1: #######################################################################
2: ##
3: ## /etc/lighttpd/lighttpd.conf
4: ##
5: ## check /etc/lighttpd/conf.d/*.conf for the configuration of modules.
6: ##
7: #######################################################################
8:
9: #######################################################################
10: ##
11: ## Some Variable definition which will make chrooting easier.
12: ##
13: ## if you add a variable here. Add the corresponding variable in the
14: ## chroot example aswell.
15: ##
16: var.log_root = "/var/log/lighttpd"
17: var.server_root = "/srv/www"
18: var.state_dir = "/var/run"
19: var.home_dir = "/var/lib/lighttpd"
20: var.conf_dir = "/etc/lighttpd"
21:
22: ##
23: ## run the server chrooted.
24: ##
25: ## This requires root permissions during startup.
26: ##
27: ## If you run Chrooted set the the variables to directories relative to
28: ## the chroot dir.
29: ##
30: ## example chroot configuration:
31: ##
32: #var.log_root = "/logs"
33: #var.server_root = "/"
34: #var.state_dir = "/run"
35: #var.home_dir = "/lib/lighttpd"
36: #var.vhosts_dir = "/vhosts"
37: #var.conf_dir = "/etc"
38: #
39: #server.chroot = "/srv/www"
40:
41: ##
42: ## Some additional variables to make the configuration easier
43: ##
44:
45: ##
46: ## Base directory for all virtual hosts
47: ##
48: ## used in:
49: ## conf.d/evhost.conf
50: ## conf.d/simple_vhost.conf
51: ## vhosts.d/vhosts.template
52: ##
53: var.vhosts_dir = server_root + "/vhosts"
54:
55: ##
56: ## Cache for mod_compress
57: ##
58: ## used in:
59: ## conf.d/compress.conf
60: ##
61: var.cache_dir = "/var/cache/lighttpd"
62:
63: ##
64: ## Base directory for sockets.
65: ##
66: ## used in:
67: ## conf.d/fastcgi.conf
68: ## conf.d/scgi.conf
69: ##
70: var.socket_dir = home_dir + "/sockets"
71:
72: ##
73: #######################################################################
74:
75: #######################################################################
76: ##
77: ## Load the modules.
78: include "modules.conf"
79:
80: ##
81: #######################################################################
82:
83: #######################################################################
84: ##
85: ## Basic Configuration
86: ## ---------------------
87: ##
88: server.port = 80
89:
90: ##
91: ## Use IPv6?
92: ##
93: server.use-ipv6 = "enable"
94:
95: ##
96: ## bind to a specific IP
97: ##
98: #server.bind = "localhost"
99:
100: ##
101: ## Run as a different username/groupname.
102: ## This requires root permissions during startup.
103: ##
104: server.username = "lighttpd"
105: server.groupname = "lighttpd"
106:
107: ##
108: ## enable core files.
109: ##
110: #server.core-files = "disable"
111:
112: ##
113: ## Document root
114: ##
115: server.document-root = server_root + "/htdocs"
116:
117: ##
118: ## The value for the "Server:" response field.
119: ##
120: ## It would be nice to keep it at "lighttpd".
121: ##
122: #server.tag = "lighttpd"
123:
124: ##
125: ## store a pid file
126: ##
127: server.pid-file = state_dir + "/lighttpd.pid"
128:
129: ##
130: #######################################################################
131:
132: #######################################################################
133: ##
134: ## Logging Options
135: ## ------------------
136: ##
137: ## all logging options can be overwritten per vhost.
138: ##
139: ## Path to the error log file
140: ##
141: server.errorlog = log_root + "/error.log"
142:
143: ##
144: ## If you want to log to syslog you have to unset the
145: ## server.errorlog setting and uncomment the next line.
146: ##
147: #server.errorlog-use-syslog = "enable"
148:
149: ##
150: ## Access log config
151: ##
152: include "conf.d/access_log.conf"
153:
154: ##
155: ## The debug options are moved into their own file.
