Project

General

Profile

Docs ConfigurationOptions » History » Revision 146

Revision 145 (gstrauss, 2021-05-10 19:27) → Revision 146/175 (gstrauss, 2021-05-10 19:28)

h1. Configuration File Options 


 Here you will find a list of all available configuration lighttpd.    They are grouped by module, and a link to each module configuration will provide with more detail information about each option, as well as examples, and other guidelines. 

 Modules must be listed in @server.modules@ or else options from that module will be recognized by lighttpd.    e.g. @server.modules += ("mod_example")@    (The only exceptions are the three core modules that lighttpd loads by default: mod_indexfile, mod_dirlisting, mod_staticfile) 

 {{>toc}} 

 h2. Lighttpd Core 

 table{margin-left: 2em}. 
 |_.option |_. description |_. details | 
 | server.name | name of the server/virtual server | [[server_nameDetails|Details]] | 
 | server.document-root | document-root of the webserver | [[server_document-rootDetails|Details]] | 
 | server.error-handler | uri to call if non-dynamic (not CGI or proxy) request results in http status >= 400 (overrides error-handler-404) (since 1.4.40) | Details commit:dbdab5db | 
 | server.error-handler-404 | uri to call if non-dynamic (not CGI or proxy) request results in a 403 or 404 | [[server_error-handler-404Details|Details]] | 
 | server.errorfile-prefix | path prefix for special status codes pages | [[server_errorfile-prefixDetails|Details]] | 
 | server.error-intercept | enable/disable intercepting HTTP error pages from dynamic handlers by server.error* (since 1.4.46) |    | 

 table{margin-left: 2em}. 
 | server.bind | IP address, hostname or absolute path to the unix-domain socket (default: "*") | [[server_bindDetails|Details]] | 
 | server.port | port to which to bind when IP address specified in server.bind (default: 80) | | 
 | server.network-backend | basic network interface for all platforms at the syscalls read() and write() | [[server_network-backendDetails|Details]] | 
 | server.listen-backlog | listen backlog queue size | Details commit:71ed1912 | 
 | server.bsd-accept-filter | listen socket *BSD accept() filter ("httpready" or "dataready") | Details commit:4eeeb8fc | 
 | server.defer-accept | listen socket Linux TCP_DEFER_ACCEPT ("enable" or "disable") | | 
 | server.use-ipv6 | bind to the IPv6 socket | [[Server_use-ipv6Details|Details]] | 
 | server.socket-perms | permissions to set on listening unix domain socket, e.g. "0770" (since 1.4.46) | Details #656 | 
 | server.systemd-socket-activation | systemd socket activation ("enable" or "disable") (since 1.4.53) | | 

 table{margin-left: 2em}. 
 | server.modules | modules to load | [[server_modulesDetails|Details]] | 
 | server.compat-module-load | enable/disable load of default and compatibility modules (default: "enable") | | 
 | server.errorlog | pathname of the error-log | [[server_errorlogDetails|Details]] | 
 | server.errorlog-use-syslog | send errorlog to syslog | [[server_errorlog-use-syslogDetails|Details]] | 
 | server.syslog-facility | syslog facility (default: "daemon") (since 1.4.46) | | 
 | server.breakagelog | redirect stderr for lighttpd and all forked apps (e.g. CGI) | [[server_errorlogDetails|Details]] | 
 | server.event-handler | set the event handler | [[server_event-handlerDetails|Details]] | 
 | server.stat-cache-engine | select stat() call caching | [[server_stat-cache-engineDetails|Details]] | 
 | server.username | username used to run the server | [[server_usernameDetails|Details]] | 
 | server.groupname | groupname used to run the server | [[server_groupnameDetails|Details]] | 
 | server.chroot | root-directory of the server | [[server_chrootDetails|Details]] | 
 | server.core-files | enable core files | [[server_core-filesDetails|Details]] | 
 | server.pid-file | set the name and location    of the .pid-file | [[server_pid-fileDetails|Details]] | 

 table{margin-left: 2em}. 
 | server.feature-flags | server-wide feature control for selected features (since 1.4.56)| [[server_feature-flagsDetails|Details]] | 
 | server.http-parseopts | HTTP request parsing and normalization options (since 1.4.50) | [[server_http-parseoptsDetails|Details]] | 
 | server.http-parseopt-header-strict | restrict chars permitted in HTTP headers | Details commit:b47494d4 | 
 | server.http-parseopt-host-strict | restrict chars permitted in HTTP Host header | Details commit:b47494d4 | 
 | server.http-parseopt-host-normalize | normalize HTTP Host header | Details commit:b47494d4 | 
 | server.protocol-http11 | defines if HTTP/1.1 is allowed or not | [[server_protocol-http11Details|Details]] | 
 | server.range-requests | defines if range requests are allowed or not | [[server_range-requestsDetails|Details]] | 
 | server.reject-expect-100-with-417 | setting to disable returning of a 417 if "Expect: 100-continue" header (no-op since 1.4.46)| | 
 | server.tag | set the string returned by the server | [[server_use-tagDetails|Details]] | 

