Docs ConfigurationOptions » History » Revision 153
Revision 152 (gstrauss, 2021-08-03 20:22) → Revision 153/175 (gstrauss, 2021-08-04 00:28)
h1. Configuration File Options
Here you will find a list of all available configuration lighttpd. They are grouped by module, and a link to each module configuration will provide with more detail information about each option, as well as examples, and other guidelines.
Modules must be listed in @server.modules@ or else options from that module will be recognized by lighttpd. e.g. @server.modules += ("mod_example")@ (The only exceptions are the three core modules that lighttpd loads by default: mod_indexfile, mod_dirlisting, mod_staticfile)
{{>toc}}
h2. Lighttpd Core
table{margin-left: 2em}.
|_.option |_. description |_. details |
| server.name | name of the server/virtual server | [[server_nameDetails|Details]] |
| server.document-root | document-root of the webserver | [[server_document-rootDetails|Details]] |
| server.error-handler | uri to call if non-dynamic (not CGI or proxy) request results in http status >= 400 (overrides error-handler-404) (since 1.4.40) | Details commit:dbdab5db |
| server.error-handler-404 | uri to call if non-dynamic (not CGI or proxy) request results in a 403 or 404 | [[server_error-handler-404Details|Details]] |
| server.errorfile-prefix | path prefix for special status codes pages | [[server_errorfile-prefixDetails|Details]] |
| server.error-intercept | enable/disable intercepting HTTP error pages from dynamic handlers by server.error* (since 1.4.46) | |
table{margin-left: 2em}.
| server.bind | IP address, hostname or absolute path to the unix-domain socket (default: "*") | [[server_bindDetails|Details]] |
| server.port | port to which to bind when IP address specified in server.bind (default: 80) | |
| server.network-backend | basic network interface for all platforms at the syscalls read() and write() | [[server_network-backendDetails|Details]] |
| server.listen-backlog | listen backlog queue size | Details commit:71ed1912 |
| server.bsd-accept-filter | listen socket *BSD accept() filter ("httpready" or "dataready") | Details commit:4eeeb8fc |
| server.defer-accept | listen socket Linux TCP_DEFER_ACCEPT ("enable" or "disable") | |
| server.use-ipv6 | bind to the IPv6 socket | [[Server_use-ipv6Details|Details]] |
| server.socket-perms | permissions to set on listening unix domain socket, e.g. "0770" (since 1.4.46) | Details #656 |
| server.systemd-socket-activation | systemd socket activation ("enable" or "disable") (since 1.4.53) | |
table{margin-left: 2em}.
| server.modules | modules to load | [[server_modulesDetails|Details]] |
| server.compat-module-load | enable/disable load of default and compatibility modules (default: "enable") | |
| server.errorlog | pathname of the error-log | [[server_errorlogDetails|Details]] |
| server.errorlog-use-syslog | send errorlog to syslog | [[server_errorlog-use-syslogDetails|Details]] |
| server.syslog-facility | syslog facility (default: "daemon") (since 1.4.46) | |
| server.breakagelog | redirect stderr for lighttpd and all forked apps (e.g. CGI) | [[server_errorlogDetails|Details]] |
| server.event-handler | set the event handler | [[server_event-handlerDetails|Details]] |
| server.stat-cache-engine | select stat() call caching | [[server_stat-cache-engineDetails|Details]] |
| server.username | username used to run the server | [[server_usernameDetails|Details]] |
| server.groupname | groupname used to run the server | [[server_groupnameDetails|Details]] |
| server.chroot | root-directory of the server | [[server_chrootDetails|Details]] |
| server.core-files | enable core files | [[server_core-filesDetails|Details]] |
| server.pid-file | set the name and location of the .pid-file | [[server_pid-fileDetails|Details]] |
table{margin-left: 2em}.
| server.feature-flags | server-wide feature control for selected features (since 1.4.56)| [[server_feature-flagsDetails|Details]] |
| server.http-parseopts | HTTP request parsing and normalization options (since 1.4.50) | [[server_http-parseoptsDetails|Details]] |
| server.http-parseopt-header-strict | restrict chars permitted in HTTP headers | Details commit:b47494d4 |
| server.http-parseopt-host-strict | restrict chars permitted in HTTP Host header | Details commit:b47494d4 |
| server.http-parseopt-host-normalize | normalize HTTP Host header | Details commit:b47494d4 |
| server.protocol-http11 | defines if HTTP/1.1 is allowed or not | [[server_protocol-http11Details|Details]] |
| server.range-requests | defines if range requests are allowed or not | [[server_range-requestsDetails|Details]] |
| server.reject-expect-100-with-417 | setting to disable returning of a 417 if "Expect: 100-continue" header (no-op since 1.4.46)| |
| server.tag | set the string returned by the server | [[server_use-tagDetails|Details]] |
table{margin-left: 2em}.
