1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
|
=================
Configuation File
=================
------------
Module: core
------------
:Author: Jan Kneschke
:Date: $Date$
:Revision: $Revision$
:abstract:
the layout of the configuration file
.. meta::
:keywords: lighttpd, configuration
.. contents:: Table of Contents
Description
===========
Basic Syntax
------------
A BNF like notation: ::
option : NAME = VALUE
merge : NAME += VALUE
NAME : modulename.key
VALUE : ( <string> | <integer> | <boolean> | <array> | VALUE [ + VALUE ]*)
<string> : "text"
<integer>: digit*
<boolean>: ( "enable" | "disable" )
<array> : "(" [ <string> "=>" ] <value> [, [ <string> "=>" ] <value> ]* ")"
INCLUDE : "include" VALUE
INCLUDE_SHELL : "include_shell" STRING_VALUE
Example
-------
::
# default document-root
server.document-root = "/var/www/example.org/pages/"
# TCP port
server.port = 80
# selecting modules
server.modules = ( "mod_access", "mod_rewrite" )
# enable directory listings
server.dir-listing = "enable"
# variables, computed when config is read.
var.mymodule = "foo"
server.modules += ( "mod_" + var.mymodule )
# include, relative to dirname of main config file
include "mime.types.conf"
# read configuration from output of a command
include_shell "/usr/local/bin/confmimetype /etc/mime.types"
Conditional Configuration
=========================
Most options can be configured conditionally by using the following syntax
(including nesting).
::
<field> <operator> <value> {
...
<field> <operator> <value> {
... nesting: match only when parent match
}
}
else <field> <operator> <value> {
... the "else if" block
}
where <field> is one of one of the following:
$HTTP["cookie"]
match on cookie
$HTTP["host"]
match on host
$HTTP["useragent"]
match on useragent
$HTTP["referer"]
match on referer
$HTTP["url"]
match on url
$SERVER["socket"]
match on socket. Value must be on the format "$ip:$port" where $ip is an IP
address and $port a port number. Only equal match (==) is supported.
It also binds to this socket.
<operator> is one of:
==
string equal match
!=
string not equal match
=~
perl style regular expression match
!~
perl style regular expression not match
and <value> is either a quoted ("") literal string or regular expression.
Example
-------
::
# disable directory-listings for /download/*
server.dir-listing = "enable"
$HTTP["url"] =~ "^/download/" {
server.dir-listing = "disable"
}
# handish virtual hosting
# map all subdomains to a single document-root
$HTTP["host"] =~ "\.example\.org$" {
server.document-root = "/var/www/htdocs/example.org/pages/"
}
# multiple sockets
$SERVER["socket"] == "127.0.0.1:81" {
server.document-root = "..."
}
$SERVER["socket"] == "127.0.0.1:443" {
ssl.pemfile = "/var/www/certs/localhost.pem"
ssl.engine = "enable"
server.document-root = "/var/www/htdocs/secure.example.org/pages/"
}
# deny access for all googlebot
$HTTP["useragent"] =~ "Google" {
url.access-deny = ( "" )
}
# deny access for all image stealers
$HTTP["referer"] !~ "^($|http://www\.example\.org)" {
url.access-deny = ( ".jpg", ".jpeg", ".png" )
}
Options
=======
server module
-------------
main sections
`````````````
server.document-root
document-root of the webserver
This variable has the specified as it will be used for all requests
without a Host: header and for all with a know hostname which you
might have specified with one of the above conditionals.
Default: no default, required
server.bind
hostname of the server
Default: bind to all interfaces
server.port
tcp-port to bind the server to
NOTE: port belows 1024 require root-permissions
Default: 80 (443 if ssl is enabled)
server.use-ipv6
bind to the IPv6 socket
server.errorlog
pathname of the error-log
Default: either STDERR or ``server.errorlog-use-syslog``
server.errorlog-use-syslog
send errorlog to syslog
Default: disabled
server.chroot
root-directory of the server
server.username
username used to run the server
NOTE: requires root-permissions
server.groupname
groupname used to run the server
NOTE: requires root-permissions
server.dir-listing
enables virtual directory listings if a directory is requested no
index-file was found
dir-listing.hide-dotfiles
if enabled, does not list hidden files in directory listings generated
by the dir-listing option.
Default: enabled
dir-listing.external-css
path to an external css stylesheet for the directory listing
dir-listing.exclude
list of regular expressions. Files that match any of the specified regular
expressions will be excluded from directory listings.
server.follow-symlink
allow to follow-symlinks
Default: enabled
server.indexfiles
list of files to search for if a directory is requested
e.g.: ::
server.indexfiles = ( "index.php", "index.html",
"index.htm", "default.htm" )
server.modules
modules to load
.. note:: the order of the modules is somewhat important as the modules are
handled in the way they are specified. mod_rewrite should always be
the first module, mod_accesslog always the last.
e.g.: ::
server.modules = ( "mod_rewrite",
"mod_redirect",
"mod_alias",
"mod_access",
"mod_auth",
"mod_status",
"mod_fastcgi",
"mod_proxy",
"mod_simple_vhost",
"mod_evhost",
"mod_userdir",
"mod_cgi",
"mod_compress",
"mod_ssi",
"mod_usertrack",
"mod_expire",
"mod_secdownload",
"mod_rrdtool",
"mod_accesslog" )
server.event-handler
set the event handler
Default: "poll"
server.pid-file
set the name of the .pid-file where the PID of the server should be placed.
This option is used in combination with a start-script and the deamon mode
Default: not set
server.max-request-size
maximum size in kbytes of the request (header + body)
Default: 2Gb
server.max-worker
number of worker processes to spawn (works but has no benefit)
Default: 0
server.name
name of the server/virtual server
Default: hostname
server.max-keep-alive-requests
maximum number of request within a keep-alive session before the server
terminates the connection
Default: 128
server.max-keep-alive-idle
maximum number of seconds until a idling keep-alive connection is droped
Default: 30
server.max-read-idle
maximum number of seconds until a waiting, non keep-alive read times out
and closes the connection
Default: 60
server.max-write-idle
maximum number of seconds until a waiting write call times out and closes
the connection
Default: 360
server.error-handler-404
uri to call if the requested file results in a 404
Default: not set
Example: ::
server.error-handler-404 = "/error-404.php"
server.protocol-http11
defines if HTTP/1.1 is allowed or not.
Default: enabled
server.range-requests
defines if range requests are allowed or not.
Default: enabled
SSL engine
``````````
ssl.pemfile
path to the PEM file for SSL support
debugging
`````````
debug.dump-unknown-headers
enables listing of internally unhandled HTTP-headers
e.g. ::
debug.dump-unknown-headers = "enable"
mimetypes
`````````
mimetype.assign
list of known mimetype mappings
NOTE: if no mapping is given "application/octet-stream" is used
e.g.: ::
mimetype.assign = ( ".png" => "image/png",
".jpg" => "image/jpeg",
".jpeg" => "image/jpeg",
".html" => "text/html",
".txt" => "text/plain" )
mimetype.use-xattr
If available, use the XFS-style extended attribute interface to
retrieve the "Content-Type" attribute on each file, and use that as the
mime type. If it's not defined or not available, fall back to the
mimetype.assign assignment.
e.g.: ::
mimetype.use-xattr = "enable"
on shell use:
$ attr -s Content-Type -V image/svg svgfile.svg
or
$ attr -s Content-Type -V text/html indexfile
debugging
`````````
debug.log-request-header
default: disabled
debug.log-response-header
default: disabled
debug.log-file-not-found
default: disabled
debug.log-request-handler
default: disabled
|