 table{margin-left: 2em}. 
 | server.stream-request-body | stream request body to backend    | [[server_stream-request-bodyDetails|Details]] | 
 | server.stream-response-body | stream response body to client | [[server_stream-response-bodyDetails|Details]] | 
 | server.chunkqueue-chunk-sz | default chunk buffer size, rounded up to nearest power-of-2 (default 8k; minimum 1k) | | 

 table{margin-left: 2em}. 
 | connection.kbytes-per-second | limit the throughput for each single connection to the given limit in kbyte/s | [[lighttpd:Docs_TrafficShaping|Details]] | 
 | server.kbytes-per-second | limit the throughput for all connections to the given limit in kbyte/s | [[lighttpd:Docs_TrafficShaping|Details]] | 
 | server.max-connections | maximum connections | [[server_max-connectionsDetails|Details]] | 
 | server.max-fds | maximum number of file descriptors | [[server_max-fdsDetails|Details]] | 
 | server.max-keep-alive-idle | maximum number of seconds until a idling keep-alive connection is dropped | [[server_max-keep-alive-idleDetails|Details]] | 
 | server.max-keep-alive-requests | maximum number of request within a keep-alive session | [[server_max-keep-alive-requestsDetails|Details]] | 
 | server.max-read-idle | maximum number of seconds until a waiting, non keep-alive read times out and closes the connection | [[server_max-read-idleDetails|Details]] | 
 | server.max-request-size | maximum size in kbytes of the request | [[server_max-request-sizeDetails|Details]] | 
 | server.max-request-field-size | maximum size of the request header (in bytes) | | 
 | server.max-worker | number of worker processes to spawn | [[server_max-workerDetails|Details]] | 
 | server.max-write-idle | maximum number of seconds until a waiting write call times out | [[server_max-write-idleDetails|Details]] | 

 table{margin-left: 2em}. 
 | server.follow-symlink | allow to follow-symlinks | [[server_follow-symlinksDetails|Details]] | 
 | server.force-lowercase-filenames | enable force all filenames to lowercase |    | 
 | server.upload-dirs | path to upload directory | [[server_upload-dirsDetails|Details]] | 

 table{margin-left: 2em}. 
 | etag.use-inode | Determines if inode-value is used in ETag generation | [[etag_use-inodeDetails|Details]] | 
 | etag.use-mtime | Determines if mtime-value is used in ETag generation | [[etag_use-mtimeDetails|Details]] | 
 | etag.use-size | Determines if size-value is used in ETag generation | [[etag_use-sizeDetails|Details]] | 

 table{margin-left: 2em}. 
 | mimetype.assign | list of known mimetype mappings | [[mimetype_assignDetails|Details]] | 
 | mimetype.use-xattr | try to use XFS-style extended attribute interface for retreiving the Content-Type | [[mimetype_use-xattrDetails|Details]] | 
 | mimetype.xattr-name | name of XFS-style extended attribute to use for retreiving the Content-Type | [[mimetype_use-xattrDetails|Details]] | 

 h3. Core Debug Info 

 * [[DebugVariables|Debug Variable Information]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | debug.log-request-header | log all request headers | 
 | debug.log-file-not-found | log if a file was not found | 
 | debug.log-condition-handling | log conditionals handling for debugging | 
 | debug.log-request-header-on-error | log request header and additional error trace, but only when there is an error | 
 | debug.log-request-handling | log request handling inside lighttpd | 
 | debug.log-state-handling | log state handling inside lighttpd | 
 | debug.log-response-header | log the header we send out to the client | 
 | debug.log-ssl-noise | log some ssl warnings we hide by default (ssl handshake, unknown/bad certificate) | 



 h2. mod_access - access restrictions 

 * [[lighttpd:Docs_ModAccess|mod_access documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | url.access-allow | Allows access only to files with any of given trailing path names (since 1.4.40) | 
 | url.access-deny | Denies access to all files with any of given trailing path names | 



 h2. mod_accesslog - access log files 

 * [[lighttpd:Docs_ModAccessLog|mod_accesslog documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | accesslog.format | the format of the logfile | 
 | accesslog.filename | name of the file where the accesslog should be written to if syslog is not used | 
 | accesslog.use-syslog | send the accesslog to syslog | 
 | accesslog.syslog-level | numerical value used as syslog log level | 