| server.stream-request-body | stream request body to backend | [[server_stream-request-bodyDetails|Details]] |
| server.stream-response-body | stream response body to client | [[server_stream-response-bodyDetails|Details]] |
| server.chunkqueue-chunk-sz | default chunk buffer size, rounded up to nearest power-of-2 (default 8k; minimum 1k) | |
table{margin-left: 2em}.
| connection.kbytes-per-second | limit the throughput for each single connection to the given limit in kbyte/s | [[lighttpd:Docs_TrafficShaping|Details]] |
| server.kbytes-per-second | limit the throughput for all connections to the given limit in kbyte/s | [[lighttpd:Docs_TrafficShaping|Details]] |
| server.max-connections | maximum connections | [[server_max-connectionsDetails|Details]] |
| server.max-fds | maximum number of file descriptors | [[server_max-fdsDetails|Details]] |
| server.max-keep-alive-idle | maximum number of seconds until a idling keep-alive connection is dropped | [[server_max-keep-alive-idleDetails|Details]] |
| server.max-keep-alive-requests | maximum number of request within a keep-alive session | [[server_max-keep-alive-requestsDetails|Details]] |
| server.max-read-idle | maximum number of seconds until a waiting, non keep-alive read times out and closes the connection | [[server_max-read-idleDetails|Details]] |
| server.max-request-size | maximum size in kbytes of the request | [[server_max-request-sizeDetails|Details]] |
| server.max-request-field-size | maximum size of the request header (in bytes) | |
| server.max-worker | number of worker processes to spawn | [[server_max-workerDetails|Details]] |
| server.max-write-idle | maximum number of seconds until a waiting write call times out | [[server_max-write-idleDetails|Details]] |
table{margin-left: 2em}.
| server.follow-symlink | allow to follow-symlinks | [[server_follow-symlinksDetails|Details]] |
| server.force-lowercase-filenames | enable force all filenames to lowercase | |
| server.upload-dirs | path to upload directory | [[server_upload-dirsDetails|Details]] |
table{margin-left: 2em}.
| etag.use-inode | Determines if inode-value is used in ETag generation | [[etag_use-inodeDetails|Details]] |
| etag.use-mtime | Determines if mtime-value is used in ETag generation | [[etag_use-mtimeDetails|Details]] |
| etag.use-size | Determines if size-value is used in ETag generation | [[etag_use-sizeDetails|Details]] |
table{margin-left: 2em}.
| mimetype.assign | list of known mimetype mappings | [[mimetype_assignDetails|Details]] |
| mimetype.use-xattr | try to use XFS-style extended attribute interface for retreiving the Content-Type | [[mimetype_use-xattrDetails|Details]] |
| mimetype.xattr-name | name of XFS-style extended attribute to use for retreiving the Content-Type | [[mimetype_use-xattrDetails|Details]] |
h3. Core Debug Info
* [[DebugVariables|Debug Variable Information]]
table{margin-left: 2em}.
|_.option |_. description |
| debug.log-request-header | log all request headers |
| debug.log-file-not-found | log if a file was not found |
| debug.log-condition-handling | log conditionals handling for debugging |
| debug.log-request-header-on-error | log request header and additional error trace, but only when there is an error |
| debug.log-request-handling | log request handling inside lighttpd |
| debug.log-state-handling | log state handling inside lighttpd |
| debug.log-response-header | log the header we send out to the client |
| debug.log-ssl-noise | log some ssl warnings we hide by default (ssl handshake, unknown/bad certificate) |
h2. mod_access - access restrictions
* [[lighttpd:Docs_ModAccess|mod_access documentation]]
table{margin-left: 2em}.
|_.option |_. description |
| url.access-allow | Allows access only to files with any of given trailing path names (since 1.4.40) |
| url.access-deny | Denies access to all files with any of given trailing path names |
h2. mod_accesslog - access log files
* [[lighttpd:Docs_ModAccessLog|mod_accesslog documentation]]
table{margin-left: 2em}.
|_.option |_. description |
| accesslog.format | the format of the logfile |
| accesslog.filename | name of the file where the accesslog should be written to if syslog is not used |
| accesslog.use-syslog | send the accesslog to syslog |
| accesslog.syslog-level | numerical value used as syslog log level |
h2. mod_alias - directory aliases
* [[lighttpd:Docs_ModAlias|mod_alias documentation]]
table{margin-left: 2em}.
|_.option |_. description |
| alias.url | rewrites the document-root for a URL-subset |
h2. mod_auth - authentication
* [[lighttpd:Docs_ModAuth|mod_auth documentation]]
table{margin-left: 2em}.
