server.feature-flags option


server-wide feature control for selected features (since 1.4.56)

server.feature-flags = ( "..." => "..." )

server.feature-flags = ( "server.h2proto" => "enable", "server.h2c" => "enable" )


option description notes
"server.h2proto" => "enable" HTTP/2 support (default: enable (since 1.4.59)) (since 1.4.56)
"server.h2c" => "enable" HTTP/2 cleartext support (Upgrade: h2c) (default: enable (since 1.4.59))
(requires "server.h2proto" => "enable" to enable)
(since 1.4.56)
"server.graceful-shutdown-timeout" => 8 max num of secs to wait for existing requests to complete during graceful restart (default: 8 (since 1.4.64))
(slow requests are aborted after timeout to allow graceful restart to proceed)
(since 1.4.56)
"server.graceful-restart-bg" => "enable" immediate graceful restart while existing requests complete in background process (default: disable)
Note: feature works with many lighttpd.conf configurations, but not available in all configurations
(e.g. available with independent backends; not available if lighttpd runs backend processes with "bin-path"
Use with server.systemd-socket-activation = "enable" (needed before 1.4.68)
Fix for #3164 is in lighttpd 1.4.66; using latest lighttpd release is recommended
(since 1.4.56)
"server.pcre_jit" => "enable" use PCRE JIT with regexes (details: see #2361) (default: enable) (since 1.4.60)
"server.clock-jump-restart" => 1800 trigger graceful restart if clock jumps more than defined threshold (default: 1800 (30 min))
(if triggered, "server.graceful-shutdown-timeout" forced to 5 sec)
(since 1.4.60)
"server.errorlog-high-precision" => "disable" high-resolution timestamps in errorlog trace (default: disable) (since 1.4.60)
"server.metrics-high-precision" => "disable" high-resolution timestamps in metrics collection (default: disable) (since 1.4.65)
"" => "disable" configure IPv4 and IPv6 listening sockets to enable multipath-TCP (Linux-only) (default: disable)
Note: not currently supported with kTLS; enabling multipath-TCP will disable kTLS
(since 1.4.76)

behavior change; compatibility flags

"server.h2-discard-backend-1xx" => "disable" discard 1xx responses from backend (other than 101) when client is HTTP/2 (default: disable)
default: relay 1xx from backend when client is HTTP/2, e.g. 103 Early Hints
(since 1.4.56)
"server.h1-discard-backend-1xx" => "disable" discard 1xx responses from backend (other than 101) when client is HTTP/1.x (default: disable)
default: relay 1xx from backend when client is HTTP/1.1, e.g. 103 Early Hints
(since 1.4.56)
"server.absolute-dir-redirect" => "disable" use fully qualified URI in automatic redirect to directory (default: disable)
default: use relative url-path (better abstraction) in automatic redirect to directory
(since 1.4.56)
"proxy.force-http10" => "disable" force proxy requests to backend to use HTTP/1.0 (default: disable)
default: send requests to backend using HTTP/1.1
(alternative: mod_proxy proxy.header += ("force-http10" => "enable") for more selective control)
(since 1.4.56)
"ssl.session-cache" => "disable" server-side TLS session id cache (default: disable)
default: use TLS session tickets (stateless on server-side)
(since 1.4.56)
"cgi.tempfile-accum" => "enable" accumulate request body in single temporary file if not streaming request body to backend (default: enable)
default: temporary file is passed as CGI stdin when request body > 64k
(can be disabled if backend immediately reads request body into another temporary file,
doubling disk space use on a filesystem with limited size)
(since 1.4.60)
"chunkqueue.splice" => "enable" splice() data into temporary files (Linux) (default: enable) (since 1.4.60)
"http10.range" => "disable" allow Range requests sent with HTTP/1.0 (default: disable)
Range request header is part of the HTTP/1.1 specification and might be mishandled by HTTP/1.0 proxies
(since 1.4.65)
"auth.delay-invalid-creds" => "enable" delay response up to 1 sec for HTTP authentication invalid credentials (default: enable) (since 1.4.65)
"auth.http-goaway-invalid-creds => "enable" send GOAWAY after HTTP authentication invalid credentials (default: enable)
(mitigation should be disabled if different clients are multiplexed on same h2 connection)
(since 1.4.72)
"server.http-pathinfo" => "enable" allow PATH_INFO in request url-path (default: enable) (since 1.4.72)
"gw.upgrade-with-request-body" => "disable" allow HTTP/1.1 Upgrade requests with non-zero request body (default: disable) (since 1.4.74)

Updated by gstrauss 3 months ago · 21 revisions