 h2. mod_alias - directory aliases 

 * [[lighttpd:Docs_ModAlias|mod_alias documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | alias.url | rewrites the document-root for a URL-subset | 



 h2. mod_ajp13 - Apache JServ Protocol version 1.3 (AJP13) gateway 

 *    [[lighttpd:Docs_ModAJP13|mod_ajp13 documentation]] (available since lighttpd 1.4.59) 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | ajp13.server | backend server definition(s) for hosts to which to send requests; [[Docs_ConfigurationOptions#gw_backend-gateway-server-host-options|options]] for each backend host | 
 | ajp13.balance | select type of balancing algorithm (fair, least-connection, round-robin, hash, sticky) | 
 | ajp13.debug | debug level (value between 0 and 65535) | 



 h2. mod_auth - authentication 

 * [[lighttpd:Docs_ModAuth|mod_auth documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | auth.backend | type of authentication backend | 
 | auth.require | set restriction method | 
 | auth.extern-authn | check REMOTE_USER (if set) against require rules prior to applying auth.backend (since 1.4.46)| 
 | auth.backend.plain.userfile | path to plain userfile | 
 | auth.backend.plain.groupfile | path to plain groupfile | 
 | auth.backend.htdigest.userfile | path to htdigest userfile | 
 | auth.backend.htpasswd.userfile | path to htpassword userfile | 
 | auth.backend.gssapi.keytab |    | 
 | auth.backend.gssapi.principal |    | 
 | auth.backend.ldap.hostname | hostname of ldap server | 
 | auth.backend.ldap.starttls |    | 
 | auth.backend.ldap.filter |    | 
 | auth.backend.ldap.bind-pw |    | 
 | auth.backend.ldap.ca-file |    | 
 | auth.backend.ldap.base-dn |    | 
 | auth.backend.ldap.bind-dn |    | 
 | auth.backend.ldap.groupmember | (since 1.4.46) | 
 | auth.backend.mysql.host | (mysql default if not specified) | 
 | auth.backend.mysql.user | (mysql default if not specified) | 
 | auth.backend.mysql.pass | (mysql default if not specified) | 
 | auth.backend.mysql.db | (mysql default if not specified) | 
 | auth.backend.mysql.port | (mysql default if not specified) | 
 | auth.backend.mysql.socket | (mysql default if not specified) | 
 | auth.backend.mysql.users_table | database table name (required) | 
 | auth.backend.mysql.col_user | (default: "user") | 
 | auth.backend.mysql.col_pass | (default: "password") | 
 | auth.backend.mysql.col_realm | (default: "realm") | 

 table{margin-left: 4em}. 
 |_.auth.require option |_. description | 
 | method | type of authentication ("digest" or "basic") | 
 | realm | authentication realm | 
 | require | "valid-user" to allow any valid user, or a list of user=username separated by pipe symbols | 



 h2. mod_cgi - cgi 

 *    [[lighttpd:Docs_ModCGI|mod_cgi documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | cgi.assign | assign cgi handler to an extension | 
 | cgi.execute-x-only | requires +x for cgi scripts | 
 | cgi.local-redir | local-redir optimization (since 1.4.46) | 
 | cgi.upgrade | support for Upgrade: websocket (since 1.4.46) | 
 | cgi.x-sendfile | controls if X-Sendfile header is allowed | 
 | cgi.x-sendfile-docroot | limits the directory trees permitted for use with X-Sendfile response header | 



 h2. mod_cml - Cache Meta Language 

 *    [[lighttpd:Docs_ModCML|mod_cml documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | cml.memcache-namespace | (not used yet)    | 
 | cml.power-magnet | a cml file that is executed for each request | 
 | cml.memcache-hosts | hosts for the memcache.* functions | 
 | cml.extension | the file extension that is bound to the cml-module | 



 h2. mod_compress - compress output 

 *    [[lighttpd:Docs_ModCompress|mod_compress documentation]] 
 * DEPRECATED.    Subsumed by mod_deflate (see below) 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | compress.max-filesize | maximum size of the original file to be compressed kBytes | 
 | compress.cache-dir | name of the directory where compressed content will be cached | 
 | compress.filetype | mimetypes which might get compressed | 
 | compress.allowed-encodings | encodings enabled ("gzip", "bzip2", "deflate") | 
 | compress.max-loadavg | max system loadavg before bypassing compression, e.g. "3.50" (since 1.4.43) | 



 h2. mod_deflate - dynamic compression (since 1.4.42) 

