summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormh <mh@immerda.ch>2012-05-16 20:38:31 +0200
committermh <mh@immerda.ch>2012-05-16 20:38:31 +0200
commitdbf5334ff24a3b94d52520a86c365c0227863a56 (patch)
tree8efa04455748a54b92b88891eebce0298ac048fb
parent4ed5cc8751b56a3b66f767370f050b37a119038f (diff)
downloadpuppet-lighttpd-dbf5334ff24a3b94d52520a86c365c0227863a56.tar.gz
puppet-lighttpd-dbf5334ff24a3b94d52520a86c365c0227863a56.tar.bz2
upgrade config
-rw-r--r--files/lighttpd.conf691
1 files changed, 395 insertions, 296 deletions
diff --git a/files/lighttpd.conf b/files/lighttpd.conf
index d135763..25ff330 100644
--- a/files/lighttpd.conf
+++ b/files/lighttpd.conf
@@ -1,329 +1,428 @@
-# lighttpd configuration file
-#
-# use it as a base for lighttpd 1.0.0 and above
+#######################################################################
+##
+## /etc/lighttpd/lighttpd.conf
+##
+## check /etc/lighttpd/conf.d/*.conf for the configuration of modules.
+##
+#######################################################################
+
+#######################################################################
+##
+## Some Variable definition which will make chrooting easier.
+##
+## if you add a variable here. Add the corresponding variable in the
+## chroot example aswell.
+##
+var.log_root = "/var/log/lighttpd"
+var.server_root = "/var/www"
+var.state_dir = "/var/run"
+var.home_dir = "/var/lib/lighttpd"
+var.conf_dir = "/etc/lighttpd"
+
+##
+## run the server chrooted.
+##
+## This requires root permissions during startup.
+##
+## If you run Chrooted set the the variables to directories relative to
+## the chroot dir.
+##
+## example chroot configuration:
+##
+#var.log_root = "/logs"
+#var.server_root = "/"
+#var.state_dir = "/run"
+#var.home_dir = "/lib/lighttpd"
+#var.vhosts_dir = "/vhosts"
+#var.conf_dir = "/etc"
#
-# $Id: lighttpd.conf,v 1.7 2004/11/03 22:26:05 weigon Exp $
-
-############ Options you really have to take care of ####################
-
-## modules to load
-# at least mod_access and mod_accesslog should be loaded
-# all other module should only be loaded if really neccesary
-# - saves some time
-# - saves memory
-server.modules = (
-# "mod_rewrite",
-# "mod_redirect",
-# "mod_alias",
- "mod_access",
-# "mod_trigger_b4_dl",
-# "mod_auth",
-# "mod_status",
-# "mod_setenv",
-# "mod_fastcgi",
-# "mod_proxy",
-# "mod_simple_vhost",
-# "mod_evhost",
-# "mod_userdir",
-# "mod_cgi",
- "mod_compress",
-# "mod_ssi",
-# "mod_usertrack",
-# "mod_expire",
-# "mod_secdownload",
-# "mod_rrdtool",
- "mod_accesslog" )
-
-## A static document-root. For virtual hosting take a look at the
-## mod_simple_vhost module.
-server.document-root = "/var/www/lighttpd/"
-
-## where to send error-messages to
-server.errorlog = "/var/log/lighttpd/error.log"
-
-# files to check for if .../ is requested
-index-file.names = ( "index.php", "index.html",
- "index.htm", "default.htm" )
+#server.chroot = "/srv/www"
+
+##
+## Some additional variables to make the configuration easier
+##
+
+##
+## Base directory for all virtual hosts
+##
+## used in:
+## conf.d/evhost.conf
+## conf.d/simple_vhost.conf
+## vhosts.d/vhosts.template
+##
+var.vhosts_dir = server_root + "/vhosts"
+
+##
+## Cache for mod_compress
+##
+## used in:
+## conf.d/compress.conf
+##
+var.cache_dir = "/var/cache/lighttpd"
+
+##
+## Base directory for sockets.
+##
+## used in:
+## conf.d/fastcgi.conf
+## conf.d/scgi.conf
+##
+var.socket_dir = home_dir + "/sockets"
+
+##
+#######################################################################
+
+#######################################################################
+##
+## Load the modules.
+include "modules.conf"
+
+##
+#######################################################################
+
+#######################################################################
+##
+## Basic Configuration
+## ---------------------
+##
+server.port = 80
+
+##
+## Use IPv6?
