Annotation of elwix/config/etc/default/lighttpd/lighttpd.conf, revision 1.2
1.2 ! misho 1: #######################################################################
! 2: ##
! 3: ## /usr/local/etc/lighttpd/lighttpd.conf
! 4: ##
! 5: ## check /usr/local/etc/lighttpd/conf.d/*.conf for the configuration of modules.
! 6: ##
! 7: #######################################################################
! 8:
! 9: #######################################################################
! 10: ##
! 11: ## Some Variable definition which will make chrooting easier.
! 12: ##
! 13: ## if you add a variable here. Add the corresponding variable in the
! 14: ## chroot example aswell.
! 15: ##
! 16: var.log_root = "/var/log/lighttpd"
! 17: var.state_dir = "/var/run/lighttpd"
! 18: var.home_dir = "/var/spool/lighttpd"
! 19: var.conf_dir = "/etc/lighttpd"
! 20:
! 21: var.server_root = "/var/local/www/data"
! 22:
! 23: ##
! 24: ## run the server chrooted.
! 25: ##
! 26: ## This requires root permissions during startup.
! 27: ##
! 28: ## If you run Chrooted set the the variables to directories relative to
! 29: ## the chroot dir.
! 30: ##
! 31: ## example chroot configuration:
! 32: ##
! 33: #var.log_root = "/logs"
! 34: #var.server_root = "/"
! 35: #var.state_dir = "/run"
! 36: #var.home_dir = "/lib/lighttpd"
! 37: #var.vhosts_dir = "/vhosts"
! 38: #var.conf_dir = "/etc"
! 39: #
! 40: #server.chroot = "/srv/www"
! 41:
! 42: ##
! 43: ## Some additional variables to make the configuration easier
! 44: ##
! 45:
! 46: ##
! 47: ## Base directory for all virtual hosts
! 48: ##
! 49: ## used in:
! 50: ## conf.d/evhost.conf
! 51: ## conf.d/simple_vhost.conf
! 52: ## vhosts.d/vhosts.template
! 53: ##
! 54: var.vhosts_dir = server_root + "/vhosts"
! 55:
! 56: ##
! 57: ## Cache for mod_compress
! 58: ##
! 59: ## used in:
! 60: ## conf.d/compress.conf
! 61: ##
! 62: var.cache_dir = "/var/spool/lighttpd"
! 63:
! 64: ##
! 65: ## Base directory for sockets.
! 66: ##
! 67: ## used in:
! 68: ## conf.d/fastcgi.conf
! 69: ## conf.d/scgi.conf
! 70: ##
! 71: var.socket_dir = home_dir + "/sockets"
! 72:
! 73: ##
! 74: #######################################################################
! 75:
! 76: #######################################################################
! 77: ##
! 78: ## Load the modules.
! 79: include "modules.conf"
! 80:
! 81: ##
! 82: #######################################################################
! 83:
! 84: #######################################################################
! 85: ##
! 86: ## Basic Configuration
! 87: ## ---------------------
! 88: ##
! 89: server.port = 80
! 90:
! 91: ##
! 92: ## Use IPv6?
! 93: ##
! 94: server.use-ipv6 = "enable"
! 95:
! 96: ##
! 97: ## bind to a specific IP
! 98: ##
! 99: #server.bind = "localhost"
! 100:
! 101: ##
! 102: ## Run as a different username/groupname.
! 103: ## This requires root permissions during startup.
! 104: ##
! 105: server.username = "www"
! 106: server.groupname = "www"
! 107:
! 108: ##
! 109: ## enable core files.
! 110: ##
! 111: #server.core-files = "disable"
! 112:
! 113: ##
! 114: ## Document root
! 115: ##
! 116: server.document-root = "/usr/local/www/data/"
! 117:
! 118: ##
! 119: ## The value for the "Server:" response field.
! 120: ##
! 121: ## It would be nice to keep it at "lighttpd".
