Configuration File Options¶
Here you will find a list of all available configuration lighttpd. They are grouped by module, and a link to each module configuration will provide with more detail information about each option, as well as examples, and other guidelines.
Modules must be listed in server.modules
or else options from that module will be recognized by lighttpd. e.g. server.modules += ("mod_example")
(The only exceptions are the three core modules that lighttpd loads by default: mod_indexfile, mod_dirlisting, mod_staticfile)
Lighttpd Core¶
option |
description |
details |
server.name |
name of the server/virtual server |
Details |
server.document-root |
document-root of the webserver |
Details |
server.error-handler |
uri to call if non-dynamic (not CGI or proxy) request results in http status >= 400 (overrides error-handler-404) (since 1.4.40) |
Details dbdab5db |
server.error-handler-404 |
uri to call if non-dynamic (not CGI or proxy) request results in a 403 or 404 |
Details |
server.errorfile-prefix |
path prefix for special status codes pages |
Details |
server.error-intercept |
enable/disable intercepting HTTP error pages from dynamic handlers by server.error* (since 1.4.46) |
|
server.bind |
IP address, hostname or absolute path to the unix-domain socket (default: "*") |
Details |
server.port |
port to which to bind when IP address specified in server.bind (default: 80) |
|
server.network-backend |
basic network interface for all platforms at the syscalls read() and write() |
Details |
server.listen-backlog |
listen backlog queue size |
Details 71ed1912 |
server.bsd-accept-filter |
listen socket *BSD accept() filter ("httpready" or "dataready") |
Details 4eeeb8fc |
server.defer-accept |
listen socket Linux TCP_DEFER_ACCEPT ("enable" or "disable") |
|
server.use-ipv6 |
bind to the IPv6 socket |
Details |
server.socket-perms |
permissions to set on listening unix domain socket, e.g. "0770" (since 1.4.46) |
Details #656 |
server.systemd-socket-activation |
systemd socket activation ("enable" or "disable") (since 1.4.53) |
|
server.modules |
modules to load |
Details |
server.compat-module-load |
enable/disable load of default and compatibility modules (default: "enable") |
|
server.errorlog |
pathname of the error-log |
Details |
server.errorlog-use-syslog |
send errorlog to syslog |
Details |
server.syslog-facility |
syslog facility (default: "daemon") (since 1.4.46) |
|
server.breakagelog |
redirect stderr for lighttpd and all forked apps (e.g. CGI) |
Details |
server.event-handler |
set the event handler |
Details |
server.stat-cache-engine |
select stat() call caching |
Details |
server.username |
username used to run the server |
Details |
server.groupname |
groupname used to run the server |
Details |
server.chroot |
root-directory of the server |
Details |
server.core-files |
enable core files |
Details |
server.pid-file |
set the name and location of the .pid-file |
Details |
server.feature-flags |
server-wide feature control for selected features (since 1.4.56) |
Details |
server.http-parseopts |
HTTP request parsing and normalization options (since 1.4.50) |
Details |
server.http-parseopt-header-strict |
restrict chars permitted in HTTP headers |
Details b47494d4 |
server.http-parseopt-host-strict |
restrict chars permitted in HTTP Host header |
Details b47494d4 |
server.http-parseopt-host-normalize |
normalize HTTP Host header |
Details b47494d4 |
server.protocol-http11 |
defines if HTTP/1.1 is allowed or not |
Details |
server.range-requests |
defines if range requests are allowed or not |
Details |
server.reject-expect-100-with-417 |
setting to disable returning of a 417 if "Expect: 100-continue" header (no-op since 1.4.46) |
|
server.tag |
set the string returned by the server |
Details |
server.stream-request-body |
stream request body to backend |
Details |
server.stream-response-body |
stream response body to client |
Details |
server.chunkqueue-chunk-sz |
default chunk buffer size, rounded up to nearest power-of-2 (default 8k; minimum 1k) |
|
connection.kbytes-per-second |
limit the throughput for each single connection to the given limit in kbyte/s |
Details |
server.kbytes-per-second |
limit the throughput for all connections to the given limit in kbyte/s |
Details |
server.max-connections |
maximum connections |
Details |
server.max-fds |
maximum number of file descriptors |
Details |
server.max-keep-alive-idle |
maximum number of seconds until a idling keep-alive connection is dropped |
