1: #######################################################################
2: ##
3: ## /usr/local/etc/lighttpd/lighttpd.conf
4: ##
5: ## check /usr/local/etc/lighttpd/conf.d/*.conf for the configuration of modules.
6: ##
7: #######################################################################
8:
9: #######################################################################
10: ##
11: ## Some Variable definition which will make chrooting easier.
12: ##
13: ## if you add a variable here. Add the corresponding variable in the
14: ## chroot example aswell.
15: ##
16: var.log_root = "/var/log/lighttpd"
17: var.state_dir = "/var/run/lighttpd"
18: var.home_dir = "/var/spool/lighttpd"
19: var.conf_dir = "/etc/lighttpd"
20:
21: var.server_root = "/var/local/www/data"
22:
23: ##
24: ## run the server chrooted.
25: ##
26: ## This requires root permissions during startup.
27: ##
28: ## If you run Chrooted set the the variables to directories relative to
29: ## the chroot dir.
30: ##
31: ## example chroot configuration:
32: ##
33: #var.log_root = "/logs"
34: #var.server_root = "/"
35: #var.state_dir = "/run"
36: #var.home_dir = "/lib/lighttpd"
37: #var.vhosts_dir = "/vhosts"
38: #var.conf_dir = "/etc"
39: #
40: #server.chroot = "/srv/www"
41:
42: ##
43: ## Some additional variables to make the configuration easier
44: ##
45:
46: ##
47: ## Base directory for all virtual hosts
48: ##
49: ## used in:
50: ## conf.d/evhost.conf
51: ## conf.d/simple_vhost.conf
52: ## vhosts.d/vhosts.template
53: ##
54: var.vhosts_dir = server_root + "/vhosts"
55:
56: ##
57: ## Cache for mod_compress
58: ##
59: ## used in:
60: ## conf.d/compress.conf
61: ##
62: var.cache_dir = "/var/spool/lighttpd"
63:
64: ##
65: ## Base directory for sockets.
66: ##
67: ## used in:
68: ## conf.d/fastcgi.conf
69: ## conf.d/scgi.conf
70: ##
71: var.socket_dir = home_dir + "/sockets"
72:
73: ##
74: #######################################################################
75:
76: #######################################################################
77: ##
78: ## Load the modules.
79: include "modules.conf"
80:
81: ##
82: #######################################################################
83:
84: #######################################################################
85: ##
86: ## Basic Configuration
87: ## ---------------------
88: ##
89: server.port = 80
90:
91: ##
92: ## Use IPv6?
93: ##
94: server.use-ipv6 = "enable"
95:
96: ##
97: ## bind to a specific IP
98: ##
99: #server.bind = "localhost"
100:
101: ##
102: ## Run as a different username/groupname.
103: ## This requires root permissions during startup.
104: ##
105: server.username = "www"
106: server.groupname = "www"
107:
108: ##
109: ## enable core files.
110: ##
111: #server.core-files = "disable"
112:
113: ##
114: ## Document root
115: ##
116: server.document-root = "/usr/local/www/data/"
117:
118: ##
119: ## The value for the "Server:" response field.
120: ##
121: ## It would be nice to keep it at "lighttpd".
122: ##
123: #server.tag = "lighttpd"
124:
125: ##
126: ## store a pid file
127: ##
128: server.pid-file = state_dir + "/lighttpd.pid"
129:
130: ##
131: #######################################################################
132:
133: #######################################################################
134: ##
135: ## Logging Options
136: ## ------------------
137: ##
138: ## all logging options can be overwritten per vhost.
139: ##
140: ## Path to the error log file
141: ##
142: server.errorlog = log_root + "/error.log"
143:
144: ##
145: ## If you want to log to syslog you have to unset the
146: ## server.errorlog setting and uncomment the next line.
147: ##
148: #server.errorlog-use-syslog = "enable"
149:
150: ##
151: ## Access log config
152: ##
153: include "conf.d/access_log.conf"
154:
155: ##
156: ## The debug options are moved into their own file.
157: ## see conf.d/debug.conf for various options for request debugging.
