Configuration File Options

Here you will find a list of all available configuration lighttpd. They are grouped by module, and a link to each module configuration will provide with more detail information about each option, as well as examples, and other guidelines.

Lighttpd Core

option description details
connection.kbytes-per-second limit the throughput for each single connection to the given limit in kbyte/s Details
etag.use-inode Determines if inode-value is used in ETag generation Details
etag.use-mtime Determines if mtime-value is used in ETag generation Details
etag.use-size Determines if size-value is used in ETag generation Details
index-file.names list of files to search for if a directory is requested Details
mimetype.assign list of known mimetype mappings Details
mimetype.use-xattr try to use XFS-style extended attribute interface for retreiving the Content-Type Details
server.bind IP address, hostname or absolute path to the unix-domain socket Details
server.chroot root-directory of the server Details
server.core-files enable core files Details
server.dir-listing enable/disable dir listing Details
server.document-root document-root of the webserver Details
server.errorfile-prefix path prefix for special status codes pages Details
server.error-handler-404 uri to call if the requested file results in a 404 Details
server.errorlog pathname of the error-log Details
server.errorlog-use-syslog* send errorlog to syslog Details
server.breakagelog open as stderr, so all forked applications will write their errors to this (if stderr isn't handled otherwise via a pipe); needed to see mod_cgi stderr in 1.4
server.event-handler set the event handler Details
server.follow-symlink allow to follow-symlinks Details
server.force-lowercase-filenames enable force all filenames to lowercase
server.groupname groupname used to run the server Details
server.kbytes-per-second limit the throughput for all connections to the given limit in kbyte/s Details
server.max-connections maximum connections Details
server.max-fds maximum number of file descriptors Details
server.max-keep-alive-idle maximum number of seconds until a idling keep-alive connection is droped Details
server.max-keep-alive-requests maximum number of request within a keep-alive session Details
server.max-read-idle maximum number of seconds until a waiting, non keep-alive read times out and closes the connection Details
server.max-request-size maximum size in kbytes of the request Details
server.max-worker number of worker processes to spawn Details
server.max-write-idle maximum number of seconds until a waiting write call times out Details
server.modules modules to load Details
server.name name of the server/virtual server Details
server.network-backend basic network interface for all platforms at the syscalls read() and write() Details
server.pid-file set the name and location of the .pid-file Details
server.protocol-http11 defines if HTTP/1.1 is allowed or not Details
server.range-requests defines if range requests are allowed or not Details
server.reject-expect-100-with-417 setting to disable returning of a 417 if "Expect: 100-continue" header
server.stat-cache-engine select stat() call caching Details
server.tag set the string returned by the server Details
server.upload-dirs path to upload directory Details
server.use-ipv6 bind to the IPv6 socket Details
server.username username used to run the server Details
static-file.etags Determines if ETags are generated or not
static-file.exclude-extensions forbid access to the source of some types of files by extension

SSL

option description details
ssl.engine enable/disable ssl engine Details
ssl.pemfile path to the PEM file for SSL support Details
ssl.ca-file path to the CA file for support of chained certificates Details
ssl.use-sslv2 enable/disable use of SSL version 2 Details
ssl.cipher-list Configure the allowed SSL ciphers Details
ssl.honor-cipher-order enable/disable honoring the order of ciphers set in ssl.cipher-list (set by default when ssl.cipher-list is set) Details
ssl.disable-client-renegotiation enable/disable mitigation of client triggered re-negotiation (see CVE-2009-3555) Details
ssl.verifyclient.activate enable/disable client verification Details
ssl.verifyclient.enforce enable/disable enforcing client verification Details
ssl.verifyclient.depth certificate depth for client verification Details
ssl.verifyclient.exportcert enable/disable client certificate export to env:SSL_CLIENT_CERT Details
ssl.verifyclient.username client certificate entity to export as env:REMOTE_USER (eg. SSL_CLIENT_S_DN_emailAddress, SSL_CLIENT_S_DN_UID, etc.) Details

Core Debug Info

option description
debug.log-request-header log all request headers
debug.log-file-not-found log if a file wasn't found
debug.log-condition-handling log conditionals handling for debugging
debug.log-request-header-on-error log request header, but only when there is an error
debug.log-request-handling log request handling inside lighttpd
debug.log-state-handling log state handling inside lighttpd
debug.log-response-header log the header we send out to the client
debug.log-ssl-noise log some ssl warnings we hide by default (ssl handshake, unknown/bad certificate)

mod_access - access restrictions

option description
url.access-deny Denies access to all files with any of given trailing path names

mod_accesslog - access log files

option description
accesslog.use-syslog send the accesslog to syslog
accesslog.format the format of the logfile
accesslog.filename name of the file where the accesslog should be written to if syslog is not used

