Project

General

Profile

Docs ConfigurationOptions » History » Revision 169

Revision 168 (ellenor2000, 2022-11-16 05:28) → Revision 169/174 (ellenor2000, 2022-11-16 05:29)

h1. Configuration File Options 

 Here you will find a list of all available configuration options in the lighttpd base distribution.    They are grouped by module, and a link to each module configuration will provide with more detail information about each option, as well as examples, and other guidelines.    While lighttpd has many options, a minimal @lighttpd.conf@ can be as small as one line (@server.document-root = "..."@).    For most options, it is recommended that lighttpd defaults be used unless you have a specific reason to change them. 

 Please begin with [[TutorialConfiguration|Configuration: Quick Start]] and [[Docs_Configuration|Configuration: File Syntax]] before perusing below. 

 Modules must be listed in @server.modules@ or else options from that module will not be recognized by lighttpd.    e.g. @server.modules += ("mod_example")@    (The only exceptions are the three core modules that lighttpd loads by default: mod_indexfile, mod_dirlisting, mod_staticfile) 

 Not all lighttpd modules are documented on this page. Modules supplied by the lighttpd project may be documented elsewhere on this wiki; if you know the exact name of the module you need help with (e.g. mod_cgi), use the wiki's search engine in titles-only mode (after making a search query, uncheck the "search all text" checkbox and check the "search titles only" checkbox), and remove all underscores from its name, or replace them with spaces, and you should find what you are looking for (e.g. searching for "ModCGI": https://redmine.lighttpd.net/projects/lighttpd/search?utf8=%E2%9C%93&q=ModCGI&scope=subprojects&all_words=&titles_only=&titles_only=1&wiki_pages=1&attachments=0&options=0&commit=Search). [[https://redmine.lighttpd.net/projects/lighttpd/search?utf8=%E2%9C%93&q=ModCGI&scope=subprojects&all_words=&titles_only=&titles_only=1&wiki_pages=1&attachments=0&options=0&commit=Search|https://redmine.lighttpd.net/projects/lighttpd/search?utf8=%E2%9C%93&q=ModCGI&scope=subprojects&all_words=&titles_only=&titles_only=1&wiki_pages=1&attachments=0&options=0&commit=Search]]). 

 {{>toc}} 

 h2. Lighttpd Core 

 table{margin-left: 2em}. 
 |_.option |_. description |_. details | 
 | server.name | name of the server/virtual server | [[server_nameDetails|Details]] | 
 | server.document-root | document-root of the webserver | [[server_document-rootDetails|Details]] | 
 | server.error-handler | uri to call if non-dynamic (not CGI or proxy) request results in http status >= 400 (overrides error-handler-404) (since 1.4.40) | Details commit:dbdab5db | 
 | server.error-handler-404 | uri to call if non-dynamic (not CGI or proxy) request results in a 403 or 404 | [[server_error-handler-404Details|Details]] | 
 | server.errorfile-prefix | path prefix for special status codes pages | [[server_errorfile-prefixDetails|Details]] | 
 | server.error-intercept | enable/disable intercepting HTTP error pages from dynamic handlers by server.error* (since 1.4.46) |    | 

 table{margin-left: 2em}. 
 | server.bind | IP address, hostname or absolute path to the unix-domain socket (default: "*") | [[server_bindDetails|Details]] | 
 | server.port | port to which to bind when IP address specified in server.bind (default: 80) | | 
 | server.network-backend | basic network interface for all platforms at the syscalls read() and write() | [[server_network-backendDetails|Details]] | 
 | server.listen-backlog | listen backlog queue size | Details commit:71ed1912 | 
 | server.bsd-accept-filter | listen socket *BSD accept() filter ("httpready" or "dataready") | Details commit:4eeeb8fc | 
 | server.defer-accept | listen socket Linux TCP_DEFER_ACCEPT ("enable" or "disable") | | 
 | server.use-ipv6 | bind to the IPv6 socket | [[Server_use-ipv6Details|Details]] | 
 | server.v4mapped | bind to the IPv6 socket without IPV6_V6ONLY socket option (since 1.4.56) | [[Server_use-ipv6Details|Details]] | 
 | server.socket-perms | permissions to set on listening unix domain socket, e.g. "0770" (since 1.4.46) | Details #656 | 
 | server.systemd-socket-activation | systemd socket activation ("enable" or "disable") (since 1.4.53) | | 

 table{margin-left: 2em}. 
 | server.modules | modules to load | [[server_modulesDetails|Details]] | 
 | server.compat-module-load | enable/disable load of default and compatibility modules (default: "enable") | | 
 | server.errorlog | pathname of the error-log | [[server_errorlogDetails|Details]] | 
 | server.errorlog-use-syslog | send errorlog to syslog | [[server_errorlog-use-syslogDetails|Details]] | 
 | server.syslog-facility | syslog facility (default: "daemon") (since 1.4.46) | | 
 | server.breakagelog | redirect stderr for lighttpd and all forked apps (e.g. CGI) | [[server_errorlogDetails|Details]] | 
 | server.event-handler | set the event handler | [[server_event-handlerDetails|Details]] | 
 | server.stat-cache-engine | select stat() call caching | [[server_stat-cache-engineDetails|Details]] | 
 | server.username | username used to run the server | [[server_usernameDetails|Details]] | 
 | server.groupname | groupname used to run the server | [[server_groupnameDetails|Details]] | 
 | server.chroot | root-directory of the server | [[server_chrootDetails|Details]] | 
 | server.core-files | enable core files | [[server_core-filesDetails|Details]] | 
 | server.pid-file | set the name and location    of the .pid-file | [[server_pid-fileDetails|Details]] | 