 *    [[Mod_Deflate|mod_deflate documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | deflate.mimetypes | mimetype listing to be compressed, matched to prefix of Content-Type | 
 | deflate.allowed-encodings | encodings enabled ("gzip", "bzip2", "deflate") | 
 | deflate.max-compress-size | maximum size document to compress | 
 | deflate.min-compress-size | minimum size document before compressing | 
 | deflate.compression-level | level of compression | 
 | deflate.output-buffer-size | size of buffer for compression | 
 | deflate.work-block-size | minimum block size for compression | 
 | deflate.max-loadavg | max system loadavg before bypassing compression, e.g. "3.50" (since 1.4.43) | 



 h2. mod_dirlisting - directory listing 

 *    [[lighttpd:Docs_ModDirlisting|mod_dirlisting documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | dir-listing.activate | enables virtual directory listings if a directory is requested no index-file was found | 
 | dir-listing.external-css | URL path to an external css stylesheet for the directory listing | 
 | dir-listing.external-js | URL path to an external js script, e.g. for client side directory list sorting (lighttpd 1.4.42) | 
 | dir-listing.encoding | set a encoding for the generated directory listing | 
 | dir-listing.hide-dotfiles | if enabled, does not list hidden files in directory listings generated by the dir-listing option | 
 | dir-listing.show-header | include HEADER.txt files above the directory listing (since 1.4.43: user-specified file name) | 
 | dir-listing.hide-header-file | enables hide header file from directory listing | 
 | dir-listing.show-readme | include README.txt files below the directory listing (since 1.4.43: user-specified file name) | 
 | dir-listing.hide-readme-file | enables displaying readme file in directory listing | 
 | dir-listing.exclude | files that match any of the specified regular expressions will be excluded from listings | 
 | dir-listing.set-footer | displays a string in the footer of a listing page | 
 | server.dir-listing | enable/disable directory listing (deprecated; see dir-listing.activate) | 



 h2. mod_evasive - evasive 

 *    [[lighttpd:Docs_ModEvasive|mod_evasive documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | evasive.max-conns-per-ip | upper limit of number of connections per ip allowed | 
 | evasive.silent | no logging | 



 h2. mod_evhost - enhanced virtual host 

 *    [[lighttpd:Docs_ModEVhost|mod_evhost documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | evhost.path-pattern | pattern with wildcards to be replace to build a documentroot | 



 h2. mod_expire - cached expiration 

 * [[lighttpd:Docs_ModExpire|mod_expire documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | expire.url | assignes an expiration to all files below the specified path | 
 | expire.mimetypes | assignes an expiration to all responses with Content-Type prefix matching the listed mimetypes (since 1.4.43) | 



 h2. mod_extforward - use X-Forwarded-For (or Forwarded) 

 * [[DocsModExtForward|mod_extforward documentation]] 

 p((. extract the client's "real" IP from X-Forwarded-For (or Forwarded) header 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | extforward.forwarder | set trust level of proxy ip's | 
 | extforward.hap-PROXY | enable HAProxy PROXY protocol (since 1.4.46) | 
 | extforward.hap-PROXY-ssl-client-verify | enable setting SSL_CLIENT_VERIFY from HAProxy PROXY protocol (since 1.4.46) | 
 | extforward.headers | set of request headers to search, e.g. "Forwarded" or "X-Forwarded-For" | 
 | extforward.params | configure additional values to take from "Forwarded" header (since 1.4.46) | 



 h2. mod_fastcgi - fastcgi 

 * [[lighttpd:Docs_ModFastCGI|mod_fastcgi documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | fastcgi.server | backend server definition(s) for hosts to which to send requests; [[Docs_ConfigurationOptions#gw_backend-gateway-server-host-options|options]] for each backend host | 
 | fastcgi.balance | select type of balancing algorithm (fair, least-connection, round-robin, hash, sticky (since 1.4.46)) | 
 | fastcgi.debug | debug level (value between 0 and 65535) | 
 | fastcgi.map-extensions | map multiple extensions to the same backend | 



 h2. mod_flv_streaming - flv streaming 

 * [[lighttpd:Docs_ModFLVStreaming|mod_flv_streaming documentation]] 

    *flv-streaming.extensions*: extensions of flv files 

    "Blog Entry":http://blog.lighttpd.net/articles/2006/03/09/flv-streaming-with-lighttpd 

    "Flash Video Player 3.5 (Creative Commons)":http://www.jeroenwijering.com/embed/streaming.html 



 h2. mod_geoip - IP location lookup 

 * [[lighttpd:Docs_ModGeoIP|mod_geoip documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | geoip.db-filename | path to the geoip or geocity database | 
 | geoip.memory-cache | enable or disable GeoIP memory cache (default disabled) | 



 h2. mod_gnutls - TLS/SSL using GnuTLS (since 1.4.56) 

