Docs ConfigurationOptions » History » Revision 160
Revision 159 (gstrauss, 2021-09-16 09:12) → Revision 160/175 (gstrauss, 2021-09-16 09:13)
h1. Configuration File Options Here you will find a list of all available configuration options in the lighttpd base distribution. They are grouped by module, and a link to each module configuration will provide with more detail information about each option, as well as examples, and other guidelines. While lighttpd has many options, a minimal @lighttpd.conf@ can be as small as one line (@server.document-root = "..."@). For most options, it is recommended that lighttpd defaults be used unless you have a specific reason to change them. Please begin with [[TutorialConfiguration|Configuration: Quick Start]] and [[Docs_Configuration|Configuration: File Syntax]] before perusing below. Modules must be listed in @server.modules@ or else options from that module will not be recognized by lighttpd. e.g. @server.modules += ("mod_example")@ (The only exceptions are the three core modules that lighttpd loads by default: mod_indexfile, mod_dirlisting, mod_staticfile) {{>toc}} h2. Lighttpd Core table{margin-left: 2em}. |_.option |_. description |_. details | | server.name | name of the server/virtual server | [[server_nameDetails|Details]] | | server.document-root | document-root of the webserver | [[server_document-rootDetails|Details]] | | server.error-handler | uri to call if non-dynamic (not CGI or proxy) request results in http status >= 400 (overrides error-handler-404) (since 1.4.40) | Details commit:dbdab5db | | server.error-handler-404 | uri to call if non-dynamic (not CGI or proxy) request results in a 403 or 404 | [[server_error-handler-404Details|Details]] | | server.errorfile-prefix | path prefix for special status codes pages | [[server_errorfile-prefixDetails|Details]] | | server.error-intercept | enable/disable intercepting HTTP error pages from dynamic handlers by server.error* (since 1.4.46) | | table{margin-left: 2em}. | server.bind | IP address, hostname or absolute path to the unix-domain socket (default: "*") | [[server_bindDetails|Details]] | | server.port | port to which to bind when IP address specified in server.bind (default: 80) | | | server.network-backend | basic network interface for all platforms at the syscalls read() and write() | [[server_network-backendDetails|Details]] | | server.listen-backlog | listen backlog queue size | Details commit:71ed1912 | | server.bsd-accept-filter | listen socket *BSD accept() filter ("httpready" or "dataready") | Details commit:4eeeb8fc | | server.defer-accept | listen socket Linux TCP_DEFER_ACCEPT ("enable" or "disable") | | | server.use-ipv6 | bind to the IPv6 socket | [[Server_use-ipv6Details|Details]] | | server.socket-perms | permissions to set on listening unix domain socket, e.g. "0770" (since 1.4.46) | Details #656 | | server.systemd-socket-activation | systemd socket activation ("enable" or "disable") (since 1.4.53) | | table{margin-left: 2em}. | server.modules | modules to load | [[server_modulesDetails|Details]] | | server.compat-module-load | enable/disable load of default and compatibility modules (default: "enable") | | | server.errorlog | pathname of the error-log | [[server_errorlogDetails|Details]] | | server.errorlog-use-syslog | send errorlog to syslog | [[server_errorlog-use-syslogDetails|Details]] | | server.syslog-facility | syslog facility (default: "daemon") (since 1.4.46) | | | server.breakagelog | redirect stderr for lighttpd and all forked apps (e.g. CGI) | [[server_errorlogDetails|Details]] | | server.event-handler | set the event handler | [[server_event-handlerDetails|Details]] | | server.stat-cache-engine | select stat() call caching | [[server_stat-cache-engineDetails|Details]] | | server.username | username used to run the server | [[server_usernameDetails|Details]] | | server.groupname | groupname used to run the server | [[server_groupnameDetails|Details]] | | server.chroot | root-directory of the server | [[server_chrootDetails|Details]] | | server.core-files | enable core files | [[server_core-filesDetails|Details]] | | server.pid-file | set the name and location of the .pid-file | [[server_pid-fileDetails|Details]] | table{margin-left: 2em}. | server.feature-flags | server-wide feature control for selected features (since 1.4.56)| [[server_feature-flagsDetails|Details]] | | server.http-parseopts | HTTP request parsing and normalization options (since 1.4.50) | [[server_http-parseoptsDetails|Details]] | | server.http-parseopt-header-strict | restrict chars permitted in HTTP headers | Details commit:b47494d4 | | server.http-parseopt-host-strict | restrict chars permitted in HTTP Host header | Details commit:b47494d4 | | server.http-parseopt-host-normalize | normalize HTTP Host header | Details commit:b47494d4 | | server.protocol-http11 | defines if HTTP/1.1 is allowed or not | [[server_protocol-http11Details|Details]] | | server.range-requests | defines if range requests are allowed or not | [[server_range-requestsDetails|Details]] | | server.reject-expect-100-with-417 | setting to disable returning of a 417 if "Expect: 100-continue" header (no-op since 1.4.46)| | | server.tag | set the string returned by the server | [[server_use-tagDetails|Details]] | table{margin-left: 2em}. | server.stream-request-body | stream request body to backend | [[server_stream-request-bodyDetails|Details]] | | server.stream-response-body | stream response body to client | [[server_stream-response-bodyDetails|Details]] | | server.chunkqueue-chunk-sz | default chunk buffer size, rounded up to nearest power-of-2 (default 8k; minimum 1k) | | table{margin-left: 2em}. | connection.kbytes-per-second | limit the throughput for each single connection to the given limit in kbyte/s | [[lighttpd:Docs_TrafficShaping|Details]] | | server.kbytes-per-second | limit the throughput for all connections to the given limit in kbyte/s | [[lighttpd:Docs_TrafficShaping|Details]] | | server.max-connections | maximum connections | [[server_max-connectionsDetails|Details]] | | server.max-fds | maximum number of file descriptors | [[server_max-fdsDetails|Details]] | | server.max-keep-alive-idle | maximum number of seconds until a idling keep-alive connection is dropped | [[server_max-keep-alive-idleDetails|Details]] | | server.max-keep-alive-requests | maximum number of request within a keep-alive session | [[server_max-keep-alive-requestsDetails|Details]] | | server.max-read-idle | maximum number of seconds until a waiting, non keep-alive read times out and closes the connection | [[server_max-read-idleDetails|Details]] | | server.max-request-size | maximum size in kbytes of the request | [[server_max-request-sizeDetails|Details]] | | server.max-request-field-size | maximum size of the request header (in bytes) | | | server.max-worker | number of worker processes to spawn | [[server_max-workerDetails|Details]] | | server.max-write-idle | maximum number of seconds until a waiting write call times out | [[server_max-write-idleDetails|Details]] | table{margin-left: 2em}. | server.follow-symlink | allow to follow-symlinks | [[server_follow-symlinksDetails|Details]] | | server.force-lowercase-filenames | enable force all filenames to lowercase | | | server.upload-dirs | path to upload directory | [[server_upload-dirsDetails|Details]] | | server.upload-temp-file-size | max (fuzzy) size of each temporary file (default: 1 MB) | | table{margin-left: 2em}. | etag.use-inode | Determines if inode-value is used in ETag generation | [[etag_use-inodeDetails|Details]] | | etag.use-mtime | Determines if mtime-value is used in ETag generation | [[etag_use-mtimeDetails|Details]] | | etag.use-size | Determines if size-value is used in ETag generation | [[etag_use-sizeDetails|Details]] | table{margin-left: 2em}. | mimetype.assign | list of known mimetype mappings | [[mimetype_assignDetails|Details]] | | mimetype.use-xattr | try to use XFS-style extended attribute interface for retreiving the Content-Type | [[mimetype_use-xattrDetails|Details]] | | mimetype.xattr-name | name of XFS-style extended attribute to use for retreiving the Content-Type | [[mimetype_use-xattrDetails|Details]] | h3. Core Debug Info * [[DebugVariables|Debug Variable Information]] table{margin-left: 2em}. |_.option |_. description | | debug.log-request-header | log all request headers | | debug.log-file-not-found | log if a file was not found | | debug.log-condition-handling | log conditionals handling for debugging | | debug.log-request-header-on-error | log request header and additional error trace, but only when there is an error | | debug.log-request-handling | log request handling inside lighttpd | | debug.log-state-handling | log state handling inside lighttpd | | debug.log-response-header | log the header we send out to the client | | debug.log-ssl-noise | log some ssl warnings we hide by default (ssl handshake, unknown/bad certificate) | h2. mod_access - access restrictions * [[lighttpd:Docs_ModAccess|mod_access documentation]] table{margin-left: 2em}. |_.option |_. description | | url.access-allow | Allows access only to files with any of given trailing path names (since 1.4.40) | | url.access-deny | Denies access to all files with any of given trailing path names | h2. mod_accesslog - access log