diff options
author | ponce <matteo.bernardini@gmail.com> | 2012-07-31 11:16:41 +0200 |
---|---|---|
committer | Robby Workman <rworkman@slackbuilds.org> | 2012-08-21 08:55:35 -0500 |
commit | be1bc0c80f3239795474d5d929c23b0c449e8ca4 (patch) | |
tree | 72a57c92e05ee00b295141c2fa5fefe75edd9b96 /network/lighttpd/conf | |
parent | ef779ebd8e36cad1c5dc43db77b667c5b30e878c (diff) |
network/lighttpd: Updated for version 1.4.31.
This commit also moves config files into a subdirectory and
added notes about SSL/BEAST and another php example to lighttpd.conf.
Signed-off-by: Robby Workman <rworkman@slackbuilds.org>
Diffstat (limited to 'network/lighttpd/conf')
-rw-r--r-- | network/lighttpd/conf/lighttpd.conf | 389 | ||||
-rw-r--r-- | network/lighttpd/conf/lighttpd.logrotate | 15 | ||||
-rw-r--r-- | network/lighttpd/conf/rc.lighttpd | 76 |
3 files changed, 480 insertions, 0 deletions
diff --git a/network/lighttpd/conf/lighttpd.conf b/network/lighttpd/conf/lighttpd.conf new file mode 100644 index 0000000000000..974218d60abaf --- /dev/null +++ b/network/lighttpd/conf/lighttpd.conf @@ -0,0 +1,389 @@ +# lighttpd configuration file +# +# use it as a base for lighttpd 1.0.0 and above +# +# $Id: lighttpd.conf,v 1.7 2004/11/03 22:26:05 weigon Exp $ + +############ Options you really have to take care of #################### + +## modules to load +# at least mod_access and mod_accesslog should be loaded +# all other module should only be loaded if really neccesary +# - saves some time +# - saves memory +server.modules = ( +# "mod_rewrite", +# "mod_redirect", +# "mod_alias", + "mod_access", +# "mod_cml", +# "mod_trigger_b4_dl", +# "mod_auth", +# "mod_status", +# "mod_setenv", +# "mod_fastcgi", +# "mod_proxy", +# "mod_simple_vhost", +# "mod_evhost", +# "mod_userdir", +# "mod_cgi", +# "mod_compress", +# "mod_ssi", +# "mod_usertrack", +# "mod_expire", +# "mod_secdownload", +# "mod_rrdtool", + "mod_accesslog" ) + +## a static document-root, for virtual-hosting take look at the +## server.virtual-* options +server.document-root = "/var/www/htdocs-lighttpd" + +## where to send error-messages to +server.errorlog = "/var/log/lighttpd/error.log" + +# files to check for if .../ is requested +index-file.names = ( "index.php", "index.html", + "index.htm", "default.htm" ) + +## set the event-handler (read the performance section in the manual) +# server.event-handler = "freebsd-kqueue" # needed on OS X + +# mimetype mapping +mimetype.assign = ( + ".pdf" => "application/pdf", + ".sig" => "application/pgp-signature", + ".spl" => "application/futuresplash", + ".class" => "application/octet-stream", + ".ps" => "application/postscript", + ".torrent" => "application/x-bittorrent", + ".dvi" => "application/x-dvi", + ".gz" => "application/x-gzip", + ".pac" => "application/x-ns-proxy-autoconfig", + ".swf" => "application/x-shockwave-flash", + ".tar.gz" => "application/x-tgz", + ".tgz" => "application/x-tgz", + ".tar" => "application/x-tar", + ".zip" => "application/zip", + ".mp3" => "audio/mpeg", + ".m3u" => "audio/x-mpegurl", + ".wma" => "audio/x-ms-wma", + ".wax" => "audio/x-ms-wax", + ".ogg" => "application/ogg", + ".wav" => "audio/x-wav", + ".gif" => "image/gif", + ".jpg" => "image/jpeg", + ".jpeg" => "image/jpeg", + ".png" => "image/png", + ".xbm" => "image/x-xbitmap", + ".xpm" => "image/x-xpixmap", + ".xwd" => "image/x-xwindowdump", + ".css" => "text/css", + ".html" => "text/html", + ".htm" => "text/html", + ".js" => "text/javascript", + ".asc" => "text/plain", + ".c" => "text/plain", + ".cpp" => "text/plain", + ".log" => "text/plain", + ".conf" => "text/plain", + ".text" => "text/plain", + ".txt" => "text/plain", + ".dtd" => "text/xml", + ".xml" => "text/xml", + ".mpeg" => "video/mpeg", + ".mpg" => "video/mpeg", + ".mov" => "video/quicktime", + ".qt" => "video/quicktime", + ".avi" => "video/x-msvideo", + ".asf" => "video/x-ms-asf", + ".asx" => "video/x-ms-asf", + ".wmv" => "video/x-ms-wmv", + ".bz2" => "application/x-bzip", + ".tbz" => "application/x-bzip-compressed-tar", + ".tar.bz2" => "application/x-bzip-compressed-tar" + ) + +# Use the "Content-Type" extended attribute to obtain mime type if possible +#mimetype.use-xattr = "enable" + + +## send a different Server: header +## be nice and keep it at lighttpd +# server.tag = "lighttpd" + +#### accesslog module +accesslog.filename = "/var/log/lighttpd/access.log" + +## deny access the file-extensions +# +# ~ is for backupfiles from vi, emacs, joe, ... +# .inc is often used for code includes which should in general not be part +# of the document-root +url.access-deny = ( "~", ".inc" ) + +$HTTP["url"] =~ "\.pdf$" { + server.range-requests = "disable" +} + +## +# which extensions should not be handle via static-file transfer +# +# .