## modules to load
# at least mod_access and mod_accesslog should be loaded
# all other module should only be loaded if really neccesary
# - saves some time
# - saves memory
server.modules              = (
                               "mod_redirect",
                               "mod_auth",
                               "mod_cgi",
                               "mod_accesslog" )

server.document-root = "/opt/www/" 
server.upload-dirs   = ( "/opt-pdd/" )
server.event-handler = "poll"
server.stream-request-body = 1


server.errorfile-prefix = "/errors/err"

server.port=443

$SERVER["socket"] == ":443" { ssl.engine = "enable" }
$SERVER["socket"] == "[::]:443" { ssl.engine="enable" }


server.modules += ("mod_openssl")

ssl.pemfile = "/etc/lighttpd/lighttpd.pem" 
ssl.read-ahead = "disable"

#redirect http to https
$HTTP["scheme"] == "http" { url.redirect = ( "" => "https://${url.authority}${url.path}${qsa}" ) }

server.errorlog-use-syslog = "enable"


index-file.names            = ( "index.html" )
static-file.exclude-extensions = ( ".cgi" )


cgi.assign = ( ".cgi" => "" )

mimetype.assign = (
  ".html" => "text/html", 
  ".htm" => "text/html", 
  ".css" => "text/css",
  ".js" => "application/javascript",
  ".jpg" => "image/jpeg",
  ".gif" => "image/gif",
  ".png" => "image/png",
  ".txt" => "text/plain",
  ".log" => "text/plain",
  ".conf" => "text/plain",
  ".mib" => "text/plain"
)

################

## type of backend 
# plain, htpasswd, htdigest (mod_authn_file); ldap (mod_authn_ldap); gssapi (mod_authn_gssapi); mysql (mod_authn_mysql); pam (mod_authn_pam); sasl (mod_authn_sasl)
server.modules += ( "mod_authn_pam" )
auth.backend = "pam" 

auth.require = ( "/" =>
(
"method" => "basic",
"realm" => "Password protected area",
"require" => "valid-user"
)
)

#### accesslog module
accesslog.use-syslog = "enable"
accesslog.format = "%h %u \"%r\" %>s \"%{User-Agent}i\""