 table{margin-left: 2em}. 
 | server.feature-flags | server-wide feature control for selected features (since 1.4.56)| [[server_feature-flagsDetails|Details]] | 
 | server.http-parseopts | HTTP request parsing and normalization options (since 1.4.50) | [[server_http-parseoptsDetails|Details]] | 
 | server.http-parseopt-header-strict | restrict chars permitted in HTTP headers | Details commit:b47494d4 | 
 | server.http-parseopt-host-strict | restrict chars permitted in HTTP Host header | Details commit:b47494d4 | 
 | server.http-parseopt-host-normalize | normalize HTTP Host header | Details commit:b47494d4 | 
 | server.protocol-http11 | defines if HTTP/1.1 is allowed or not | [[server_protocol-http11Details|Details]] | 
 | server.range-requests | defines if range requests are allowed or not | [[server_range-requestsDetails|Details]] | 
 | server.reject-expect-100-with-417 | setting to disable returning of a 417 if "Expect: 100-continue" header (no-op since 1.4.46)| | 
 | server.tag | set the string returned by the server | [[server_use-tagDetails|Details]] | 

 table{margin-left: 2em}. 
 | server.stream-request-body | stream request body to backend    | [[server_stream-request-bodyDetails|Details]] | 
 | server.stream-response-body | stream response body to client | [[server_stream-response-bodyDetails|Details]] | 
 | server.chunkqueue-chunk-sz | default chunk buffer size, rounded up to nearest power-of-2 (default 8k; minimum 1k) | | 

 table{margin-left: 2em}. 
 | connection.kbytes-per-second | limit the throughput for each single connection to the given limit in kbyte/s | [[lighttpd:Docs_TrafficShaping|Details]] | 
 | server.kbytes-per-second | limit the throughput for all connections to the given limit in kbyte/s | [[lighttpd:Docs_TrafficShaping|Details]] | 
 | server.max-connections | maximum connections | [[server_max-connectionsDetails|Details]] | 
 | server.max-fds | maximum number of file descriptors | [[server_max-fdsDetails|Details]] | 
 | server.max-keep-alive-idle | maximum number of seconds until a idling keep-alive connection is dropped | [[server_max-keep-alive-idleDetails|Details]] | 
 | server.max-keep-alive-requests | maximum number of request within a keep-alive session | [[server_max-keep-alive-requestsDetails|Details]] | 
 | server.max-read-idle | maximum number of seconds until a waiting, non keep-alive read times out and closes the connection | [[server_max-read-idleDetails|Details]] | 
 | server.max-request-size | maximum size in kbytes of the request | [[server_max-request-sizeDetails|Details]] | 
 | server.max-request-field-size | maximum size of the request header (in bytes) | | 
 | server.max-worker | number of worker processes to spawn | [[server_max-workerDetails|Details]] | 
 | server.max-write-idle | maximum number of seconds until a waiting write call times out | [[server_max-write-idleDetails|Details]] | 

 table{margin-left: 2em}. 
 | server.follow-symlink | allow to follow-symlinks | [[server_follow-symlinksDetails|Details]] | 
 | server.force-lowercase-filenames | enable force all filenames to lowercase |    | 
 | server.upload-dirs | path to upload directory | [[server_upload-dirsDetails|Details]] | 
 | server.upload-temp-file-size | max (fuzzy) size of each temporary file (default: 1 MB) | | 

 table{margin-left: 2em}. 
 | etag.use-inode | Determines if inode-value is used in ETag generation | [[etag_use-inodeDetails|Details]] | 
 | etag.use-mtime | Determines if mtime-value is used in ETag generation | [[etag_use-mtimeDetails|Details]] | 
 | etag.use-size | Determines if size-value is used in ETag generation | [[etag_use-sizeDetails|Details]] | 

 table{margin-left: 2em}. 
 | mimetype.assign | list of known mimetype mappings | [[mimetype_assignDetails|Details]] | 
 | mimetype.use-xattr | try to use XFS-style extended attribute interface for retreiving the Content-Type | [[mimetype_use-xattrDetails|Details]] | 
 | mimetype.xattr-name | name of XFS-style extended attribute to use for retreiving the Content-Type | [[mimetype_use-xattrDetails|Details]] | 

 h3. Core Debug Info 

 * [[DebugVariables|Debug Variable Information]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | debug.log-request-header | log all request headers | 
 | debug.log-file-not-found | log if a file was not found | 
 | debug.log-condition-handling | log conditionals handling for debugging | 
 | debug.log-request-header-on-error | log request header and additional error trace, but only when there is an error | 
 | debug.log-request-handling | log request handling inside lighttpd | 
 | debug.log-state-handling | log state handling inside lighttpd | 
 | debug.log-response-header | log the header we send out to the client | 
 | debug.log-ssl-noise | log some ssl warnings we hide by default (ssl handshake, unknown/bad certificate) | 