+##
+server.use-ipv6 = "enable"
+
+##
+## bind to a specific IP
+##
+#server.bind = "localhost"
+
+##
+## Run as a different username/groupname.
+## This requires root permissions during startup.
+##
+server.username = "lighttpd"
+server.groupname = "lighttpd"
+
+##
+## enable core files.
+##
+#server.core-files = "disable"
+
+##
+## Document root
+##
+server.document-root = server_root + "/lighttpd"
+##
+## The value for the "Server:" response field.
+##
+## It would be nice to keep it at "lighttpd".
+##
+#server.tag = "lighttpd"
+
+##
+## store a pid file
+##
+server.pid-file = state_dir + "/lighttpd.pid"
+
+##
+#######################################################################
+
+#######################################################################
+##
+## Logging Options
+## ------------------
+##
+## all logging options can be overwritten per vhost.
+##
+## Path to the error log file
+##
+server.errorlog = log_root + "/error.log"
+
+##
+## If you want to log to syslog you have to unset the
+## server.errorlog setting and uncomment the next line.
+##
+#server.errorlog-use-syslog = "enable"
+
+##
+## Access log config
+##
+include "conf.d/access_log.conf"
+
+##
+## The debug options are moved into their own file.
+## see conf.d/debug.conf for various options for request debugging.
+##
+include "conf.d/debug.conf"
+
+##
+#######################################################################
+
+#######################################################################
+##
+## Tuning/Performance
+## --------------------
+##
+## corresponding documentation:
+## http://www.lighttpd.net/documentation/performance.html
+##
## set the event-handler (read the performance section in the manual)
-# server.event-handler = "freebsd-kqueue" # needed on OS X
-
-# mimetype mapping
-mimetype.assign = (
- ".rpm" => "application/x-rpm",
- ".pdf" => "application/pdf",
- ".sig" => "application/pgp-signature",
- ".spl" => "application/futuresplash",
- ".class" => "application/octet-stream",
- ".ps" => "application/postscript",
- ".torrent" => "application/x-bittorrent",
- ".dvi" => "application/x-dvi",
- ".gz" => "application/x-gzip",
- ".pac" => "application/x-ns-proxy-autoconfig",
- ".swf" => "application/x-shockwave-flash",
- ".tar.gz" => "application/x-tgz",
- ".tgz" => "application/x-tgz",
- ".tar" => "application/x-tar",
- ".zip" => "application/zip",
- ".mp3" => "audio/mpeg",
- ".m3u" => "audio/x-mpegurl",
- ".wma" => "audio/x-ms-wma",
- ".wax" => "audio/x-ms-wax",
- ".ogg" => "application/ogg",
- ".wav" => "audio/x-wav",
- ".gif" => "image/gif",
- ".jar" => "application/x-java-archive",
- ".jpg" => "image/jpeg",
- ".jpeg" => "image/jpeg",
- ".png" => "image/png",
- ".xbm" => "image/x-xbitmap",
- ".xpm" => "image/x-xpixmap",
- ".xwd" => "image/x-xwindowdump",
- ".css" => "text/css",
- ".html" => "text/html",
- ".htm" => "text/html",
- ".js" => "text/javascript",
- ".asc" => "text/plain",
- ".c" => "text/plain",
- ".cpp" => "text/plain",
- ".log" => "text/plain",
- ".conf" => "text/plain",
- ".text" => "text/plain",
- ".txt" => "text/plain",
- ".dtd" => "text/xml",
- ".xml" => "text/xml",
- ".mpeg" => "video/mpeg",
- ".mpg" => "video/mpeg",
- ".mov" => "video/quicktime",
- ".qt" => "video/quicktime",
- ".avi" => "video/x-msvideo",
- ".asf" => "video/x-ms-asf",
- ".asx" => "video/x-ms-asf",
- ".wmv" => "video/x-ms-wmv",
- ".bz2" => "application/x-bzip",
- ".tbz" => "application/x-bzip-compressed-tar",
- ".tar.bz2" => "application/x-bzip-compressed-tar",
- # default mime type
- "" => "application/octet-stream",
- )
-
-# Use the "Content-Type" extended attribute to obtain mime type if possible
-#mimetype.use-xattr = "enable"
-
-
-## send a different Server: header
-## be nice and keep it at lighttpd
-# server.tag = "lighttpd"
-
-#### accesslog module
-accesslog.filename = "/var/log/lighttpd/access.log"
+##
+## possible options on linux are:
+##
+## select
+## poll
+## linux-sysepoll
+##
+## linux-sysepoll is recommended on kernel 2.6.
