summaryrefslogtreecommitdiff
path: root/network/lighttpd/conf
diff options
context:
space:
mode:
authorponce <matteo.bernardini@gmail.com>2012-07-31 11:16:41 +0200
committerRobby Workman <rworkman@slackbuilds.org>2012-08-21 08:55:35 -0500
commitbe1bc0c80f3239795474d5d929c23b0c449e8ca4 (patch)
tree72a57c92e05ee00b295141c2fa5fefe75edd9b96 /network/lighttpd/conf
parentef779ebd8e36cad1c5dc43db77b667c5b30e878c (diff)
downloadslackbuilds-be1bc0c80f3239795474d5d929c23b0c449e8ca4.tar.gz
network/lighttpd: Updated for version 1.4.31.
This commit also moves config files into a subdirectory and added notes about SSL/BEAST and another php example to lighttpd.conf. Signed-off-by: Robby Workman <rworkman@slackbuilds.org>
Diffstat (limited to 'network/lighttpd/conf')
-rw-r--r--network/lighttpd/conf/lighttpd.conf389
-rw-r--r--network/lighttpd/conf/lighttpd.logrotate15
-rw-r--r--network/lighttpd/conf/rc.lighttpd76
3 files changed, 480 insertions, 0 deletions
diff --git a/network/lighttpd/conf/lighttpd.conf b/network/lighttpd/conf/lighttpd.conf
new file mode 100644
index 0000000000..974218d60a
--- /dev/null
+++ b/network/lighttpd/conf/lighttpd.conf
@@ -0,0 +1,389 @@
+# lighttpd configuration file
+#
+# use it as a base for lighttpd 1.0.0 and above
+#
+# $Id: lighttpd.conf,v 1.7 2004/11/03 22:26:05 weigon Exp $
+
+############ Options you really have to take care of ####################
+
+## modules to load
+# at least mod_access and mod_accesslog should be loaded
+# all other module should only be loaded if really neccesary
+# - saves some time
+# - saves memory
+server.modules = (
+# "mod_rewrite",
+# "mod_redirect",
+# "mod_alias",
+ "mod_access",
+# "mod_cml",
+# "mod_trigger_b4_dl",
+# "mod_auth",
+# "mod_status",
+# "mod_setenv",
+# "mod_fastcgi",
+# "mod_proxy",
+# "mod_simple_vhost",
+# "mod_evhost",
+# "mod_userdir",
+# "mod_cgi",
+# "mod_compress",
+# "mod_ssi",
+# "mod_usertrack",
+# "mod_expire",
+# "mod_secdownload",
+# "mod_rrdtool",
+ "mod_accesslog" )
+
+## a static document-root, for virtual-hosting take look at the
+## server.virtual-* options
+server.document-root = "/var/www/htdocs-lighttpd"
+
+## where to send error-messages to
+server.errorlog = "/var/log/lighttpd/error.log"
+
+# files to check for if .../ is requested
+index-file.names = ( "index.php", "index.html",
+ "index.htm", "default.htm" )
+
+## set the event-handler (read the performance section in the manual)
+# server.event-handler = "freebsd-kqueue" # needed on OS X
+
+# mimetype mapping
+mimetype.assign = (
+ ".pdf" => "application/pdf",
+ ".sig" => "application/pgp-signature",
+ ".spl" => "application/futuresplash",
+ ".class" => "application/octet-stream",
+ ".ps" => "application/postscript",
+ ".torrent" => "application/x-bittorrent",
+ ".dvi" => "application/x-dvi",
+ ".gz" => "application/x-gzip",
+ ".pac" => "application/x-ns-proxy-autoconfig",
+ ".swf" => "application/x-shockwave-flash",
+ ".tar.gz" => "application/x-tgz",
+ ".tgz" => "application/x-tgz",
+ ".tar" => "application/x-tar",
+ ".zip" => "application/zip",
+ ".mp3" => "audio/mpeg",
+ ".m3u" => "audio/x-mpegurl",
+ ".wma" => "audio/x-ms-wma",
+ ".wax" => "audio/x-ms-wax",
+ ".ogg" => "application/ogg",
+ ".wav" => "audio/x-wav",
+ ".gif" => "image/gif",
+ ".jpg" => "image/jpeg",
+ ".jpeg" => "image/jpeg",
+ ".png" => "image/png",
+ ".xbm" => "image/x-xbitmap",
+ ".xpm" => "image/x-xpixmap",
+ ".xwd" => "image/x-xwindowdump",
+ ".css" => "text/css",
+ ".html" => "text/html",
+ ".htm" => "text/html",
+ ".js" => "text/javascript",
+ ".asc" => "text/plain",
+ ".c" => "text/plain",
+ ".cpp" => "text/plain",
+ ".log" => "text/plain",
+ ".conf" => "text/plain",
+ ".text" => "text/plain",
+ ".txt" => "text/plain",
+ ".dtd" => "text/xml",
+ ".xml" => "text/xml",
+ ".mpeg" => "video/mpeg",
+ ".mpg" => "video/mpeg",
+ ".mov" => "video/quicktime",
+ ".qt" => "video/quicktime",
+ ".avi" => "video/x-msvideo",
+ ".asf" => "video/x-ms-asf",
+ ".asx" => "video/x-ms-asf",
+ ".wmv" => "video/x-ms-wmv",
+ ".bz2" => "application/x-bzip",
+ ".tbz" => "application/x-bzip-compressed-tar",
+ ".tar.bz2" => "application/x-bzip-compressed-tar"
