Project

General

Profile

Bug #2969 ยป lighttpd.conf

Deepak, 2019-08-07 05:53

 
1
#######################################################################
2
##
3
## /etc/lighttpd/lighttpd.conf
4
##
5
## check /etc/lighttpd/conf.d/*.conf for the configuration of modules.
6
##
7
#######################################################################
8

    
9
#######################################################################
10
##
11
## Some Variable definition which will make chrooting easier.
12
##
13
## if you add a variable here. Add the corresponding variable in the
14
## chroot example aswell.
15
##
16
var.log_root    = "/var/log/lighttpd"
17
var.server_root = "/home/mw/ui"
18
var.state_dir   = "/var/run"
19
var.home_dir    = "/var/lib/lighttpd"
20
var.conf_dir    = "/etc/lighttpd"
21

    
22
## 
23
## run the server chrooted.
24
## 
25
## This requires root permissions during startup.
26
##
27
## If you run Chrooted set the the variables to directories relative to
28
## the chroot dir.
29
##
30
## example chroot configuration:
31
## 
32
#var.log_root    = "/logs"
33
#var.server_root = "/"
34
#var.state_dir   = "/run"
35
#var.home_dir    = "/lib/lighttpd"
36
#var.vhosts_dir  = "/vhosts"
37
#var.conf_dir    = "/etc"
38
#
39
#server.chroot   = "/srv/www"
40

    
41
##
42
## Some additional variables to make the configuration easier
43
##
44

    
45
##
46
## Base directory for all virtual hosts
47
##
48
## used in:
49
## conf.d/evhost.conf
50
## conf.d/simple_vhost.conf
51
## vhosts.d/vhosts.template
52
##
53
var.vhosts_dir  = server_root + "/vhosts"
54

    
55
##
56
## Cache for mod_compress
57
##
58
## used in:
59
## conf.d/compress.conf
60
##
61
var.cache_dir   = "/var/cache/lighttpd"
62

    
63
##
64
## Base directory for sockets.
65
##
66
## used in:
67
## conf.d/fastcgi.conf
68
## conf.d/scgi.conf
69
##
70
var.socket_dir  = home_dir + "/sockets"
71

    
72
##
73
#######################################################################
74

    
75
#######################################################################
76
##
77
## Load the modules.
78
include "modules.conf"
79

    
80
##
81
#######################################################################
82

    
83
#######################################################################
84
##
85
##  Basic Configuration
86
## ---------------------
87
##
88
server.port = 80
89

    
90
##
91
## Use IPv6?
92
##
93
server.use-ipv6 = "enable"
94
server.reject-expect-100-with-417 = "disable"
95
##
96
## bind to a specific IP
97
##
98
#server.bind = "localhost"
99

    
100
##
101
## Run as a different username/groupname.
102
## This requires root permissions during startup. 
103
##
104
server.username  = "lighttpd"
105
server.groupname = "lighttpd"
106

    
107
## 
108
## enable core files.
109
##
110
#server.core-files = "disable"
111

    
112
##
113
## Document root
114
##
115
server.document-root = server_root 
116

    
117
##
118
## The value for the "Server:" response field.
119
##
120
## It would be nice to keep it at "lighttpd".
121
##
122
server.tag = "Cavium Server"
123

    
124
##
125
## store a pid file
126
##
127
server.pid-file = state_dir + "/lighttpd.pid"
128

    
129
##
130
#######################################################################
131

    
132
#######################################################################
133
##
134
##  Logging Options
135
## ------------------
136
##
137
## all logging options can be overwritten per vhost.
138
##
139
## Path to the error log file
140
##
141
server.errorlog             = log_root + "/error.log"
142

    
143
##
144
## If you want to log to syslog you have to unset the 
145
## server.errorlog setting and uncomment the next line.
146
##
147
#server.errorlog-use-syslog = "enable"
148

    
149
##
150
## Access log config
151
## 
152
include "conf.d/access_log.conf"
153

    
154
##
155
## The debug options are moved into their own file.
156
## see conf.d/debug.conf for various options for request debugging.
157
##
158
include "conf.d/debug.conf"
159

    
160
##
161
#######################################################################
162

    
163
#######################################################################
164
##
165
##  Tuning/Performance
166
## --------------------
167
##
168
## corresponding documentation:
169
## http://www.lighttpd.net/documentation/performance.html
170
##
171
## set the event-handler (read the performance section in the manual)
172
##
173
## possible options on linux are:
174
##
175
## select
176
## poll
177
## linux-sysepoll
178
##
179
## linux-sysepoll is recommended on kernel 2.6.
180
##
181
server.event-handler = "linux-sysepoll"
182

    
183
##
184
## The basic network interface for all platforms at the syscalls read()
185
## and write(). Every modern OS provides its own syscall to help network
186
## servers transfer files as fast as possible 
187
##
188
## linux-sendfile - is recommended for small files.
189
## writev         - is recommended for sending many large files
190
##
191
server.network-backend = "writev"
192

