path: root/user/lighttpd/lighttpd.conf



###################################
# Default lighttpd.conf for Adélie
###################################


######## Variables ########
var.basedir  = "/var/www/localhost"
var.logdir   = "/var/log/lighttpd"
var.statedir = "/var/lib/lighttpd"


######## Modules ########
# NOTE: the order of modules is important.
server.modules = (
#	"mod_rewrite",
#	"mod_redirect",
#	"mod_alias",
	"mod_access",
#	"mod_cml",
#	"mod_trigger_b4_dl",
#	"mod_auth",
#	"mod_status",
	"mod_setenv",
#	"mod_proxy",
#	"mod_simple_vhost",
#	"mod_evhost",
#	"mod_userdir",
	"mod_compress",
#	"mod_ssi",
#	"mod_usertrack",
	"mod_expire",
#	"mod_secdownload",
#	"mod_rrdtool",
#	"mod_webdav",
	"mod_accesslog",
#       "mod_openssl"   # You need this if you want TLS!
)


######## Inclusions ########
include "mime-types.conf"
# uncomment for cgi support
#   include "mod_cgi.conf"
# uncomment for php/fastcgi support
#   include "mod_fastcgi.conf"
# uncomment for php/fastcgi fpm support
#   include "mod_fastcgi_fpm.conf"


######## Global Settings ########
server.username      = "lighttpd"
server.groupname     = "lighttpd"

server.document-root = var.basedir + "/htdocs"
server.pid-file      = "/run/lighttpd.pid"

server.errorlog      = var.logdir  + "/error.log"
# To log errors to syslog instead, use:
# server.errorlog-use-syslog = "enable"

server.indexfiles    = ("index.html", "index.htm", "default.htm")

# server.tag           = "lighttpd"

server.follow-symlink = "enable"

server.event-handler = "linux-sysepoll"

# To chroot to a directory:
# server.chroot      = "/"

# Default bind port is 80.  To change:
# server.port          = 81

# Default bind address is global (0.0.0.0).  To change:
# server.bind          = "grisu.home.kneschke.de"

# error-handler for status 404
# server.error-handler-404 = "/error-handler.html"

# Format: <errorfile-prefix><status-code>.html
# -> ..../status-404.html for 'File not found'
# server.errorfile-prefix    = var.basedir + "/error/status-"

# FAM support for caching stat() calls
server.stat-cache-engine = "fam"

# which extensions should not be handled via static-file transfer
# (extensions that are usually handled by mod_cgi, mod_fastcgi, etc).
static-file.exclude-extensions = (".php", ".pl", ".cgi", ".fcgi")


######## mod_accesslog config ########
accesslog.filename   = var.logdir + "/access.log"


######## mod_dirlisting config ########
# Enable directory listings if no indexfile is present.
#dir-listing.activate      = "enable"

# Don't list hidden files/directories (beginning with '.')
#dir-listing.hide-dotfiles = "enable"
#
# Specify a path here for custom directory listing CSS:
#dir-listing.external-css  = "/path/to/dir-listing.css"
#
# Exclude files that match any regex in this list from directory listings:
#dir-listing.exclude = ("^\.", "~$")


######## mod_access config ########
# See access.txt in lighttpd-doc package for more info.

url.access-deny = ("~", ".inc")


######## mod_userdir config ########
# This will give all users with valid homedirs the chance to publish a
# webpage from this server using traditional /~username/ paths.
# See userdir.txt in lighttpd-doc package for more info.
#
#userdir.path = "public_html"
#userdir.exclude-user = ("root")


######## mod_ssi config ########
# This allows you to use server-side includes.
#ssi.extension = (".shtml")