+ )
+
+# Use the "Content-Type" extended attribute to obtain mime type if possible
+#mimetype.use-xattr = "enable"
+
+
+## send a different Server: header
+## be nice and keep it at lighttpd
+# server.tag = "lighttpd"
+
+#### accesslog module
+accesslog.filename = "/var/log/lighttpd/access.log"
+
+## deny access the file-extensions
+#
+# ~ is for backupfiles from vi, emacs, joe, ...
+# .inc is often used for code includes which should in general not be part
+# of the document-root
+url.access-deny = ( "~", ".inc" )
+
+$HTTP["url"] =~ "\.pdf$" {
+ server.range-requests = "disable"
+}
+
+##
+# which extensions should not be handle via static-file transfer
+#
+# .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi
+static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
+
+######### Options that are good to be but not neccesary to be changed #######
+
+## bind to port (default: 80)
+#server.port = 81
+
+## bind to localhost (default: all interfaces)
+#server.bind = "grisu.home.kneschke.de"
+
+## error-handler for status 404
+#server.error-handler-404 = "/error-handler.html"
+#server.error-handler-404 = "/error-handler.php"
+
+## to help the rc.scripts
+server.pid-file = "/var/run/lighttpd/lighttpd.pid"
+
+
+###### virtual hosts
+##
+## If you want name-based virtual hosting add the next three settings and load
+## mod_simple_vhost
+##
+## document-root =
+## virtual-server-root + virtual-server-default-host + virtual-server-docroot
+## or
+## virtual-server-root + http-host + virtual-server-docroot
+##
+#simple-vhost.server-root = "/home/weigon/wwwroot/servers/"
+#simple-vhost.default-host = "grisu.home.kneschke.de"
+#simple-vhost.document-root = "/pages/"
+
+
+##
+## Format: <errorfile-prefix><status-code>.html
+## -> ..../status-404.html for 'File not found'
+#server.errorfile-prefix = "/home/weigon/projects/lighttpd/doc/status-"
+
+## virtual directory listings
+#dir-listing.activate = "enable"
+
+## enable debugging
+#debug.log-request-header = "enable"
+#debug.log-response-header = "enable"
+#debug.log-request-handling = "enable"
+#debug.log-file-not-found = "enable"
+
+### only root can use these options
+#
+# chroot() to directory (default: no chroot() )
+#server.chroot = "/"
+
+## change uid to <uid> (default: don't care)
+server.username = "lighttpd"
+
+## change uid to <uid> (default: don't care)
+server.groupname = "lighttpd"
+
+#### compress module
+#compress.cache-dir = "/tmp/lighttpd/cache/compress/"
+#compress.filetype = ("text/plain", "text/html")
+
+#### proxy module
+## read proxy.txt for more info
+#proxy.server = ( ".php" =>
+# ( "localhost" =>
+# (
+# "host" => "192.168.0.101",
+# "port" => 80
+# )
+# )
+# )
+
+#### fastcgi module
+## read fastcgi.txt for more info
+## for PHP don't forget to set cgi.fix_pathinfo = 1 in the php.ini
+#fastcgi.server = ( ".php" =>
+# ( "localhost" =>
+# (
+# "socket" => "/var/run/lighttpd/php-fastcgi.socket",
+# "bin-path" => "/usr/bin/php"
+# )
+# )
+# )
+
+#### CGI module
+#cgi.assign = ( ".pl" => "/usr/bin/perl",
+# ".cgi" => "/usr/bin/perl" )
+#
+
+#### SSL engine
+#######################################################################
+###
+### SSL Support
+### -------------
+###
+### To enable SSL for the whole server you have to provide a valid
+### certificate and have to enable the SSL engine.::
+###
+### ssl.engine = "enable"
+### ssl.pemfile = "/path/to/server.pem"
+###
+### The HTTPS protocol does not allow you to use name-based virtual
+### hosting with SSL. If you want to run multiple SSL servers with
+### one lighttpd instance you must use IP-based virtual hosting: ::
+###
+### $SERVER["socket"] == "10.0.0.1:443" {
+### ssl.engine = "enable"
+### ssl.pemfile = "/etc/ssl/private/www.example.com.pem"
+### #
+### # Mitigate BEAST attack:
+### #
+### # A stricter base cipher suite. For details see:
+### # http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html
+### #
+### ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
+### #
+### # Make the server prefer the order of the server side cipher suite instead of the client suite.