 * [[lighttpd:Docs_SSL|mod_gnutls documentation]] 

 same directives as [[#mod_openssl-TLSSSL-using-openssl|mod_openssl]] 



 h2. mod_indexfile - Precautions and documentation 

 * [[lighttpd:Docs_ModIndexfile|mod_indexfile documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description |_. details | 
 | index-file.names | list of files to search for if a directory is requested | [[index-file-names_Details|Details]] | 



 h2. mod_magnet - a module to control request handling 

 * [[lighttpd:Docs_ModMagnet|mod_magnet documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | magnet.attract-raw-url-to | attract request before lighttpd tries to find a physical file (but after rewrite) | 
 | magnet.attract-physical-path-to | attract request after doc-root is known and the physical-path is already setup | 



 h2. mod_mbedtls - TLS/SSL using mbedTLS (since 1.4.56) 

 * [[lighttpd:Docs_SSL|mod_mbedtls documentation]] 

 same directives as [[#mod_openssl-TLSSSL-using-openssl|mod_openssl]] 



 h2. mod_mem_cache - local file accelerating 

 * [[lighttpd:Docs_ModMemCache|mod_mem_cache documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | mem-cache.filetypes | content-type arrays which want to put into memory | 
 | mem-cache.enable |    | 
 | mem-cache.max-memory | maxium memory in Mbytes mod-mem-cache can use | 
 | mem-cache.max-file-size | maxium file size in Kbytes of single file to cache in memory | 
 | mem-cache.lru-remove-count |    | 
 | mem-cache.expire-time | memory cache's expire time in minutes | 
 | mem-cache.slru-thresold | slru threshold (against hit counter) | 



 h2. mod_mimemagic - determines the MIME type of a file by looking at a few bytes of its contents 

 * [[lighttpd:Docs_ModMimeMagic|mod_mimemagic documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | mimemagic.file | path of magic.mime file | 
 | mimemagic.override-global-mimetype |    | 



 h2. mod_mysql_vhost - Mysql virtual hosting 

 *    [[lighttpd:Docs_ModMySQLVhost|mod_mysql_vhost documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | mysql-vhost.hostname | hostname of mysql server | 
 | mysql-vhost.db | database name | 
 | mysql-vhost.user | username to access database | 
 | mysql-vhost.pass | password to access database | 
 | mysql-vhost.sql | SQL statement to execute to obtain docroot | 
 | mysql-vhost.port | port where to connect to database | 
 | mysql-vhost.sock | socket where to connect to database | 



 h2. mod_nss - TLS/SSL using NSS (since 1.4.56) 

 * [[lighttpd:Docs_SSL|mod_nss documentation]] 

 same directives as [[#mod_openssl-TLSSSL-using-openssl|mod_openssl]] 



 h2. mod_openssl - TLS/SSL using openssl 

 * [[lighttpd:Docs_SSL|mod_openssl documentation]] 

 part of mod_openssl (since 1.4.46), though ssl.* directives are available in earlier versions, built-in to the lighttpd core 

 table{margin-left: 2em}. 
 |_.option |_. description |_. details | 
 | ssl.engine | enable/disable ssl engine | [[lighttpd:Docs_SSL|Details]] | 
 | ssl.pemfile | path to the PEM file for SSL support | [[lighttpd:Docs_SSL|Details]] | 
 | ssl.privkey | path to the PEM file private key (since 1.4.53) | [[lighttpd:Docs_SSL|Details]] | 
 | ssl.ca-file | path to the CA file for support of chained certificates | [[lighttpd:Docs_SSL|Details]] | 
 | ssl.ca-crl-file | path to file for certificate revocation list (CRL) for client certs (since 1.4.46) | [[lighttpd:Docs_SSL|Details]] | 
 | ssl.ca-dn-file | path to file for certificate authorities (CA) (but not trusted root CAs) from which client should select client certs (since 1.4.46) | [[lighttpd:Docs_SSL|Details]] | 
 | ssl.cipher-list | Configure the allowed SSL ciphers | [[lighttpd:Docs_SSL|Details]] | 
 | ssl.read-ahead | enable/disable use of SSL read ahead (lighttpd 1.4.45+) (if disable, must be in global scope in lighttpd 1.4.45) | [[lighttpd:Docs_SSL|Details]] | 
 | ssl.honor-cipher-order | enable/disable honoring the order of ciphers set in ssl.cipher-list (set by default when ssl.cipher-list is set)| [[lighttpd:Docs_SSL|Details]] | 
 | ssl.disable-client-renegotiation | enable/disable mitigation of client triggered re-negotiation (see CVE-2009-3555)| [[lighttpd:Docs_SSL|Details]] | 
 | ssl.verifyclient.activate | enable/disable client verification | [[lighttpd:Docs_SSL|Details]] | 
 | ssl.verifyclient.enforce | enable/disable enforcing client verification | [[lighttpd:Docs_SSL|Details]] | 
 | ssl.verifyclient.depth | certificate depth for client verification | [[lighttpd:Docs_SSL|Details]] | 
 | ssl.verifyclient.exportcert | enable/disable client certificate export to env:SSL_CLIENT_CERT | [[lighttpd:Docs_SSL|Details]] | 
 | ssl.verifyclient.username | client certificate entity to export as env:REMOTE_USER (eg. SSL_CLIENT_S_DN_emailAddress, SSL_CLIENT_S_DN_UID, etc.) | [[lighttpd:Docs_SSL|Details]] | 
 | ssl.openssl.ssl-conf-cmd | specify openssl config commands (e.g. ("Protocol" => "-ALL, TLSv1.2") restricts protocol to only TLS 1.2) (since 1.4.48) | [[lighttpd:Docs_SSL|Details]] | 
 | ssl.acme-tls-1 | path to directory containing TLS-ALPN-01 ("acme-tls/1") challenges (Let's Encrypt option) (since 1.4.53)| [[lighttpd:Docs_SSL|Details]] | 