156: ## see conf.d/debug.conf for various options for request debugging.
157: ##
158: include "conf.d/debug.conf"
159:
160: ##
161: #######################################################################
162:
163: #######################################################################
164: ##
165: ## Tuning/Performance
166: ## --------------------
167: ##
168: ## corresponding documentation:
169: ## http://www.lighttpd.net/documentation/performance.html
170: ##
171: ## set the event-handler (read the performance section in the manual)
172: ##
173: ## possible options on linux are:
174: ##
175: ## select
176: ## poll
177: ## linux-sysepoll
178: ##
179: ## linux-sysepoll is recommended on kernel 2.6.
180: ##
181: server.event-handler = "linux-sysepoll"
182:
183: ##
184: ## The basic network interface for all platforms at the syscalls read()
185: ## and write(). Every modern OS provides its own syscall to help network
186: ## servers transfer files as fast as possible
187: ##
188: ## sendfile - is recommended for small files.
189: ## writev - is recommended for sending many large files
190: ##
191: server.network-backend = "sendfile"
192:
193: ##
194: ## As lighttpd is a single-threaded server, its main resource limit is
195: ## the number of file descriptors, which is set to 1024 by default (on
196: ## most systems).
197: ##
198: ## If you are running a high-traffic site you might want to increase this
199: ## limit by setting server.max-fds.
200: ##
201: ## Changing this setting requires root permissions on startup. see
202: ## server.username/server.groupname.
203: ##
204: ## By default lighttpd would not change the operation system default.
205: ## But setting it to 2048 is a better default for busy servers.
206: ##
207: server.max-fds = 2048
208:
209: ##
210: ## listen-backlog is the size of the listen() backlog queue requested when
211: ## the lighttpd server ask the kernel to listen() on the provided network
212: ## address. Clients attempting to connect() to the server enter the listen()
213: ## backlog queue and wait for the lighttpd server to accept() the connection.
214: ##
215: ## The out-of-box default on many operating systems is 128 and is identified
216: ## as SOMAXCONN. This can be tuned on many operating systems. (On Linux,
217: ## cat /proc/sys/net/core/somaxconn) Requesting a size larger than operating
218: ## system limit will be silently reduced to the limit by the operating system.
219: ##
220: ## When there are too many connection attempts waiting for the server to
221: ## accept() new connections, the listen backlog queue fills and the kernel
222: ## rejects additional connection attempts. This can be useful as an
223: ## indication to an upstream load balancer that the server is busy, and
224: ## possibly overloaded. In that case, configure a smaller limit for
225: ## server.listen-backlog. On the other hand, configure a larger limit to be
226: ## able to handle bursts of new connections, but only do so up to an amount
227: ## that the server can keep up with responding in a reasonable amount of
228: ## time. Otherwise, clients may abandon the connection attempts and the
229: ## server will waste resources servicing abandoned connections.
230: ##
231: ## It is best to leave this setting at its default unless you have modelled
232: ## your traffic and tested that changing this benefits your traffic patterns.
233: ##
234: ## Default: 1024
235: ##
236: #server.listen-backlog = 128
237:
238: ##
239: ## Stat() call caching.
240: ##
241: ## lighttpd can utilize FAM/Gamin to cache stat call.
242: ##
243: ## possible values are:
244: ## disable, simple or fam.
245: ##
246: server.stat-cache-engine = "simple"
247:
248: ##
249: ## Fine tuning for the request handling
250: ##
251: ## max-connections == max-fds/2 (maybe /3)
252: ## means the other file handles are used for fastcgi/files
253: ##
254: server.max-connections = 1024
255:
256: ##
257: ## How many seconds to keep a keep-alive connection open,
258: ## until we consider it idle.
259: ##
260: ## Default: 5
261: ##
262: #server.max-keep-alive-idle = 5
263:
264: ##
265: ## How many keep-alive requests until closing the connection.
