Project

General

Profile

Bug #2460 » lighttpd.conf

jeisom, 2012-11-16 19:36

 
1
#######################################################################
2
##
3
## /etc/lighttpd/lighttpd.conf
4
##
5
## check /etc/lighttpd/conf.d/*.conf for the configuration of modules.
6
##
7
#######################################################################
8

    
9
#######################################################################
10
##
11
## Some Variable definition which will make chrooting easier.
12
##
13
## if you add a variable here. Add the corresponding variable in the
14
## chroot example aswell.
15
##
16
#var.log_root    = "/usr/local/apache2/webdav/usrfolder/lighttpd/log"
17
#var.server_root = "/usr/local/apache2/webdav/usrfolder/"
18
#var.state_dir   = "/usr/local/apache2/webdav/usrfolder/lighttpd/run"
19
#var.home_dir    = "/var/lib/"
20
#var.conf_dir    = "/usr/local/apache2/webdav/usrfolder/lighttpd/etc/lighttpd"
21

    
22
## 
23
## run the server chrooted.
24
## 
25
## This requires root permissions during startup.
26
##
27
## If you run Chrooted set the the variables to directories relative to
28
## the chroot dir.
29
##
30
## example chroot configuration:
31
## 
32
var.log_root    = "/lighttpd/log"
33
var.server_root = "/"
34
var.state_dir   = "/var/run"
35
var.home_dir    = "/lighttpd"
36
#var.vhosts_dir  = "/vhosts"
37
var.conf_dir    = "/lighttpd/etc"
38
#
39
server.chroot   = "/usr/local/apache2/webdav/usrfolder/"
40

    
41
##
42
## Some additional variables to make the configuration easier
43
##
44

    
45
##
46
## Base directory for all virtual hosts
47
##
48
## used in:
49
## conf.d/evhost.conf
50
## conf.d/simple_vhost.conf
51
## vhosts.d/vhosts.template
52
##
53
#var.vhosts_dir  = server_root + "/vhosts"
54

    
55
##
56
## Cache for mod_compress
57
##
58
## used in:
59
## conf.d/compress.conf
60
##
61
#var.cache_dir   = "/var/cache/lighttpd"
62

    
63
##
64
## Base directory for sockets.
65
##
66
## used in:
67
## conf.d/fastcgi.conf
68
## conf.d/scgi.conf
69
##
70
var.socket_dir  = home_dir + "/sockets"
71

    
72
##
73
#######################################################################
74

    
75
#######################################################################
76
##
77
## Load the modules.
78
include "modules.conf"
79

    
80
##
81
#######################################################################
82

    
83
#######################################################################
84
##
85
##  Basic Configuration
86
## ---------------------
87
##
88
server.port = 8080
89

    
90
##
91
## Use IPv6?
92
##
93
#server.use-ipv6 = "enable"
94

    
95
##
96
## bind to a specific IP
97
##
98
server.bind = "192.168.200.254"
99

    
100
##
101
## Run as a different username/groupname.
102
## This requires root permissions during startup. 
103
##
104
server.username  = "nobody"
105
server.groupname = "nogroup"
106

    
107
## 
108
## enable core files.
109
##
110
#server.core-files = "disable"
111

    
112
##
113
## Document root
114
##
115
server.document-root = server_root 
116

    
117
##
118
## The value for the "Server:" response field.
119
##
120
## It would be nice to keep it at "lighttpd".
121
##
122
#server.tag = "lighttpd"
123

    
124
##
125
## store a pid file
126
##
127
server.pid-file = state_dir + "/lighttpd.pid"
128

    
129
##
130
#######################################################################
131

    
132
#######################################################################
133
##
134
##  Logging Options
135
## ------------------
136
##
137
## all logging options can be overwritten per vhost.
138
##
139
## Path to the error log file
140
##
141
server.errorlog             = log_root + "/error.log"
142

    
143
##
144
## If you want to log to syslog you have to unset the 
145
## server.errorlog setting and uncomment the next line.
146
##
147
#server.errorlog-use-syslog = "enable"
148

    
149
##
150
## Access log config
151
## 
152
include "conf.d/access_log.conf"
153

    
154
##
155
## The debug options are moved into their own file.
156
## see conf.d/debug.conf for various options for request debugging.
157
##
158
include "conf.d/debug.conf"
159