Details |
server.max-keep-alive-requests |
maximum number of request within a keep-alive session |
Details |
server.max-read-idle |
maximum number of seconds until a waiting, non keep-alive read times out and closes the connection |
Details |
server.max-request-size |
maximum size in kbytes of the request |
Details |
server.max-request-field-size |
maximum size of the request header (in bytes) |
|
server.max-worker |
number of worker processes to spawn |
Details |
server.max-write-idle |
maximum number of seconds until a waiting write call times out |
Details |
server.follow-symlink |
allow to follow-symlinks |
Details |
server.force-lowercase-filenames |
enable force all filenames to lowercase |
|
server.upload-dirs |
path to upload directory |
Details |
etag.use-inode |
Determines if inode-value is used in ETag generation |
Details |
etag.use-mtime |
Determines if mtime-value is used in ETag generation |
Details |
etag.use-size |
Determines if size-value is used in ETag generation |
Details |
mimetype.assign |
list of known mimetype mappings |
Details |
mimetype.use-xattr |
try to use XFS-style extended attribute interface for retreiving the Content-Type |
Details |
mimetype.xattr-name |
name of XFS-style extended attribute to use for retreiving the Content-Type |
Details |
Core Debug Info¶
option |
description |
debug.log-request-header |
log all request headers |
debug.log-file-not-found |
log if a file was not found |
debug.log-condition-handling |
log conditionals handling for debugging |
debug.log-request-header-on-error |
log request header and additional error trace, but only when there is an error |
debug.log-request-handling |
log request handling inside lighttpd |
debug.log-state-handling |
log state handling inside lighttpd |
debug.log-response-header |
log the header we send out to the client |
debug.log-ssl-noise |
log some ssl warnings we hide by default (ssl handshake, unknown/bad certificate) |
mod_access - access restrictions¶
option |
description |
url.access-allow |
Allows access only to files with any of given trailing path names (since 1.4.40) |
url.access-deny |
Denies access to all files with any of given trailing path names |
mod_accesslog - access log files¶
option |
description |
accesslog.format |
the format of the logfile |
accesslog.filename |
name of the file where the accesslog should be written to if syslog is not used |
accesslog.use-syslog |
send the accesslog to syslog |
accesslog.syslog-level |
numerical value used as syslog log level |
mod_alias - directory aliases¶
option |
description |
alias.url |
rewrites the document-root for a URL-subset |
mod_auth - authentication¶
option |
description |
auth.backend |
type of authentication backend |
auth.require |
set restriction method |
auth.extern-authn |
check REMOTE_USER (if set) against require rules prior to applying auth.backend (since 1.4.46) |
auth.backend.plain.userfile |
path to plain userfile |
auth.backend.plain.groupfile |
path to plain groupfile |
auth.backend.htdigest.userfile |
path to htdigest userfile |
auth.backend.htpasswd.userfile |
path to htpassword userfile |
auth.backend.gssapi.keytab |
|
auth.backend.gssapi.principal |
|
auth.backend.ldap.hostname |
hostname of ldap server |
auth.backend.ldap.starttls |
|
auth.backend.ldap.filter |
|
auth.backend.ldap.bind-pw |
|
auth.backend.ldap.ca-file |
|
auth.backend.ldap.base-dn |
|
auth.backend.ldap.bind-dn |
|
auth.backend.ldap.groupmember |
(since 1.4.46) |
auth.backend.mysql.host |
(mysql default if not specified) |
auth.backend.mysql.user |
(mysql default if not specified) |
auth.backend.mysql.pass |
(mysql default if not specified) |
auth.backend.mysql.db |
(mysql default if not specified) |
auth.backend.mysql.port |
(mysql default if not specified) |
auth.backend.mysql.socket |
(mysql default if not specified) |
auth.backend.mysql.users_table |
database table name (required) |
auth.backend.mysql.col_user |
(default: "user") |
auth.backend.mysql.col_pass |
(default: "password") |
auth.backend.mysql.col_realm |
(default: "realm") |
auth.require option |
description |
method |
type of authentication ("digest" or "basic") |
realm |
authentication realm |
require |
"valid-user" to allow any valid user, or a list of user=username separated by pipe symbols |
mod_deflate - dynamic compression¶
option |
description |
deflate.mimetypes |
mimetype listing to be compressed, matched to prefix of Content-Type |
deflate.allowed-encodings |