######## SSL config ########
# See ssl.txt in lighttpd-doc package for more info.
# The defaults here are NOT the server defaults.  You need to uncomment
# them to use them.  They are HIGHLY recommended; by default, lighttpd
# will serve older TLS protocols that may be vulnerable to attack.
#
#ssl.engine				= "enable"
#ssl.honor-cipher-order			= "enable"
#ssl.disable-client-renegotiation	= "enable"
# pemfile is cert+privkey, ca-file is the intermediate chain in one file
#ssl.pemfile				= "/path/to/signed_cert_plus_private_key.pem"
#ssl.ca-file				= "/path/to/intermediate_certificate.pem"
# ECDH/ECDHE ciphers curve strength (see `openssl ecparam -list_curves`)
#ssl.ec-curve				= "secp384r1"
# Environment flag for HTTPS enabled
#setenv.add-environment = (
#	"HTTPS" => "on"
#)
# Modern configuration, tweak to your needs
#ssl.use-sslv2				= "disable"
#ssl.use-sslv3				= "disable"
#ssl.cipher-list			= "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
# HSTS(15768000 seconds = 6 months)
#setenv.add-response-header  = (
#	"Strict-Transport-Security" => "max-age=15768000;"
#)


######## mod_status config ########
# This is generally handy and won't expose any sensitive info.
#status.status-url  = "/server-status"
# This will expose some of your configuration to the world!
#status.config-url  = "/server-config"


######## mod_compress config ########
compress.cache-dir	= var.statedir + "/cache/compress"
compress.filetype	= ("text/plain", "text/html")


######## mod_proxy config ########
# See proxy.txt in lighttpd-doc package for more info.
# proxy.server               = ( ".php" =>
#                               ( "localhost" =>
#                                 (
#                                   "host" => "192.168.0.101",
#                                   "port" => 80
#                                 )
#                               )
#                             )
# }}}


######## mod_auth config ########
# See authentication.txt in lighttpd-doc package for more info.
#auth.backend               = "plain"
#auth.backend.plain.userfile = "lighttpd.user"
#auth.backend.plain.groupfile = "lighttpd.group"

#auth.backend.ldap.hostname = "localhost"
#auth.backend.ldap.base-dn  = "dc=my-domain,dc=com"
#auth.backend.ldap.filter   = "(uid=$)"

#auth.require               = ( "/server-status" =>
#                               (
#                                 "method"  => "digest",
#                                 "realm"   => "download archiv",
#                                 "require" => "user=jan"
#                               ),
#                               "/server-info" =>
#                               (
#                                 "method"  => "digest",
#                                 "realm"   => "download archiv",
#                                 "require" => "valid-user"
#                               )
#                             )


######## mod_rewrite config ########
# Apache-style mod_rewrite for implementing URL rewriting.
# See rewrite.txt in lighttpd-doc package for more info.
#
#url.rewrite = (
#	"^/$"		=>		"/server-status"
#)


######## mod_redirect config ########
# See redirect.txt in lighttpd-doc package for more info.
#
#url.redirect = (
#	"^/wishlist/(.+)"		=>		"http://www.123.org/$1"
#)


######## mod_expire config ########
# It is highly recommended you configure Expire: headers correctly to
# conserve bandwidth, especially for users on slow links.
#expire.url = (
#	"/buggy/"		=>		"access 2 hours",
#	"/asdhas/"		=>		"access plus 1 seconds 2 minutes"
#)

# {{{ mod_trigger_b4_dl
# see trigger_b4_dl.txt
#
# trigger-before-download.gdbm-filename = "/home/weigon/testbase/trigger.db"
# trigger-before-download.memcache-hosts = ( "127.0.0.1:11211" )
# trigger-before-download.trigger-url = "^/trigger/"
# trigger-before-download.download-url = "^/download/"
# trigger-before-download.deny-url = "http://127.0.0.1/index.html"
# trigger-before-download.trigger-timeout = 10
# }}}


######## mod_webdav config ########
# lighttpd can act as a WebDAV server.
# See webdav.txt in lighttpd-doc package for more info.
#
#$HTTP["url"] =~ "^/dav($|/)" {
#	webdav.activate = "enable"
#	webdav.is-readonly = "enable"
#}


######## Debugging options ########
# debug.log-request-header   = "enable"
# debug.log-response-header  = "enable"
# debug.log-request-handling = "enable"
# debug.log-file-not-found   = "enable"