266: ##
267: ## Default: 16
268: ##
269: #server.max-keep-alive-requests = 16
270:
271: ##
272: ## Maximum size of a request in kilobytes.
273: ## By default it is unlimited (0).
274: ##
275: ## Uploads to your server cant be larger than this value.
276: ##
277: #server.max-request-size = 0
278:
279: ##
280: ## Time to read from a socket before we consider it idle.
281: ##
282: ## Default: 60
283: ##
284: #server.max-read-idle = 60
285:
286: ##
287: ## Time to write to a socket before we consider it idle.
288: ##
289: ## Default: 360
290: ##
291: #server.max-write-idle = 360
292:
293: ##
294: ## Traffic Shaping
295: ## -----------------
296: ##
297: ## see /usr/share/doc/lighttpd/traffic-shaping.txt
298: ##
299: ## Values are in kilobyte per second.
300: ##
301: ## Keep in mind that a limit below 32kB/s might actually limit the
302: ## traffic to 32kB/s. This is caused by the size of the TCP send
303: ## buffer.
304: ##
305: ## per server:
306: ##
307: #server.kbytes-per-second = 128
308:
309: ##
310: ## per connection:
311: ##
312: #connection.kbytes-per-second = 32
313:
314: ##
315: #######################################################################
316:
317: #######################################################################
318: ##
319: ## Filename/File handling
320: ## ------------------------
321:
322: ##
323: ## files to check for if .../ is requested
324: ## index-file.names = ( "index.php", "index.rb", "index.html",
325: ## "index.htm", "default.htm" )
326: ##
327: index-file.names += (
328: "index.xhtml", "index.html", "index.htm", "default.htm", "index.php"
329: )
330:
331: ##
332: ## deny access the file-extensions
333: ##
334: ## ~ is for backupfiles from vi, emacs, joe, ...
335: ## .inc is often used for code includes which should in general not be part
336: ## of the document-root
337: url.access-deny = ( "~", ".inc" )
338:
339: ##
340: ## disable range requests for pdf files
341: ## workaround for a bug in the Acrobat Reader plugin.
342: ##
343: $HTTP["url"] =~ "\.pdf$" {
344: server.range-requests = "disable"
345: }
346:
347: ##
348: ## url handling modules (rewrite, redirect)
349: ##
350: #url.rewrite = ( "^/$" => "/server-status" )
351: #url.redirect = ( "^/wishlist/(.+)" => "http://www.example.com/$1" )
352:
353: ##
354: ## both rewrite/redirect support back reference to regex conditional using %n
355: ##
356: #$HTTP["host"] =~ "^www\.(.*)" {
357: # url.redirect = ( "^/(.*)" => "http://%1/$1" )
358: #}
359:
360: ##
361: ## which extensions should not be handle via static-file transfer
362: ##
363: ## .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi
364: ##
365: static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".scgi" )
366:
367: ##
368: ## error-handler for all status 400-599
369: ##
370: #server.error-handler = "/error-handler.html"
371: #server.error-handler = "/error-handler.php"
372:
373: ##
374: ## error-handler for status 404
375: ##
376: #server.error-handler-404 = "/error-handler.html"
377: #server.error-handler-404 = "/error-handler.php"
378:
379: ##
380: ## Format: <errorfile-prefix><status-code>.html
381: ## -> ..../status-404.html for 'File not found'
382: ##
383: #server.errorfile-prefix = "/srv/www/htdocs/errors/status-"
384:
385: ##
386: ## mimetype mapping
387: ##
388: include "conf.d/mime.conf"
389:
390: ##
391: ## directory listing configuration
392: ##
393: include "conf.d/dirlisting.conf"
394:
395: ##
396: ## Should lighttpd follow symlinks?
397: ##
398: server.follow-symlink = "enable"
399:
400: ##
401: ## force all filenames to be lowercase?