mod_alias - directory aliases

option description
alias.url rewrites the document-root for a URL-subset

mod_auth - authentication

option description
auth.debug enable/disable authentication module debug information
auth.backend type of authentication backend
auth.require set restriction method
auth.backend.ldap.hostname hostname of ldap server
auth.backend.ldap.starttls
auth.backend.ldap.filter
auth.backend.ldap.bind-pw
auth.backend.ldap.ca-file
auth.backend.ldap.base-dn
auth.backend.ldap.bind-dn
auth.backend.plain.userfile path to plain userfile
auth.backend.plain.groupfile path to plain groupfile
auth.backend.htdigest.userfile path to htdigest userfile
auth.backend.htpasswd.userfile path to htpassword userfile
auth.require option description
method type of authentication ("digest" or "basic")
realm authentication realm
require "valid-user" to allow any valid user, or a list of user=username separated by pipe symbols

mod_cache - web accelerating

option description
cache.bases directory arrays which want to save cache files
cache.enable
cache.domains domain pcre regex arrays which mod_cache will cache
cache.support-queries
cache.debug writes mod_cache debuging messages to error.log or not
cache.purge-host pcre regex hosts ip which are allowed to PURGE cache file
cache.refresh-pattern

mod_cgi - cgi

option description
cgi.assign assign cgi handler to an extension
cgi.execute-x-only requires +x for cgi scripts

mod_cml - Cache Meta Language

option description
cml.memcache-namespace (not used yet)
cml.power-magnet a cml file that is executed for each request
cml.memcache-hosts hosts for the memcache.* functions
cml.extension the file extension that is bound to the cml-module

mod_compress - compress output

option description
compress.max-filesize maximum size of the original file to be compressed kBytes
compress.cache-dir name of the directory where compressed content will be cached
compress.filetype mimetypes which might get compressed

mod_deflate - dynamic compression (1.5.0)

option description
deflate.enabled enable/disable deflate support
deflate.compression-level level of compression
deflate.mem-level
deflate.window-size
deflate.bzip2 enable/disable bzip support
deflate.min-compress-size minimum size document before compressing
deflate.sync-flush enable sync flush
deflate.output-buffer-size size of buffer for compression
deflate.work-block-size minimum block size for compression
deflate.mimetypes mimetype listing to be compressed.
deflate.debug enable debug

mod_dirlisting - directory listing

option description
server.dir-listing*: enable/disable directory listing
dir-listing.activate enables virtual directory listings if a directory is requested no index-file was found
dir-listing.external-css path to an external css stylesheet for the directory listing
dir-listing.encoding set a encoding for the generated directory listing
dir-listing.hide-dotfiles if enabled, does not list hidden files in directory listings generated by the dir-listing option
dir-listing.show-header include HEADER.txt files above the directory listing
dir-listing.hide-header-file enables hide header file from directory listing
dir-listing.show-readme include README.txt files below the directory listing
dir-listing.hide-readme-file enables displaying readme file in directory listing
dir-listing.exclude files that match any of the specified regular expressions will be excluded from listings
dir-listing.set-footer displays a string in the footer of a listing page

mod_evasive - evasive

option description
evasive.max-conns-per-ip upper limit of number of connections per ip allowed
evasive.silent no logging

mod_evhost - enhanced virtual host

option description
evhost.path-pattern pattern with wildcards to be replace to build a documentroot

mod_expire - cached expiration

option description
expire.url assignes a expiration to all files below the specified path

mod_extforward - use X-Forwarded-For

extract the client's "real" IP from X-Forwarded-For header

option description
extforward.forwarder set trust level of proxy ip's

mod_fastcgi - fastcgi

option description
fastcgi.map-extensions map multiple extensions to the same fastcgi server
fastcgi.debug a value between 0 and 65535 to set the debug-level in the FastCGI module
fastcgi.server tell the module where to send FastCGI requests to
fastcgi.server-option description
host is ip of the FastCGI process
port is tcp-port on the "host" used by the FastCGI process
socket path to the unix-domain socket
bin-path path to the local FastCGI binary which should be started if no local FastCGI is running
bin-environment set environment of FastCGI binary
bin-copy-environment copy environment from server for FastCGI binary
mode is the FastCGI protocol mode. Default is "responder", also "authorizer" mode is implemented
docroot docroot on the remote host
allow-x-send-file controls if X-LIGHTTPD-send-file and X-Sendfile headers are allowed
broken-scriptfilename breaks SCRIPT_FILENAME in a way that PHP can extract PATH_INFO from it
max-procs upper limit of processes to start
check-local enable/disable check for requested file in document root
disable-time time to wait before a disabled backend is checked again
strip-request-uri strip part of request-uri
fix-root-scriptname use this for backends with extension "/" (and check-local is disabled), only works > 1.4.22

mod_flv_streaming - flv streaming

flv-streaming.extensions: extensions of flv files
Blog Entry
Additional Information
Flash Video Player 3.5

mod_indexfile - Precautions and documentation

mod_mem_cache - local file accelerating

option description
mem-cache.filetypes content-type arrays which want to put into memory
mem-cache.enable
mem-cache.max-memory maxium memory in Mbytes mod-mem-cache can use
mem-cache.max-file-size maxium file size in Kbytes of single file to cache in memory
mem-cache.lru-remove-count
mem-cache.expire-time memory cache's expire time in minutes
mem-cache.slru-thresold slru threshold (against hit counter)