# vim: set ft=conf foldmethod=marker et :
###################################
# Default lighttpd.conf for Adélie
###################################


######## Variables ########
var.basedir  = "/var/www/localhost"
var.logdir   = "/var/log/lighttpd"
var.statedir = "/var/lib/lighttpd"


######## Modules ########
# NOTE: the order of modules is important.
server.modules = (
#	"mod_rewrite",
#	"mod_redirect",
#	"mod_alias",
	"mod_access",
#	"mod_cml",
#	"mod_trigger_b4_dl",
#	"mod_auth",
#	"mod_status",
	"mod_setenv",
#	"mod_proxy",
#	"mod_simple_vhost",
#	"mod_evhost",
#	"mod_userdir",
	"mod_compress",
#	"mod_ssi",
#	"mod_usertrack",
	"mod_expire",
#	"mod_secdownload",
#	"mod_rrdtool",
#	"mod_webdav",
	"mod_accesslog",
#       "mod_openssl"   # You need this if you want TLS!
)


######## Inclusions ########
include "mime-types.conf"
# uncomment for cgi support
#   include "mod_cgi.conf"
# uncomment for php/fastcgi support
#   include "mod_fastcgi.conf"
# uncomment for php/fastcgi fpm support
#   include "mod_fastcgi_fpm.conf"


######## Global Settings ########
server.username      = "lighttpd"
server.groupname     = "lighttpd"

server.document-root = var.basedir + "/htdocs"
server.pid-file      = "/run/lighttpd.pid"

server.errorlog      = var.logdir  + "/error.log"
# To log errors to syslog instead, use:
# server.errorlog-use-syslog = "enable"

server.indexfiles    = ("index.html", "index.htm", "default.htm")

# server.tag           = "lighttpd"

server.follow-symlink = "enable"

server.event-handler = "linux-sysepoll"

# To chroot to a directory:
# server.chroot      = "/"

# Default bind port is 80.  To change:
# server.port          = 81

# Default bind address is global (0.0.0.0).  To change:
# server.bind          = "grisu.home.kneschke.de"

# error-handler for status 404
# server.error-handler-404 = "/error-handler.html"

# Format: <errorfile-prefix><status-code>.html
# -> ..../status-404.html for 'File not found'
# server.errorfile-prefix    = var.basedir + "/error/status-"

# FAM support for caching stat() calls
server.stat-cache-engine = "fam"

# which extensions should not be handled via static-file transfer
# (extensions that are usually handled by mod_cgi, mod_fastcgi, etc).
static-file.exclude-extensions = (".php", ".pl", ".cgi", ".fcgi")


######## mod_accesslog config ########
accesslog.filename   = var.logdir + "/access.log"


######## mod_dirlisting config ########
# Enable directory listings if no indexfile is present.
#dir-listing.activate      = "enable"

# Don't list hidden files/directories (beginning with '.')
#dir-listing.hide-dotfiles = "enable"
#
# Specify a path here for custom directory listing CSS:
#dir-listing.external-css  = "/path/to/dir-listing.css"
#
# Exclude files that match any regex in this list from directory listings:
#dir-listing.exclude = ("^\.", "~$")


######## mod_access config ########
# See access.txt in lighttpd-doc package for more info.

url.access-deny = ("~", ".inc")


######## mod_userdir config ########
# This will give all users with valid homedirs the chance to publish a
# webpage from this server using traditional /~username/ paths.
# See userdir.txt in lighttpd-doc package for more info.
#
#userdir.path = "public_html"
#userdir.exclude-user = ("root")


######## mod_ssi config ########
# This allows you to use server-side includes.
#ssi.extension = (".shtml")