 h2. mod_access - access restrictions 

 * [[lighttpd:Docs_ModAccess|mod_access documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | url.access-allow | Allows access only to files with any of given trailing path names (since 1.4.40) | 
 | url.access-deny | Denies access to all files with any of given trailing path names | 



 h2. mod_accesslog - access log files 

 * [[lighttpd:Docs_ModAccessLog|mod_accesslog documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | accesslog.format | the format of the logfile | 
 | accesslog.escaping | choose escaping convention for CTL chars and chars with high-bit set (since 1.4.65) | 
 | accesslog.filename | name of the file where the accesslog should be written to if syslog is not used | 
 | accesslog.use-syslog | send the accesslog to syslog | 
 | accesslog.syslog-level | numerical value used as syslog log level | 



 h2. mod_alias - directory aliases 

 * [[lighttpd:Docs_ModAlias|mod_alias documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | alias.url | rewrites the document-root for a URL-subset | 



 h2. mod_auth - authentication 

 * [[lighttpd:Docs_ModAuth|mod_auth documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | auth.backend | type of authentication backend | 
 | auth.require | set restriction method | 
 | auth.extern-authn | check REMOTE_USER (if set) against require rules prior to applying auth.backend (since 1.4.46)| 
 | auth.backend.plain.userfile | path to plain userfile | 
 | auth.backend.plain.groupfile | path to plain groupfile | 
 | auth.backend.htdigest.userfile | path to htdigest userfile | 
 | auth.backend.htpasswd.userfile | path to htpassword userfile | 
 | auth.backend.* | (see [[lighttpd:Docs_ModAuth|mod_auth documentation]] for gssapi, ldap, pam, sasl, ...) | 

 table{margin-left: 4em}. 
 |_.auth.require option |_. description | 
 | method | type of authentication ("digest" or "basic") | 
 | realm | authentication realm | 
 | require | "valid-user" to allow any valid user, or a list of user=username separated by pipe symbols | 



 h2. mod_deflate - dynamic compression 

 *    [[Mod_Deflate|mod_deflate documentation]] (available since lighttpd 1.4.42) 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | deflate.mimetypes | mimetype listing to be compressed, matched to prefix of Content-Type | 
 | deflate.allowed-encodings | encodings enabled ("gzip", "bzip2", "deflate") | 
 | deflate.max-compress-size | maximum size document to compress | 
 | deflate.min-compress-size | minimum size document before compressing | 
 | deflate.compression-level | level of compression | 
 | deflate.output-buffer-size | size of buffer for compression | 
 | deflate.work-block-size | minimum block size for compression | 
 | deflate.max-loadavg | max system loadavg before bypassing compression, e.g. "3.50" (since 1.4.43) | 



 h2. mod_dirlisting - directory listing 

 *    [[lighttpd:Docs_ModDirlisting|mod_dirlisting documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | dir-listing.activate | enables virtual directory listings if a directory is requested no index-file was found | 
 | dir-listing.cache | directory listing caching parameters (lighttpd 1.4.60) | 
 | dir-listing.external-css | URL path to an external css stylesheet for the directory listing | 
 | dir-listing.external-js | URL path to an external js script, e.g. for client side directory list sorting (lighttpd 1.4.42) | 
 | dir-listing.encoding | set a encoding for the generated directory listing | 
 | dir-listing.hide-dotfiles | if enabled, does not list hidden files in directory listings generated by the dir-listing option | 
 | dir-listing.show-header | include HEADER.txt files above the directory listing (since 1.4.43: user-specified file name) | 
 | dir-listing.hide-header-file | enables hide header file from directory listing | 
 | dir-listing.show-readme | include README.txt files below the directory listing (since 1.4.43: user-specified file name) | 
 | dir-listing.hide-readme-file | enables displaying readme file in directory listing | 
 | dir-listing.exclude | files that match any of the specified regular expressions will be excluded from listings | 
 | dir-listing.set-footer | displays a string in the footer of a listing page | 
 | server.dir-listing | enable/disable directory listing (deprecated; see dir-listing.activate) | 



 h2. mod_evhost - enhanced virtual host 

 *    [[lighttpd:Docs_ModEVhost|mod_evhost documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | evhost.path-pattern | pattern with wildcards to be replace to build a documentroot | 



 h2. mod_expire - cached expiration 

 * [[lighttpd:Docs_ModExpire|mod_expire documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | expire.url | assignes an expiration to all files below the specified path | 
 | expire.mimetypes | assignes an expiration to all responses with Content-Type prefix matching the listed mimetypes (since 1.4.43) | 



 h2. mod_extforward - use X-Forwarded-For (or Forwarded) 