! 122: ##
! 123: #server.tag = "lighttpd"
! 124:
! 125: ##
! 126: ## store a pid file
! 127: ##
! 128: server.pid-file = state_dir + "/lighttpd.pid"
! 129:
! 130: ##
! 131: #######################################################################
! 132:
! 133: #######################################################################
! 134: ##
! 135: ## Logging Options
! 136: ## ------------------
! 137: ##
! 138: ## all logging options can be overwritten per vhost.
! 139: ##
! 140: ## Path to the error log file
! 141: ##
! 142: server.errorlog = log_root + "/error.log"
! 143:
! 144: ##
! 145: ## If you want to log to syslog you have to unset the
! 146: ## server.errorlog setting and uncomment the next line.
! 147: ##
! 148: #server.errorlog-use-syslog = "enable"
! 149:
! 150: ##
! 151: ## Access log config
! 152: ##
! 153: include "conf.d/access_log.conf"
! 154:
! 155: ##
! 156: ## The debug options are moved into their own file.
! 157: ## see conf.d/debug.conf for various options for request debugging.
! 158: ##
! 159: include "conf.d/debug.conf"
! 160:
! 161: ##
! 162: #######################################################################
! 163:
! 164: #######################################################################
! 165: ##
! 166: ## Tuning/Performance
! 167: ## --------------------
! 168: ##
! 169: ## corresponding documentation:
! 170: ## http://www.lighttpd.net/documentation/performance.html
! 171: ##
! 172: ## set the event-handler (read the performance section in the manual)
! 173: ##
! 174: ## possible options on linux are:
! 175: ##
! 176: ## select
! 177: ## poll
! 178: ## linux-sysepoll
! 179: ##
! 180: ## linux-sysepoll is recommended on kernel 2.6.
! 181: ##
! 182: server.event-handler = "freebsd-kqueue"
! 183:
! 184: ##
! 185: ## The basic network interface for all platforms at the syscalls read()
! 186: ## and write(). Every modern OS provides its own syscall to help network
! 187: ## servers transfer files as fast as possible
! 188: ##
! 189: ## linux-sendfile - is recommended for small files.
! 190: ## writev - is recommended for sending many large files
! 191: ##
! 192: server.network-backend = "writev"
! 193:
! 194: ##
! 195: ## As lighttpd is a single-threaded server, its main resource limit is
! 196: ## the number of file descriptors, which is set to 1024 by default (on
! 197: ## most systems).
! 198: ##
! 199: ## If you are running a high-traffic site you might want to increase this
! 200: ## limit by setting server.max-fds.
! 201: ##
! 202: ## Changing this setting requires root permissions on startup. see
! 203: ## server.username/server.groupname.
! 204: ##
! 205: ## By default lighttpd would not change the operation system default.
! 206: ## But setting it to 2048 is a better default for busy servers.
! 207: ##
! 208: server.max-fds = 2048
! 209:
! 210: ##
! 211: ## Stat() call caching.
! 212: ##
! 213: ## lighttpd can utilize FAM/Gamin to cache stat call.
! 214: ##
! 215: ## possible values are:
! 216: ## disable, simple or fam.
! 217: ##
! 218: server.stat-cache-engine = "simple"
! 219:
! 220: ##
! 221: ## Fine tuning for the request handling
! 222: ##
! 223: ## max-connections == max-fds/2 (maybe /3)
! 224: ## means the other file handles are used for fastcgi/files
! 225: ##
! 226: server.max-connections = 1024
! 227:
! 228: ##
! 229: ## How many seconds to keep a keep-alive connection open,
! 230: ## until we consider it idle.
! 231: ##
! 232: ## Default: 5
! 233: ##
! 234: #server.max-keep-alive-idle = 5
! 235:
! 236: ##
! 237: ## How many keep-alive requests until closing the connection.