|_.option |_. description |
| auth.backend | type of authentication backend |
| auth.require | set restriction method |
| auth.extern-authn | check REMOTE_USER (if set) against require rules prior to applying auth.backend (since 1.4.46)|
| auth.backend.plain.userfile | path to plain userfile |
| auth.backend.plain.groupfile | path to plain groupfile |
| auth.backend.htdigest.userfile | path to htdigest userfile |
| auth.backend.htpasswd.userfile | path to htpassword userfile |
| auth.backend.gssapi.keytab | |
| auth.backend.gssapi.principal | |
| auth.backend.ldap.hostname | hostname of ldap server |
| auth.backend.ldap.starttls | |
| auth.backend.ldap.filter | |
| auth.backend.ldap.bind-pw | |
| auth.backend.ldap.ca-file | |
| auth.backend.ldap.base-dn | |
| auth.backend.ldap.bind-dn | |
| auth.backend.ldap.groupmember | (since 1.4.46) |
| auth.backend.mysql.host | (mysql default if not specified) |
| auth.backend.mysql.user | (mysql default if not specified) |
| auth.backend.mysql.pass | (mysql default if not specified) |
| auth.backend.mysql.db | (mysql default if not specified) |
| auth.backend.mysql.port | (mysql default if not specified) |
| auth.backend.mysql.socket | (mysql default if not specified) |
| auth.backend.mysql.users_table | database table name (required) |
| auth.backend.mysql.col_user | (default: "user") |
| auth.backend.mysql.col_pass | (default: "password") |
| auth.backend.mysql.col_realm | (default: "realm") |
table{margin-left: 4em}.
|_.auth.require option |_. description |
| method | type of authentication ("digest" or "basic") |
| realm | authentication realm |
| require | "valid-user" to allow any valid user, or a list of user=username separated by pipe symbols |
h2. mod_deflate - dynamic compression
* [[Mod_Deflate|mod_deflate documentation]] (available since lighttpd 1.4.42)
table{margin-left: 2em}.
|_.option |_. description |
| deflate.mimetypes | mimetype listing to be compressed, matched to prefix of Content-Type |
| deflate.allowed-encodings | encodings enabled ("gzip", "bzip2", "deflate") |
| deflate.max-compress-size | maximum size document to compress |
| deflate.min-compress-size | minimum size document before compressing |
| deflate.compression-level | level of compression |
| deflate.output-buffer-size | size of buffer for compression |
| deflate.work-block-size | minimum block size for compression |
| deflate.max-loadavg | max system loadavg before bypassing compression, e.g. "3.50" (since 1.4.43) |
h2. mod_dirlisting - directory listing
* [[lighttpd:Docs_ModDirlisting|mod_dirlisting documentation]]
table{margin-left: 2em}.
|_.option |_. description |
| dir-listing.activate | enables virtual directory listings if a directory is requested no index-file was found |
| dir-listing.cache | directory listing caching parameters (lighttpd 1.4.60) |
| dir-listing.external-css | URL path to an external css stylesheet for the directory listing |
| dir-listing.external-js | URL path to an external js script, e.g. for client side directory list sorting (lighttpd 1.4.42) |
| dir-listing.encoding | set a encoding for the generated directory listing |
| dir-listing.hide-dotfiles | if enabled, does not list hidden files in directory listings generated by the dir-listing option |
| dir-listing.show-header | include HEADER.txt files above the directory listing (since 1.4.43: user-specified file name) |
| dir-listing.hide-header-file | enables hide header file from directory listing |
| dir-listing.show-readme | include README.txt files below the directory listing (since 1.4.43: user-specified file name) |
| dir-listing.hide-readme-file | enables displaying readme file in directory listing |
| dir-listing.exclude | files that match any of the specified regular expressions will be excluded from listings |
| dir-listing.set-footer | displays a string in the footer of a listing page |
| server.dir-listing | enable/disable directory listing (deprecated; see dir-listing.activate) |
h2. mod_evasive - evasive
* [[lighttpd:Docs_ModEvasive|mod_evasive documentation]]
table{margin-left: 2em}.
|_.option |_. description |
| evasive.max-conns-per-ip | upper limit of number of connections per ip allowed |
| evasive.silent | no logging |
h2. mod_evhost - enhanced virtual host
* [[lighttpd:Docs_ModEVhost|mod_evhost documentation]]
table{margin-left: 2em}.
|_.option |_. description |
| evhost.path-pattern | pattern with wildcards to be replace to build a documentroot |
h2. mod_expire - cached expiration
* [[lighttpd:Docs_ModExpire|mod_expire documentation]]
table{margin-left: 2em}.
|_.option |_. description |
| expire.url | assignes an expiration to all files below the specified path |
| expire.mimetypes | assignes an expiration to all responses with Content-Type prefix matching the listed mimetypes (since 1.4.43) |
h2. mod_extforward - use X-Forwarded-For (or Forwarded)
* [[DocsModExtForward|mod_extforward documentation]]
p((. extract the client's "real" IP from X-Forwarded-For (or Forwarded) header
table{margin-left: 2em}.
|_.option |_. description |
| extforward.forwarder | set trust level of proxy ip's |
| extforward.hap-PROXY | enable HAProxy PROXY protocol (since 1.4.46) |
| extforward.hap-PROXY-ssl-client-verify | enable setting SSL_CLIENT_VERIFY from HAProxy PROXY protocol (since 1.4.46) |
| extforward.headers | set of request headers to search, e.g. "Forwarded" or "X-Forwarded-For" |
| extforward.params | configure additional values to take from "Forwarded" header (since 1.4.46) |
h2. mod_indexfile - directory index file
* [[lighttpd:Docs_ModIndexfile|mod_indexfile documentation]]
table{margin-left: 2em}.