+### # This is necessary to mitigate the BEAST attack (unless you disable all non RC4 algorithms).
+### # This option is enabled by default, but only used if ssl.cipher-list is set.
+### #
+### # ssl.honor-cipher-order = "enable"
+### #
+### # Mitigate CVE-2009-3555 by disabling client triggered renegotation
+### # This is enabled by default.
+### #
+### # ssl.disable-client-renegotiation = "enable"
+### #
+### server.name = "www.example.com"
+###
+### server.document-root = "/var/www/vhosts/example.com/www/"
+### }
+###
+#ssl.engine = "enable"
+#ssl.pemfile = "server.pem"
+
+#### status module
+#status.status-url = "/server-status"
+#status.config-url = "/server-config"
+
+#### auth module
+## read authentication.txt for more info
+#auth.backend = "plain"
+#auth.backend.plain.userfile = "lighttpd.user"
+#auth.backend.plain.groupfile = "lighttpd.group"
+
+#auth.backend.ldap.hostname = "localhost"
+#auth.backend.ldap.base-dn = "dc=my-domain,dc=com"
+#auth.backend.ldap.filter = "(uid=$)"
+
+#auth.require = ( "/server-status" =>
+# (
+# "method" => "digest",
+# "realm" => "download archiv",
+# "require" => "user=jan"
+# ),
+# "/server-config" =>
+# (
+# "method" => "digest",
+# "realm" => "download archiv",
+# "require" => "valid-user"
+# )
+# )
+
+#### url handling modules (rewrite, redirect, access)
+#url.rewrite = ( "^/$" => "/server-status" )
+#url.redirect = ( "^/wishlist/(.+)" => "http://www.123.org/$1" )
+#### both rewrite/redirect support back reference to regex conditional using %n
+#$HTTP["host"] =~ "^www\.(.*)" {
+# url.redirect = ( "^/(.*)" => "http://%1/$1" )
+#}
+
+#
+# define a pattern for the host url finding
+# %% => % sign
+# %0 => domain name + tld
+# %1 => tld
+# %2 => domain name without tld
+# %3 => subdomain 1 name
+# %4 => subdomain 2 name
+#
+#evhost.path-pattern = "/home/storage/dev/www/%3/htdocs/"
+
+#### expire module
+#expire.url = ( "/buggy/" => "access 2 hours", "/asdhas/" => "access plus 1 seconds 2 minutes")
+
+#### ssi
+#ssi.extension = ( ".shtml" )
+
+#### rrdtool
+#rrdtool.binary = "/usr/bin/rrdtool"
+#rrdtool.db-name = "/var/www/lighttpd.rrd"
+
+#### setenv
+#setenv.add-request-header = ( "TRAV_ENV" => "mysql://user@host/db" )
+#setenv.add-response-header = ( "X-Secret-Message" => "42" )
+
+## for mod_trigger_b4_dl
+# trigger-before-download.gdbm-filename = "/home/weigon/testbase/trigger.db"
+# trigger-before-download.memcache-hosts = ( "127.0.0.1:11211" )
+# trigger-before-download.trigger-url = "^/trigger/"
+# trigger-before-download.download-url = "^/download/"
+# trigger-before-download.deny-url = "http://127.0.0.1/index.html"
+# trigger-before-download.trigger-timeout = 10
+
+## for mod_cml
+## don't forget to add index.cml to server.indexfiles
+# cml.extension = ".cml"
+# cml.memcache-hosts = ( "127.0.0.1:11211" )
+
+#### variable usage:
+## variable name without "." is auto prefixed by "var." and becomes "var.bar"
+#bar = 1
+#var.mystring = "foo"
+
+## integer add
+#bar += 1
+## string concat, with integer cast as string, result: "www.foo1.com"
+#server.name = "www." + mystring + var.bar + ".com"
+## array merge
+#index-file.names = (foo + ".php") + index-file.names
+#index-file.names += (foo + ".php")
+
+## Another example on how to start an FastCGI server for php - uses php-cgi
+## - copy the php.ini from /etc/httpd/php.ini into /etc/lighttpd/
+## (or change the path, if you prefeer): don't forget to enable in it
+## cgi.fix_pathinfo = 1
+## - the socket is created into /var/run/lighttpd/
+## - /var/lib/php must be owned by the user owning the lighttpd
+## process for php supporting sessions
+## Uncomment the section below to enable.
