PiBox » piboxwww

#######################################################################

##

## /etc/lighttpd/lighttpd.conf

##

## check /etc/lighttpd/conf.d/*.conf for the configuration of modules.

##

#######################################################################

#######################################################################

##

## Some Variable definition which will make chrooting easier.

##

## if you add a variable here. Add the corresponding variable in the

## chroot example as well.

##

var.log_root    = "/var/log"

# var.server_root = "/var/www"

var.server_root = "/home/httpd/monkey"

# var.state_dir   = "/run"

var.state_dir   = "/var/run"

var.home_dir    = "/var/lib/lighttpd"

var.conf_dir    = "/etc/lighttpd"

## 

## run the server chrooted.

## 

## This requires root permissions during startup.

##

## If you run chroot'ed, set the variables to directories relative to

## the chroot dir.

##

## example chroot configuration:

## 

#var.log_root    = "/logs"

#var.server_root = "/"

#var.state_dir   = "/run"

#var.home_dir    = "/lib/lighttpd"

#var.vhosts_dir  = "/vhosts"

#var.conf_dir    = "/etc"

#

#server.chroot   = "/srv/www"

##

## Some additional variables to make the configuration easier

##

##

## Base directory for all virtual hosts

##

## used in:

## conf.d/evhost.conf

## conf.d/simple_vhost.conf

## vhosts.d/vhosts.template

##

# var.vhosts_dir  = server_root + "/vhosts"

##

## Cache for mod_deflate

##

## used in:

## conf.d/deflate.conf

##

var.cache_dir   = "/var/cache/lighttpd"

##

## Base directory for sockets.

##

## used in:

## conf.d/fastcgi.conf

## conf.d/scgi.conf

##

var.socket_dir  = home_dir + "/sockets"

##

#######################################################################

#######################################################################

##

## Load the modules.

include conf_dir + "/modules.conf"

fastcgi.server = ( ".php" => ((

                     "bin-path" => "/usr/bin/php-cgi",

                     "socket" => "/tmp/php.socket"

                 )))

##

#######################################################################

#######################################################################

##

##  Basic Configuration

## ---------------------

##

# server.port = 80

server.port = 2001

##

## bind to a specific IP

## (default: "*" for all local IPv4 interfaces)

##

#server.bind = "localhost"

##

## Run as a different username/groupname.

## This requires root permissions during startup. 

##

# server.username  = "www-data"

# server.groupname = "www-data"

server.username  = "nobody"

server.groupname = "nobody"

##

## Enable lighttpd to serve requests on sockets received from systemd

## https://www.freedesktop.org/software/systemd/man/systemd.socket.html

##

#server.systemd-socket-activation = "enable"

## 

## enable core files.

##

#server.core-files = "disable"

##

## Document root

##

server.document-root = server_root

##

## The value for the "Server:" response field.

##

## It would be nice to keep it at "lighttpd".

##

#server.tag = "lighttpd"

server.tag = "PiBox"

##

## store a pid file

##

server.pid-file = state_dir + "/lighttpd.pid"

##

#######################################################################

#######################################################################

##

##  Logging Options

## ------------------

##

## all logging options can be overwritten per vhost.

##

## Path to the error log file

##

server.errorlog             = log_root + "/lighttpd-error.log"

##

## If you want to log to syslog you have to unset the 

## server.errorlog setting and uncomment the next line.

##

#server.errorlog-use-syslog = "enable"

##

## Access log config

## 

# include conf_dir + "/conf.d/access_log.conf"

##

## The debug options are moved into their own file.

## see conf.d/debug.conf for various options for request debugging.

##

include conf_dir + "/conf.d/debug.conf"

##

#######################################################################

#######################################################################

##

##  Tuning/Performance

## --------------------

##

## corresponding documentation:

## https://wiki.lighttpd.net/Docs_Performance

##

## set the event-handler (read the performance section in the manual)

##

## The recommended server.event-handler is chosen by default for each OS.

##

## epoll  (recommended on Linux)

## kqueue (recommended on *BSD and MacOS X)

## solaris-eventports (recommended on Solaris)

## poll   (recommended if none of above are available)

## select (*not* recommended)

##

#server.event-handler = "linux-sysepoll"

##

## The basic network interface for all platforms at the syscalls read()

## and write(). Every modern OS provides its own syscall to help network

## servers transfer files as fast as possible 

##

server.network-backend = "writev"

##

## As lighttpd is a single-threaded server, its main resource limit is

## the number of file descriptors, which is set to 1024 by default (on

## most systems).

##

## If you are running a high-traffic site you might want to increase this

## limit by setting server.max-fds.

##

## Changing this setting requires root permissions on startup. see

## server.username/server.groupname.

##

## By default lighttpd would not change the operation system default.

## But setting it to 16384 is a better default for busy servers.

##

## With SELinux enabled, this is denied by default and needs to be allowed

## by running the following once: setsebool -P httpd_setrlimit on

##

# server.max-fds = 16384

##

## listen-backlog is the size of the listen() backlog queue requested when

## the lighttpd server ask the kernel to listen() on the provided network

## address.  Clients attempting to connect() to the server enter the listen()

## backlog queue and wait for the lighttpd server to accept() the connection.

##

## The out-of-box default on many operating systems is 128 and is identified

## as SOMAXCONN.  This can be tuned on many operating systems.  (On Linux,

## cat /proc/sys/net/core/somaxconn)  Requesting a size larger than operating

## system limit will be silently reduced to the limit by the operating system.

##

## When there are too many connection attempts waiting for the server to

## accept() new connections, the listen backlog queue fills and the kernel

## rejects additional connection attempts.  This can be useful as an

## indication to an upstream load balancer that the server is busy, and

## possibly overloaded.  In that case, configure a smaller limit for

## server.listen-backlog.  On the other hand, configure a larger limit to be

## able to handle bursts of new connections, but only do so up to an amount

## that the server can keep up with responding in a reasonable amount of

## time.  Otherwise, clients may abandon the connection attempts and the

## server will waste resources servicing abandoned connections.

##

## It is best to leave this setting at its default unless you have modelled

## your traffic and tested that changing this benefits your traffic patterns.

##

## Default: 1024

##

#server.listen-backlog = 128

##

## Stat() call caching.

##

## lighttpd can utilize FAM/Gamin to cache stat call.

##

## possible values are:

## disable, simple, inotify, kqueue, or fam.

##

#server.stat-cache-engine = "simple"