|_.option |_. description |_. details |
| index-file.names | list of files to search for if a directory is requested | [[index-file-names_Details|Details]] |
h2. mod_magnet - request manipulation using Lua
* [[lighttpd:Docs_ModMagnet|mod_magnet documentation]]
table{margin-left: 2em}.
|_.option |_. description |
| magnet.attract-raw-url-to | attract request before lighttpd tries to find a physical file (but after rewrite) |
| magnet.attract-physical-path-to | attract request after doc-root is known and the physical-path is already setup |
h2. mod_redirect - redirect
* [[lighttpd:Docs_ModRedirect|mod_redirect documentation]]
table{margin-left: 2em}.
|_.option |_. description |_. note |
| url.redirect | redirects a set of URLs externally | |
| url.redirect-code | defines the http code that is sent with the redirect URL | Added in 1.4.31 |
h2. mod_rewrite - rewriting
* [[lighttpd:Docs_ModRewrite|mod_rewrite documentation]]
table{margin-left: 2em}.
|_.option |_. description |
| url.rewrite-once | rewrites a set of URLs internally and skip the rest |
| url.rewrite-repeat | rewrites a set of URLs internally in the webserver, continue applying rewrite rules |
| url.rewrite | same as url.rewrite-once |
| url.rewrite-final | same as url.rewrite-once |
| url.rewrite-[repeat-]if-not-file | rewrites a set of urls internally and checks if files do *not* exist |
h2. mod_rrdtool - rrdtool
* [[lighttpd:Docs_ModRRDTool|mod_rrdtool documentation]]
table{margin-left: 2em}.
|_.option |_. description |
| rrdtool.db-name | filename of the rrd-database |
| rrdtool.binary | path to the rrdtool binary |
h2. mod_secdownload - secure and fast download
* [[lighttpd:Docs_ModSecDownload|mod_secdownload documentation]]
table{margin-left: 2em}.
|_.option |_. description |
| secdownload.document-root | path to the download area |
| secdownload.timeout | how long in seconds is the secret valid |
| secdownload.uri-prefix | prefix to url for download |
| secdownload.secret | Secret string that will be used for the checksum calculation |
| secdownload.algorithm | hash algorithm: "md5", "hmac-sha1", or "hmac-sha256" |
| secdownload.path-segments | include only given number of path segments in hash digest calculation (since 1.4.46) |
| secdownload.hash-querystr | include the query string in the hash digest calculation ("enable" or "disable") (since 1.4.46) |
h2. mod_setenv - set HTTP Environment
* [[lighttpd:Docs_ModSetEnv|mod_setenv documentation]]
table{margin-left: 2em}.
|_.option |_. description |
| setenv.add-request-header | adds a value to the HTTP request _received from_ the client |
| setenv.set-request-header | sets a value to the HTTP request _received from_ the client (since 1.4.46) |
| setenv.add-environment | adds a value to the process environment passed to external (backend) applications |
| setenv.set-environment | sets a value to the process environment passed to external (backend) applications (since 1.4.46) |
| setenv.add-response-header | adds a header to the HTTP response _sent to_ the client |
| setenv.set-response-header | sets a header to the HTTP response _sent to_ the client (since 1.4.46) |
h2. mod_simple_vhost - simple virtual host
* [[lighttpd:Docs_ModSimpleVhost|mod_simple_vhost documentation]]
table{margin-left: 2em}.
|_.option |_. description |
| simple-vhost.document-root | path below the vhost directory |
| simple-vhost.server-root | root of the virtual host |
| simple-vhost.default-host | use this hostname if the requested hostname does not have its own directory |
| simple-vhost.debug | debug simple vhosts module |
h2. mod_ssi - server side includes
* [[lighttpd:Docs_ModSSI|mod_ssi documentation]]
table{margin-left: 2em}.
|_.option |_. description |
| ssi.extension | extension of files processed by mod_ssi |
| ssi.content-type | specify Content-Type response header for SSI pages |
| ssi.conditional-requests | enable/disable conditional request caching including generating ETag and Last-Modified response headers |
| ssi.exec | enable/disable #exec cmd="..." |
| ssi.recursion-max | max recursion depth for #include virtual="..." SSI processing (0 is disabled (default)) (since 1.4.44) |
h2. mod_staticfile - serve static files
* [[lighttpd:Docs_ModStaticFile|mod_staticfile documentation]]
table{margin-left: 2em}.
|_.option |_. description |
| static-file.disable-pathinfo | do not handle as static file if path-info is present after file name |
| static-file.etags | Determines if ETags are generated or not |
| static-file.exclude-extensions | forbid access to the source of some types of files by extension |
h2. mod_status - server status
* [[lighttpd:Docs_ModStatus|mod_status documentation]]
table{margin-left: 2em}.