encodings enabled ("gzip", "bzip2", "deflate") |
deflate.max-compress-size |
maximum size document to compress |
deflate.min-compress-size |
minimum size document before compressing |
deflate.compression-level |
level of compression |
deflate.output-buffer-size |
size of buffer for compression |
deflate.work-block-size |
minimum block size for compression |
deflate.max-loadavg |
max system loadavg before bypassing compression, e.g. "3.50" (since 1.4.43) |
mod_dirlisting - directory listing¶
option |
description |
dir-listing.activate |
enables virtual directory listings if a directory is requested no index-file was found |
dir-listing.cache |
directory listing caching parameters (lighttpd 1.4.60) |
dir-listing.external-css |
URL path to an external css stylesheet for the directory listing |
dir-listing.external-js |
URL path to an external js script, e.g. for client side directory list sorting (lighttpd 1.4.42) |
dir-listing.encoding |
set a encoding for the generated directory listing |
dir-listing.hide-dotfiles |
if enabled, does not list hidden files in directory listings generated by the dir-listing option |
dir-listing.show-header |
include HEADER.txt files above the directory listing (since 1.4.43: user-specified file name) |
dir-listing.hide-header-file |
enables hide header file from directory listing |
dir-listing.show-readme |
include README.txt files below the directory listing (since 1.4.43: user-specified file name) |
dir-listing.hide-readme-file |
enables displaying readme file in directory listing |
dir-listing.exclude |
files that match any of the specified regular expressions will be excluded from listings |
dir-listing.set-footer |
displays a string in the footer of a listing page |
server.dir-listing |
enable/disable directory listing (deprecated; see dir-listing.activate) |
mod_evasive - evasive¶
option |
description |
evasive.max-conns-per-ip |
upper limit of number of connections per ip allowed |
evasive.silent |
no logging |
mod_evhost - enhanced virtual host¶
option |
description |
evhost.path-pattern |
pattern with wildcards to be replace to build a documentroot |
mod_expire - cached expiration¶
option |
description |
expire.url |
assignes an expiration to all files below the specified path |
expire.mimetypes |
assignes an expiration to all responses with Content-Type prefix matching the listed mimetypes (since 1.4.43) |
mod_extforward - use X-Forwarded-For (or Forwarded)¶
extract the client's "real" IP from X-Forwarded-For (or Forwarded) header
option |
description |
extforward.forwarder |
set trust level of proxy ip's |
extforward.hap-PROXY |
enable HAProxy PROXY protocol (since 1.4.46) |
extforward.hap-PROXY-ssl-client-verify |
enable setting SSL_CLIENT_VERIFY from HAProxy PROXY protocol (since 1.4.46) |
extforward.headers |
set of request headers to search, e.g. "Forwarded" or "X-Forwarded-For" |
extforward.params |
configure additional values to take from "Forwarded" header (since 1.4.46) |
mod_indexfile - directory index file¶
option |
description |
details |
index-file.names |
list of files to search for if a directory is requested |
Details |
mod_magnet - request manipulation using Lua¶
option |
description |
magnet.attract-raw-url-to |
attract request before lighttpd tries to find a physical file (but after rewrite) |
magnet.attract-physical-path-to |
attract request after doc-root is known and the physical-path is already setup |
mod_redirect - redirect¶
option |
description |
note |
url.redirect |
redirects a set of URLs externally |
|
url.redirect-code |
defines the http code that is sent with the redirect URL |
Added in 1.4.31 |
mod_rewrite - rewriting¶
option |
description |
url.rewrite-once |
rewrites a set of URLs internally and skip the rest |
url.rewrite-repeat |
rewrites a set of URLs internally in the webserver, continue applying rewrite rules |
url.rewrite |
same as url.rewrite-once |
url.rewrite-final |
same as url.rewrite-once |
url.rewrite-[repeat-]if-not-file |
rewrites a set of urls internally and checks if files do not exist |
mod_rrdtool - rrdtool¶
option |
description |
rrdtool.db-name |
filename of the rrd-database |
rrdtool.binary |
path to the rrdtool binary |
mod_secdownload - secure and fast download¶
option |
description |
secdownload.document-root |
path to the download area |
secdownload.timeout |
how long in seconds is the secret valid |
secdownload.uri-prefix |
prefix to url for download |
secdownload.secret |
Secret string that will be used for the checksum calculation |