files * [[lighttpd:Docs_ModAccessLog|mod_accesslog documentation]] table{margin-left: 2em}. |_.option |_. description | | accesslog.format | the format of the logfile | | accesslog.filename | name of the file where the accesslog should be written to if syslog is not used | | accesslog.use-syslog | send the accesslog to syslog | | accesslog.syslog-level | numerical value used as syslog log level | h2. mod_alias - directory aliases * [[lighttpd:Docs_ModAlias|mod_alias documentation]] table{margin-left: 2em}. |_.option |_. description | | alias.url | rewrites the document-root for a URL-subset | h2. mod_auth - authentication * [[lighttpd:Docs_ModAuth|mod_auth documentation]] table{margin-left: 2em}. |_.option |_. description | | auth.backend | type of authentication backend | | auth.require | set restriction method | | auth.extern-authn | check REMOTE_USER (if set) against require rules prior to applying auth.backend (since 1.4.46)| | auth.backend.plain.userfile | path to plain userfile | | auth.backend.plain.groupfile | path to plain groupfile | | auth.backend.htdigest.userfile | path to htdigest userfile | | auth.backend.htpasswd.userfile | path to htpassword userfile | | auth.backend.* | (see [[lighttpd:Docs_ModAuth|mod_auth documentation]] for gssapi, ldap, pam, sasl, ...) | table{margin-left: 4em}. |_.auth.require option |_. description | | method | type of authentication ("digest" or "basic") | | realm | authentication realm | | require | "valid-user" to allow any valid user, or a list of user=username separated by pipe symbols | h2. mod_deflate - dynamic compression * [[Mod_Deflate|mod_deflate documentation]] (available since lighttpd 1.4.42) table{margin-left: 2em}. |_.option |_. description | | deflate.mimetypes | mimetype listing to be compressed, matched to prefix of Content-Type | | deflate.allowed-encodings | encodings enabled ("gzip", "bzip2", "deflate") | | deflate.max-compress-size | maximum size document to compress | | deflate.min-compress-size | minimum size document before compressing | | deflate.compression-level | level of compression | | deflate.output-buffer-size | size of buffer for compression | | deflate.work-block-size | minimum block size for compression | | deflate.max-loadavg | max system loadavg before bypassing compression, e.g. "3.50" (since 1.4.43) | h2. mod_dirlisting - directory listing * [[lighttpd:Docs_ModDirlisting|mod_dirlisting documentation]] table{margin-left: 2em}. |_.option |_. description | | dir-listing.activate | enables virtual directory listings if a directory is requested no index-file was found | | dir-listing.cache | directory listing caching parameters (lighttpd 1.4.60) | | dir-listing.external-css | URL path to an external css stylesheet for the directory listing | | dir-listing.external-js | URL path to an external js script, e.g. for client side directory list sorting (lighttpd 1.4.42) | | dir-listing.encoding | set a encoding for the generated directory listing | | dir-listing.hide-dotfiles | if enabled, does not list hidden files in directory listings generated by the dir-listing option | | dir-listing.show-header | include HEADER.txt files above the directory listing (since 1.4.43: user-specified file name) | | dir-listing.hide-header-file | enables hide header file from directory listing | | dir-listing.show-readme | include README.txt files below the directory listing (since 1.4.43: user-specified file name) | | dir-listing.hide-readme-file | enables displaying readme file in directory listing | | dir-listing.exclude | files that match any of the specified regular expressions will be excluded from listings | | dir-listing.set-footer | displays a string in the footer of a listing page | | server.dir-listing | enable/disable directory listing (deprecated; see dir-listing.activate) | h2. mod_evasive - evasive * [[lighttpd:Docs_ModEvasive|mod_evasive documentation]] table{margin-left: 2em}. |_.option |_. description | | evasive.max-conns-per-ip | upper limit of number of connections per ip allowed | | evasive.silent | no logging | h2. mod_evhost - enhanced virtual host * [[lighttpd:Docs_ModEVhost|mod_evhost documentation]] table{margin-left: 2em}. |_.option |_. description | | evhost.path-pattern | pattern with wildcards to be replace to build a documentroot | h2. mod_expire - cached expiration * [[lighttpd:Docs_ModExpire|mod_expire documentation]] table{margin-left: 2em}. |_.option |_. description | | expire.url | assignes an expiration to all files below the specified path | | expire.mimetypes | assignes an expiration to all responses with Content-Type prefix matching the listed mimetypes (since 1.4.43) | h2. mod_extforward - use X-Forwarded-For (or Forwarded) * [[DocsModExtForward|mod_extforward documentation]] p((. extract the client's "real" IP from X-Forwarded-For (or Forwarded) header table{margin-left: 2em}. |_.option |_. description | | extforward.forwarder | set trust level of proxy ip's | | extforward.hap-PROXY | enable HAProxy PROXY protocol (since 1.4.46) | | extforward.hap-PROXY-ssl-client-verify | enable setting SSL_CLIENT_VERIFY from HAProxy PROXY protocol (since 1.4.46) | | extforward.headers | set of request headers to search, e.g. "Forwarded" or "X-Forwarded-For" | | extforward.params | configure additional values to take from "Forwarded" header (since 1.4.46) | h2. mod_indexfile - directory index file * [[lighttpd:Docs_ModIndexfile|mod_indexfile documentation]] table{margin-left: 2em}. |_.option |_. description | | index-file.names | list of files to search for if a directory is requested | h2. mod_magnet - request manipulation using Lua * [[lighttpd:Docs_ModMagnet|mod_magnet documentation]] table{margin-left: 2em}. |_.option |_. description | | magnet.attract-raw-url-to | attract request before lighttpd tries to find a physical file (but after rewrite) | | magnet.attract-physical-path-to | attract request after doc-root is known and the physical-path is already setup | h2. mod_redirect - redirect * [[lighttpd:Docs_ModRedirect|mod_redirect documentation]] table{margin-left: 2em}. |_.option |_. description |_. note | | url.redirect | redirects a set of URLs externally | | | url.redirect-code | defines the http code that is sent with the redirect URL | Added in 1.4.31 | h2. mod_rewrite - rewriting * [[lighttpd:Docs_ModRewrite|mod_rewrite documentation]] table{margin-left: 2em}. |_.option |_. description | | url.rewrite-once | rewrites a set of URLs internally and skip the rest | | url.rewrite-repeat | rewrites a set of URLs internally in the webserver, continue applying rewrite rules | | url.rewrite | same as url.rewrite-once | | url.rewrite-final | same as url.rewrite-once | | url.rewrite-[repeat-]if-not-file | rewrites a set of urls internally and checks if files do *not* exist | h2. mod_rrdtool - rrdtool * [[lighttpd:Docs_ModRRDTool|mod_rrdtool documentation]] table{margin-left: 2em}. |_.option |_. description | | rrdtool.db-name | filename of the rrd-database | | rrdtool.binary | path to the rrdtool binary | h2. mod_secdownload - secure and fast download * [[lighttpd:Docs_ModSecDownload|mod_secdownload documentation]] table{margin-left: 2em}. |_.option |_. description | | secdownload.document-root | path to the download area | | secdownload.timeout | how long in seconds is the secret valid | | secdownload.uri-prefix | prefix to url for download | | secdownload.secret | Secret string that will be used for the checksum calculation | | secdownload.algorithm | hash algorithm: "md5", "hmac-sha1", or "hmac-sha256" | | secdownload.path-segments | include only given number of path segments in hash digest calculation (since 1.4.46) | | secdownload.hash-querystr | include the query string in the hash digest calculation ("enable" or "disable") (since 1.4.46) | h2. mod_setenv - set HTTP Environment * [[lighttpd:Docs_ModSetEnv|mod_setenv documentation]] table{margin-left: 2em}. |_.option |_. description | | setenv.add-request-header | adds a value to the HTTP request _received from_ the client | | setenv.set-request-header | sets a value to the HTTP request _received from_ the client (since 1.4.46) | | setenv.add-environment | adds a value to the process environment passed to external (backend) applications | | setenv.set-environment | sets a value to the process environment passed to external (backend) applications (since 1.4.46) | | setenv.add-response-header | adds a header to the HTTP response _sent to_ the client | | setenv.set-response-header | sets a header to the HTTP response _sent to_ the client (since 1.4.46) | h2. mod_simple_vhost - simple virtual host * [[lighttpd:Docs_ModSimpleVhost|mod_simple_vhost documentation]] table{margin-left: 2em}. |_.option |_. description | | simple-vhost.document-root | path below the vhost directory | | simple-vhost.server-root | root of the virtual host | | simple-vhost.default-host | use this hostname if the requested hostname does not have its own directory | | simple-vhost.debug | debug simple vhosts module | h2. mod_ssi - server side includes * [[lighttpd:Docs_ModSSI|mod_ssi documentation]] table{margin-left: 2em}. |_.option |_. description | | ssi.extension | extension of files processed by mod_ssi | | ssi.content-type | specify Content-Type response header for SSI pages | | ssi.conditional-requests | enable/disable conditional