    
193
##
194
## As lighttpd is a single-threaded server, its main resource limit is
195
## the number of file descriptors, which is set to 1024 by default (on
196
## most systems).
197
##
198
## If you are running a high-traffic site you might want to increase this
199
## limit by setting server.max-fds.
200
##
201
## Changing this setting requires root permissions on startup. see
202
## server.username/server.groupname.
203
##
204
## By default lighttpd would not change the operation system default.
205
## But setting it to 2048 is a better default for busy servers.
206
##
207
## With SELinux enabled, this is denied by default and needs to be allowed
208
## by running the following once : setsebool -P httpd_setrlimit on
209
server.max-fds = 2048
210

    
211
##
212
## Stat() call caching.
213
##
214
## lighttpd can utilize FAM/Gamin to cache stat call.
215
##
216
## possible values are:
217
## disable, simple or fam.
218
##
219
server.stat-cache-engine = "simple"
220

    
221
##
222
## Fine tuning for the request handling
223
##
224
## max-connections == max-fds/2 (maybe /3)
225
## means the other file handles are used for fastcgi/files
226
##
227
server.max-connections = 1024
228

    
229
##
230
## How many seconds to keep a keep-alive connection open,
231
## until we consider it idle. 
232
##
233
## Default: 5
234
##
235
server.max-keep-alive-idle = 5
236

    
237
##
238
## How many keep-alive requests until closing the connection.
239
##
240
## Default: 16
241
##
242
#server.max-keep-alive-requests = 16
243

    
244
##
245
## Maximum size of a request in kilobytes.
246
## By default it is unlimited (0).
247
##
248
## Uploads to your server cant be larger than this value.
249
##
250
#server.max-request-size = 0
251

    
252
##
253
## Time to read from a socket before we consider it idle.
254
##
255
## Default: 60
256
##
257
#server.max-read-idle = 60
258

    
259
##
260
## Time to write to a socket before we consider it idle.
261
##
262
## Default: 360
263
##
264
#server.max-write-idle = 360
265

    
266
##
267
##  Traffic Shaping 
268
## -----------------
269
##
270
## see /usr/share/doc/lighttpd/traffic-shaping.txt
271
##
272
## Values are in kilobyte per second.
273
##
274
## Keep in mind that a limit below 32kB/s might actually limit the
275
## traffic to 32kB/s. This is caused by the size of the TCP send
276
## buffer. 
277
##
278
## per server:
279
##
280
#server.kbytes-per-second = 128
281

    
282
##
283
## per connection:
284
##
285
#connection.kbytes-per-second = 32
286

    
287
##
288
#######################################################################
289

    
290
#######################################################################
291
##
292
##  Filename/File handling
293
## ------------------------
294

    
295
##
296
## files to check for if .../ is requested
297
## index-file.names            = ( "index.php", "index.rb", "index.html",
298
##                                 "index.htm", "default.htm" )
299
##
300
index-file.names += (
301
  "index.xhtml", "index.html", "index.htm", "default.htm", "index.php"
302
)
303

    
304
##
305
## deny access the file-extensions
306
##
307
## ~    is for backupfiles from vi, emacs, joe, ...
308
## .inc is often used for code includes which should in general not be part
309
##      of the document-root
310
url.access-deny             = ( "~", ".inc", "license.txt", ".md", ".rst" )
311

    
312
##
313
## disable range requests for pdf files
314
## workaround for a bug in the Acrobat Reader plugin.
315
##
316
$HTTP["url"] =~ "\.pdf$" {
317
  server.range-requests = "disable"
318
}
319

    
320
$HTTP["url"] =~ "^/ws_server.php" {  
321
    wstunnel.debug = 65535   
322
    wstunnel.server = (   
323
            "" => ((                                              
324
                    "host" => "127.0.0.1",                        
325
                    "port" => "4454"
326
            ))                               
327
    )                                                                
328
    wstunnel.frame-type = "binary"                
329
} 
330

    
331
##
332
## url handling modules (rewrite, redirect)
333
##
334
#url.rewrite                = ( "^/$"             => "/server-status" )
335
#url.redirect               = ( "^/wishlist/(.+)" => "http://www.example.com/$1" )
336

    
337
url.rewrite-once = (
338
 "/(.*)\.(.*)" => "$0",
339
 "/(css|files|img|js|stats)/" => "$0",
340
 "^/([^.]+)$" => "/index.php/$1"
341
)
342

    
343

    
344
##
345
## both rewrite/redirect support back reference to regex conditional using %n
346
##
347
#$HTTP["host"] =~ "^www\.(.*)" {
348
#  url.redirect            = ( "^/(.*)" => "http://%1/$1" )
349
#}
350