 h2. mod_proxy - proxy 

 *    [[lighttpd:Docs_ModProxy|mod_proxy documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | proxy.server | backend server definition(s) for hosts to which to send requests; [[Docs_ConfigurationOptions#gw_backend-gateway-server-host-options|options]] for each backend host | 
 | proxy.balance | select type of balancing algorithm (fair, least-connection, round-robin, hash, sticky (since 1.4.44)) | 
 | proxy.debug | debug level (value between 0 and 65535) | 
 | proxy.map-extensions | map multiple extensions to the same backend (since 1.4.46) | 
 | proxy.forwarded | append "Forwarded" header (RFC7239) to proxied requests (since 1.4.46) | 
 | proxy.replace-http-host | enable/disable replacing Host header in request to backend with proxy.server label (since 1.4.44) | 
 | proxy.header | options to perform simple remapping of host and URL paths in proxied HTTP headers (since 1.4.46) | 



 h2. mod_redirect - redirect 

 *    [[lighttpd:Docs_ModRedirect|mod_redirect documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description |_. note | 
 | url.redirect | redirects a set of URLs externally | | 
 | url.redirect-code | defines the http code that is sent with the redirect URL | Added in 1.4.31 | 



 h2. mod_rewrite - rewriting 

 *    [[lighttpd:Docs_ModRewrite|mod_rewrite documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | url.rewrite-once | rewrites a set of URLs internally and skip the rest | 
 | url.rewrite-repeat | rewrites a set of URLs internally in the webserver, continue applying rewrite rules | 
 | url.rewrite | same as url.rewrite-once | 
 | url.rewrite-final | same as url.rewrite-once | 
 | url.rewrite-[repeat-]if-not-file | rewrites a set of urls internally and checks if files do *not* exist | 



 h2. mod_rrdtool - rrdtool 

 *    [[lighttpd:Docs_ModRRDTool|mod_rrdtool    documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | rrdtool.db-name | filename of the rrd-database | 
 | rrdtool.binary | path to the rrdtool binary | 



 h2. mod_scgi - SCGI 

 *    [[lighttpd:Docs_ModSCGI|mod_scgi documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | scgi.server | backend server definition(s) for hosts to which to send requests; [[Docs_ConfigurationOptions#gw_backend-gateway-server-host-options|options]] for each backend host | 
 | scgi.balance | select type of balancing algorithm (fair, least-connection, round-robin, hash, sticky (since 1.4.46)) | 
 | scgi.debug | debug level (value between 0 and 65535) | 
 | scgi.map-extensions | map multiple extensions to the same backend (since 1.4.46) | 
 | scgi.protocol | protocol between lighttpd and backend server ("scgi" (default) or "uwsgi") (since 1.4.42) | 



 h2. mod_secdownload - secure and fast download 

 *    [[lighttpd:Docs_ModSecDownload|mod_secdownload documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | secdownload.document-root | path to the download area | 
 | secdownload.timeout | how long in seconds is the secret valid | 
 | secdownload.uri-prefix | prefix to url for download | 
 | secdownload.secret | Secret string that will be used for the checksum calculation | 
 | secdownload.algorithm | hash algorithm: "md5", "hmac-sha1", or "hmac-sha256" | 
 | secdownload.path-segments | include only given number of path segments in hash digest calculation (since 1.4.46) | 
 | secdownload.hash-querystr | include the query string in the hash digest calculation ("enable" or "disable") (since 1.4.46) | 