request caching including generating ETag and Last-Modified response headers | | ssi.exec | enable/disable #exec cmd="..." | | ssi.recursion-max | max recursion depth for #include virtual="..." SSI processing (0 is disabled (default)) (since 1.4.44) | h2. mod_staticfile - serve static files * [[lighttpd:Docs_ModStaticFile|mod_staticfile documentation]] table{margin-left: 2em}. |_.option |_. description | | static-file.disable-pathinfo | do not handle as static file if path-info is present after file name | | static-file.etags | Determines if ETags are generated or not | | static-file.exclude-extensions | forbid access to the source of some types of files by extension | h2. mod_status - server status * [[lighttpd:Docs_ModStatus|mod_status documentation]] table{margin-left: 2em}. |_.option |_. description | | status.config-url | relative URL for the config page which displays the loaded modules | | status.statistics-url | relative URL for a plain-text page containing the internal statistics | | status.enable-sort | add JavaScript which allows client-side sorting for the connection overview | | status.status-url | relative URL which is used to retrieve the status-page | h2. mod_trigger_b4_dl - trigger before download * [[lighttpd:Docs_ModTriggerBeforeDownload|mod_trigger_b4_dl documentation]] table{margin-left: 2em}. |_.option |_. description | | trigger-before-download.trigger-url | url for trigger pages | | trigger-before-download.trigger-timeout | time for download link to live | | trigger-before-download.download-url | url for downloads | | trigger-before-download.deny-url | url to show when visitor denied a download | | trigger-before-download.gdbm-filename | path to gdm file | | trigger-before-download.memcache-hosts | hosts for the memcache.* functions | | trigger-before-download.memcache-namespace | (not used yet) | | trigger-before-download.debug | | h2. mod_userdir - user directories * [[lighttpd:Docs_ModUserDir|mod_userdir documentation]] table{margin-left: 2em}. |_.option |_. description | | userdir.basepath | if set, don't check /etc/passwd for homedir | | userdir.exclude-user | list of usernames which may not use this feature | | userdir.path | usually it should be set to "public_html" to take ~/public_html/ as the document root | | userdir.include-user | if set, only users from this list may use the feature | h2. mod_uploadprogress - upload progress * [[lighttpd:Docs_ModUploadProgress|mod_uploadprogress documentation]] table{margin-left: 2em}. |_.option |_. description | | upload-progress.progress-url | | h2. mod_usertrack - user track (cookies) * [[lighttpd:Docs_ModUserTrack|mod_usertrack documentation]] table{margin-left: 2em}. |_.option |_. description | | usertrack.cookie-name | default "TRACKID" | | usertrack.cookie-attrs | cookie attributes (path, domain, max-age, secure, HttpOnly, etc) (since 1.4.46) | | ~~'_usertrack.cookiename_'~~ | (deprecated) | | usertrack.cookie-domain | (deprecated; subsumed by usertrack.cookie-attrs since lighttpd 1.4.46) | | usertrack.cookie-max-age | (deprecated; subsumed by usertrack.cookie-attrs since lighttpd 1.4.46) | h2. mod_vhostdb - virtual host database * [[lighttpd:Docs_ModVhostDB|mod_vhostdb documentation]] (since lighttpd 1.4.46) table{margin-left: 2em}. |_.option |_. description | | vhostdb.backend | "dbi", "ldap", "mysql", or "pgsql" | | vhostdb.dbi | | | vhostdb.ldap | | | vhostdb.mysql | | | vhostdb.pgsql | | h2. mod_webdav - WebDAV * [[lighttpd:Docs_ModWebDAV|mod_webdav documentation]] table{margin-left: 2em}. |_.option |_. description | | webdav.activate | enable/disable WebDAV | | webdav.is-readonly | enable/disable read only | | webdav.sqlite-db-name | pathname to SQLite database | | webdav.log-xml | Log the XML Request bodies for debugging | . h1. Gateways . h2. mod_ajp13 - Apache JServ Protocol version 1.3 (AJP13) * [[lighttpd:Docs_ModAJP13|mod_ajp13 documentation]] (available since lighttpd 1.4.59) table{margin-left: 2em}. |_.option |_. description | | ajp13.server | backend server definition(s) for hosts to which to send requests; [[Docs_ConfigurationOptions#gw_backend-gateway-server-host-options|options]] for each backend host | | ajp13.balance | select type of balancing algorithm (fair, least-connection, round-robin, hash, sticky) | | ajp13.debug | debug level (value between 0 and 65535) | h2. mod_cgi - cgi * [[lighttpd:Docs_ModCGI|mod_cgi documentation]] table{margin-left: 2em}. |_.option |_. description | | cgi.assign | assign cgi handler to an extension | | cgi.execute-x-only | requires +x for cgi scripts | | cgi.local-redir | local-redir optimization (since 1.4.46) | | cgi.upgrade | support