|_.option |_. description |
| status.config-url | relative URL for the config page which displays the loaded modules |
| status.statistics-url | relative URL for a plain-text page containing the internal statistics |
| status.enable-sort | add JavaScript which allows client-side sorting for the connection overview |
| status.status-url | relative URL which is used to retrieve the status-page |
h2. mod_trigger_b4_dl - trigger before download
* [[lighttpd:Docs_ModTriggerBeforeDownload|mod_trigger_b4_dl documentation]]
table{margin-left: 2em}.
|_.option |_. description |
| trigger-before-download.trigger-url | url for trigger pages |
| trigger-before-download.trigger-timeout | time for download link to live |
| trigger-before-download.download-url | url for downloads |
| trigger-before-download.deny-url | url to show when visitor denied a download |
| trigger-before-download.gdbm-filename | path to gdm file |
| trigger-before-download.memcache-hosts | hosts for the memcache.* functions |
| trigger-before-download.memcache-namespace | (not used yet) |
| trigger-before-download.debug | |
h2. mod_userdir - user directories
* [[lighttpd:Docs_ModUserDir|mod_userdir documentation]]
table{margin-left: 2em}.
|_.option |_. description |
| userdir.basepath | if set, don't check /etc/passwd for homedir |
| userdir.exclude-user | list of usernames which may not use this feature |
| userdir.path | usually it should be set to "public_html" to take ~/public_html/ as the document root |
| userdir.include-user | if set, only users from this list may use the feature |
h2. mod_uploadprogress - upload progress
* [[lighttpd:Docs_ModUploadProgress|mod_uploadprogress documentation]]
table{margin-left: 2em}.
|_.option |_. description |
| upload-progress.progress-url | |
h2. mod_usertrack - user track (cookies)
* [[lighttpd:Docs_ModUserTrack|mod_usertrack documentation]]
table{margin-left: 2em}.
|_.option |_. description |
| usertrack.cookie-name | default "TRACKID" |
| usertrack.cookie-attrs | cookie attributes (path, domain, max-age, secure, HttpOnly, etc) (since 1.4.46) |
| ~~'_usertrack.cookiename_'~~ | (deprecated) |
| usertrack.cookie-domain | (deprecated; subsumed by usertrack.cookie-attrs since lighttpd 1.4.46) |
| usertrack.cookie-max-age | (deprecated; subsumed by usertrack.cookie-attrs since lighttpd 1.4.46) |
h2. mod_vhostdb - virtual host database
* [[lighttpd:Docs_ModVhostDB|mod_vhostdb documentation]] (since lighttpd 1.4.46)
table{margin-left: 2em}.
|_.option |_. description |
| vhostdb.backend | "dbi", "ldap", "mysql", or "pgsql" |
| vhostdb.dbi | |
| vhostdb.ldap | |
| vhostdb.mysql | |
| vhostdb.pgsql | |
h2. mod_webdav - WebDAV
* [[lighttpd:Docs_ModWebDAV|mod_webdav documentation]]
table{margin-left: 2em}.
|_.option |_. description |
| webdav.activate | enable/disable WebDAV |
| webdav.is-readonly | enable/disable read only |
| webdav.sqlite-db-name | pathname to SQLite database |
| webdav.log-xml | Log the XML Request bodies for debugging |
.
h1. Gateways
.
h2. mod_ajp13 - Apache JServ Protocol version 1.3 (AJP13)
* [[lighttpd:Docs_ModAJP13|mod_ajp13 documentation]] (available since lighttpd 1.4.59)
table{margin-left: 2em}.
|_.option |_. description |
| ajp13.server | backend server definition(s) for hosts to which to send requests; [[Docs_ConfigurationOptions#gw_backend-gateway-server-host-options|options]] for each backend host |
| ajp13.balance | select type of balancing algorithm (fair, least-connection, round-robin, hash, sticky) |
| ajp13.debug | debug level (value between 0 and 65535) |
h2. mod_cgi - cgi
* [[lighttpd:Docs_ModCGI|mod_cgi documentation]]
table{margin-left: 2em}.
|_.option |_. description |
| cgi.assign | assign cgi handler to an extension |
| cgi.execute-x-only | requires +x for cgi scripts |
| cgi.local-redir | local-redir optimization (since 1.4.46) |
| cgi.upgrade | support for Upgrade: websocket (since 1.4.46) |
| cgi.x-sendfile | controls if X-Sendfile header is allowed |
| cgi.x-sendfile-docroot | limits the directory trees permitted for use with X-Sendfile response header |
| cgi.limits | list of limits to apply to CGI ([[lighttpd:Docs_ModCGI#Options|mod_cgi options]]) (since 1.4.60) |
h2. mod_fastcgi - fastcgi
* [[lighttpd:Docs_ModFastCGI|mod_fastcgi documentation]]
table{margin-left: 2em}.