    
351
##
352
## which extensions should not be handle via static-file transfer
353
##
354
## .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi
355
##
356
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".scgi" )
357

    
358
##
359
## error-handler for status 404
360
##
361
#server.error-handler-404   = "/error-handler.html"
362
#server.error-handler-404   = "/error-handler.php"
363

    
364
##
365
## Format: <errorfile-prefix><status-code>.html
366
## -> ..../status-404.html for 'File not found'
367
##
368
#server.errorfile-prefix    = "/srv/www/htdocs/errors/status-"
369

    
370
##
371
## mimetype mapping
372
##
373
include "conf.d/mime.conf"
374

    
375
##
376
## directory listing configuration
377
##
378
include "conf.d/dirlisting.conf"
379

    
380
##
381
## Should lighttpd follow symlinks?
382
## 
383
server.follow-symlink = "enable"
384

    
385
##
386
## force all filenames to be lowercase?
387
##
388
#server.force-lowercase-filenames = "disable"
389

    
390
##
391
## defaults to /var/tmp as we assume it is a local harddisk
392
##
393
server.upload-dirs = ( "/etc/shared/middleware/ui/uploads" )
394

    
395
##
396
#######################################################################
397
$HTTP["scheme"] == "http" {
398
    # capture vhost name with regex conditiona -> %0 in redirect pattern
399
    # must be the most inner block to the redirect rule
400
    $HTTP["host"] =~ ".*" {
401
        url.redirect = (".*" => "https://%0$0")
402
    }
403
}
404

    
405
$HTTP["scheme"] == "https" {
406
    setenv.add-response-header  = ( 
407
    	"X-Frame-Options" => "SAMEORIGIN",
408
    	"X-Content-Type-Options" => "nosniff",
409
    	"Strict-Transport-Security" => "max-age=63072000; includeSubdomains; preload",
410
    	"X-XSS-Protection" => "1; mode=block",
411
    	"Allow" => "",
412
    	)
413
}
414

    
415
#######################################################################
416

    
417
$SERVER["socket"] == ":443" {
418
	ssl.engine	= "enable"
419
	ssl.pemfile	= "/home/mw/config/cert/lighttpd.pem"
420
	ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:AES128-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-SHA"
421
	ssl.use-compression = "disable"
422
	ssl.use-sslv2 = "disable"
423
	ssl.use-sslv3 = "disable"
424
	server.document-root = "/home/mw/ui"
425
}
426

    
427
##
428
##  SSL Support
429
## ------------- 
430
##
431
## To enable SSL for the whole server you have to provide a valid
432
## certificate and have to enable the SSL engine.::
433
##
434
##   ssl.engine = "enable"
435
##   ssl.pemfile = "/path/to/server.pem"
436
##
437
## The HTTPS protocol does not allow you to use name-based virtual
438
## hosting with SSL. If you want to run multiple SSL servers with
439
## one lighttpd instance you must use IP-based virtual hosting: ::
440

    
441
##   $SERVER["socket"] == ":443" {
442
##     ssl.engine                  = "enable"
443
##     ssl.pemfile                 = "/etc/lighttpd/ssl/lighttpd.cavium.pem"
444

    
445
##     #
446
##     # Mitigate BEAST attack:
447
##     #
448
##     # A stricter base cipher suite. For details see:
449
##     # http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html
450
##     #
451
##     ssl.cipher-list             = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
452
##     #
453
##     # Make the server prefer the order of the server side cipher suite instead of the client suite.
454
##     # This is necessary to mitigate the BEAST attack (unless you disable all non RC4 algorithms).
455
##     # This option is enabled by default, but only used if ssl.cipher-list is set.
456
##     #
457
##     # ssl.honor-cipher-order = "enable"
458
##     #
459
##     # Mitigate CVE-2009-3555 by disabling client triggered renegotation
460
##     # This is enabled by default.
461
##     #
462
##     # ssl.disable-client-renegotiation = "enable"
463
##     #
464
##     server.name                 = "www.example.com"
465
##
466
##     server.document-root        = "/var/www/lighttpd"
467
##   }
468

    
469

    
470
## If you have a .crt and a .key file, cat them together into a
471
## single PEM file:
472
## $ cat /etc/ssl/private/lighttpd.key /etc/ssl/certs/lighttpd.crt \
473
##   > /etc/ssl/private/lighttpd.pem
474
##
475
#ssl.pemfile = "/etc/ssl/private/lighttpd.pem"
476

    
477
##
478
## optionally pass the CA certificate here.
479
##
480
##
481
#ssl.ca-file = ""
482

    
483
##
484
#######################################################################
485

    
486
#######################################################################
487
##
488
## custom includes like vhosts.
489
##
490
#include "conf.d/config.conf"
491
#include_shell "cat /etc/lighttpd/vhosts.d/*.conf"
492
##
493
#######################################################################
    (1-1/1)