402: ##
403: #server.force-lowercase-filenames = "disable"
404:
405: ##
406: ## defaults to /var/tmp as we assume it is a local harddisk
407: ##
408: server.upload-dirs = ( "/var/tmp" )
409:
410: ##
411: #######################################################################
412:
413:
414: #######################################################################
415: ##
416: ## SSL Support
417: ## -------------
418: ##
419: ## To enable SSL for the whole server you have to provide a valid
420: ## certificate and have to enable the SSL engine.::
421: ##
422: ## ssl.engine = "enable"
423: ## ssl.pemfile = "/path/to/server.pem"
424: ##
425: ## The HTTPS protocol does not allow you to use name-based virtual
426: ## hosting with SSL. If you want to run multiple SSL servers with
427: ## one lighttpd instance you must use IP-based virtual hosting: ::
428: ##
429: ## Mitigate CVE-2009-3555 by disabling client triggered renegotation
430: ## This is enabled by default.
431: ##
432: ## IMPORTANT: this setting can only be used in the global scope.
433: ## It does *not* work inside conditionals
434: ##
435: # ssl.disable-client-renegotiation = "enable"
436: ##
437: ## $SERVER["socket"] == "10.0.0.1:443" {
438: ## ssl.engine = "enable"
439: ## ssl.pemfile = "/etc/ssl/private/www.example.com.pem"
440: ## #
441: ## # (Following SSL/TLS Deployment Best Practices 1.3 / 17 September 2013 from:
442: ## # https://www.ssllabs.com/projects/best-practices/index.html)
443: ## # - BEAST is considered mitigaed on client side now, and new weaknesses have been found in RC4,
444: ## # so it is strongly advised to disable RC4 ciphers (HIGH doesn't include RC4)
445: ## # - It is recommended to disable 3DES too (although disabling RC4 and 3DES breaks IE6+8 on Windows XP,
446: ## # so you might want to support 3DES for now - just remove the '!3DES' parts below).
447: ## # - The examples below prefer ciphersuites with "Forward Secrecy" (and ECDHE over DHE (alias EDH)), remove '+kEDH +kRSA'
448: ## # if you don't want that.
449: ## # - SRP and PSK are not supported anyway, excluding those ('!kSRP !kPSK') just keeps the list smaller (easier to review)
450: ## # Check your cipher list with: openssl ciphers -v '...' (use single quotes as your shell won't like ! in double quotes)
451: ## #
452: ## # If you know you have RSA keys (standard), you can use:
453: ## ssl.cipher-list = "aRSA+HIGH !3DES +kEDH +kRSA !kSRP !kPSK"
454: ## # The more generic version (without the restriction to RSA keys) is
455: ## # ssl.cipher-list = "HIGH !aNULL !3DES +kEDH +kRSA !kSRP !kPSK"
456: ## #
457: ## # Make the server prefer the order of the server side cipher suite instead of the client suite.
458: ## # This option is enabled by default, but only used if ssl.cipher-list is set.
459: ## #
460: ## # ssl.honor-cipher-order = "enable"
461: ## #
462: ## server.name = "www.example.com"
463: ##
464: ## server.document-root = "/srv/www/vhosts/example.com/www/"
465: ## }
466: ##
467:
468: ## If you have a .crt and a .key file, cat them together into a
469: ## single PEM file:
470: ## $ cat /etc/ssl/private/lighttpd.key /etc/ssl/certs/lighttpd.crt \
471: ## > /etc/ssl/private/lighttpd.pem
472: ##
473: #ssl.pemfile = "/etc/ssl/private/lighttpd.pem"
474:
475: ##
476: ## optionally pass the CA certificate here.
477: ##
478: ##
479: #ssl.ca-file = ""
480:
481: ##
482: #######################################################################
483:
484: #######################################################################
485: ##
486: ## custom includes like vhosts.
487: ##
488: #include "conf.d/config.conf"
489: #include_shell "cat /etc/lighttpd/vhosts.d/*.conf"
490: ##
491: #######################################################################
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to lighttpd.conf CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / lighttpd / doc / config