##

## Fine tuning for the request handling

##

## max-connections == max-fds/3)

## (other file handles are used for fastcgi/files)

##

#server.max-connections = 1024

##

## How many seconds to keep a keep-alive connection open,

## until we consider it idle. 

##

## Default: 5

##

#server.max-keep-alive-idle = 5

##

## How many keep-alive requests until closing the connection.

##

## Default: 16

##

#server.max-keep-alive-requests = 16

##

## Maximum size of a request in kilobytes.

## By default it is unlimited (0).

##

## Uploads to your server cant be larger than this value.

##

#server.max-request-size = 0

##

## Time to read from a socket before we consider it idle.

##

## Default: 60

##

#server.max-read-idle = 60

##

## Time to write to a socket before we consider it idle.

##

## Default: 360

##

#server.max-write-idle = 360

##

##  Traffic Shaping 

## -----------------

##

## see /usr/share/doc/lighttpd/traffic-shaping.txt

##

## Values are in kilobyte per second.

##

## Keep in mind that a limit below 32kB/s might actually limit the

## traffic to 32kB/s. This is caused by the size of the TCP send

## buffer. 

##

## per server:

##

#server.kbytes-per-second = 128

##

## per connection:

##

#connection.kbytes-per-second = 32

##

#######################################################################

#######################################################################

##

##  Filename/File handling

## ------------------------

##

## files to check for if .../ is requested

## index-file.names            = ( "index.php", "index.rb", "index.html",

##                                 "index.htm", "default.htm" )

##

index-file.names += (

  "index.xhtml", "index.html", "index.htm", "default.htm", "index.php"

)

##

## deny access the file-extensions

##

## ~    is for backupfiles from vi, emacs, joe, ...

## .inc is often used for code includes which should in general not be part

##      of the document-root

url.access-deny             = ( "~", ".inc" )

##

## disable range requests for pdf files

## workaround for a bug in the Acrobat Reader plugin.

## (ancient; should no longer be needed)

##

#$HTTP["url"] =~ "\.pdf$" {

#  server.range-requests = "disable"

#}

##

## url handling modules (rewrite, redirect)

##

#url.rewrite                = ( "^/$"             => "/server-status" )

#url.redirect               = ( "^/wishlist/(.+)" => "http://www.example.com/$1" )

##

## both rewrite/redirect support back reference to regex conditional using %n

##

#$HTTP["host"] =~ "^www\.(.*)" {

#  url.redirect            = ( "^/(.*)" => "http://%1/$1" )

#}

##

## which extensions should not be handle via static-file transfer

##

## .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi

##

static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".scgi" )

##

## error-handler for all status 400-599

##

#server.error-handler       = "/error-handler.html"

#server.error-handler       = "/error-handler.php"

##

## error-handler for status 404

##

#server.error-handler-404   = "/error-handler.html"

#server.error-handler-404   = "/error-handler.php"

##

## Format: <errorfile-prefix><status-code>.html

## -> ..../status-404.html for 'File not found'

##

#server.errorfile-prefix    = server_root + "/htdocs/errors/status-"

##

## mimetype mapping

##

include conf_dir + "/conf.d/mime.conf"

##

## directory listing configuration

##

# include conf_dir + "/conf.d/dirlisting.conf"

##

## Should lighttpd follow symlinks?

## default: "enable"

#server.follow-symlink = "enable"

##

## force all filenames to be lowercase?

##

#server.force-lowercase-filenames = "disable"

##

## defaults to /var/tmp as we assume it is a local harddisk

## default: "/var/tmp"

#server.upload-dirs = ( "/var/tmp" )

##

#######################################################################

#######################################################################

##

##  SSL Support

## ------------- 

##

## https://wiki.lighttpd.net/Docs_SSL

#

## To enable SSL for the whole server you have to provide a valid

## certificate and have to enable the SSL engine.::

##

##   server.modules += ( "mod_openssl" )

##

##   ssl.privkey = "/path/to/privkey.pem"

##   ssl.pemfile = "/path/to/fullchain.pem"

##   # ssl.pemfile should contain the sorted certificate chain, including

##   # intermediate certificates, as provided by the certificate issuer.

##   # If both privkey and cert are in same file, specify only ssl.pemfile.

##

##   # Check your cipher list with: openssl ciphers -v '...'

##   # (use single quotes with: openssl ciphers -v '...'

##   #  as your shell won't like ! in double quotes)

##   #ssl.cipher-list            = "HIGH"   # default

##

##   # (recommended to accept only TLSv1.2 and TLSv1.3)

##   #ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1.2")  # default

##

##   $SERVER["socket"] == "*:443" {

##     ssl.engine  = "enable"

##   }

##   $SERVER["socket"] == "[::]:443" {

##     ssl.engine  = "enable"

##   }

##

#######################################################################

#######################################################################

##

## custom includes like vhosts.

##

#include conf_dir + "/conf.d/config.conf"

#include conf_dir + "/vhosts.d/*.conf"

##

#######################################################################