! 238: ##
! 239: ## Default: 16
! 240: ##
! 241: #server.max-keep-alive-requests = 16
! 242:
! 243: ##
! 244: ## Maximum size of a request in kilobytes.
! 245: ## By default it is unlimited (0).
! 246: ##
! 247: ## Uploads to your server cant be larger than this value.
! 248: ##
! 249: #server.max-request-size = 0
! 250:
! 251: ##
! 252: ## Time to read from a socket before we consider it idle.
! 253: ##
! 254: ## Default: 60
! 255: ##
! 256: #server.max-read-idle = 60
! 257:
! 258: ##
! 259: ## Time to write to a socket before we consider it idle.
! 260: ##
! 261: ## Default: 360
! 262: ##
! 263: #server.max-write-idle = 360
! 264:
! 265: ##
! 266: ## Traffic Shaping
! 267: ## -----------------
! 268: ##
! 269: ## see /usr/share/doc/lighttpd/traffic-shaping.txt
! 270: ##
! 271: ## Values are in kilobyte per second.
! 272: ##
! 273: ## Keep in mind that a limit below 32kB/s might actually limit the
! 274: ## traffic to 32kB/s. This is caused by the size of the TCP send
! 275: ## buffer.
! 276: ##
! 277: ## per server:
! 278: ##
! 279: #server.kbytes-per-second = 128
! 280:
! 281: ##
! 282: ## per connection:
! 283: ##
! 284: #connection.kbytes-per-second = 32
! 285:
! 286: ##
! 287: #######################################################################
! 288:
! 289: #######################################################################
! 290: ##
! 291: ## Filename/File handling
! 292: ## ------------------------
! 293:
! 294: ##
! 295: ## files to check for if .../ is requested
! 296: ## index-file.names = ( "index.php", "index.rb", "index.html",
! 297: ## "index.htm", "default.htm" )
! 298: ##
! 299: index-file.names += (
! 300: "index.xhtml", "index.html", "index.htm", "default.htm", "index.php"
! 301: )
! 302:
! 303: ##
! 304: ## deny access the file-extensions
! 305: ##
! 306: ## ~ is for backupfiles from vi, emacs, joe, ...
! 307: ## .inc is often used for code includes which should in general not be part
! 308: ## of the document-root
! 309: url.access-deny = ( "~", ".inc" )
! 310:
! 311: ##
! 312: ## disable range requests for pdf files
! 313: ## workaround for a bug in the Acrobat Reader plugin.
! 314: ##
! 315: $HTTP["url"] =~ "\.pdf$" {
! 316: server.range-requests = "disable"
! 317: }
! 318:
! 319: ##
! 320: ## url handling modules (rewrite, redirect)
! 321: ##
! 322: #url.rewrite = ( "^/$" => "/server-status" )
! 323: #url.redirect = ( "^/wishlist/(.+)" => "http://www.example.com/$1" )
! 324:
! 325: ##
! 326: ## both rewrite/redirect support back reference to regex conditional using %n
! 327: ##
! 328: #$HTTP["host"] =~ "^www\.(.*)" {
! 329: # url.redirect = ( "^/(.*)" => "http://%1/$1" )
! 330: #}
! 331:
! 332: ##
! 333: ## which extensions should not be handle via static-file transfer
! 334: ##
! 335: ## .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi
! 336: ##
! 337: static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".scgi" )
! 338:
! 339: ##
! 340: ## error-handler for status 404
! 341: ##
! 342: #server.error-handler-404 = "/error-handler.html"
! 343: #server.error-handler-404 = "/error-handler.php"
! 344:
! 345: ##
! 346: ## Format: <errorfile-prefix><status-code>.html
! 347: ## -> ..../status-404.html for 'File not found'
! 348: ##
! 349: #server.errorfile-prefix = "/srv/www/htdocs/errors/status-"
! 350:
! 351: ##
! 352: ## mimetype mapping
! 353: ##
! 354: include "conf.d/mime.conf"
! 355:
! 356: ##
! 357: ## directory listing configuration
! 358: ##
! 359: include "conf.d/dirlisting.conf"
! 360:
! 361: ##
! 362: ## Should lighttpd follow symlinks?
