################################# # BASIC CONF ################################# static-file.exclude-extensions += (".py", ".pyc") server.document-root ="/bin/XXXXX/modules/web" server.errorlog = "/logs/lighttpd-error.log" server.modules = ( "mod_rewrite", "mod_redirect", "mod_alias", "mod_auth", "mod_authn_file", "mod_access", "mod_setenv", "mod_cgi", "mod_fastcgi", "mod_usertrack", "mod_evasive", "mod_accesslog", "mod_openssl", ) ## mimetype mapping mimetype.assign = ( ".gif" => "image/gif", ".jpg" => "image/jpeg", ".jpeg" => "image/jpeg", ".png" => "image/png", ".css" => "text/css", ".html" => "text/html", ".js" => "text/javascript", # make the default mime type application/octet-stream. "" => "application/octet-stream" ) # Use the "Content-Type" extended attribute to obtain mime type if possible mimetype.use-xattr = "enable" ## send a different Server: header ## be nice and keep it at lighttpd # server.tag = "lighttpd" ################################# # HTTP ################################# server.port = 80 ################################# # HTTPS ################################# #IPV4 #This is used only when HTTP+HTTPS is enabled $SERVER["socket"] == "0.0.0.0:443" { # ssl.engine = "enable" # ssl.pemfile = "/media/FLASH0/.cfg/ssl.pem" # ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4" # ssl.openssl.ssl-conf-cmd = ("Protocol" => "all, -SSLv2, -SSLv3, -TLSv1, -TLSv1.1") # } # #IPV6 $SERVER["socket"] == "[::]:443" { # ssl.engine = "enable" # ssl.pemfile = "/media/FLASH0/.cfg/ssl.pem" # ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4" # ssl.openssl.ssl-conf-cmd = ("Protocol" => "all, -SSLv2, -SSLv3, -TLSv1, -TLSv1.1") # } # ## ## Use IPv6? ## #server.use-ipv6 = "enable" ################################# # ACCESS LOG ################################# accesslog.filename = "/logs/lighttpd-access.log" debug.log-request-handling = "enable" debug.log-state-handling = "enable" debug.log-request-header="enable" debug.log-response-header="enable" ################################# # BASIC CONF ################################# server.max-connections = 20 fastcgi.server = ("/app.fcgi" => (( "socket" => "/tmp/lighttpd/app-fcgi-"+var.PID+".sock", # For gracefully restart "bin-path" => "/bin/XXXXX/modules/web/app.fcgi", "check-local" => "disable", "max-procs" => 1, "idle-timeout" => 120 # To close after 2 minutes ))) fastcgi.debug = 1 alias.url = ( "/static/" => "/bin/XXXXX/modules/web/static/" ) url.rewrite-once = ( "^(/static($|/.*))$" => "$1", "^(/.*)$" => "/app.fcgi$1" ) ## ## Authentication ## auth.backend = "htdigest" auth.backend.htdigest.userfile = "/tmp/lighttpd/lighttpd.users" #Status And Configuration pages auth.require = ( "/" => ( "method" => "digest", "realm" => "XXXXX", "require" => "valid-user" ) ) #Product Hidden Config $HTTP["url"] =~ "YYYYY" { auth.require = ( "" => ( "method" => "digest", "realm" => "YYYYY", "require" => "user=Tech" ) ) }