secdownload.algorithm |
hash algorithm: "md5", "hmac-sha1", or "hmac-sha256" |
secdownload.path-segments |
include only given number of path segments in hash digest calculation (since 1.4.46) |
secdownload.hash-querystr |
include the query string in the hash digest calculation ("enable" or "disable") (since 1.4.46) |
mod_setenv - set HTTP Environment¶
option |
description |
setenv.add-request-header |
adds a value to the HTTP request received from the client |
setenv.set-request-header |
sets a value to the HTTP request received from the client (since 1.4.46) |
setenv.add-environment |
adds a value to the process environment passed to external (backend) applications |
setenv.set-environment |
sets a value to the process environment passed to external (backend) applications (since 1.4.46) |
setenv.add-response-header |
adds a header to the HTTP response sent to the client |
setenv.set-response-header |
sets a header to the HTTP response sent to the client (since 1.4.46) |
mod_simple_vhost - simple virtual host¶
option |
description |
simple-vhost.document-root |
path below the vhost directory |
simple-vhost.server-root |
root of the virtual host |
simple-vhost.default-host |
use this hostname if the requested hostname does not have its own directory |
simple-vhost.debug |
debug simple vhosts module |
mod_ssi - server side includes¶
option |
description |
ssi.extension |
extension of files processed by mod_ssi |
ssi.content-type |
specify Content-Type response header for SSI pages |
ssi.conditional-requests |
enable/disable conditional request caching including generating ETag and Last-Modified response headers |
ssi.exec |
enable/disable #exec cmd="..." |
ssi.recursion-max |
max recursion depth for #include virtual="..." SSI processing (0 is disabled (default)) (since 1.4.44) |
mod_staticfile - serve static files¶
option |
description |
static-file.disable-pathinfo |
do not handle as static file if path-info is present after file name |
static-file.etags |
Determines if ETags are generated or not |
static-file.exclude-extensions |
forbid access to the source of some types of files by extension |
mod_status - server status¶
option |
description |
status.config-url |
relative URL for the config page which displays the loaded modules |
status.statistics-url |
relative URL for a plain-text page containing the internal statistics |
status.enable-sort |
add JavaScript which allows client-side sorting for the connection overview |
status.status-url |
relative URL which is used to retrieve the status-page |
mod_trigger_b4_dl - trigger before download¶
option |
description |
trigger-before-download.trigger-url |
url for trigger pages |
trigger-before-download.trigger-timeout |
time for download link to live |
trigger-before-download.download-url |
url for downloads |
trigger-before-download.deny-url |
url to show when visitor denied a download |
trigger-before-download.gdbm-filename |
path to gdm file |
trigger-before-download.memcache-hosts |
hosts for the memcache.* functions |
trigger-before-download.memcache-namespace |
(not used yet) |
trigger-before-download.debug |
|
mod_userdir - user directories¶
option |
description |
userdir.basepath |
if set, don't check /etc/passwd for homedir |
userdir.exclude-user |
list of usernames which may not use this feature |
userdir.path |
usually it should be set to "public_html" to take ~/public_html/ as the document root |
userdir.include-user |
if set, only users from this list may use the feature |
mod_uploadprogress - upload progress¶
option |
description |
upload-progress.progress-url |
|
mod_usertrack - user track (cookies)¶
option |
description |
usertrack.cookie-name |
default "TRACKID" |
usertrack.cookie-attrs |
cookie attributes (path, domain, max-age, secure, HttpOnly, etc) (since 1.4.46) |
~'_usertrack.cookiename_'~ |
(deprecated) |
usertrack.cookie-domain |
(deprecated; subsumed by usertrack.cookie-attrs since lighttpd 1.4.46) |
usertrack.cookie-max-age |
(deprecated; subsumed by usertrack.cookie-attrs since lighttpd 1.4.46) |
mod_vhostdb - virtual host database¶
option |
description |
vhostdb.backend |
"dbi", "ldap", "mysql", or "pgsql" |
vhostdb.dbi |
|
vhostdb.ldap |
|
vhostdb.mysql |
|
vhostdb.pgsql |
|
mod_webdav - WebDAV¶
option |
description |
webdav.activate |
enable/disable WebDAV |
webdav.is-readonly |
enable/disable read only |
webdav.sqlite-db-name |
pathname to SQLite database |
webdav.log-xml |
Log the XML Request bodies for debugging |
.