158: ##
159: include "conf.d/debug.conf"
160:
161: ##
162: #######################################################################
163:
164: #######################################################################
165: ##
166: ## Tuning/Performance
167: ## --------------------
168: ##
169: ## corresponding documentation:
170: ## http://www.lighttpd.net/documentation/performance.html
171: ##
172: ## set the event-handler (read the performance section in the manual)
173: ##
174: ## possible options on linux are:
175: ##
176: ## select
177: ## poll
178: ## linux-sysepoll
179: ##
180: ## linux-sysepoll is recommended on kernel 2.6.
181: ##
182: server.event-handler = "freebsd-kqueue"
183:
184: ##
185: ## The basic network interface for all platforms at the syscalls read()
186: ## and write(). Every modern OS provides its own syscall to help network
187: ## servers transfer files as fast as possible
188: ##
189: ## linux-sendfile - is recommended for small files.
190: ## writev - is recommended for sending many large files
191: ##
192: server.network-backend = "writev"
193:
194: ##
195: ## As lighttpd is a single-threaded server, its main resource limit is
196: ## the number of file descriptors, which is set to 1024 by default (on
197: ## most systems).
198: ##
199: ## If you are running a high-traffic site you might want to increase this
200: ## limit by setting server.max-fds.
201: ##
202: ## Changing this setting requires root permissions on startup. see
203: ## server.username/server.groupname.
204: ##
205: ## By default lighttpd would not change the operation system default.
206: ## But setting it to 2048 is a better default for busy servers.
207: ##
208: server.max-fds = 2048
209:
210: ##
211: ## Stat() call caching.
212: ##
213: ## lighttpd can utilize FAM/Gamin to cache stat call.
214: ##
215: ## possible values are:
216: ## disable, simple or fam.
217: ##
218: server.stat-cache-engine = "simple"
219:
220: ##
221: ## Fine tuning for the request handling
222: ##
223: ## max-connections == max-fds/2 (maybe /3)
224: ## means the other file handles are used for fastcgi/files
225: ##
226: server.max-connections = 1024
227:
228: ##
229: ## How many seconds to keep a keep-alive connection open,
230: ## until we consider it idle.
231: ##
232: ## Default: 5
233: ##
234: #server.max-keep-alive-idle = 5
235:
236: ##
237: ## How many keep-alive requests until closing the connection.
238: ##
239: ## Default: 16
240: ##
241: #server.max-keep-alive-requests = 16
242:
243: ##
244: ## Maximum size of a request in kilobytes.
245: ## By default it is unlimited (0).
246: ##
247: ## Uploads to your server cant be larger than this value.
248: ##
249: #server.max-request-size = 0
250:
251: ##
252: ## Time to read from a socket before we consider it idle.
253: ##
254: ## Default: 60
255: ##
256: #server.max-read-idle = 60
257:
258: ##
259: ## Time to write to a socket before we consider it idle.
260: ##
261: ## Default: 360
262: ##
263: #server.max-write-idle = 360
264:
265: ##
266: ## Traffic Shaping
267: ## -----------------
268: ##
269: ## see /usr/share/doc/lighttpd/traffic-shaping.txt
270: ##
271: ## Values are in kilobyte per second.
272: ##
273: ## Keep in mind that a limit below 32kB/s might actually limit the
274: ## traffic to 32kB/s. This is caused by the size of the TCP send
275: ## buffer.
276: ##
277: ## per server:
278: ##
279: #server.kbytes-per-second = 128
280:
281: ##
282: ## per connection:
283: ##
284: #connection.kbytes-per-second = 32
285:
286: ##
287: #######################################################################
288:
289: #######################################################################
290: ##
291: ## Filename/File handling
292: ## ------------------------
293:
294: ##
295: ## files to check for if .../ is requested
296: ## index-file.names = ( "index.php", "index.rb", "index.html",
297: ## "index.htm", "default.htm" )
298: ##
299: index-file.names += (
300: "index.xhtml", "index.html", "index.htm", "default.htm", "index.php"
301: )
302:
303: ##
304: ## deny access the file-extensions
305: ##
306: ## ~ is for backupfiles from vi, emacs, joe, ...
307: ## .inc is often used for code includes which should in general not be part
308: ## of the document-root
309: url.access-deny = ( "~", ".inc" )
310:
311: ##
312: ## disable range requests for pdf files
313: ## workaround for a bug in the Acrobat Reader plugin.