+#fastcgi.server = ( ".php" =>
+# ((
+# "bin-path" => "/usr/bin/php-cgi -c /etc/lighttpd/php.ini",
+# "socket" => "/var/run/lighttpd/php.socket",
+# "max-procs" => 1,
+# "idle-timeout" => 20,
+# "bin-environment" => (
+# "PHP_FCGI_CHILDREN" => "8",
+# "PHP_FCGI_MAX_REQUESTS" => "200"
+# ),
+# "bin-copy-environment" => (
+# "PATH", "SHELL", "USER"
+# ),
+# "broken-scriptfilename" => "enable"
+# ))
+#)
+
+#### include
+#include /etc/lighttpd/lighttpd-inc.conf
+## same as above if you run: "lighttpd -f /etc/lighttpd/lighttpd.conf"
+#include "lighttpd-inc.conf"
+
+#### include_shell
+#include_shell "echo var.a=1"
+## the above is same as:
+#var.a=1
diff --git a/network/lighttpd/conf/lighttpd.logrotate b/network/lighttpd/conf/lighttpd.logrotate
new file mode 100644
index 0000000000..65c13f36c8
--- /dev/null
+++ b/network/lighttpd/conf/lighttpd.logrotate
@@ -0,0 +1,15 @@
+/var/log/lighttpd/*.log {
+ daily
+ missingok
+ copytruncate
+ rotate 7
+ create 0644 lighttpd lighttpd
+ compress
+ notifempty
+ sharedscripts
+ postrotate
+ if [ -x /etc/rc.d/rc.lighttpd -a -f /var/run/lighttpd.pid ]; then
+ /etc/rc.d/rc.lighttpd reload
+ fi
+ endscript
+}
diff --git a/network/lighttpd/conf/rc.lighttpd b/network/lighttpd/conf/rc.lighttpd
new file mode 100644
index 0000000000..919f6b2104
--- /dev/null
+++ b/network/lighttpd/conf/rc.lighttpd
@@ -0,0 +1,76 @@
+#!/bin/sh
+# Copyright (c) 2007, Daniel de Kok <moc.mikciat@leinad>
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+LIGHTTPD=/usr/sbin/lighttpd
+PIDFILE=/var/run/lighttpd/lighttpd.pid
+LIGHTTPD_OPTIONS="-f /etc/lighttpd/lighttpd.conf"
+
+is_pidof() {
+ local STATE=$(ps -p $1 -o cmd= | grep "$2" > /dev/null ; echo $?)
+ return $STATE
+}
+
+lighttpd_start() {
+ echo "Starting lighttpd: $LIGHTTPD"
+ if [ -r $PIDFILE ] && is_pidof $(cat $PIDFILE) lighttpd ; then
+ echo "Already running!"
+ return
+ fi
+ $LIGHTTPD $LIGHTTPD_OPTIONS
+}
+
+lighttpd_stop() {
+ echo "Stopping lighttpd: $LIGHTTPD"
+ if [ -r $PIDFILE ] && is_pidof $(cat $PIDFILE) lighttpd ; then
+ kill $(cat $PIDFILE)
+ rm -f $PIDFILE
+ else
+ echo "Not running!"
+ fi
+}
+
+lighttpd_restart() {
+ lighttpd_stop
+ sleep 1
+ lighttpd_start
+}
+
+lighttpd_reload() {
+ kill -s HUP $(cat $PIDFILE)
+}
+
+case "$1" in
+'start')
+ lighttpd_start
+ ;;
+'stop')
+ lighttpd_stop
+ ;;
+restart)
+ lighttpd_restart
+ ;;
+reload)
+ lighttpd_reload
+ ;;
+*)
+ echo "usage $0 start|stop|restart"
+esac