Project

General

Profile

[Solved] How to detect if there is a bad user/password in... » lighttpd.conf

lighttpd.conf in HTTP+HTTPS - pamandine, 2022-06-22 12:54

 
1
#################################
2
# BASIC CONF
3
#################################
4

    
5
static-file.exclude-extensions += (".py", ".pyc")
6
server.document-root        ="/bin/XXXXX/modules/web"
7
server.errorlog             = "/logs/lighttpd-error.log"
8

    
9
server.modules              = (
10
                                "mod_rewrite",
11
                                "mod_redirect",
12
                                "mod_alias",
13
                                "mod_auth",
14
                                "mod_authn_file",
15
                                "mod_access",
16
                                "mod_setenv",
17
                                "mod_cgi",
18
                                "mod_fastcgi",
19
                                "mod_usertrack",
20
                                "mod_evasive",
21
                                "mod_accesslog",
22
                                "mod_openssl",
23
                               )
24
                               
25
## mimetype mapping
26
mimetype.assign             = (
27
  ".gif"          =>      "image/gif",
28
  ".jpg"          =>      "image/jpeg",
29
  ".jpeg"         =>      "image/jpeg",
30
  ".png"          =>      "image/png",
31
  ".css"          =>      "text/css",
32
  ".html"         =>      "text/html",
33
  ".js"           =>      "text/javascript",
34
  # make the default mime type application/octet-stream.
35
  ""              =>      "application/octet-stream"
36
 )
37

    
38
# Use the "Content-Type" extended attribute to obtain mime type if possible
39
mimetype.use-xattr        = "enable"
40

    
41

    
42
## send a different Server: header
43
## be nice and keep it at lighttpd
44
# server.tag                 = "lighttpd"                 
45

    
46
#################################
47
# HTTP
48
#################################
49

    
50
server.port = 80                        
51

    
52
#################################
53
# HTTPS
54
#################################
55

    
56
#IPV4
57
#This is used only when HTTP+HTTPS is enabled
58
$SERVER["socket"] == "0.0.0.0:443" {                         # <HTTP+HTTPS>
59
                ssl.engine = "enable"                        # <HTTP+HTTPS>
60
                ssl.pemfile = "/media/FLASH0/.cfg/ssl.pem"   # <HTTP+HTTPS>
61
                ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4" # <HTTP+HTTPS>
62
                ssl.openssl.ssl-conf-cmd = ("Protocol" => "all, -SSLv2, -SSLv3, -TLSv1, -TLSv1.1") # <HTTP+HTTPS>
63
}                                                            # <HTTP+HTTPS>
64

    
65
#IPV6
66
$SERVER["socket"] == "[::]:443" {                            # <HTTP+HTTPS>
67
                ssl.engine = "enable"                        # <HTTP+HTTPS>
68
                ssl.pemfile = "/media/FLASH0/.cfg/ssl.pem"   # <HTTP+HTTPS>
69
                ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4" # <HTTP+HTTPS>
70
                ssl.openssl.ssl-conf-cmd = ("Protocol" => "all, -SSLv2, -SSLv3, -TLSv1, -TLSv1.1") # <HTTP+HTTPS>
71
}                                                            # <HTTP+HTTPS>
72

    
73
##
74
## Use IPv6?
75
##
76
#server.use-ipv6 = "enable"
77

    
78
#################################
79
# ACCESS LOG
80
#################################
81

    
82
accesslog.filename      = "/logs/lighttpd-access.log"
83
debug.log-request-handling = "enable"
84
debug.log-state-handling = "enable"
85
debug.log-request-header="enable"
86
debug.log-response-header="enable"
87

    
88
#################################
89
# BASIC CONF
90
#################################
91

    
92
server.max-connections = 20
93

    
94
fastcgi.server = ("/app.fcgi" => ((
95
   "socket" => "/tmp/lighttpd/app-fcgi-"+var.PID+".sock", # For gracefully restart
96
   "bin-path" => "/bin/XXXXX/modules/web/app.fcgi",
97
   "check-local" => "disable",
98
   "max-procs" => 1,
99
   "idle-timeout" => 120 # To close after 2 minutes
100
)))
101
fastcgi.debug = 1
102

    
103
alias.url = (
104
"/static/" => "/bin/XXXXX/modules/web/static/"
105
)
106

    
107
url.rewrite-once = (
108
   "^(/static($|/.*))$" => "$1",
109
   "^(/.*)$" => "/app.fcgi$1"
110
)
111

    
112
##
113
## Authentication
114
##
115
auth.backend = "htdigest"
116
auth.backend.htdigest.userfile = "/tmp/lighttpd/lighttpd.users"
117

    
118
#Status And Configuration pages
119
auth.require = ( "/" =>
120
    (
121
        "method"  => "digest",
122
        "realm"   => "XXXXX",
123
        "require" => "valid-user"
124
    )
125
)
126

    
127
#Product Hidden Config
128
$HTTP["url"] =~ "YYYYY" {
129
auth.require = ( "" =>
130
        (
131
         "method"  => "digest",
132
         "realm"   => "YYYYY",
133
         "require" => "user=Tech"
134
        )
135
    )
136
}
137

    
138

    
139

    
140

    
141

    
(2-2/2)