314: ##
315: $HTTP["url"] =~ "\.pdf$" {
316: server.range-requests = "disable"
317: }
318:
319: ##
320: ## url handling modules (rewrite, redirect)
321: ##
322: #url.rewrite = ( "^/$" => "/server-status" )
323: #url.redirect = ( "^/wishlist/(.+)" => "http://www.example.com/$1" )
324:
325: ##
326: ## both rewrite/redirect support back reference to regex conditional using %n
327: ##
328: #$HTTP["host"] =~ "^www\.(.*)" {
329: # url.redirect = ( "^/(.*)" => "http://%1/$1" )
330: #}
331:
332: ##
333: ## which extensions should not be handle via static-file transfer
334: ##
335: ## .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi
336: ##
337: static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".scgi" )
338:
339: ##
340: ## error-handler for status 404
341: ##
342: #server.error-handler-404 = "/error-handler.html"
343: #server.error-handler-404 = "/error-handler.php"
344:
345: ##
346: ## Format: <errorfile-prefix><status-code>.html
347: ## -> ..../status-404.html for 'File not found'
348: ##
349: #server.errorfile-prefix = "/srv/www/htdocs/errors/status-"
350:
351: ##
352: ## mimetype mapping
353: ##
354: include "conf.d/mime.conf"
355:
356: ##
357: ## directory listing configuration
358: ##
359: include "conf.d/dirlisting.conf"
360:
361: ##
362: ## Should lighttpd follow symlinks?
363: ##
364: server.follow-symlink = "enable"
365:
366: ##
367: ## force all filenames to be lowercase?
368: ##
369: #server.force-lowercase-filenames = "disable"
370:
371: ##
372: ## defaults to /var/tmp as we assume it is a local harddisk
373: ##
374: server.upload-dirs = ( "/var/tmp" )
375:
376: ##
377: #######################################################################
378:
379:
380: #######################################################################
381: ##
382: ## SSL Support
383: ## -------------
384: ##
385: ## To enable SSL for the whole server you have to provide a valid
386: ## certificate and have to enable the SSL engine.::
387: ##
388: ## ssl.engine = "enable"
389: ## ssl.pemfile = "/path/to/server.pem"
390: ##
391: ## The HTTPS protocol does not allow you to use name-based virtual
392: ## hosting with SSL. If you want to run multiple SSL servers with
393: ## one lighttpd instance you must use IP-based virtual hosting: ::
394: ##
395: ## Mitigate CVE-2009-3555 by disabling client triggered renegotation
396: ## This is enabled by default.
397: ##
398: ## IMPORTANT: this setting can only be used in the global scope.
399: ## It does *not* work inside conditionals
400: ##
401: # ssl.disable-client-renegotiation = "enable"
402: ##
403: ## $SERVER["socket"] == "10.0.0.1:443" {
404: ## ssl.engine = "enable"
405: ## ssl.pemfile = "/etc/ssl/private/www.example.com.pem"
406: ## #
407: ## # Mitigate BEAST attack:
408: ## #
409: ## # A stricter base cipher suite. For details see:
410: ## # http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html
411: ## #
412: ## ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
413: ## #
414: ## # Make the server prefer the order of the server side cipher suite instead of the client suite.
415: ## # This is necessary to mitigate the BEAST attack (unless you disable all non RC4 algorithms).
416: ## # This option is enabled by default, but only used if ssl.cipher-list is set.
417: ## #
418: ## # ssl.honor-cipher-order = "enable"
419: ## #
420: ## server.name = "www.example.com"
421: ##
422: ## server.document-root = "/srv/www/vhosts/example.com/www/"
423: ## }
424: ##
425:
426: ## If you have a .crt and a .key file, cat them together into a
427: ## single PEM file:
428: ## $ cat /etc/ssl/private/lighttpd.key /etc/ssl/certs/lighttpd.crt \
429: ## > /etc/ssl/private/lighttpd.pem
430: ##
431: #ssl.pemfile = "/etc/ssl/private/lighttpd.pem"
432:
433: ##
434: ## optionally pass the CA certificate here.
435: ##
436: ##
437: #ssl.ca-file = ""
438:
439: ##
440: #######################################################################
441:
442: #######################################################################
443: ##
444: ## custom includes like vhosts.
445: ##
446: #include "conf.d/config.conf"
447: #include_shell "cat /usr/local/etc/lighttpd/vhosts.d/*.conf"
448: ##
449: #######################################################################
450:
451: # IPv4 listening socket
452: $SERVER["socket"] == "0.0.0.0:80" { }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>