######## SSL config ########
# See ssl.txt in lighttpd-doc package for more info.
# The defaults here are NOT the server defaults.  You need to uncomment
# them to use them.  They are HIGHLY recommended; by default, lighttpd
# will serve older TLS protocols that may be vulnerable to attack.
#
#ssl.engine				= "enable"
#ssl.honor-cipher-order			= "enable"
#ssl.disable-client-renegotiation	= "enable"
# pemfile is cert+privkey, ca-file is the intermediate chain in one file
#ssl.pemfile				= "/path/to/signed_cert_plus_private_key.pem"
#ssl.ca-file				= "/path/to/intermediate_certificate.pem"
# ECDH/ECDHE ciphers curve strength (see `openssl ecparam -list_curves`)
#ssl.ec-curve				= "secp384r1"
# Environment flag for HTTPS enabled
#setenv.add-environment = (
#	"HTTPS" => "on"
#)
# Modern configuration, tweak to your needs
#ssl.use-sslv2				= "disable"
#ssl.use-sslv3				= "disable"
#ssl.cipher-list			= "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
# HSTS(15768000 seconds = 6 months)
#setenv.add-response-header  = (
#	"Strict-Transport-Security" => "max-age=15768000;"
#)


######## mod_status config ########
# This is generally handy and won't expose any sensitive info.
#status.status-url  = "/server-status"
# This will expose some of your configuration to the world!
#status.config-url  = "/server-config"


######## mod_compress config ########
compress.cache-dir	= var.statedir + "/cache/compress"
compress.filetype	= ("text/plain", "text/html")


######## mod_proxy config ########
# See proxy.txt in lighttpd-doc package for more info.
# proxy.server               = ( ".php" =>
#                               ( "localhost" =>
#                                 (
#                                   "host" => "192.168.0.101",
#                                   "port" => 80
#                                 )
#                               )
#                             )
# }}}


######## mod_auth config ########
# See authentication.txt in lighttpd-doc package for more info.
#auth.backend               = "plain"
#auth.backend.plain.userfile = "lighttpd.user"
#auth.backend.plain.groupfile = "lighttpd.group"

#auth.backend.ldap.hostname = "localhost"
#auth.backend.ldap.base-dn  = "dc=my-domain,dc=com"
#auth.backend.ldap.filter   = "(uid=$)"

#auth.require               = ( "/server-status" =>
#                               (
#                                 "method"  => "digest",
#                                 "realm"   => "download archiv",
#                                 "require" => "user=jan"
#                               ),
#                               "/server-info" =>
#                               (
#                                 "method"  => "digest",
#                                 "realm"   => "download archiv",
#                                 "require" => "valid-user"
#                               )
#                             )


######## mod_rewrite config ########
# Apache-style mod_rewrite for implementing URL rewriting.
# See rewrite.txt in lighttpd-doc package for more info.
#
#url.rewrite = (
#	"^/$"		=>		"/server-status"
#)


######## mod_redirect config ########
# See redirect.txt in lighttpd-doc package for more info.
#
#url.redirect = (
#	"^/wishlist/(.+)"		=>		"http://www.123.org/$1"
#)


######## mod_expire config ########
# It is highly recommended you configure Expire: headers correctly to
# conserve bandwidth, especially for users on slow links.
#expire.url = (
#	"/buggy/"		=>		"access 2 hours",
#	"/asdhas/"		=>		"access plus 1 seconds 2 minutes"
#)

# {{{ mod_trigger_b4_dl
# see trigger_b4_dl.txt
#
# trigger-before-download.gdbm-filename = "/home/weigon/testbase/trigger.db"
# trigger-before-download.memcache-hosts = ( "127.0.0.1:11211" )
# trigger-before-download.trigger-url = "^/trigger/"
# trigger-before-download.download-url = "^/download/"
# trigger-before-download.deny-url = "http://127.0.0.1/index.html"
# trigger-before-download.trigger-timeout = 10
# }}}


######## mod_webdav config ########
# lighttpd can act as a WebDAV server.
# See webdav.txt in lighttpd-doc package for more info.
#
#$HTTP["url"] =~ "^/dav($|/)" {
#	webdav.activate = "enable"
#	webdav.is-readonly = "enable"
#}


######## Debugging options ########
# debug.log-request-header   = "enable"
# debug.log-response-header  = "enable"
# debug.log-request-handling = "enable"
# debug.log-file-not-found   = "enable"

# vim: set ft=conf foldmethod=marker et :