|
1
|
#################################
|
|
2
|
# BASIC CONF
|
|
3
|
#################################
|
|
4
|
|
|
5
|
static-file.exclude-extensions += (".py", ".pyc")
|
|
6
|
server.document-root ="/bin/XXXXX/modules/web"
|
|
7
|
server.errorlog = "/logs/lighttpd-error.log"
|
|
8
|
|
|
9
|
server.modules = (
|
|
10
|
"mod_rewrite",
|
|
11
|
"mod_redirect",
|
|
12
|
"mod_alias",
|
|
13
|
"mod_auth",
|
|
14
|
"mod_authn_file",
|
|
15
|
"mod_access",
|
|
16
|
"mod_setenv",
|
|
17
|
"mod_cgi",
|
|
18
|
"mod_fastcgi",
|
|
19
|
"mod_usertrack",
|
|
20
|
"mod_evasive",
|
|
21
|
"mod_accesslog",
|
|
22
|
"mod_openssl",
|
|
23
|
)
|
|
24
|
|
|
25
|
## mimetype mapping
|
|
26
|
mimetype.assign = (
|
|
27
|
".gif" => "image/gif",
|
|
28
|
".jpg" => "image/jpeg",
|
|
29
|
".jpeg" => "image/jpeg",
|
|
30
|
".png" => "image/png",
|
|
31
|
".css" => "text/css",
|
|
32
|
".html" => "text/html",
|
|
33
|
".js" => "text/javascript",
|
|
34
|
# make the default mime type application/octet-stream.
|
|
35
|
"" => "application/octet-stream"
|
|
36
|
)
|
|
37
|
|
|
38
|
# Use the "Content-Type" extended attribute to obtain mime type if possible
|
|
39
|
mimetype.use-xattr = "enable"
|
|
40
|
|
|
41
|
|
|
42
|
## send a different Server: header
|
|
43
|
## be nice and keep it at lighttpd
|
|
44
|
# server.tag = "lighttpd"
|
|
45
|
|
|
46
|
#################################
|
|
47
|
# HTTP
|
|
48
|
#################################
|
|
49
|
|
|
50
|
server.port = 80
|
|
51
|
|
|
52
|
#################################
|
|
53
|
# HTTPS
|
|
54
|
#################################
|
|
55
|
|
|
56
|
#IPV4
|
|
57
|
#This is used only when HTTP+HTTPS is enabled
|
|
58
|
$SERVER["socket"] == "0.0.0.0:443" { # <HTTP+HTTPS>
|
|
59
|
ssl.engine = "enable" # <HTTP+HTTPS>
|
|
60
|
ssl.pemfile = "/media/FLASH0/.cfg/ssl.pem" # <HTTP+HTTPS>
|
|
61
|
ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4" # <HTTP+HTTPS>
|
|
62
|
ssl.openssl.ssl-conf-cmd = ("Protocol" => "all, -SSLv2, -SSLv3, -TLSv1, -TLSv1.1") # <HTTP+HTTPS>
|
|
63
|
} # <HTTP+HTTPS>
|
|
64
|
|
|
65
|
#IPV6
|
|
66
|
$SERVER["socket"] == "[::]:443" { # <HTTP+HTTPS>
|
|
67
|
ssl.engine = "enable" # <HTTP+HTTPS>
|
|
68
|
ssl.pemfile = "/media/FLASH0/.cfg/ssl.pem" # <HTTP+HTTPS>
|
|
69
|
ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4" # <HTTP+HTTPS>
|
|
70
|
ssl.openssl.ssl-conf-cmd = ("Protocol" => "all, -SSLv2, -SSLv3, -TLSv1, -TLSv1.1") # <HTTP+HTTPS>
|
|
71
|
} # <HTTP+HTTPS>
|
|
72
|
|
|
73
|
##
|
|
74
|
## Use IPv6?
|
|
75
|
##
|
|
76
|
#server.use-ipv6 = "enable"
|
|
77
|
|
|
78
|
#################################
|
|
79
|
# ACCESS LOG
|
|
80
|
#################################
|
|
81
|
|
|
82
|
accesslog.filename = "/logs/lighttpd-access.log"
|
|
83
|
debug.log-request-handling = "enable"
|
|
84
|
debug.log-state-handling = "enable"
|
|
85
|
debug.log-request-header="enable"
|
|
86
|
debug.log-response-header="enable"
|
|
87
|
|
|
88
|
#################################
|
|
89
|
# BASIC CONF
|
|
90
|
#################################
|
|
91
|
|
|
92
|
server.max-connections = 20
|
|
93
|
|
|
94
|
fastcgi.server = ("/app.fcgi" => ((
|
|
95
|
"socket" => "/tmp/lighttpd/app-fcgi-"+var.PID+".sock", # For gracefully restart
|
|
96
|
"bin-path" => "/bin/XXXXX/modules/web/app.fcgi",
|
|
97
|
"check-local" => "disable",
|
|
98
|
"max-procs" => 1,
|
|
99
|
"idle-timeout" => 120 # To close after 2 minutes
|
|
100
|
)))
|
|
101
|
fastcgi.debug = 1
|
|
102
|
|
|
103
|
alias.url = (
|
|
104
|
"/static/" => "/bin/XXXXX/modules/web/static/"
|
|
105
|
)
|
|
106
|
|
|
107
|
url.rewrite-once = (
|
|
108
|
"^(/static($|/.*))$" => "$1",
|
|
109
|
"^(/.*)$" => "/app.fcgi$1"
|
|
110
|
)
|
|
111
|
|
|
112
|
##
|
|
113
|
## Authentication
|
|
114
|
##
|
|
115
|
auth.backend = "htdigest"
|
|
116
|
auth.backend.htdigest.userfile = "/tmp/lighttpd/lighttpd.users"
|
|
117
|
|
|
118
|
#Status And Configuration pages
|
|
119
|
auth.require = ( "/" =>
|
|
120
|
(
|
|
121
|
"method" => "digest",
|
|
122
|
"realm" => "XXXXX",
|
|
123
|
"require" => "valid-user"
|
|
124
|
)
|
|
125
|
)
|
|
126
|
|
|
127
|
#Product Hidden Config
|
|
128
|
$HTTP["url"] =~ "YYYYY" {
|
|
129
|
auth.require = ( "" =>
|
|
130
|
(
|
|
131
|
"method" => "digest",
|
|
132
|
"realm" => "YYYYY",
|
|
133
|
"require" => "user=Tech"
|
|
134
|
)
|
|
135
|
)
|
|
136
|
}
|
|
137
|
|
|
138
|
|
|
139
|
|
|
140
|
|
|
141
|
|