|_.option |_. description |
| fastcgi.server | backend server definition(s) for hosts to which to send requests; [[Docs_ConfigurationOptions#gw_backend-gateway-server-host-options|options]] for each backend host |
| fastcgi.balance | select type of balancing algorithm (fair, least-connection, round-robin, hash, sticky (since 1.4.46)) |
| fastcgi.debug | debug level (value between 0 and 65535) |
| fastcgi.map-extensions | map multiple extensions to the same backend |
h2. mod_proxy - proxy
* [[lighttpd:Docs_ModProxy|mod_proxy documentation]]
table{margin-left: 2em}.
|_.option |_. description |
| proxy.server | backend server definition(s) for hosts to which to send requests; [[Docs_ConfigurationOptions#gw_backend-gateway-server-host-options|options]] for each backend host |
| proxy.balance | select type of balancing algorithm (fair, least-connection, round-robin, hash, sticky (since 1.4.44)) |
| proxy.debug | debug level (value between 0 and 65535) |
| proxy.map-extensions | map multiple extensions to the same backend (since 1.4.46) |
| proxy.forwarded | append "Forwarded" header (RFC7239) to proxied requests (since 1.4.46) |
| proxy.replace-http-host | enable/disable replacing Host header in request to backend with proxy.server label (since 1.4.44) |
| proxy.header | options to perform simple remapping of host and URL paths in proxied HTTP headers (since 1.4.46) |
h2. mod_scgi - SCGI
* [[lighttpd:Docs_ModSCGI|mod_scgi documentation]]
table{margin-left: 2em}.
|_.option |_. description |
| scgi.server | backend server definition(s) for hosts to which to send requests; [[Docs_ConfigurationOptions#gw_backend-gateway-server-host-options|options]] for each backend host |
| scgi.balance | select type of balancing algorithm (fair, least-connection, round-robin, hash, sticky (since 1.4.46)) |
| scgi.debug | debug level (value between 0 and 65535) |
| scgi.map-extensions | map multiple extensions to the same backend (since 1.4.46) |
| scgi.protocol | protocol between lighttpd and backend server ("scgi" (default) or "uwsgi") (since 1.4.42) |
h2. mod_sockproxy - transparent socket proxy
* [[lighttpd:Docs_ModSockProxy|mod_sockproxy documentation]]
table{margin-left: 2em}.
|_.option |_. description |
| sockproxy.server | backend server definition(s) for hosts to which to send requests; [[Docs_ConfigurationOptions#gw_backend-gateway-server-host-options|options]] for each backend host |
| sockproxy.balance | select type of balancing algorithm (fair, least-connection, round-robin, hash, sticky (since 1.4.44)) |
| sockproxy.debug | debug level (value between 0 and 65535) |
h2. mod_wstunnel - WebSocket tunnel
* [[lighttpd:Docs_ModWStunnel|mod_wstunnel documentation]] (since 1.4.46)
table{margin-left: 2em}.
|_.option |_. description |
| wstunnel.server | backend server definition(s) for hosts to which to send requests; [[Docs_ConfigurationOptions#gw_backend-gateway-server-host-options|options]] for each backend host |
| wstunnel.balance | load-balancing algorithm for backends ("fair", "least-connection", "round-robin", "hash", or "sticky") |
| wstunnel.debug | debug level (value between 0 and 65535) |
| wstunnel.frame-type | websocket frame type: "text" or "binary" |
| wstunnel.map-extensions | map multiple extensions to the same backend |
| wstunnel.origins | list of permitted origins in Origin request header (optional) |
| wstunnel.ping-interval | send websocket PING frame at given interval in sec (default 0; none sent) |
h2. gw_backend - gateway *.server host options
* (e.g. dynamic backends @fastcgi.server@, @scgi.server@, @proxy.server@, @wstunnel.server@, @ajp13.server@)
(Additional explanation of options can be found in the related [[Docs_ModFastCGI#Options|mod_fastcgi options]])
table{margin-left: 4em}.
|_.*.server option |_. description |
| host | ip of the backend process (DNS name is resolved to first IP at lighttpd startup (since 1.4.46)) |
| port | tcp-port on the "host" used by the backend process (starting port number; incremented for each "max-procs" > 1 when "bin-path" is set) |
| socket | path to the unix-domain socket |
| bin-path | path to the local backend binary which should be started if no local backend is running |
| bin-environment | set environment of backend binary |
| bin-copy-environment | copy environment from server for backend binary |
| disable-time | time to wait before a disabled backend is checked again |
| idle-timeout | number of seconds before a unused process gets terminated |
| kill-signal | signal to send backend on server shutdown (for backend daemons started by lighttpd) (since 1.4.46; since 1.4.14 for mod_fastcgi) |
| listen-backlog | listen backlog queue size (for backend daemons started by lighttpd) (since 1.4.40) |
| max-load-per-proc | maximum number of waiting processes on average per process before a new process is spawned (since 1.4.46) |
| max-procs | upper limit of processes to start (default: 4) |
| min-procs | sets the minimum processes to start (default: same as max-procs) (since 1.4.46) |
| connect-timeout | number of seconds before aborting @connect()@ to backend (default: 0; no timeout) (since 1.4.60) |
| write-timeout| number of seconds before aborting when trying to write to backend (default: 0; no timeout) (since 1.4.60) |
| read-timeout | number of seconds before aborting when trying to read from backend (default: 0; no timeout) (since 1.4.60) |
* (e.g. dynamic backends (HTTP-like) @fastcgi.server@, @scgi.server@, @proxy.server@, @ajp13.server@)
table{margin-left: 4em}.