 h2. mod_setenv - set HTTP Environment 

 *    [[lighttpd:Docs_ModSetEnv|mod_setenv documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | setenv.add-request-header | adds a value to the HTTP request _received from_ the client | 
 | setenv.set-request-header | sets a value to the HTTP request _received from_ the client (since 1.4.46) | 
 | setenv.add-environment | adds a value to the process environment passed to external (backend) applications | 
 | setenv.set-environment | sets a value to the process environment passed to external (backend) applications (since 1.4.46) | 
 | setenv.add-response-header | adds a header to the HTTP response _sent to_ the client | 
 | setenv.set-response-header | sets a header to the HTTP response _sent to_ the client (since 1.4.46) | 



 h2. mod_simple_vhost - simple virtual host 

 *    [[lighttpd:Docs_ModSimpleVhost|mod_simple_vhost documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | simple-vhost.document-root | path below the vhost directory | 
 | simple-vhost.server-root | root of the virtual host | 
 | simple-vhost.default-host | use this hostname if the requested hostname does not have its own directory | 
 | simple-vhost.debug | debug simple vhosts module | 


 h2. mod_sockproxy - transparent socket proxy 

 *    [[lighttpd:Docs_ModSockProxy|mod_sockproxy documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | sockproxy.server | backend server definition(s) for hosts to which to send requests; [[Docs_ConfigurationOptions#gw_backend-gateway-server-host-options|options]] for each backend host | 
 | sockproxy.balance | select type of balancing algorithm (fair, least-connection, round-robin, hash, sticky (since 1.4.44)) | 
 | sockproxy.debug | debug level (value between 0 and 65535) | 




 h2. mod_ssi - server side includes 

 *    [[lighttpd:Docs_ModSSI|mod_ssi documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | ssi.extension | extension of files processed by mod_ssi | 
 | ssi.content-type | specify Content-Type response header for SSI pages | 
 | ssi.conditional-requests | enable/disable conditional request caching including generating ETag and Last-Modified response headers | 
 | ssi.exec | enable/disable #exec cmd="..." | 
 | ssi.recursion-max | max recursion depth for #include virtual="..." SSI processing (0 is disabled (default)) (since 1.4.44) | 



 h2. mod_staticfile - serve files 

 *    [[lighttpd:Docs_ModStaticFile|mod_staticfile documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | static-file.disable-pathinfo | do not handle as static file if path-info is present after file name | 
 | static-file.etags | Determines if ETags are generated or not | 
 | static-file.exclude-extensions | forbid access to the source of some types of files by extension | 



 h2. mod_status - server status 

 *    [[lighttpd:Docs_ModStatus|mod_status documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | status.config-url | relative URL for the config page which displays the loaded modules | 
 | status.statistics-url | relative URL for a plain-text page containing the internal statistics | 
 | status.enable-sort | add JavaScript which allows client-side sorting for the connection overview | 
 | status.status-url | relative URL which is used to retrieve the status-page | 



 h2. mod_trigger_b4_dl - trigger before download 

 *    [[lighttpd:Docs_ModTriggerBeforeDownload|mod_trigger_b4_dl    documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | trigger-before-download.trigger-url | url for trigger pages | 
 | trigger-before-download.trigger-timeout | time for download link to live | 
 | trigger-before-download.download-url | url for downloads | 
 | trigger-before-download.deny-url | url to show when visitor denied a download | 
 | trigger-before-download.gdbm-filename | path to gdm file | 
 | trigger-before-download.memcache-hosts | hosts for the memcache.* functions | 
 | trigger-before-download.memcache-namespace | (not used yet) | 
 | trigger-before-download.debug |    | 



 h2. mod_userdir - user directories 

 *    [[lighttpd:Docs_ModUserDir|mod_userdir    documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | userdir.basepath | if set, don't check /etc/passwd for homedir | 
 | userdir.exclude-user | list of usernames which may not use this feature | 
 | userdir.path | usually it should be set to "public_html" to take ~/public_html/ as the document root | 
 | userdir.include-user | if set, only users from this list may use the feature | 



 h2. mod_uploadprogress - upload progress 

 *    [[lighttpd:Docs_ModUploadProgress|mod_uploadprogress documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | upload-progress.progress-url |    | 



 h2.    mod_usertrack - user track (cookies) 