 * [[DocsModExtForward|mod_extforward documentation]] 

 p((. extract the client's "real" IP from X-Forwarded-For (or Forwarded) header 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | extforward.forwarder | set trust level of proxy ip's | 
 | extforward.hap-PROXY | enable HAProxy PROXY protocol (since 1.4.46) | 
 | extforward.hap-PROXY-ssl-client-verify | enable setting SSL_CLIENT_VERIFY from HAProxy PROXY protocol (since 1.4.46) | 
 | extforward.headers | set of request headers to search, e.g. "Forwarded" or "X-Forwarded-For" | 
 | extforward.params | configure additional values to take from "Forwarded" header (since 1.4.46) | 



 h2. mod_indexfile - directory index file 

 * [[lighttpd:Docs_ModIndexfile|mod_indexfile documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | index-file.names | list of files to search for if a directory is requested | 

 h2. mod_magnet - request manipulation using Lua 

 * [[lighttpd:Docs_ModMagnet|mod_magnet documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | magnet.attract-raw-url-to | attract request before lighttpd tries to find a physical file (but after rewrite) | 
 | magnet.attract-physical-path-to | attract request after doc-root is known and the physical-path is already setup | 
 | magnet.attract-response-start-to | attract request right before response headers are sent (since 1.4.56) | 

 h2. mod_redirect - redirect 

 *    [[lighttpd:Docs_ModRedirect|mod_redirect documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description |_. note | 
 | url.redirect | redirects a set of URLs externally | | 
 | url.redirect-code | defines the http code that is sent with the redirect URL | Added in 1.4.31 | 



 h2. mod_rewrite - rewriting 

 *    [[lighttpd:Docs_ModRewrite|mod_rewrite documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | url.rewrite-once | rewrites a set of URLs internally and skip the rest | 
 | url.rewrite-repeat | rewrites a set of URLs internally in the webserver, continue applying rewrite rules | 
 | url.rewrite | same as url.rewrite-once | 
 | url.rewrite-final | same as url.rewrite-once | 
 | url.rewrite-[repeat-]if-not-file | rewrites a set of urls internally and checks if files do *not* exist | 



 h2. mod_rrdtool - rrdtool 

 *    [[lighttpd:Docs_ModRRDTool|mod_rrdtool    documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | rrdtool.db-name | filename of the rrd-database | 
 | rrdtool.binary | path to the rrdtool binary | 



 h2. mod_secdownload - secure and fast download 

 *    [[lighttpd:Docs_ModSecDownload|mod_secdownload documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | secdownload.document-root | path to the download area | 
 | secdownload.timeout | how long in seconds is the secret valid | 
 | secdownload.uri-prefix | prefix to url for download | 
 | secdownload.secret | Secret string that will be used for the checksum calculation | 
 | secdownload.algorithm | hash algorithm: "md5", "hmac-sha1", or "hmac-sha256" | 
 | secdownload.path-segments | include only given number of path segments in hash digest calculation (since 1.4.46) | 
 | secdownload.hash-querystr | include the query string in the hash digest calculation ("enable" or "disable") (since 1.4.46) | 



 h2. mod_setenv - set HTTP Environment 

 *    [[lighttpd:Docs_ModSetEnv|mod_setenv documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | setenv.add-request-header | adds a value to the HTTP request _received from_ the client | 
 | setenv.set-request-header | sets a value to the HTTP request _received from_ the client (since 1.4.46) | 
 | setenv.add-environment | adds a value to the process environment passed to external (backend) applications | 
 | setenv.set-environment | sets a value to the process environment passed to external (backend) applications (since 1.4.46) | 
 | setenv.add-response-header | adds a header to the HTTP response _sent to_ the client | 
 | setenv.set-response-header | sets a header to the HTTP response _sent to_ the client (since 1.4.46) | 



 h2. mod_simple_vhost - simple virtual host 

 *    [[lighttpd:Docs_ModSimpleVhost|mod_simple_vhost documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | simple-vhost.document-root | path below the vhost directory | 
 | simple-vhost.server-root | root of the virtual host | 
 | simple-vhost.default-host | use this hostname if the requested hostname does not have its own directory | 
 | simple-vhost.debug | debug simple vhosts module | 


 h2. mod_ssi - server side includes 

 *    [[lighttpd:Docs_ModSSI|mod_ssi documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | ssi.extension | extension of files processed by mod_ssi | 
 | ssi.content-type | specify Content-Type response header for SSI pages | 
 | ssi.conditional-requests | enable/disable conditional request caching including generating ETag and Last-Modified response headers | 
 | ssi.exec | enable/disable #exec cmd="..." | 
 | ssi.recursion-max | max recursion depth for #include virtual="..." SSI processing (0 is disabled (default)) (since 1.4.44) | 



 h2. mod_staticfile - serve static files 

 *    [[lighttpd:Docs_ModStaticFile|mod_staticfile documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | static-file.disable-pathinfo | do not handle as static file if path-info is present after file name | 
 | static-file.etags | Determines if ETags are generated or not | 
 | static-file.exclude-extensions | forbid access to the source of some types of files by extension | 



 h2. mod_status - server status 

 *    [[lighttpd:Docs_ModStatus|mod_status documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | status.config-url | relative URL for the config page which displays the loaded modules | 
 | status.statistics-url | relative URL for a plain-text page containing the internal statistics | 
 | status.enable-sort | add JavaScript which allows client-side sorting for the connection overview | 
 | status.status-url | relative URL which is used to retrieve the status-page | 



 h2. mod_userdir - user directories 

 *    [[lighttpd:Docs_ModUserDir|mod_userdir    documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | userdir.basepath | if set, don't check /etc/passwd for homedir | 
 | userdir.exclude-user | list of usernames which may not use this feature | 
 | userdir.path | usually it should be set to "public_html" to take ~/public_html/ as the document root | 
 | userdir.include-user | if set, only users from this list may use the feature | 



 h2.    mod_usertrack - user track (cookies) 

