modules to load
The order (listed sequence) of the modules is important:
The modules are executed in the order as they are specified. More technically: For each module hook provided by lighttpd during request processing, each module which registers a given hook gets a chance to handle the request, and this occurs sequentially in the same order as listed in
Loading mod_auth AFTER mod_fastcgi might disable authentication for fastcgi backends (if check-local is disabled).
As auth and access should be done early, place them before all executing modules (like proxy, fastcgi, scgi and cgi).
Like auth and access, setenv should be listed early, and prior to any modules which might end the request. e.g. mod_setenv should be listed prior to mod_redirect in order to setenv response headers to be sent along with a redirect (such as HSTS headers. see #2946)
Some configurations prefer to load auth modules early, so that redirect and rewrites occur only for authorized requests. If not, then rewrites and redirects should be next, followed by auth, access, and the docroot plugins.
Afterwards the external handlers like fastcgi, cgi, scgi and proxy and at the bottom the post-processing plugins like mod_accesslog.
Example: This is not a complete list of lighttpd modules. You should prefer to load only the ones you use.
server.modules = ( "mod_openssl", "mod_access", "mod_setenv", "mod_auth", "mod_rewrite", "mod_redirect", "mod_status", "mod_simple_vhost", "mod_evhost", "mod_alias", "mod_userdir", "mod_fastcgi", "mod_proxy", "mod_cgi", "mod_ssi", "mod_deflate", "mod_expire", "mod_rrdtool", "mod_accesslog" )The following modules are loaded automatically, so you need not load them yourself:
- mod_indexfile (if loaded manually, should be loaded early)
- mod_dirlisting (if loaded manually, should be loaded before mod_staticfile)
- mod_staticfile (if loaded manually, should be loaded at or near end list)