"
426
##     #
427
##     server.name                 = "www.example.com"
428
##
429
##     server.document-root        = "/srv/www/vhosts/example.com/www/"
430
##   }
431
##
432

    
433
## If you have a .crt and a .key file, cat them together into a
434
## single PEM file:
435
## $ cat /etc/ssl/private/lighttpd.key /etc/ssl/certs/lighttpd.crt \
436
##   > /etc/ssl/private/lighttpd.pem
437
##
438
#ssl.pemfile = "/etc/ssl/private/lighttpd.pem"
439

    
440
##
441
## optionally pass the CA certificate here.
442
##
443
##
444
#ssl.ca-file = ""
445

    
446
##
447
#######################################################################
448

    
449
#######################################################################
450
##
451
## custom includes like vhosts.
452
##
453
#include "conf.d/config.conf"
454
#include_shell "cat /etc/lighttpd/vhosts.d/*.conf"
455
##
456
#######################################################################