Project

General

Profile

lighttpd-stripped.conf

configuration - Max_nl, 2017-02-10 12:51

 
1
server.modules              = (
2
                               "mod_rewrite",
3
                               "mod_evasive",
4
                               "mod_redirect",
5
                               "mod_access",
6
                               "mod_auth",
7
                               "mod_status",
8
                               "mod_fastcgi",
9
                               "mod_proxy",
10
                               "mod_simple_vhost",
11
                               "mod_evhost",
12
                               "mod_userdir",
13
                               "mod_cgi",
14
                               "mod_compress",
15
                               "mod_ssi",
16
                               "mod_usertrack",
17
                               "mod_expire",
18
                               "mod_secdownload",
19
                               "mod_rrdtool",
20
                               "mod_accesslog",
21
                               "mod_extforward"	
22
)
23

    
24
server.max-request-size = 2048
25
server.max-connections = 4096
26
#server.max-fds=8192
27
server.max-fds=100000
28
evasive.max-conns-per-ip = 20
29

    
30
server.document-root        = "/home/*********"
31
server.errorlog             = "/home/*********/etc/lighttpd.error.log"
32

    
33
# files to check for if .../ is requested
34
index-file.names            = ( "index.php","index.html",
35
                                "index.htm", "default.htm" )
36

    
37
server.event-handler = "freebsd-kqueue"
38
#server.network-backend = "writev"
39

    
40
# mimetype mapping
41
mimetype.assign             = (
42
  ".pdf"          =>      "application/pdf",
43
  ".sig"          =>      "application/pgp-signature",
44
  ".spl"          =>      "application/futuresplash",
45
  ".class"        =>      "application/octet-stream",
46
  ".ps"           =>      "application/postscript",
47
  ".torrent"      =>      "application/x-bittorrent",
48
  ".dvi"          =>      "application/x-dvi",
49
  ".gz"           =>      "application/x-gzip",
50
  ".pac"          =>      "application/x-ns-proxy-autoconfig",
51
  ".swf"          =>      "application/x-shockwave-flash",
52
  ".tar.gz"       =>      "application/x-tgz",
53
  ".tgz"          =>      "application/x-tgz",
54
  ".tar"          =>      "application/x-tar",
55
  ".zip"          =>      "application/zip",
56
  ".mp3"          =>      "audio/mpeg",
57
  ".m3u"          =>      "audio/x-mpegurl",
58
  ".wma"          =>      "audio/x-ms-wma",
59
  ".wax"          =>      "audio/x-ms-wax",
60
  ".ogg"          =>      "application/ogg",
61
  ".wav"          =>      "audio/x-wav",
62
  ".gif"          =>      "image/gif",
63
  ".jpg"          =>      "image/jpeg",
64
  ".jpeg"         =>      "image/jpeg",
65
  ".png"          =>      "image/png",
66
  ".xbm"          =>      "image/x-xbitmap",
67
  ".xpm"          =>      "image/x-xpixmap",
68
  ".xwd"          =>      "image/x-xwindowdump",
69
  ".css"          =>      "text/css",
70
  ".html"         =>      "text/html",
71
  ".htm"          =>      "text/html",
72
  ".js"           =>      "text/javascript",
73
  ".asc"          =>      "text/plain",
74
  ".c"            =>      "text/plain",
75
  ".cpp"          =>      "text/plain",
76
  ".log"          =>      "text/plain",
77
  ".conf"         =>      "text/plain",
78
  ".text"         =>      "text/plain",
79
  ".txt"          =>      "text/plain",
80
  ".dtd"          =>      "text/xml",
81
  ".xml"          =>      "text/xml",
82
  ".mpeg"         =>      "video/mpeg",
83
  ".mpg"          =>      "video/mpeg",
84
  ".mov"          =>      "video/quicktime",
85
  ".qt"           =>      "video/quicktime",
86
  ".avi"          =>      "video/x-msvideo",
87
  ".asf"          =>      "video/x-ms-asf",
88
  ".asx"          =>      "video/x-ms-asf",
89
  ".wmv"          =>      "video/x-ms-wmv",
90
  ".bz2"          =>      "application/x-bzip",
91
  ".tbz"          =>      "application/x-bzip-compressed-tar",
92
  ".tar.bz2"      =>      "application/x-bzip-compressed-tar"
93
 )
94

    
95
url.access-deny             = ( "~", ".inc" )
96
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
97
server.port                = 80
98
server.username		    = "www"
99

    
100
#### compress module
101
compress.cache-dir         = "/home/********/gz"
102
compress.filetype          = ("text/plain", "text/html", "text/javascript", "text/css")
103

    
104

    
105
fastcgi.server             = ( 
106
				".php" =>
107
                               ( 
108
                                 	(
109
					"socket" => "/tmp/php.socket",	
110
					"bin-path" => "/usr/local/bin/php",
111
                                        "bin-copy-environment" => ("PATH", "SHELL", "USER"),
112
					"allow-x-send-file" => "enable"
113
      					)
114
                                 ),
115

    
116
				"/fcgi/" =>
117
				(
118
					(
119
					 "socket" => "/tmp/******-fastcgi.socket",
120
					 "bin-path" => "/home/******/******.fcgi",
121
					 "allow-x-send-file" => "enable",
122
					 "check-local" => "disable",
123
                                         "max-procs" => 10 
124
					)
125
				)
126
                              )
127

    
128

    
129
$SERVER["socket"] == "*************:443" {
130
	ssl.engine                 = "enable"
131
	ssl.pemfile                = "/home/********/etc/************.pem"
132
	ssl.ca-file		   = "/home/********/etc/RapidSSL_CA_bundle.pem"	
133
	ssl.use-sslv2 = "disable"
134
	ssl.dh-file = "/home/********/etc/dhparam.pem" 
135
	ssl.ec-curve = "secp384r1"	
136
	ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"
137
}
138

    
139
# Force SSL
140
$HTTP["scheme"] == "http" {
141
	url.redirect = (".*" => "https://www.***********.***$0")
142
} 
143

    
144
#### status module
145
status.status-url          = "/*********/server-status"
146
status.config-url          = "/*********/server-config"
147
status.statistics-url = "/*******/server-statistics"
148
auth.backend	=	"htpasswd"
149
auth.backend.htpasswd.userfile = "/home/********/*****/.htpasswd"
150
auth.require = ( "/********" => ( "method" => "basic", "realm" => "login", "require" => "valid-user" ) )
151