+##
+server.event-handler = "linux-sysepoll"
+
+##
+## The basic network interface for all platforms at the syscalls read()
+## and write(). Every modern OS provides its own syscall to help network
+## servers transfer files as fast as possible
+##
+## linux-sendfile - is recommended for small files.
+## writev - is recommended for sending many large files
+##
+server.network-backend = "linux-sendfile"
+
+##
+## As lighttpd is a single-threaded server, its main resource limit is
+## the number of file descriptors, which is set to 1024 by default (on
+## most systems).
+##
+## If you are running a high-traffic site you might want to increase this
+## limit by setting server.max-fds.
+##
+## Changing this setting requires root permissions on startup. see
+## server.username/server.groupname.
+##
+## By default lighttpd would not change the operation system default.
+## But setting it to 2048 is a better default for busy servers.
+##
+## With SELinux enabled, this is denied by default and needs to be allowed
+## by running the following once : setsebool -P httpd_setrlimit on
+#server.max-fds = 2048
+
+##
+## Stat() call caching.
+##
+## lighttpd can utilize FAM/Gamin to cache stat call.
+##
+## possible values are:
+## disable, simple or fam.
+##
+server.stat-cache-engine = "simple"
+##
+## Fine tuning for the request handling
+##
+## max-connections == max-fds/2 (maybe /3)
+## means the other file handles are used for fastcgi/files
+##
+server.max-connections = 1024
+
+##
+## How many seconds to keep a keep-alive connection open,
+## until we consider it idle.
+##
+## Default: 5
+##
+#server.max-keep-alive-idle = 5
+
+##
+## How many keep-alive requests until closing the connection.
+##
+## Default: 16
+##
+#server.max-keep-alive-requests = 16
+
+##
+## Maximum size of a request in kilobytes.
+## By default it is unlimited (0).
+##
+## Uploads to your server cant be larger than this value.
+##
+#server.max-request-size = 0
+
+##
+## Time to read from a socket before we consider it idle.
+##
+## Default: 60
+##
+#server.max-read-idle = 60
+
+##
+## Time to write to a socket before we consider it idle.
+##
+## Default: 360
+##
+#server.max-write-idle = 360
+
+##
+## Traffic Shaping
+## -----------------
+##
+## see /usr/share/doc/lighttpd/traffic-shaping.txt
+##
+## Values are in kilobyte per second.
+##
+## Keep in mind that a limit below 32kB/s might actually limit the
+## traffic to 32kB/s. This is caused by the size of the TCP send
+## buffer.
+##
+## per server:
+##
+#server.kbytes-per-second = 128
+
+##
+## per connection:
+##
+#connection.kbytes-per-second = 32
+
+##
+#######################################################################
+
+#######################################################################
+##
+## Filename/File handling
+## ------------------------
+
+##
+## files to check for if .../ is requested
+## index-file.names = ( "index.php", "index.rb", "index.html",
+## "index.htm", "default.htm" )
+##
+index-file.names += (
+ "index.xhtml", "index.html", "index.htm", "default.htm", "index.php"
+)
+
+##
## deny access the file-extensions
-#
-# ~ is for backupfiles from vi, emacs, joe, ...
-# .inc is often used for code includes which should in general not be part
-# of the document-root
+##
+## ~ is for backupfiles from vi, emacs, joe, ...
+## .inc is often used for code includes which should in general not be part
+## of the document-root
url.access-deny = ( "~", ".inc" )
+##
+## disable range requests for pdf files
+## workaround for a bug in the Acrobat Reader plugin.