    
160
##
161
#######################################################################
162

    
163
#######################################################################
164
##
165
##  Tuning/Performance
166
## --------------------
167
##
168
## corresponding documentation:
169
## http://www.lighttpd.net/documentation/performance.html
170
##
171
## set the event-handler (read the performance section in the manual)
172
##
173
## possible options on linux are:
174
##
175
## select
176
## poll
177
## linux-sysepoll
178
##
179
## linux-sysepoll is recommended on kernel 2.6.
180
##
181
server.event-handler = "poll"
182

    
183
##
184
## The basic network interface for all platforms at the syscalls read()
185
## and write(). Every modern OS provides its own syscall to help network
186
## servers transfer files as fast as possible 
187
##
188
## linux-sendfile - is recommended for small files.
189
## writev         - is recommended for sending many large files
190
##
191
server.network-backend = "writev"
192

    
193
##
194
## As lighttpd is a single-threaded server, its main resource limit is
195
## the number of file descriptors, which is set to 1024 by default (on
196
## most systems).
197
##
198
## If you are running a high-traffic site you might want to increase this
199
## limit by setting server.max-fds.
200
##
201
## Changing this setting requires root permissions on startup. see
202
## server.username/server.groupname.
203
##
204
## By default lighttpd would not change the operation system default.
205
## But setting it to 2048 is a better default for busy servers.
206
##
207
server.max-fds = 256
208

    
209
##
210
## Stat() call caching.
211
##
212
## lighttpd can utilize FAM/Gamin to cache stat call.
213
##
214
## possible values are:
215
## disable, simple or fam.
216
##
217
server.stat-cache-engine = "simple"
218

    
219
##
220
## Fine tuning for the request handling
221
##
222
## max-connections == max-fds/2 (maybe /3)
223
## means the other file handles are used for fastcgi/files
224
##
225
server.max-connections = 128
226

    
227
##
228
## How many seconds to keep a keep-alive connection open,
229
## until we consider it idle. 
230
##
231
## Default: 5
232
##
233
server.max-keep-alive-idle = 15
234

    
235
##
236
## How many keep-alive requests until closing the connection.
237
##
238
## Default: 16
239
##
240
#server.max-keep-alive-requests = 16
241

    
242
##
243
## Maximum size of a request in kilobytes.
244
## By default it is unlimited (0).
245
##
246
## Uploads to your server cant be larger than this value.
247
##
248
#server.max-request-size = 0
249

    
250
##
251
## Time to read from a socket before we consider it idle.
252
##
253
## Default: 60
254
##
255
#server.max-read-idle = 60
256

    
257
##
258
## Time to write to a socket before we consider it idle.
259
##
260
## Default: 360
261
##
262
#server.max-write-idle = 360
263

    
264
##
265
##  Traffic Shaping 
266
## -----------------
267
##
268
## see /usr/share/doc/lighttpd/traffic-shaping.txt
269
##
270
## Values are in kilobyte per second.
271
##
272
## Keep in mind that a limit below 32kB/s might actually limit the
273
## traffic to 32kB/s. This is caused by the size of the TCP send
274
## buffer. 
275
##
276
## per server:
277
##
278
#server.kbytes-per-second = 128
279

    
280
##
281
## per connection:
282
##
283
#connection.kbytes-per-second = 32
284

    
285
##
286
#######################################################################
287

    
288
#######################################################################
289
##
290
##  Filename/File handling
291
## ------------------------
292

    
293
##
294
## files to check for if .../ is requested
295
## index-file.names            = ( "index.php", "index.rb", "index.html",
296
##                                 "index.htm", "default.htm" )
297
##
298
index-file.names += (
299
  "index.xhtml", "index.html", "index.htm", "default.htm", "index.php"
300
)
301

    
302
##
303
## deny access the file-extensions
304
##
305
## ~    is for backupfiles from vi, emacs, joe, ...
306
## .inc is often used for code includes which should in general not be part
307
##      of the document-root
308
url.access-deny             = ( "~", ".inc" )
309

    
310
##
311
## disable range requests for pdf files
312
## workaround for a bug in the Acrobat Reader plugin.
313
##
314
#$HTTP["url"] =~ "\.pdf$" {
315
#  server.range-requests = "disable"
316
#}
317