Gateways¶
.
mod_ajp13 - Apache JServ Protocol version 1.3 (AJP13)¶
option |
description |
ajp13.server |
backend server definition(s) for hosts to which to send requests; options for each backend host |
ajp13.balance |
select type of balancing algorithm (fair, least-connection, round-robin, hash, sticky) |
ajp13.debug |
debug level (value between 0 and 65535) |
mod_cgi - cgi¶
option |
description |
cgi.assign |
assign cgi handler to an extension |
cgi.execute-x-only |
requires +x for cgi scripts |
cgi.local-redir |
local-redir optimization (since 1.4.46) |
cgi.upgrade |
support for Upgrade: websocket (since 1.4.46) |
cgi.x-sendfile |
controls if X-Sendfile header is allowed |
cgi.x-sendfile-docroot |
limits the directory trees permitted for use with X-Sendfile response header |
cgi.limits |
list of limits to apply to CGI (mod_cgi options) (since 1.4.60) |
mod_fastcgi - fastcgi¶
option |
description |
fastcgi.server |
backend server definition(s) for hosts to which to send requests; options for each backend host |
fastcgi.balance |
select type of balancing algorithm (fair, least-connection, round-robin, hash, sticky (since 1.4.46)) |
fastcgi.debug |
debug level (value between 0 and 65535) |
fastcgi.map-extensions |
map multiple extensions to the same backend |
mod_proxy - proxy¶
option |
description |
proxy.server |
backend server definition(s) for hosts to which to send requests; options for each backend host |
proxy.balance |
select type of balancing algorithm (fair, least-connection, round-robin, hash, sticky (since 1.4.44)) |
proxy.debug |
debug level (value between 0 and 65535) |
proxy.map-extensions |
map multiple extensions to the same backend (since 1.4.46) |
proxy.forwarded |
append "Forwarded" header (RFC7239) to proxied requests (since 1.4.46) |
proxy.replace-http-host |
enable/disable replacing Host header in request to backend with proxy.server label (since 1.4.44) |
proxy.header |
options to perform simple remapping of host and URL paths in proxied HTTP headers (since 1.4.46) |
mod_scgi - SCGI¶
option |
description |
scgi.server |
backend server definition(s) for hosts to which to send requests; options for each backend host |
scgi.balance |
select type of balancing algorithm (fair, least-connection, round-robin, hash, sticky (since 1.4.46)) |
scgi.debug |
debug level (value between 0 and 65535) |
scgi.map-extensions |
map multiple extensions to the same backend (since 1.4.46) |
scgi.protocol |
protocol between lighttpd and backend server ("scgi" (default) or "uwsgi") (since 1.4.42) |
mod_sockproxy - transparent socket proxy¶
option |
description |
sockproxy.server |
backend server definition(s) for hosts to which to send requests; options for each backend host |
sockproxy.balance |
select type of balancing algorithm (fair, least-connection, round-robin, hash, sticky (since 1.4.44)) |
sockproxy.debug |
debug level (value between 0 and 65535) |
mod_wstunnel - WebSocket tunnel¶
option |
description |
wstunnel.server |
backend server definition(s) for hosts to which to send requests; options for each backend host |
wstunnel.balance |
load-balancing algorithm for backends ("fair", "least-connection", "round-robin", "hash", or "sticky") |
wstunnel.debug |
debug level (value between 0 and 65535) |
wstunnel.frame-type |
websocket frame type: "text" or "binary" |
wstunnel.map-extensions |
map multiple extensions to the same backend |
wstunnel.origins |
list of permitted origins in Origin request header (optional) |
wstunnel.ping-interval |
send websocket PING frame at given interval in sec (default 0; none sent) |
gw_backend - gateway *.server host options¶
- (e.g. dynamic backends
fastcgi.server
, scgi.server
, proxy.server
, wstunnel.server
, ajp13.server
)
(Additional explanation of options can be found in the related mod_fastcgi options)
*.server option |
description |
host |
ip of the backend process (DNS name is resolved to first IP at lighttpd startup (since 1.4.46)) |