+##
$HTTP["url"] =~ "\.pdf$" {
server.range-requests = "disable"
}
##
-# which extensions should not be handle via static-file transfer
-#
-# .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi
-static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
-
-######### Options that are good to be but not neccesary to be changed #######
+## url handling modules (rewrite, redirect)
+##
+#url.rewrite = ( "^/$" => "/server-status" )
+#url.redirect = ( "^/wishlist/(.+)" => "http://www.example.com/$1" )
-## bind to port (default: 80)
-#server.port = 81
+##
+## both rewrite/redirect support back reference to regex conditional using %n
+##
+#$HTTP["host"] =~ "^www\.(.*)" {
+# url.redirect = ( "^/(.*)" => "http://%1/$1" )
+#}
-## bind to localhost (default: all interfaces)
-#server.bind = "127.0.0.1"
+##
+## which extensions should not be handle via static-file transfer
+##
+## .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi
+##
+static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".scgi" )
+##
## error-handler for status 404
+##
#server.error-handler-404 = "/error-handler.html"
#server.error-handler-404 = "/error-handler.php"
-## to help the rc.scripts
-server.pid-file = "/var/run/lighttpd.pid"
+##
+## Format: <errorfile-prefix><status-code>.html
+## -> ..../status-404.html for 'File not found'
+##
+#server.errorfile-prefix = "/srv/www/htdocs/errors/status-"
+##
+## mimetype mapping
+##
+include "conf.d/mime.conf"
-###### virtual hosts
##
-## If you want name-based virtual hosting add the next three settings and load
-## mod_simple_vhost
+## directory listing configuration
##
-## document-root =
-## virtual-server-root + virtual-server-default-host + virtual-server-docroot
-## or
-## virtual-server-root + http-host + virtual-server-docroot
+include "conf.d/dirlisting.conf"
+
##
-#simple-vhost.server-root = "/srv/www/vhosts/"
-#simple-vhost.default-host = "www.example.org"
-#simple-vhost.document-root = "/htdocs/"
+## Should lighttpd follow symlinks?
+##
+server.follow-symlink = "enable"
+##
+## force all filenames to be lowercase?
+##
+#server.force-lowercase-filenames = "disable"
##
-## Format: <errorfile-prefix><status-code>.html
-## -> ..../status-404.html for 'File not found'
-#server.errorfile-prefix = "/usr/share/lighttpd/errors/status-"
-#server.errorfile-prefix = "/srv/www/errors/status-"
+## defaults to /var/tmp as we assume it is a local harddisk
+##
+server.upload-dirs = ( "/var/tmp" )
-## virtual directory listings
-#dir-listing.activate = "enable"
-## select encoding for directory listings
-#dir-listing.encoding = "utf-8"
+##
+#######################################################################
-## enable debugging
-#debug.log-request-header = "enable"
-#debug.log-response-header = "enable"
-#debug.log-request-handling = "enable"
-#debug.log-file-not-found = "enable"
-### only root can use these options
-#
-# chroot() to directory (default: no chroot() )
-#server.chroot = "/"
-
-## change uid to <uid> (default: don't care)
-server.username = "lighttpd"
-
-## change uid to <uid> (default: don't care)
-server.groupname = "lighttpd"
-
-#### compress module
-compress.cache-dir = "/var/cache/lighttpd/compress/"
-compress.filetype = ("text/plain", "text/html")
-
-#### proxy module
-## read proxy.txt for more info
-#proxy.server = ( ".php" =>
-# ( "localhost" =>
-# (
-# "host" => "192.168.0.101",
-# "port" => 80
-# )
-# )
-# )
-
-#### fastcgi module
-## read fastcgi.txt for more info
-## for PHP don't forget to set cgi.fix_pathinfo = 1 in the php.ini
-#fastcgi.server = ( ".php" =>
-# ( "localhost" =>
-# (
-# "socket" => "/var/run/lighttpd/php-fastcgi.socket",
-# "bin-path" => "/usr/bin/php-cgi"
-# )
-# )
-# )
-
-#### CGI module
-#cgi.assign = ( ".pl" => "/usr/bin/perl",
-# ".cgi" => "/usr/bin/perl" )
-#
+#######################################################################
+##
+## SSL Support
+## -------------
+##
+## To enable SSL for the whole server you have to provide a valid
+## certificate and have to enable the SSL engine.::
+##
+## ssl.engine = "enable"
+## ssl.pemfile = "/path/to/server.pem"
+##
+## The HTTPS protocol does not allow you to use name-based virtual