for Upgrade: websocket (since 1.4.46) | | cgi.x-sendfile | controls if X-Sendfile header is allowed | | cgi.x-sendfile-docroot | limits the directory trees permitted for use with X-Sendfile response header | | cgi.limits | list of limits to apply to CGI ([[lighttpd:Docs_ModCGI#Options|mod_cgi options]]) (since 1.4.60) | h2. mod_fastcgi - fastcgi * [[lighttpd:Docs_ModFastCGI|mod_fastcgi documentation]] table{margin-left: 2em}. |_.option |_. description | | fastcgi.server | backend server definition(s) for hosts to which to send requests; [[Docs_ConfigurationOptions#gw_backend-gateway-server-host-options|options]] for each backend host | | fastcgi.balance | select type of balancing algorithm (fair, least-connection, round-robin, hash, sticky (since 1.4.46)) | | fastcgi.debug | debug level (value between 0 and 65535) | | fastcgi.map-extensions | map multiple extensions to the same backend | h2. mod_proxy - proxy * [[lighttpd:Docs_ModProxy|mod_proxy documentation]] table{margin-left: 2em}. |_.option |_. description | | proxy.server | backend server definition(s) for hosts to which to send requests; [[Docs_ConfigurationOptions#gw_backend-gateway-server-host-options|options]] for each backend host | | proxy.balance | select type of balancing algorithm (fair, least-connection, round-robin, hash, sticky (since 1.4.44)) | | proxy.debug | debug level (value between 0 and 65535) | | proxy.map-extensions | map multiple extensions to the same backend (since 1.4.46) | | proxy.forwarded | append "Forwarded" header (RFC7239) to proxied requests (since 1.4.46) | | proxy.replace-http-host | enable/disable replacing Host header in request to backend with proxy.server label (since 1.4.44) | | proxy.header | options to perform simple remapping of host and URL paths in proxied HTTP headers (since 1.4.46) | h2. mod_scgi - SCGI * [[lighttpd:Docs_ModSCGI|mod_scgi documentation]] table{margin-left: 2em}. |_.option |_. description | | scgi.server | backend server definition(s) for hosts to which to send requests; [[Docs_ConfigurationOptions#gw_backend-gateway-server-host-options|options]] for each backend host | | scgi.balance | select type of balancing algorithm (fair, least-connection, round-robin, hash, sticky (since 1.4.46)) | | scgi.debug | debug level (value between 0 and 65535) | | scgi.map-extensions | map multiple extensions to the same backend (since 1.4.46) | | scgi.protocol | protocol between lighttpd and backend server ("scgi" (default) or "uwsgi") (since 1.4.42) | h2. mod_sockproxy - transparent socket proxy * [[lighttpd:Docs_ModSockProxy|mod_sockproxy documentation]] table{margin-left: 2em}. |_.option |_. description | | sockproxy.server | backend server definition(s) for hosts to which to send requests; [[Docs_ConfigurationOptions#gw_backend-gateway-server-host-options|options]] for each backend host | | sockproxy.balance | select type of balancing algorithm (fair, least-connection, round-robin, hash, sticky (since 1.4.44)) | | sockproxy.debug | debug level (value between 0 and 65535) | h2. mod_wstunnel - WebSocket tunnel * [[lighttpd:Docs_ModWStunnel|mod_wstunnel documentation]] (since 1.4.46) table{margin-left: 2em}. |_.option |_. description | | wstunnel.server | backend server definition(s) for hosts to which to send requests; [[Docs_ConfigurationOptions#gw_backend-gateway-server-host-options|options]] for each backend host | | wstunnel.balance | load-balancing algorithm for backends ("fair", "least-connection", "round-robin", "hash", or "sticky") | | wstunnel.debug | debug level (value between 0 and 65535) | | wstunnel.frame-type | websocket frame type: "text" or "binary" | | wstunnel.map-extensions | map multiple extensions to the same backend | | wstunnel.origins | list of permitted origins in Origin request header (optional) | | wstunnel.ping-interval | send websocket PING frame at given interval in sec (default 0; none sent) | h2. gw_backend - gateway *.server host options * (e.g. dynamic backends @fastcgi.server@, @scgi.server@, @proxy.server@, @wstunnel.server@, @ajp13.server@) (Additional explanation of options can be found in the related [[Docs_ModFastCGI#Options|mod_fastcgi options]]) table{margin-left: 4em}. |_.