port |
tcp-port on the "host" used by the backend process (starting port number; incremented for each "max-procs" > 1 when "bin-path" is set) |
socket |
path to the unix-domain socket |
bin-path |
path to the local backend binary which should be started if no local backend is running |
bin-environment |
set environment of backend binary |
bin-copy-environment |
copy environment from server for backend binary |
disable-time |
time to wait before a disabled backend is checked again |
idle-timeout |
number of seconds before a unused process gets terminated |
kill-signal |
signal to send backend on server shutdown (for backend daemons started by lighttpd) (since 1.4.46; since 1.4.14 for mod_fastcgi) |
listen-backlog |
listen backlog queue size (for backend daemons started by lighttpd) (since 1.4.40) |
max-load-per-proc |
maximum number of waiting processes on average per process before a new process is spawned (since 1.4.46) |
max-procs |
upper limit of processes to start (default: 4) |
min-procs |
sets the minimum processes to start (default: same as max-procs) (since 1.4.46) |
connect-timeout |
number of seconds before aborting connect() to backend (default: 0; no timeout) (since 1.4.60) |
write-timeout |
number of seconds before aborting when trying to write to backend (default: 0; no timeout) (since 1.4.60) |
read-timeout |
number of seconds before aborting when trying to read from backend (default: 0; no timeout) (since 1.4.60) |
- (e.g. dynamic backends (HTTP-like)
fastcgi.server
, scgi.server
, proxy.server
, ajp13.server
)
*.server option |
description |
x-sendfile |
controls if X-Sendfile header is allowed (since 1.4.40) |
x-sendfile-docroot |
limits the directory trees permitted for use with X-Sendfile response header (since 1.4.40) |
- (e.g. dynamic backends (CGI-like)
fastcgi.server
, scgi.server
)
*.server option |
description |
check-local |
enable/disable check for requested file in document root (default: enabled) |
docroot |
docroot on the remote host |
broken-scriptfilename |
breaks SCRIPT_FILENAME in a way that PHP can extract PATH_INFO from it |
fix-root-scriptname |
use this for backends with extension "/" (and check-local is disabled) (since 1.4.23) |
strip-request-uri |
strip part of request-uri |
mode |
FastCGI protocol mode. Default is "responder", also "authorizer" mode is implemented (since 1.4.46; available in mod_fastcgi in earlier versions) |
.
TLS / SSL¶
.
mod_openssl - TLS/SSL using OpenSSL¶
part of mod_openssl (since 1.4.46), though ssl.* directives are available in earlier versions, built-in to the lighttpd core
option |
description |
details |
ssl.engine |
enable/disable ssl engine |
Details |
ssl.pemfile |
path to the PEM file for SSL support |
Details |
ssl.privkey |
path to the PEM file private key (since 1.4.53) |
Details |
ssl.openssl.ssl-conf-cmd |
specify openssl config commands (e.g. ("Protocol" => "-ALL, TLSv1.2") restricts protocol to only TLS 1.2) (since 1.4.48) |
Details |
ssl.stek-file |
path to file containing binary session ticket encryption key (STEK) (global setting) (since 1.4.56) |
Session Tickets |
ssl.acme-tls-1 |
path to directory containing TLS-ALPN-01 ("acme-tls/1") challenges (Let's Encrypt option) (since 1.4.53) |
Details |
ssl.read-ahead |
enable/disable use of SSL read ahead (lighttpd 1.4.45+) (if disable, must be in global scope in lighttpd 1.4.45) |
Details |
ssl.verifyclient.activate |
enable/disable client verification |
Details |
ssl.verifyclient.ca-file |
path to file for certificate authorities (CA) used for client certificate verification (since 1.4.60) (ssl.ca-file before 1.4.60) |
Details |
ssl.verifyclient.ca-dn-file |
path to file for certificate authorities (CA) from which client should select client certs (if needed) (since 1.4.60) (ssl.ca-dn-file since 1.4.46 and before 1.4.60) |
Details |
ssl.verifyclient.ca-crl-file |