 *    [[lighttpd:Docs_ModUserTrack|mod_usertrack documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | usertrack.cookie-name | default "TRACKID" | 
 | usertrack.cookie-attrs | cookie attributes (path, domain, max-age, secure, HttpOnly, etc) (since 1.4.46) | 
 |    ~~'_usertrack.cookiename_'~~    |    (deprecated) | 
 | usertrack.cookie-domain | (deprecated; subsumed by usertrack.cookie-attrs since lighttpd 1.4.46) | 
 | usertrack.cookie-max-age | (deprecated; subsumed by usertrack.cookie-attrs since lighttpd 1.4.46) | 



 h2.    mod_vhostdb - virtual host database 

 *    [[lighttpd:Docs_ModVhostDB|mod_vhostdb documentation]] (since lighttpd 1.4.46) 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | vhostdb.backend | "dbi", "ldap", "mysql", or "pgsql" | 
 | vhostdb.dbi | | 
 | vhostdb.ldap | | 
 | vhostdb.mysql | | 
 | vhostdb.pgsql | | 



 h2. mod_webdav - WebDAV 

 *    [[lighttpd:Docs_ModWebDAV|mod_webdav documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | webdav.activate | enable/disable WebDAV | 
 | webdav.is-readonly | enable/disable read only | 
 | webdav.sqlite-db-name | pathname to SQLite database | 
 | webdav.log-xml | Log the XML Request bodies for debugging | 
 | webdav.opts | additional configuration options (since 1.4.65) | 


 . 

 h1. Gateways 

 . 


 h2. mod_ajp13 - Apache JServ Protocol version 1.3 (AJP13) 

 *    [[lighttpd:Docs_ModAJP13|mod_ajp13 documentation]] (available since lighttpd 1.4.59) 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | ajp13.server | backend server definition(s) for hosts to which to send requests; [[Docs_ConfigurationOptions#gw_backend-gateway-server-host-options|options]] for each backend host | 
 | ajp13.balance | select type of balancing algorithm (fair, least-connection, round-robin, hash, sticky) | 
 | ajp13.debug | debug level (value between 0 and 65535) | 



 h2. mod_cgi - cgi 

 *    [[lighttpd:Docs_ModCGI|mod_cgi documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | cgi.assign | assign cgi handler to an extension | 
 | cgi.execute-x-only | requires +x for cgi scripts | 
 | cgi.local-redir | local-redir optimization (since 1.4.46) | 
 | cgi.upgrade | support for Upgrade: websocket (since 1.4.46) | 
 | cgi.x-sendfile | controls if X-Sendfile header is allowed | 
 | cgi.x-sendfile-docroot | limits the directory trees permitted for use with X-Sendfile response header | 
 | cgi.limits | list of limits to apply to CGI ([[lighttpd:Docs_ModCGI#Options|mod_cgi options]]) (since 1.4.60) | 



 h2. mod_fastcgi - fastcgi 

 * [[lighttpd:Docs_ModFastCGI|mod_fastcgi documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | fastcgi.server | backend server definition(s) for hosts to which to send requests; [[Docs_ConfigurationOptions#gw_backend-gateway-server-host-options|options]] for each backend host | 
 | fastcgi.balance | select type of balancing algorithm (fair, least-connection, round-robin, hash, sticky (since 1.4.46)) | 
 | fastcgi.debug | debug level (value between 0 and 65535) | 
 | fastcgi.map-extensions | map multiple extensions to the same backend | 



 h2. mod_proxy - proxy 

 *    [[lighttpd:Docs_ModProxy|mod_proxy documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | proxy.server | backend server definition(s) for hosts to which to send requests; [[Docs_ConfigurationOptions#gw_backend-gateway-server-host-options|options]] for each backend host | 
 | proxy.balance | select type of balancing algorithm (fair, least-connection, round-robin, hash, sticky (since 1.4.44)) | 
 | proxy.debug | debug level (value between 0 and 65535) | 
 | proxy.map-extensions | map multiple extensions to the same backend (since 1.4.46) | 
 | proxy.forwarded | append "Forwarded" header (RFC7239) to proxied requests (since 1.4.46) | 
 | proxy.replace-http-host | enable/disable replacing Host header in request to backend with proxy.server label (since 1.4.44) | 
 | proxy.header | options to perform simple remapping of host and URL paths in proxied HTTP headers (since 1.4.46) | 



 h2. mod_scgi - SCGI 

 *    [[lighttpd:Docs_ModSCGI|mod_scgi documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | scgi.server | backend server definition(s) for hosts to which to send requests; [[Docs_ConfigurationOptions#gw_backend-gateway-server-host-options|options]] for each backend host | 
 | scgi.balance | select type of balancing algorithm (fair, least-connection, round-robin, hash, sticky (since 1.4.46)) | 
 | scgi.debug | debug level (value between 0 and 65535) | 
 | scgi.map-extensions | map multiple extensions to the same backend (since 1.4.46) | 
 | scgi.protocol | protocol between lighttpd and backend server ("scgi" (default) or "uwsgi") (since 1.4.42) | 