 *    [[lighttpd:Docs_ModUserTrack|mod_usertrack documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | usertrack.cookie-name | default "TRACKID" | 
 | usertrack.cookie-attrs | cookie attributes (path, domain, max-age, secure, HttpOnly, etc) (since 1.4.46) | 
 |    ~~'_usertrack.cookiename_'~~    |    (deprecated) | 
 | usertrack.cookie-domain | (deprecated; subsumed by usertrack.cookie-attrs since lighttpd 1.4.46) | 
 | usertrack.cookie-max-age | (deprecated; subsumed by usertrack.cookie-attrs since lighttpd 1.4.46) | 



 h2.    mod_vhostdb - virtual host database 

 *    [[lighttpd:Docs_ModVhostDB|mod_vhostdb documentation]] (since lighttpd 1.4.46) 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | vhostdb.backend | "dbi", "ldap", "mysql", or "pgsql" | 
 | vhostdb.dbi | | 
 | vhostdb.ldap | | 
 | vhostdb.mysql | | 
 | vhostdb.pgsql | | 



 h2. mod_webdav - WebDAV 

 *    [[lighttpd:Docs_ModWebDAV|mod_webdav documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | webdav.activate | enable/disable WebDAV | 
 | webdav.is-readonly | enable/disable read only | 
 | webdav.sqlite-db-name | pathname to SQLite database | 
 | webdav.log-xml | Log the XML Request bodies for debugging | 



 h2. mod_wstunnel - WebSocket tunnel 

 *    [[lighttpd:Docs_ModWStunnel|mod_wstunnel documentation]] (since 1.4.46) 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | wstunnel.server | backend server definition(s) for hosts to which to send requests; [[Docs_ConfigurationOptions#gw_backend-gateway-server-host-options|options]] for each backend host | 
 | wstunnel.balance | load-balancing algorithm for backends ("fair", "least-connection", "round-robin", "hash", or "sticky") | 
 | wstunnel.debug | debug level (value between 0 and 65535) | 
 | wstunnel.frame-type | websocket frame type: "text" or "binary" | 
 | wstunnel.map-extensions | map multiple extensions to the same backend | 
 | wstunnel.origins | list of permitted origins in Origin request header (optional) | 
 | wstunnel.ping-interval | send websocket PING frame at given interval in sec (default 0; none sent) | 

 h2. gw_backend - gateway *.server host options 

 *    (e.g. dynamic backends @fastcgi.server@, @scgi.server@, @proxy.server@, @wstunnel.server@, @ajp13.server@) 
    (Additional explanation of options can be found in the related [[Docs_ModFastCGI#Options|mod_fastcgi options]]) 

 table{margin-left: 4em}. 
 |_.*.server option |_. description | 
 | host | ip of the backend process (DNS name is resolved to first IP at lighttpd startup (since 1.4.46)) | 
 | port | tcp-port on the "host" used by the backend process | 
 | socket | path to the unix-domain socket | 
 | bin-path | path to the local backend binary which should be started if no local backend is running | 
 | bin-environment | set environment of backend binary | 
 | bin-copy-environment | copy environment from server for backend binary | 
 | disable-time | time to wait before a disabled backend is checked again | 
 | idle-timeout | number of seconds before a unused process gets terminated | 
 | kill-signal | signal to send backend on server shutdown (for backend daemons started by lighttpd) (since 1.4.46; since 1.4.14 for mod_fastcgi) | 
 | listen-backlog | listen backlog queue size (for backend daemons started by lighttpd) (since 1.4.40) | 
 | max-load-per-proc | maximum number of waiting processes on average per process before a new process is spawned (since 1.4.46) | 
 | max-procs | upper limit of processes to start (default: 4) | 
 | min-procs | sets the minimum processes to start (default: same as max-procs) (since 1.4.46) | 

 *    (e.g. dynamic backends (HTTP-like) @fastcgi.server@, @scgi.server@, @proxy.server@, @ajp13.server@) 

 table{margin-left: 4em}. 
 |_.*.server option |_. description | 
 | x-sendfile | controls if X-Sendfile header is allowed (since 1.4.40) | 
 | x-sendfile-docroot | limits the directory trees permitted for use with X-Sendfile response header (since 1.4.40) | 

 *    (e.g. dynamic backends (CGI-like) @fastcgi.server@, @scgi.server@) 

 table{margin-left: 4em}. 
 |_.*.server option |_. description | 
 | check-local | enable/disable check for requested file in document root (default: enabled) | 
 | docroot | docroot on the remote host | 
 | broken-scriptfilename | breaks SCRIPT_FILENAME in a way that PHP can extract PATH_INFO from it | 
 | fix-root-scriptname | use this for backends with extension "/" (and check-local is disabled) (since 1.4.23) | 
 | strip-request-uri | strip part of request-uri | 
 | mode | FastCGI protocol mode. Default is "responder", also "authorizer" mode is implemented (since 1.4.46; available in mod_fastcgi in earlier versions) |