path to file for certificate revocation list (CRL) for client certificate (since 1.4.60) (ssl.ca-crl-file since 1.4.46 and before 1.4.60) |
Details |
ssl.verifyclient.enforce |
enable/disable enforcing client verification |
Details |
ssl.verifyclient.depth |
certificate depth for client verification |
Details |
ssl.verifyclient.exportcert |
enable/disable client certificate export to env:SSL_CLIENT_CERT |
Details |
ssl.verifyclient.username |
client certificate entity to export as env:REMOTE_USER (eg. SSL_CLIENT_S_DN_emailAddress, SSL_CLIENT_S_DN_UID, etc.) |
Details |
ssl.cipher-list |
Configure the allowed SSL ciphers |
Details |
ssl.honor-cipher-order |
enable/disable honoring the order of ciphers set in ssl.cipher-list (set by default when ssl.cipher-list is set) |
Details |
ssl.disable-client-renegotiation |
enable/disable mitigation of client triggered re-negotiation (see CVE-2009-3555) |
Details |
mod_gnutls - TLS/SSL using GnuTLS¶
(available since lighttpd 1.4.56)
same directives as mod_openssl
mod_mbedtls - TLS/SSL using mbedTLS¶
(available since lighttpd 1.4.56)
same directives as mod_openssl
mod_nss - TLS/SSL using NSS¶
(available since lighttpd 1.4.56)
same directives as mod_openssl
mod_wolfssl - TLS/SSL using wolfSSL¶
(available since lighttpd 1.4.56)
same directives as mod_openssl
.
Deprecated¶
.
mod_cml - Cache Meta Language¶
porting mod_cml scripts to mod_magnet
option |
description |
cml.memcache-namespace |
(not used yet) |
cml.power-magnet |
a cml file that is executed for each request |
cml.memcache-hosts |
hosts for the memcache.* functions |
cml.extension |
the file extension that is bound to the cml-module |
mod_compress - compress output¶
DEPRECATED
mod_compress migration path: replace with mod_deflate
rename compress.*
options to similar deflate.*
options
mod_compress option |
mod_deflate option |
compress.filetype |
-> deflate.mimetypes |
compress.allowed-encodings |
-> deflate.allowed-encodings |
compress.max-filesize |
-> deflate.max-compress-size |
compress.max-loadavg |
-> deflate.max-loadavg |
compress.cache-dir |
-> deflate.cache-dir |
option |
description |
compress.max-filesize |
maximum size of the original file to be compressed kBytes |
compress.cache-dir |
name of the directory where compressed content will be cached |
compress.filetype |
mimetypes which might get compressed |
compress.allowed-encodings |
encodings enabled ("gzip", "bzip2", "deflate") |
compress.max-loadavg |
max system loadavg before bypassing compression, e.g. "3.50" (since 1.4.43) |
mod_flv_streaming - flv streaming¶
DEPRECATED
mod_flv_streaming migration path: replace with mod_magnet and flv-streaming.lua (lua code snippets section "mod_flv_streaming")
Note: Adobe Flash Video (.flv) is deprecated and support has been removed from modern clients
option |
description |
flv-streaming.extensions |
extensions of flv files (e.g. ".flv") |
Blog Entry
Flash Video Player 3.5
mod_geoip - IP location lookup¶
DEPRECATED
mod_geoip migration path: replace with mod_maxminddb
geoip.db-filename
path to GeoIP Legacy database must be replaced with mod_maxminddb maxminddb.db
, maxminddb.env
, maxminddb.activate
geoip.memory-cache
is obsolete
option |
description |
geoip.db-filename |
path to the geoip or geocity database |
geoip.memory-cache |
enable or disable GeoIP memory cache (default disabled) |
mod_mysql_vhost - Mysql virtual hosting¶
DEPRECATED
mod_mysql_vhost migration path: replace with mod_vhostdb_mysql
mysql-vhost.*
options translate to vhostdb.mysql = ( ... )
options
option |
description |
mysql-vhost.hostname |
hostname of mysql server |
mysql-vhost.db |
database name |
mysql-vhost.user |
username to access database |
mysql-vhost.pass |
password to access database |
mysql-vhost.sql |
SQL statement to execute to obtain docroot |
mysql-vhost.port |
port where to connect to database |
mysql-vhost.sock |
socket where to connect to database |