 h2. mod_sockproxy - transparent socket proxy 

 *    [[lighttpd:Docs_ModSockProxy|mod_sockproxy documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | sockproxy.server | backend server definition(s) for hosts to which to send requests; [[Docs_ConfigurationOptions#gw_backend-gateway-server-host-options|options]] for each backend host | 
 | sockproxy.balance | select type of balancing algorithm (fair, least-connection, round-robin, hash, sticky (since 1.4.44)) | 
 | sockproxy.debug | debug level (value between 0 and 65535) | 




 h2. mod_wstunnel - WebSocket tunnel 

 *    [[lighttpd:Docs_ModWStunnel|mod_wstunnel documentation]] (since 1.4.46) 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | wstunnel.server | backend server definition(s) for hosts to which to send requests; [[Docs_ConfigurationOptions#gw_backend-gateway-server-host-options|options]] for each backend host | 
 | wstunnel.balance | load-balancing algorithm for backends ("fair", "least-connection", "round-robin", "hash", or "sticky") | 
 | wstunnel.debug | debug level (value between 0 and 65535) | 
 | wstunnel.frame-type | websocket frame type: "text" or "binary" | 
 | wstunnel.map-extensions | map multiple extensions to the same backend | 
 | wstunnel.origins | list of permitted origins in Origin request header (optional) | 
 | wstunnel.ping-interval | send websocket PING frame at given interval in sec (default 0; none sent) | 



 h2. gw_backend - gateway *.server host options 

 *    (e.g. dynamic backends @fastcgi.server@, @scgi.server@, @proxy.server@, @wstunnel.server@, @ajp13.server@) 
    (Additional explanation of options can be found in the related [[Docs_ModFastCGI#Options|mod_fastcgi options]]) 

 table{margin-left: 4em}. 
 |_.*.server option |_. description | 
 | host | ip of the backend process (DNS name is resolved to first IP at lighttpd startup (since 1.4.46)) | 
 | port | tcp-port on the "host" used by the backend process (starting port number; incremented for each "max-procs" > 1 when "bin-path" is set) | 
 | socket | path to the unix-domain socket | 
 | bin-path | path to the local backend binary which should be started if no local backend is running | 
 | bin-environment | set environment of backend binary | 
 | bin-copy-environment | copy environment from server for backend binary | 
 | disable-time | time to wait before a disabled backend is checked again | 
 | idle-timeout | number of seconds before a unused process gets terminated | 
 | kill-signal | signal to send backend on server shutdown (for backend daemons started by lighttpd) (since 1.4.46; since 1.4.14 for mod_fastcgi) | 
 | listen-backlog | listen backlog queue size (for backend daemons started by lighttpd) (since 1.4.40) | 
 | max-load-per-proc | maximum number of waiting processes on average per process before a new process is spawned (since 1.4.46) | 
 | max-procs | upper limit of processes to start (default: 4) | 
 | min-procs | sets the minimum processes to start (default: same as max-procs) (since 1.4.46) | 
 | connect-timeout | number of seconds before aborting @connect()@ to backend (default: 8) (since 1.4.60) | 
 | write-timeout| number of seconds before aborting when trying to write to backend (default: 0; no timeout) (since 1.4.60) | 
 | read-timeout | number of seconds before aborting when trying to read from backend (default: 0; no timeout) (since 1.4.60) | 

 *    (e.g. dynamic backends (HTTP-like) @fastcgi.server@, @scgi.server@, @proxy.server@, @ajp13.server@) 

 table{margin-left: 4em}. 
 |_.*.server option |_. description | 
 | x-sendfile | controls if X-Sendfile header is allowed (since 1.4.40) | 
 | x-sendfile-docroot | limits the directory trees permitted for use with X-Sendfile response header (since 1.4.40) | 

 *    (e.g. dynamic backends (CGI-like) @fastcgi.server@, @scgi.server@) 

 table{margin-left: 4em}. 
 |_.*.server option |_. description | 
 | check-local | enable/disable check for requested file in document root (default: enabled) | 
 | docroot | docroot on the remote host | 
 | broken-scriptfilename | breaks SCRIPT_FILENAME in a way that PHP can extract PATH_INFO from it | 
 | fix-root-scriptname | use this for backends with extension "/" (and check-local is disabled) (since 1.4.23) | 
 | strip-request-uri | strip part of request-uri | 
 | mode | FastCGI protocol mode. Default is "responder", also "authorizer" mode is implemented (since 1.4.46; available in mod_fastcgi in earlier versions) | 


 . 

 h1. TLS / SSL 

 . 