|_.*.server option |_. description |
| x-sendfile | controls if X-Sendfile header is allowed (since 1.4.40) |
| x-sendfile-docroot | limits the directory trees permitted for use with X-Sendfile response header (since 1.4.40) |
* (e.g. dynamic backends (CGI-like) @fastcgi.server@, @scgi.server@)
table{margin-left: 4em}.
|_.*.server option |_. description |
| check-local | enable/disable check for requested file in document root (default: enabled) |
| docroot | docroot on the remote host |
| broken-scriptfilename | breaks SCRIPT_FILENAME in a way that PHP can extract PATH_INFO from it |
| fix-root-scriptname | use this for backends with extension "/" (and check-local is disabled) (since 1.4.23) |
| strip-request-uri | strip part of request-uri |
| mode | FastCGI protocol mode. Default is "responder", also "authorizer" mode is implemented (since 1.4.46; available in mod_fastcgi in earlier versions) |
.
h1. TLS / SSL
.
h2. mod_openssl - TLS/SSL using OpenSSL
* [[lighttpd:Docs_SSL|mod_openssl documentation]]
part of mod_openssl (since 1.4.46), though ssl.* directives are available in earlier versions, built-in to the lighttpd core
table{margin-left: 2em}.
|_.option |_. description |_. details |
| ssl.engine | enable/disable ssl engine | [[lighttpd:Docs_SSL|Details]] |
| ssl.pemfile | path to the PEM file for SSL support | [[lighttpd:Docs_SSL|Details]] |
| ssl.privkey | path to the PEM file private key (since 1.4.53) | [[lighttpd:Docs_SSL|Details]] |
| ssl.openssl.ssl-conf-cmd | specify openssl config commands (e.g. ("Protocol" => "-ALL, TLSv1.2") restricts protocol to only TLS 1.2) (since 1.4.48) | [[lighttpd:Docs_SSL|Details]] |
| ssl.stek-file | path to file containing binary session ticket encryption key (STEK) (global setting) (since 1.4.56) | [[lighttpd:Docs_SSL#Session-Tickets|Session Tickets]] |
| ssl.acme-tls-1 | path to directory containing TLS-ALPN-01 ("acme-tls/1") challenges (Let's Encrypt option) (since 1.4.53)| [[lighttpd:Docs_SSL|Details]] |
| ssl.read-ahead | enable/disable use of SSL read ahead (lighttpd 1.4.45+) (if disable, must be in global scope in lighttpd 1.4.45) | [[lighttpd:Docs_SSL|Details]] |
| ssl.verifyclient.activate | enable/disable client verification | [[lighttpd:Docs_SSL|Details]] |
| ssl.verifyclient.ca-file | path to file for certificate authorities (CA) used for client certificate verification (since 1.4.60) (@ssl.ca-file@ before 1.4.60) | [[lighttpd:Docs_SSL|Details]] |
| ssl.verifyclient.ca-dn-file | path to file for certificate authorities (CA) from which client should select client certs (if needed) (since 1.4.60) (@ssl.ca-dn-file@ since 1.4.46 and before 1.4.60) | [[lighttpd:Docs_SSL|Details]] |
| ssl.verifyclient.ca-crl-file | path to file for certificate revocation list (CRL) for client certificate (since 1.4.60) (@ssl.ca-crl-file@ since 1.4.46 and before 1.4.60) | [[lighttpd:Docs_SSL|Details]] |
| ssl.verifyclient.enforce | enable/disable enforcing client verification | [[lighttpd:Docs_SSL|Details]] |
| ssl.verifyclient.depth | certificate depth for client verification | [[lighttpd:Docs_SSL|Details]] |
| ssl.verifyclient.exportcert | enable/disable client certificate export to env:SSL_CLIENT_CERT | [[lighttpd:Docs_SSL|Details]] |
| ssl.verifyclient.username | client certificate entity to export as env:REMOTE_USER (eg. SSL_CLIENT_S_DN_emailAddress, SSL_CLIENT_S_DN_UID, etc.) | [[lighttpd:Docs_SSL|Details]] |
| ssl.cipher-list | Configure the allowed SSL ciphers | [[lighttpd:Docs_SSL|Details]] |
| ssl.honor-cipher-order | enable/disable honoring the order of ciphers set in ssl.cipher-list (set by default when ssl.cipher-list is set)| [[lighttpd:Docs_SSL|Details]] |
| ssl.disable-client-renegotiation | enable/disable mitigation of client triggered re-negotiation (see CVE-2009-3555)| [[lighttpd:Docs_SSL|Details]] |
h2. mod_gnutls - TLS/SSL using GnuTLS
(available since lighttpd 1.4.56)
same directives as [[#mod_openssl-TLSSSL-using-openssl|mod_openssl]]
h2. mod_mbedtls - TLS/SSL using mbedTLS
(available since lighttpd 1.4.56)
same directives as [[#mod_openssl-TLSSSL-using-openssl|mod_openssl]]
h2. mod_nss - TLS/SSL using NSS
(available since lighttpd 1.4.56)
same directives as [[#mod_openssl-TLSSSL-using-openssl|mod_openssl]]
h2. mod_wolfssl - TLS/SSL using wolfSSL
(available since lighttpd 1.4.56)
same directives as [[#mod_openssl-TLSSSL-using-openssl|mod_openssl]]
.