    
318
##
319
## url handling modules (rewrite, redirect)
320
##
321
#url.rewrite                = ( "^/$"             => "/server-status" )
322
#url.redirect               = ( "^/wishlist/(.+)" => "http://www.example.com/$1" )
323

    
324
##
325
## both rewrite/redirect support back reference to regex conditional using %n
326
##
327
#$HTTP["host"] =~ "^www\.(.*)" {
328
#  url.redirect            = ( "^/(.*)" => "http://%1/$1" )
329
#}
330

    
331
##
332
## which extensions should not be handle via static-file transfer
333
##
334
## .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi
335
##
336
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".scgi" )
337

    
338
##
339
## error-handler for status 404
340
##
341
#server.error-handler-404   = "/error-handler.html"
342
#server.error-handler-404   = "/error-handler.php"
343

    
344
##
345
## Format: <errorfile-prefix><status-code>.html
346
## -> ..../status-404.html for 'File not found'
347
##
348
#server.errorfile-prefix    = "/srv/www/htdocs/errors/status-"
349

    
350
##
351
## mimetype mapping
352
##
353
include "conf.d/mime.conf"
354

    
355
##
356
## directory listing configuration
357
##
358
include "conf.d/dirlisting.conf"
359

    
360
##
361
## Should lighttpd follow symlinks?
362
## 
363
server.follow-symlink = "enable"
364

    
365
##
366
## force all filenames to be lowercase?
367
##
368
#server.force-lowercase-filenames = "disable"
369

    
370
##
371
## defaults to /var/tmp as we assume it is a local harddisk
372
##
373
server.upload-dirs = ( "/usr/local/apache2/webdav/usrfolder/tmp" )
374

    
375
##
376
#######################################################################
377

    
378

    
379
#######################################################################
380
##
381
##  SSL Support
382
## ------------- 
383
##
384
## To enable SSL for the whole server you have to provide a valid
385
## certificate and have to enable the SSL engine.::
386
##
387
##   ssl.engine = "enable"
388
##   ssl.pemfile = "/path/to/server.pem"
389
##
390
## The HTTPS protocol does not allow you to use name-based virtual
391
## hosting with SSL. If you want to run multiple SSL servers with
392
## one lighttpd instance you must use IP-based virtual hosting: ::
393
##
394
##   $SERVER["socket"] == "10.0.0.1:443" {
395
##     ssl.engine                  = "enable"
396
##     ssl.pemfile                 = "/etc/ssl/private/www.example.com.pem"
397
##     #
398
##     # Mitigate BEAST attack:
399
##     #
400
##     # A stricter base cipher suite. For details see:
401
##     # http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html
402
##     #
403
##     ssl.cipher-list             = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
404
##     #
405
##     # Make the server prefer the order of the server side cipher suite instead of the client suite.
406
##     # This is necessary to mitigate the BEAST attack (unless you disable all non RC4 algorithms).
407
##     # This option is enabled by default, but only used if ssl.cipher-list is set.
408
##     #
409
##     # ssl.honor-cipher-order = "enable"
410
##     #
411
##     # Mitigate CVE-2009-3555 by disabling client triggered renegotation
412
##     # This is enabled by default.
413
##     #
414
##     # ssl.disable-client-renegotiation = "enable"
415
##     #
416
##     server.name                 = "www.example.com"
417
##
418
##     server.document-root        = "/srv/www/vhosts/example.com/www/"
419
##   }
420
##
421

    
422
## If you have a .crt and a .key file, cat them together into a
423
## single PEM file:
424
## $ cat /etc/ssl/private/lighttpd.key /etc/ssl/certs/lighttpd.crt \
425
##   > /etc/ssl/private/lighttpd.pem
426
##
427
#ssl.pemfile = "/etc/ssl/private/lighttpd.pem"
428

    
429
##
430
## optionally pass the CA certificate here.
431
##
432
##
433
#ssl.ca-file = ""
434

    
435
##
436
#######################################################################
437

    
438
#######################################################################
439
##
440
## custom includes like vhosts.
441
##
442
#include "conf.d/config.conf"
443
#include_shell "cat /etc/lighttpd/vhosts.d/*.conf"
444
##
445
#######################################################################
(1-1/2)