Server feature-flagsDetails » History » Revision 21
Revision 20 (gstrauss, 2024-03-18 16:59) → Revision 21/22 (gstrauss, 2024-03-20 15:57)
h1. server.feature-flags option
h2. Description
server-wide feature control for selected features (since 1.4.56)
@server.feature-flags = ( "..." => "..." )@
Example:
@server.feature-flags = ( "server.h2proto" => "enable", "server.h2c" => "enable" )@
h2. Options
table{margin-left: 2em}.
|_.option |_. description |_. notes |
| @"server.h2proto" => "enable"@ | HTTP/2 support (default: enable (since 1.4.59)) | (since 1.4.56) |
| @"server.h2c" => "enable"@ | HTTP/2 cleartext support (@Upgrade: h2c@) (default: enable (since 1.4.59))
(requires @"server.h2proto" => "enable"@ to enable) | (since 1.4.56) |
| @"server.graceful-shutdown-timeout" => 8@ | max num of secs to wait for existing requests to complete during graceful restart (default: 8 (since 1.4.64))
(slow requests are aborted after timeout to allow graceful restart to proceed) | (since 1.4.56) |
| @"server.graceful-restart-bg" => "enable"@ | immediate graceful restart while existing requests complete in background process (default: disable)
Note: feature works with many lighttpd.conf configurations, but not available in all configurations
(e.g. available with independent backends; not available if lighttpd runs backend processes with @"bin-path"@
Use with @server.systemd-socket-activation = "enable"@ (needed before 1.4.68)
Fix for #3164 is in lighttpd 1.4.66; using latest lighttpd release is recommended | (since 1.4.56) |
| @"server.pcre_jit" => "enable"@ | use PCRE JIT with regexes (details: see #2361) (default: enable) | (since 1.4.60) |
| @"server.clock-jump-restart" => 1800@ | trigger graceful restart if clock jumps more than defined threshold (default: 1800 (30 min))
(if triggered, @"server.graceful-shutdown-timeout"@ forced to 5 sec) | (since 1.4.60) |
| @"server.errorlog-high-precision" => "disable"@ | high-resolution timestamps in errorlog trace (default: disable) | (since 1.4.60) |
| @"server.metrics-high-precision" => "disable"@ | high-resolution timestamps in metrics collection (default: disable) | (since 1.4.65) |
| @"server.network-mptcp" => "disable"@ | configure IPv4 and IPv6 listening sockets to enable multipath-TCP (Linux-only) (default: disable)
Note: not currently supported with kTLS; enabling multipath-TCP will must disable [[Docs_SSL#kTLS|kTLS]] | to use multipath-TCP| (since 1.4.76) |
behavior change; compatibility flags
table{margin-left: 2em}.
| @"server.h2-discard-backend-1xx" => "disable"@ | discard 1xx responses from backend (other than 101) when client is HTTP/2 (default: disable)
default: relay 1xx from backend when client is HTTP/2, e.g. 103 Early Hints | (since 1.4.56) |
| @"server.h1-discard-backend-1xx" => "disable"@ | discard 1xx responses from backend (other than 101) when client is HTTP/1.x (default: disable)
default: relay 1xx from backend when client is HTTP/1.1, e.g. 103 Early Hints | (since 1.4.56) |
| @"server.absolute-dir-redirect" => "disable"@ | use fully qualified URI in automatic redirect to directory (default: disable)
default: use relative url-path (better abstraction) in automatic redirect to directory | (since 1.4.56) |
| @"proxy.force-http10" => "disable"@ | force proxy requests to backend to use HTTP/1.0 (default: disable)
default: send requests to backend using HTTP/1.1
(alternative: [[mod_proxy]] @proxy.header += ("force-http10" => "enable")@ for more selective control) | (since 1.4.56) |
| @"ssl.session-cache" => "disable"@ | server-side TLS session id cache (default: disable)
default: use TLS session tickets (stateless on server-side) | (since 1.4.56) |
| @"cgi.tempfile-accum" => "enable"@ | accumulate request body in single temporary file if not streaming request body to backend (default: enable)
default: temporary file is passed as CGI stdin when request body > 64k
(can be disabled if backend immediately reads request body into another temporary file,
doubling disk space use on a filesystem with limited size) | (since 1.4.60) |
| @"chunkqueue.splice" => "enable"@ | @splice()@ data into temporary files (Linux) (default: enable) | (since 1.4.60) |
| @"http10.range" => "disable"@ | allow Range requests sent with HTTP/1.0 (default: disable)
Range request header is part of the HTTP/1.1 specification and might be mishandled by HTTP/1.0 proxies | (since 1.4.65) |
| @"auth.delay-invalid-creds" => "enable"@ | delay response up to 1 sec for HTTP authentication invalid credentials (default: enable) | (since 1.4.65) |
| @"auth.http-goaway-invalid-creds => "enable"@ | send GOAWAY after HTTP authentication invalid credentials (default: enable)
(mitigation should be disabled if _different_ clients are multiplexed on same h2 connection) | (since 1.4.72) |
| @"server.http-pathinfo" => "enable"@ | allow PATH_INFO in request url-path (default: enable) | (since 1.4.72) |
| @"gw.upgrade-with-request-body" => "disable"@ | allow HTTP/1.1 Upgrade requests with non-zero request body (default: disable) | (since 1.4.74) |