*.server option |_. description | | host | ip of the backend process (DNS name is resolved to first IP at lighttpd startup (since 1.4.46)) | | port | tcp-port on the "host" used by the backend process (starting port number; incremented for each "max-procs" > 1 when "bin-path" is set) | | socket | path to the unix-domain socket | | bin-path | path to the local backend binary which should be started if no local backend is running | | bin-environment | set environment of backend binary | | bin-copy-environment | copy environment from server for backend binary | | disable-time | time to wait before a disabled backend is checked again | | idle-timeout | number of seconds before a unused process gets terminated | | kill-signal | signal to send backend on server shutdown (for backend daemons started by lighttpd) (since 1.4.46; since 1.4.14 for mod_fastcgi) | | listen-backlog | listen backlog queue size (for backend daemons started by lighttpd) (since 1.4.40) | | max-load-per-proc | maximum number of waiting processes on average per process before a new process is spawned (since 1.4.46) | | max-procs | upper limit of processes to start (default: 4) | | min-procs | sets the minimum processes to start (default: same as max-procs) (since 1.4.46) | | connect-timeout | number of seconds before aborting @connect()@ to backend (default: 8) 8; no timeout) (since 1.4.60) | | write-timeout| number of seconds before aborting when trying to write to backend (default: 0; no timeout) (since 1.4.60) | | read-timeout | number of seconds before aborting when trying to read from backend (default: 0; no timeout) (since 1.4.60) | * (e.g. dynamic backends (HTTP-like) @fastcgi.server@, @scgi.server@, @proxy.server@, @ajp13.server@) table{margin-left: 4em}. |_.*.server option |_. description | | x-sendfile | controls if X-Sendfile header is allowed (since 1.4.40) | | x-sendfile-docroot | limits the directory trees permitted for use with X-Sendfile response header (since 1.4.40) | * (e.g. dynamic backends (CGI-like) @fastcgi.server@, @scgi.server@) table{margin-left: 4em}. |_.*.server option |_. description | | check-local | enable/disable check for requested file in document root (default: enabled) | | docroot | docroot on the remote host | | broken-scriptfilename | breaks SCRIPT_FILENAME in a way that PHP can extract PATH_INFO from it | | fix-root-scriptname | use this for backends with extension "/" (and check-local is disabled) (since 1.4.23) | | strip-request-uri | strip part of request-uri | | mode | FastCGI protocol mode. Default is "responder", also "authorizer" mode is implemented (since 1.4.46; available in mod_fastcgi in earlier versions) | . h1. TLS / SSL . h2. mod_openssl - TLS/SSL using OpenSSL * [[lighttpd:Docs_SSL|mod_openssl documentation]] part of mod_openssl (since 1.4.46), though ssl.* directives are available in earlier versions, built-in to the lighttpd core table{margin-left: 2em}. |_.option |_. description |_. details | | ssl.engine | enable/disable ssl engine | [[lighttpd:Docs_SSL|Details]] | | ssl.pemfile | path to the PEM file for SSL support | [[lighttpd:Docs_SSL|Details]] | | ssl.privkey | path to the PEM file private key (since 1.4.53) | [[lighttpd:Docs_SSL|Details]] | | ssl.openssl.ssl-conf-cmd | specify openssl config commands (e.g. ("Protocol" => "-ALL, TLSv1.2") restricts protocol to only TLS 1.2) (since 1.4.48) | [[lighttpd:Docs_SSL|Details]] | | ssl.stek-file | path to file containing binary session ticket encryption key (STEK) (global setting) (since 1.4.56) | [[lighttpd:Docs_SSL#Session-Tickets|Session Tickets]] | | ssl.acme-tls-1 | path to directory containing TLS-ALPN-01 ("acme-tls/1") challenges (Let's Encrypt option) (since 1.4.53)| [[lighttpd:Docs_SSL|Details]] | | ssl.read-ahead | enable/disable use of SSL read ahead (lighttpd 1.4.45+) (if disable, must be in global scope in lighttpd 1.4.45) | [[lighttpd:Docs_SSL|Details]] | | ssl.verifyclient.activate | enable/disable client verification | [[lighttpd:Docs_SSL|Details]] | | ssl.verifyclient.ca-file | path to file for certificate authorities (CA) used for client certificate verification (since 1.4.60) (@ssl.ca-file@ before 1.4.60) | [[lighttpd:Docs_SSL|Details]] | | ssl.verifyclient.ca-dn-file | path to file for certificate authorities (CA) from which client should select client certs (if needed) (since 1.4.60) (@ssl.ca-dn-file@ since 1.4.46 and before 1.4.60) | [[lighttpd:Docs_SSL|Details]] | | ssl.verifyclient.ca-crl-file | path to file for certificate revocation list (CRL) for client certificate (since 1.4.60) (@ssl.ca-crl-file@ since 1.4.46 and before 1.4.60) | [[lighttpd:Docs_SSL|Details]] | | ssl.verifyclient.enforce | enable/disable enforcing client verification | [[lighttpd:Docs_SSL|Details]] | | ssl.verifyclient.depth | certificate depth for client verification | [[lighttpd:Docs_SSL|Details]] | | ssl.verifyclient.exportcert | enable/disable client certificate export to env:SSL_CLIENT_CERT | [[lighttpd:Docs_SSL|Details]] | | ssl.verifyclient.username | client certificate entity to export as env:REMOTE_USER (eg. SSL_CLIENT_S_DN_emailAddress, SSL_CLIENT_S_DN_UID, etc.) | [[lighttpd:Docs_SSL|Details]] | | ssl.cipher-list | Configure the allowed SSL ciphers | [[lighttpd:Docs_SSL|Details]] | | ssl.honor-cipher-order | enable/disable honoring the order of ciphers set in ssl.cipher-list (set by default when ssl.cipher-list is set)| [[lighttpd:Docs_SSL|Details]] | | ssl.disable-client-renegotiation | enable/disable mitigation of client triggered re-negotiation (see CVE-2009-3555)| [[lighttpd:Docs_SSL|Details]] | h2. mod_gnutls - TLS/SSL using GnuTLS (available since lighttpd 1.4.56) same directives as [[#mod_openssl-TLSSSL-using-openssl|mod_openssl]] h2. mod_mbedtls - TLS/SSL using mbedTLS (available since lighttpd 1.4.56) same directives as [[#mod_openssl-TLSSSL-using-openssl|mod_openssl]] h2. mod_nss - TLS/SSL using NSS (available since lighttpd 1.4.56) same directives as [[#mod_openssl-TLSSSL-using-openssl|mod_openssl]] h2. mod_wolfssl - TLS/SSL using wolfSSL (available since lighttpd 1.4.56) same directives as [[#mod_openssl-TLSSSL-using-openssl|mod_openssl]] . h1. Deprecated . h2. mod_cml - Cache Meta Language *DEPRECATED* [[Docs_ModMagnet#Porting-mod_cml-scripts|porting mod_cml scripts to mod_magnet]] * [[lighttpd:Docs_ModCML|mod_cml documentation]] table{margin-left: 2em}. |_.option |_. description | | cml.memcache-namespace | (not used yet) | | cml.power-magnet | a cml file that is executed for each request | | cml.memcache-hosts | hosts for the memcache.* functions | | cml.extension | the file extension that is bound to the cml-module | h2. mod_compress - compress output *DEPRECATED* [[Docs_ModCompress|mod_compress]] migration path: replace with [[Docs_ModDeflate|mod_deflate]] rename @compress.*@ options to similar @deflate.*@ options table{margin-left: 2em}. |_. mod_compress option |_. mod_deflate option | | compress.filetype | -> deflate.mimetypes | | compress.allowed-encodings | -> deflate.allowed-encodings | | compress.max-filesize | -> deflate.max-compress-size | | compress.max-loadavg | -> deflate.max-loadavg | | compress.cache-dir | -> deflate.cache-dir | * [[lighttpd:Docs_ModCompress|mod_compress documentation]] * DEPRECATED. Subsumed by [[Docs_ModDeflate|mod_deflate]] table{margin-left: 2em}. |_.option |_. description | | compress.max-filesize | maximum size of the original file to be compressed kBytes | | compress.cache-dir | name of the directory where compressed content will be cached | | compress.filetype | mimetypes which might get compressed | | compress.allowed-encodings | encodings enabled ("gzip", "bzip2", "deflate") | | compress.max-loadavg | max system loadavg before bypassing compression, e.g. "3.50" (since 1.4.43) | h2. mod_flv_streaming - flv streaming *DEPRECATED* [[Docs_ModFLVStreaming|mod_flv_streaming]] migration path: replace with [[Docs_ModMagnet|mod_magnet]] and flv-streaming.lua ([[AbsoLUAtion#Code-Snippets|lua code snippets]] section "mod_flv_streaming") Note: Adobe Flash Video (.flv) is deprecated and support has been removed from modern clients * [[lighttpd:Docs_ModFLVStreaming|mod_flv_streaming documentation]] table{margin-left: 2em}. |_.option |_. description | | flv-streaming.extensions | extensions of flv files (e.g. ".flv") | "Blog Entry":http://blog.lighttpd.net/articles/2006/03/09/flv-streaming-with-lighttpd "Flash Video Player 3.5 (Creative Commons)":http://www.jeroenwijering.com/embed/streaming.html h2. mod_geoip - IP location lookup *DEPRECATED* [[Docs_ModGeoIP|mod_geoip]] migration path: replace with [[Docs_ModMaxMindDB|mod_maxminddb]] @geoip.db-filename@ path to GeoIP Legacy database must be replaced with [[Docs_ModMaxMindDB|mod_maxminddb]] @maxminddb.db@, @maxminddb.env@, @maxminddb.activate@ @geoip.memory-cache@ is obsolete * [[lighttpd:Docs_ModGeoIP|mod_geoip documentation]] table{margin-left: 2em}. |_.option |_. description | | geoip.db-filename | path to the geoip or geocity database | | geoip.memory-cache | enable or disable GeoIP memory cache (default disabled) | h2. mod_mysql_vhost - Mysql virtual hosting *DEPRECATED* [[Docs_ModVhostDB|mod_mysql_vhost]] migration path: replace with [[Docs_ModVhostDB|mod_vhostdb_mysql]] @mysql-vhost.*@ options translate to @vhostdb.mysql = ( ... )@ options * [[lighttpd:Docs_ModMySQLVhost|mod_mysql_vhost documentation]] table{margin-left: 2em}. |_.option |_. description | | mysql-vhost.hostname | hostname of mysql server | | mysql-vhost.db | database name | | mysql-vhost.user | username to access database | | mysql-vhost.pass | password to access database | | mysql-vhost.sql | SQL statement to execute to obtain docroot | | mysql-vhost.port | port where to connect to database | | mysql-vhost.sock | socket where to connect to database |