+## hosting with SSL. If you want to run multiple SSL servers with
+## one lighttpd instance you must use IP-based virtual hosting: ::
+##
+## $SERVER["socket"] == "10.0.0.1:443" {
+## ssl.engine = "enable"
+## ssl.pemfile = "/etc/ssl/private/www.example.com.pem"
+## server.name = "www.example.com"
+##
+## server.document-root = "/srv/www/vhosts/example.com/www/"
+## }
+##
-#### SSL engine
-#ssl.engine = "enable"
-#ssl.pemfile = "/etc/ssl/private/lighttpd.pem"
-
-#### status module
-#status.status-url = "/server-status"
-#status.config-url = "/server-config"
-
-#### auth module
-## read authentication.txt for more info
-#auth.backend = "plain"
-#auth.backend.plain.userfile = "lighttpd.user"
-#auth.backend.plain.groupfile = "lighttpd.group"
-
-#auth.backend.ldap.hostname = "localhost"
-#auth.backend.ldap.base-dn = "dc=my-domain,dc=com"
-#auth.backend.ldap.filter = "(uid=$)"
-
-#auth.require = ( "/server-status" =>
-# (
-# "method" => "digest",
-# "realm" => "download archiv",
-# "require" => "user=jan"
-# ),
-# "/server-config" =>
-# (
-# "method" => "digest",
-# "realm" => "download archiv",
-# "require" => "valid-user"
-# )
-# )
-
-#### url handling modules (rewrite, redirect, access)
-#url.rewrite = ( "^/$" => "/server-status" )
-#url.redirect = ( "^/wishlist/(.+)" => "http://www.123.org/$1" )
-#### both rewrite/redirect support back reference to regex conditional using %n
-#$HTTP["host"] =~ "^www\.(.*)" {
-# url.redirect = ( "^/(.*)" => "http://%1/$1" )
-#}
+## If you have a .crt and a .key file, cat them together into a
+## single PEM file:
+## $ cat /etc/ssl/private/lighttpd.key /etc/ssl/certs/lighttpd.crt \
+## > /etc/ssl/private/lighttpd.pem
+##
+#ssl.pemfile = "/etc/ssl/private/lighttpd.pem"
-#
-# define a pattern for the host url finding
-# %% => % sign
-# %0 => domain name + tld
-# %1 => tld
-# %2 => domain name without tld
-# %3 => subdomain 1 name
-# %4 => subdomain 2 name
-#
-#evhost.path-pattern = "/srv/www/vhosts/%3/htdocs/"
-
-#### expire module
-#expire.url = ( "/buggy/" => "access 2 hours", "/asdhas/" => "access plus 1 seconds 2 minutes")
-
-#### ssi
-#ssi.extension = ( ".shtml" )
-
-#### rrdtool
-#rrdtool.binary = "/usr/bin/rrdtool"
-#rrdtool.db-name = "/var/lib/lighttpd/lighttpd.rrd"
-
-#### setenv
-#setenv.add-request-header = ( "TRAV_ENV" => "mysql://user@host/db" )
-#setenv.add-response-header = ( "X-Secret-Message" => "42" )
-
-## for mod_trigger_b4_dl
-# trigger-before-download.gdbm-filename = "/var/lib/lighttpd/trigger.db"
-# trigger-before-download.memcache-hosts = ( "127.0.0.1:11211" )
-# trigger-before-download.trigger-url = "^/trigger/"
-# trigger-before-download.download-url = "^/download/"
-# trigger-before-download.deny-url = "http://127.0.0.1/index.html"
-# trigger-before-download.trigger-timeout = 10
-
-#### variable usage:
-## variable name without "." is auto prefixed by "var." and becomes "var.bar"
-#bar = 1
-#var.mystring = "foo"
-
-## integer add
-#bar += 1
-## string concat, with integer cast as string, result: "www.foo1.com"
-#server.name = "www." + mystring + var.bar + ".com"
-## array merge
-#index-file.names = (foo + ".php") + index-file.names
-#index-file.names += (foo + ".php")
-
-#### include
-#include /etc/lighttpd/lighttpd-inc.conf
-## same as above if you run: "lighttpd -f /etc/lighttpd/lighttpd.conf"
-#include "lighttpd-inc.conf"
-
-#### include_shell
-#include_shell "echo var.a=1"
-## the above is same as:
-#var.a=1
-
-## include configuration snippets, usually provided by packages
-include_shell "find /etc/lighttpd/conf.d -maxdepth 1 -name '*.conf' -exec cat {} \;"
-# include vhost snippets
-include_shell "find /etc/lighttpd/vhosts.d -maxdepth 1 -name '*.conf' -exec cat {} \;"
+##
+## optionally pass the CA certificate here.
+##
+##
+#ssl.ca-file = ""
+##
+#######################################################################
+
+#######################################################################
+##
+## custom includes like vhosts.
+##
+include "conf.d/config.conf"
+include_shell "cat /etc/lighttpd/vhosts.d/*.conf"
+##
+#######################################################################