mod_mimemagic - determines the MIME type of a file by looking at a few bytes of its contents

option description
mimemagic.file path of magic.mime file
mimemagic.override-global-mimetype

mod_mysql_vhost - Mysql virtual hosting

option description
mysql-vhost.hostname hostname of mysql server
mysql-vhost.db database name
mysql-vhost.user username to access database
mysql-vhost.pass password to access database
mysql-vhost.sql SQL statement to execute to obtain docroot
mysql-vhost.port port where to connect to database
mysql-vhost.sock socket where to connect to database

mod_proxy - proxy

option description
proxy.balance select type of balancing algorithm (round-robin, hash, fair)
proxy.debug enable/disable proxy debug information
proxy.server where to send Proxy requests
proxy.server-option description
host ip of host to send requests
port listening port of host

mod_redirect - redirect

option description note
url.redirect redirects a set of URLs externally
url.redirect-code defines the http code that is sent with the redirect URL Added in 1.5.0

mod_rewrite - rewriting

option description
url.rewrite-once rewrites a set of URLs internally and skip the rest
url.rewrite-repeat rewrites a set of URLs internally in the webserver, continue applying rewrite rules
url.rewrite same as url.rewrite-once
url.rewrite-final same as url.rewrite-once
url.rewrite-[repeat-]if-not-file rewrites a set of urls internally and checks if files do not exist

mod_rrdtool - rrdtool

option description
rrdtool.db-name filename of the rrd-database
rrdtool.binary path to the rrdtool binary

mod_scgi - SCGI

option description
scgi.map-extensions map multiple extensions to the same scgi server
scgi.debug a value between 0 and 65535 to set the debug-level in the SCGI module
scgi.server tell the module where to send SCGI requests to
scgi.server-option description
host is ip of the SCGI process
port is tcp-port on the "host" used by the SCGI process
socket path to the unix-domain socket
bin-path path to the local SCGI binary which should be started if no local SCGI is running
bin-environment set environment of SCGI binary
bin-copy-environment copy environment from server for SCGI binary
docroot docroot on the remote host
allow-x-send-file controls if X-LIGHTTPD-send-file and X-Sendfile headers are allowed
broken-scriptfilename breaks SCRIPT_FILENAME in a way that PHP can extract PATH_INFO from it
idle-timeout number of seconds before a unused process gets terminated
max-procs upper limit of processes to start
min-procs sets the minium processes to start
min-procs-not-working
max-load-per-proc maximum number of waiting processes on average per process before a new process is spawned
check-local enable/disable check for requested file in document root
disable-time time to wait before a disabled backend is checked again
strip-request-uri strip part of request-uri

mod_secure_download - secure and fast download

option description
secdownload.document-root path to the download area
secdownload.timeout how long in seconds is the secret valid
secdownload.uri-prefix prefix to url for download
secdownload.secret Secret string that will be used for the checksum calculation

mod_setenv - set HTTP Environment

option description
setenv.add-response-header adds a value to the process environment that is passed to the external applications
setenv.add-request-header adds a header to the HTTP response sent to the client
setenv.add-environment adds a value to the process environment that is passed to the external applications

mod_simple_vhost - simple virtual host

option description
simple-vhost.document-root path below the vhost directory
simple-vhost.server-root root of the virtual host
simple-vhost.default-host use this hostname if the requested hostname does not have its own directory
simple-vhost.debug debug simple vhosts module

mod_ssi - server side includes

option description
ssi.extension extension of files processed by mod_ssi

mod_status - server status

option description
status.config-url relative URL for the config page which displays the loaded modules
status.statistics-url relative URL for a plain-text page containing the internal statistics
status.enable-sort add JavaScript which allows client-side sorting for the connection overview
status.status-url relative URL which is used to retrieve the status-page

mod_trigger_b4_dl - trigger before download

option description
trigger-before-download.trigger-url url for trigger pages
trigger-before-download.trigger-timeout time for download link to live
trigger-before-download.download-url url for downloads
trigger-before-download.deny-url url to show when visitor denied a download
trigger-before-download.gdbm-filename path to gdm file
trigger-before-download.memcache-hosts hosts for the memcache.* functions
trigger-before-download.memcache-namespace (not used yet)
trigger-before-download.debug

mod_userdir - user directories

option description
userdir.basepath if set, don't check /etc/passwd for homedir
userdir.exclude-user list of usernames which may not use this feature
userdir.path usually it should be set to "public_html" to take ~/public_html/ as the document root
userdir.include-user if set, only users from this list may use the feature

mod_uploadprogress - upload progress (1.5.0)

option description
upload-progress.progress-url

mod_usertrack - user track (cookies)

option description
usertrack.cookie-name
~'_usertrack.cookiename_'~ (deprecated)
usertrack.cookie-domain
usertrack.cookie-max-age

mod_webdav - WebDAV

option description
webdav.activate enable/disable WebDAV
webdav.is-readonly enable/disable read only
webdav.sqlite-db-name pathname to SQLite database
webdav.log-xml Log the XML Request bodies for debugging