 h2. mod_openssl - TLS/SSL using OpenSSL 

 * [[lighttpd:Docs_SSL|mod_openssl documentation]] 

 part of mod_openssl (since 1.4.46), though ssl.* directives are available in earlier versions, built-in to the lighttpd core 

 table{margin-left: 2em}. 
 |_.option |_. description |_. details | 
 | ssl.engine | enable/disable ssl engine | [[lighttpd:Docs_SSL|Details]] | 
 | ssl.pemfile | path to the PEM file for SSL support | [[lighttpd:Docs_SSL|Details]] | 
 | ssl.privkey | path to the PEM file private key (since 1.4.53) | [[lighttpd:Docs_SSL|Details]] | 
 | ssl.openssl.ssl-conf-cmd | specify openssl config commands (e.g. ("Protocol" => "-ALL, TLSv1.2") restricts protocol to only TLS 1.2) (since 1.4.48) | [[lighttpd:Docs_SSL|Details]] | 
 | ssl.stek-file | path to file containing binary session ticket encryption key (STEK) (global setting) (since 1.4.56) | [[lighttpd:Docs_SSL#Session-Tickets|Session Tickets]] | 
 | ssl.acme-tls-1 | path to directory containing TLS-ALPN-01 ("acme-tls/1") challenges (Let's Encrypt option) (since 1.4.53)| [[lighttpd:Docs_SSL|Details]] | 
 | ssl.read-ahead | enable/disable use of SSL read ahead (lighttpd 1.4.45+) (if disable, must be in global scope in lighttpd 1.4.45) | [[lighttpd:Docs_SSL|Details]] | 
 | ssl.verifyclient.activate | enable/disable client verification | [[lighttpd:Docs_SSL|Details]] | 
 | ssl.verifyclient.ca-file | path to file for certificate authorities (CA) used for client certificate verification (since 1.4.60) (@ssl.ca-file@ before 1.4.60) | [[lighttpd:Docs_SSL|Details]] | 
 | ssl.verifyclient.ca-dn-file | path to file for certificate authorities (CA) from which client should select client certs (if needed) (since 1.4.60) (@ssl.ca-dn-file@ since 1.4.46 and before 1.4.60) | [[lighttpd:Docs_SSL|Details]] | 
 | ssl.verifyclient.ca-crl-file | path to file for certificate revocation list (CRL) for client certificate (since 1.4.60) (@ssl.ca-crl-file@ since 1.4.46 and before 1.4.60) | [[lighttpd:Docs_SSL|Details]] | 
 | ssl.verifyclient.enforce | enable/disable enforcing client verification | [[lighttpd:Docs_SSL|Details]] | 
 | ssl.verifyclient.depth | certificate depth for client verification | [[lighttpd:Docs_SSL|Details]] | 
 | ssl.verifyclient.exportcert | enable/disable client certificate export to env:SSL_CLIENT_CERT | [[lighttpd:Docs_SSL|Details]] | 
 | ssl.verifyclient.username | client certificate entity to export as env:REMOTE_USER (eg. SSL_CLIENT_S_DN_emailAddress, SSL_CLIENT_S_DN_UID, etc.) | [[lighttpd:Docs_SSL|Details]] | 
 | ssl.cipher-list | Configure the allowed SSL ciphers | [[lighttpd:Docs_SSL|Details]] | 
 | ssl.honor-cipher-order | enable/disable honoring the order of ciphers set in ssl.cipher-list (set by default when ssl.cipher-list is set)| [[lighttpd:Docs_SSL|Details]] | 
 | ssl.disable-client-renegotiation | enable/disable mitigation of client triggered re-negotiation (see CVE-2009-3555)| [[lighttpd:Docs_SSL|Details]] | 



 h2. mod_gnutls - TLS/SSL using GnuTLS 

 (available since lighttpd 1.4.56) 
 same directives as [[#mod_openssl-TLSSSL-using-openssl|mod_openssl]] 



 h2. mod_mbedtls - TLS/SSL using mbedTLS 

 (available since lighttpd 1.4.56) 
 same directives as [[#mod_openssl-TLSSSL-using-openssl|mod_openssl]] 



 h2. mod_nss - TLS/SSL using NSS 

 (available since lighttpd 1.4.56) 
 same directives as [[#mod_openssl-TLSSSL-using-openssl|mod_openssl]] 



 h2. mod_wolfssl - TLS/SSL using wolfSSL 

 (available since lighttpd 1.4.56) 
 same directives as [[#mod_openssl-TLSSSL-using-openssl|mod_openssl]] 



 . 

 h1. Deprecated 

 . 

 h2. mod_cml - Cache Meta Language 

 *DEPRECATED* 
 [[Docs_ModMagnet#Porting-mod_cml-scripts|porting mod_cml scripts to mod_magnet]] 
 *    [[lighttpd:Docs_ModCML|mod_cml documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | cml.memcache-namespace | (not used yet)    | 
 | cml.power-magnet | a cml file that is executed for each request | 
 | cml.memcache-hosts | hosts for the memcache.* functions | 
 | cml.extension | the file extension that is bound to the cml-module | 

 h2. mod_compress - compress output 

 *DEPRECATED* 
 [[Docs_ModCompress|mod_compress]] migration path: replace with [[Docs_ModDeflate|mod_deflate]] 
 rename @compress.*@ options to similar @deflate.*@ options 

 table{margin-left: 2em}. 
 |_. mod_compress option |_. mod_deflate option | 
 | compress.filetype            | -> deflate.mimetypes | 
 | compress.allowed-encodings | -> deflate.allowed-encodings | 
 | compress.max-filesize        | -> deflate.max-compress-size | 
 | compress.max-loadavg         | -> deflate.max-loadavg | 
 | compress.cache-dir           | -> deflate.cache-dir | 