! 363: ##
! 364: server.follow-symlink = "enable"
! 365:
! 366: ##
! 367: ## force all filenames to be lowercase?
! 368: ##
! 369: #server.force-lowercase-filenames = "disable"
! 370:
! 371: ##
! 372: ## defaults to /var/tmp as we assume it is a local harddisk
! 373: ##
! 374: server.upload-dirs = ( "/var/tmp" )
! 375:
! 376: ##
! 377: #######################################################################
! 378:
! 379:
! 380: #######################################################################
! 381: ##
! 382: ## SSL Support
! 383: ## -------------
! 384: ##
! 385: ## To enable SSL for the whole server you have to provide a valid
! 386: ## certificate and have to enable the SSL engine.::
! 387: ##
! 388: ## ssl.engine = "enable"
! 389: ## ssl.pemfile = "/path/to/server.pem"
! 390: ##
! 391: ## The HTTPS protocol does not allow you to use name-based virtual
! 392: ## hosting with SSL. If you want to run multiple SSL servers with
! 393: ## one lighttpd instance you must use IP-based virtual hosting: ::
! 394: ##
! 395: ## Mitigate CVE-2009-3555 by disabling client triggered renegotation
! 396: ## This is enabled by default.
! 397: ##
! 398: ## IMPORTANT: this setting can only be used in the global scope.
! 399: ## It does *not* work inside conditionals
! 400: ##
! 401: # ssl.disable-client-renegotiation = "enable"
! 402: ##
! 403: ## $SERVER["socket"] == "10.0.0.1:443" {
! 404: ## ssl.engine = "enable"
! 405: ## ssl.pemfile = "/etc/ssl/private/www.example.com.pem"
! 406: ## #
! 407: ## # Mitigate BEAST attack:
! 408: ## #
! 409: ## # A stricter base cipher suite. For details see:
! 410: ## # http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html
! 411: ## #
! 412: ## ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
! 413: ## #
! 414: ## # Make the server prefer the order of the server side cipher suite instead of the client suite.
! 415: ## # This is necessary to mitigate the BEAST attack (unless you disable all non RC4 algorithms).
! 416: ## # This option is enabled by default, but only used if ssl.cipher-list is set.
! 417: ## #
! 418: ## # ssl.honor-cipher-order = "enable"
! 419: ## #
! 420: ## server.name = "www.example.com"
! 421: ##
! 422: ## server.document-root = "/srv/www/vhosts/example.com/www/"
! 423: ## }
! 424: ##
! 425:
! 426: ## If you have a .crt and a .key file, cat them together into a
! 427: ## single PEM file:
! 428: ## $ cat /etc/ssl/private/lighttpd.key /etc/ssl/certs/lighttpd.crt \
! 429: ## > /etc/ssl/private/lighttpd.pem
! 430: ##
! 431: #ssl.pemfile = "/etc/ssl/private/lighttpd.pem"
! 432:
! 433: ##
! 434: ## optionally pass the CA certificate here.
! 435: ##
! 436: ##
! 437: #ssl.ca-file = ""
! 438:
! 439: ##
! 440: #######################################################################
! 441:
! 442: #######################################################################
! 443: ##
! 444: ## custom includes like vhosts.
! 445: ##
! 446: #include "conf.d/config.conf"
! 447: #include_shell "cat /usr/local/etc/lighttpd/vhosts.d/*.conf"
! 448: ##
! 449: #######################################################################
! 450:
! 451: # IPv4 listening socket
! 452: $SERVER["socket"] == "0.0.0.0:80" { }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to lighttpd.conf CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / elwix / config / etc / default / lighttpd