h1. Deprecated
.
h2. mod_cml - Cache Meta Language
[[Docs_ModMagnet#Porting-mod_cml-scripts|porting mod_cml scripts to mod_magnet]]
* [[lighttpd:Docs_ModCML|mod_cml documentation]]
table{margin-left: 2em}.
|_.option |_. description |
| cml.memcache-namespace | (not used yet) |
| cml.power-magnet | a cml file that is executed for each request |
| cml.memcache-hosts | hosts for the memcache.* functions |
| cml.extension | the file extension that is bound to the cml-module |
h2. mod_compress - compress output
*DEPRECATED*
[[Docs_ModCompress|mod_compress]] migration path: replace with [[Docs_ModDefalte|mod_deflate]]
rename @compress.*@ options to similar @deflate.*@ options
table{margin-left: 2em}.
|_. mod_compress option |_. mod_deflate option |
| compress.filetype | -> deflate.mimetypes |
| compress.allowed-encodings | -> deflate.allowed-encodings |
| compress.max-filesize | -> deflate.max-compress-size |
| compress.max-loadavg | -> deflate.max-loadavg |
| compress.cache-dir | -> deflate.cache-dir |
* [[lighttpd:Docs_ModCompress|mod_compress documentation]]
* DEPRECATED. Subsumed by [[Docs_ModDeflate|mod_deflate]]
table{margin-left: 2em}.
|_.option |_. description |
| compress.max-filesize | maximum size of the original file to be compressed kBytes |
| compress.cache-dir | name of the directory where compressed content will be cached |
| compress.filetype | mimetypes which might get compressed |
| compress.allowed-encodings | encodings enabled ("gzip", "bzip2", "deflate") |
| compress.max-loadavg | max system loadavg before bypassing compression, e.g. "3.50" (since 1.4.43) |
h2. mod_flv_streaming - flv streaming
*DEPRECATED*
[[Docs_ModFLVStreaming|mod_flv_streaming]] migration path: replace with [[Docs_ModMagnet|mod_magnet]] and flv-streaming.lua ([[AbsoLUAtion#Code-Snippets|lua code snippets]] section "mod_flv_streaming")
Note: Adobe Flash Video (.flv) is deprecated and support has been removed from modern clients
* [[lighttpd:Docs_ModFLVStreaming|mod_flv_streaming documentation]]
table{margin-left: 2em}.
|_.option |_. description |
| flv-streaming.extensions | extensions of flv files (e.g. ".flv") |
"Blog Entry":http://blog.lighttpd.net/articles/2006/03/09/flv-streaming-with-lighttpd
"Flash Video Player 3.5 (Creative Commons)":http://www.jeroenwijering.com/embed/streaming.html
h2. mod_geoip - IP location lookup
*DEPRECATED*
[[Docs_ModGeoIP|mod_geoip]] migration path: replace with [[Docs_ModMaxMindDB|mod_maxminddb]]
@geoip.db-filename@ path to GeoIP Legacy database must be replaced with [[Docs_ModMaxMindDB|mod_maxminddb]] @maxminddb.db@, @maxminddb.env@, @maxminddb.activate@
@geoip.memory-cache@ is obsolete
* [[lighttpd:Docs_ModGeoIP|mod_geoip documentation]]
table{margin-left: 2em}.
|_.option |_. description |
| geoip.db-filename | path to the geoip or geocity database |
| geoip.memory-cache | enable or disable GeoIP memory cache (default disabled) |
h2. mod_mysql_vhost - Mysql virtual hosting
*DEPRECATED*
[[Docs_ModVhostDB|mod_mysql_vhost]] migration path: replace with [[Docs_ModVhostDB|mod_vhostdb_mysql]]
@mysql-vhost.*@ options translate to @vhostdb.mysql = ( ... )@ options
* [[lighttpd:Docs_ModMySQLVhost|mod_mysql_vhost documentation]]
table{margin-left: 2em}.
|_.option |_. description |
| mysql-vhost.hostname | hostname of mysql server |
| mysql-vhost.db | database name |
| mysql-vhost.user | username to access database |
| mysql-vhost.pass | password to access database |
| mysql-vhost.sql | SQL statement to execute to obtain docroot |
| mysql-vhost.port | port where to connect to database |
| mysql-vhost.sock | socket where to connect to database |