 *    [[lighttpd:Docs_ModCompress|mod_compress documentation]] 
 * DEPRECATED.    Subsumed by [[Docs_ModDeflate|mod_deflate]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | compress.max-filesize | maximum size of the original file to be compressed kBytes | 
 | compress.cache-dir | name of the directory where compressed content will be cached | 
 | compress.filetype | mimetypes which might get compressed | 
 | compress.allowed-encodings | encodings enabled ("gzip", "bzip2", "deflate") | 
 | compress.max-loadavg | max system loadavg before bypassing compression, e.g. "3.50" (since 1.4.43) | 



 h2. mod_evasive - evasive 

 *DEPRECATED* 
 [[Docs_ModEvasive|mod_evasive]] migration path: replace with [[ModMagnetExamples#lua-mod_evasive|lua mod_evasive]] 
 * [[lighttpd:Docs_ModEvasive|mod_evasive documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | evasive.max-conns-per-ip | upper limit of number of connections per ip allowed | 
 | evasive.location | send 302 redirect with configured URI (instead of 403 Forbidden) | 
 | evasive.silent | no logging | 



 h2. mod_flv_streaming - flv streaming 

 *DEPRECATED* 
 [[Docs_ModFLVStreaming|mod_flv_streaming]] migration path: replace with [[Docs_ModMagnet|mod_magnet]] and flv-streaming.lua ([[AbsoLUAtion#Code-Snippets|lua code snippets]] section "mod_flv_streaming") 
 Note: Adobe Flash Video (.flv) is deprecated and support has been removed from modern clients 
 * [[lighttpd:Docs_ModFLVStreaming|mod_flv_streaming documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | flv-streaming.extensions | extensions of flv files (e.g. ".flv") | 

 "Blog Entry":http://blog.lighttpd.net/articles/2006/03/09/flv-streaming-with-lighttpd 
 "Flash Video Player 3.5 (Creative Commons)":http://www.jeroenwijering.com/embed/streaming.html 



 h2. mod_geoip - IP location lookup 

 *DEPRECATED* 
 [[Docs_ModGeoIP|mod_geoip]] migration path: replace with [[Docs_ModMaxMindDB|mod_maxminddb]] 
 @geoip.db-filename@ path to GeoIP Legacy database must be replaced with [[Docs_ModMaxMindDB|mod_maxminddb]] @maxminddb.db@, @maxminddb.env@, @maxminddb.activate@ 
 @geoip.memory-cache@ is obsolete 
 * [[lighttpd:Docs_ModGeoIP|mod_geoip documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | geoip.db-filename | path to the geoip or geocity database | 
 | geoip.memory-cache | enable or disable GeoIP memory cache (default disabled) | 



 h2. mod_mysql_vhost - Mysql virtual hosting 

 *DEPRECATED* 
 [[Docs_ModVhostDB|mod_mysql_vhost]] migration path: replace with [[Docs_ModVhostDB|mod_vhostdb_mysql]] 
 @mysql-vhost.*@ options translate to @vhostdb.mysql = ( ... )@ options 
 * [[lighttpd:Docs_ModMySQLVhost|mod_mysql_vhost documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | mysql-vhost.hostname | hostname of mysql server | 
 | mysql-vhost.db | database name | 
 | mysql-vhost.user | username to access database | 
 | mysql-vhost.pass | password to access database | 
 | mysql-vhost.sql | SQL statement to execute to obtain docroot | 
 | mysql-vhost.port | port where to connect to database | 
 | mysql-vhost.sock | socket where to connect to database | 



 h2. mod_trigger_b4_dl - trigger before download 

 *DEPRECATED* 
 [[Docs_ModTriggerBeforeDownload|mod_trigger_b4_dl]] migration path: replace with [[ModMagnetExamples#lua-mod_trigger_b4_dl|lua mod_trigger_b4_dl]] 
 * [[lighttpd:Docs_ModTriggerBeforeDownload|mod_trigger_b4_dl documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | trigger-before-download.trigger-url | url for trigger pages | 
 | trigger-before-download.trigger-timeout | time for download link to live | 
 | trigger-before-download.download-url | url for downloads | 
 | trigger-before-download.deny-url | url to show when visitor denied a download | 
 | trigger-before-download.gdbm-filename | path to gdm file | 
 | trigger-before-download.memcache-hosts | hosts for the memcache.* functions | 
 | trigger-before-download.memcache-namespace | (not used yet) | 
 | trigger-before-download.debug |    | 



 h2. mod_uploadprogress - upload progress 

 *DEPRECATED* 
 [[lighttpd:Docs_ModUploadProgress|mod_uploadprogress]] migration path: replace with [[ModMagnetExamples#lua-mod_uploadprogress|lua mod_uploadprogress]] 
 * [[lighttpd:Docs_ModUploadProgress|mod_uploadprogress documentation]] 

 table{margin-left: 2em}. 
 |_.option |_. description | 
 | upload-progress.progress-url |    |