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi +static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) + +######### Options that are good to be but not neccesary to be changed ####### + +## bind to port (default: 80) +#server.port = 81 + +## bind to localhost (default: all interfaces) +#server.bind = "grisu.home.kneschke.de" + +## error-handler for status 404 +#server.error-handler-404 = "/error-handler.html" +#server.error-handler-404 = "/error-handler.php" + +## to help the rc.scripts +server.pid-file = "/var/run/lighttpd/lighttpd.pid" + + +###### virtual hosts +## +## If you want name-based virtual hosting add the next three settings and load +## mod_simple_vhost +## +## document-root = +## virtual-server-root + virtual-server-default-host + virtual-server-docroot +## or +## virtual-server-root + http-host + virtual-server-docroot +## +#simple-vhost.server-root = "/home/weigon/wwwroot/servers/" +#simple-vhost.default-host = "grisu.home.kneschke.de" +#simple-vhost.document-root = "/pages/" + + +## +## Format: <errorfile-prefix><status-code>.html +## -> ..../status-404.html for 'File not found' +#server.errorfile-prefix = "/home/weigon/projects/lighttpd/doc/status-" + +## virtual directory listings +#dir-listing.activate = "enable" + +## enable debugging +#debug.log-request-header = "enable" +#debug.log-response-header = "enable" +#debug.log-request-handling = "enable" +#debug.log-file-not-found = "enable" + +### only root can use these options +# +# chroot() to directory (default: no chroot() ) +#server.chroot = "/" + +## change uid to <uid> (default: don't care) +server.username = "lighttpd" + +## change uid to <uid> (default: don't care) +server.groupname = "lighttpd" + +#### compress module +#compress.cache-dir = "/tmp/lighttpd/cache/compress/" +#compress.filetype = ("text/plain", "text/html") + +#### proxy module +## read proxy.txt for more info +#proxy.server = ( ".php" => +# ( "localhost" => +# ( +# "host" => "192.168.0.101", +# "port" => 80 +# ) +# ) +# ) + +#### fastcgi module +## read fastcgi.txt for more info +## for PHP don't forget to set cgi.fix_pathinfo = 1 in the php.ini +#fastcgi.server = ( ".php" => +# ( "localhost" => +# ( +# "socket" => "/var/run/lighttpd/php-fastcgi.socket", +# "bin-path" => "/usr/bin/php" +# ) +# ) +# ) + +#### CGI module +#cgi.assign = ( ".pl" => "/usr/bin/perl", +# ".cgi" => "/usr/bin/perl" ) +# + +#### SSL engine +####################################################################### +### +### SSL Support +### ------------- +### +### To enable SSL for the whole server you have to provide a valid +### certificate and have to enable the SSL engine.:: +### +### ssl.engine = "enable" +### ssl.pemfile = "/path/to/server.pem" +### +### The HTTPS protocol does not allow you to use name-based virtual +### hosting with SSL. If you want to run multiple SSL servers with +### one lighttpd instance you must use IP-based virtual hosting: :: +### +### $SERVER["socket"] == "10.0.0.1:443" { +### ssl.engine = "enable" +### ssl.pemfile = "/etc/ssl/private/www.example.com.pem" +### # +### # Mitigate BEAST attack: +### # +### # A stricter base cipher suite. For details see: +### # http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html +### # +### ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM" +### # +### # Make the server prefer the order of the server side cipher suite instead of the client suite. +### # This is necessary to mitigate the BEAST attack (unless you disable all non RC4 algorithms). +### # This option is enabled by default, but only used if ssl.cipher-list is set. +### # +### # ssl.honor-cipher-order = "enable" +### # +### # Mitigate CVE-2009-3555 by disabling client triggered renegotation +### # This is enabled by default. +### # +### # ssl.disable-client-renegotiation = "enable" +### # +### server.name = "www.example.com" +### +### server.document-root = "/var/www/vhosts/example.com/www/" +### } +### +#ssl.engine = "enable" +#ssl.pemfile = "server.pem" + +#### status module +#status.status-url = "/server-status" +#status.config-url = "/server-config" + +#### auth module +## read authentication.txt for more info +#auth.backend = "plain" +#auth.backend.plain.userfile = "lighttpd.user" +#auth.backend.plain.groupfile = "lighttpd.group" + +#auth.backend.ldap.hostname = "localhost" +#auth.backend.ldap.base-dn = "dc=my-domain,dc=com" +#auth.backend.ldap.filter = "(uid=$)" + +#auth.require = ( "/server-status" => +# ( +# "method" => "digest", +# "realm" => "download archiv", +# "require" => "user=jan" +# ), +# "/server-config" => +# ( +# "method" => "digest", +# "realm" => "download archiv", +# "require" => "valid-user" +# ) +# ) + +#### url handling modules (rewrite, redirect, access) +#url.rewrite = ( "^/$" => "/server-status" ) +#url.redirect = ( "^/wishlist/(.+)" => "http://www.123.org/$1" ) +#### both rewrite/redirect support back reference to regex conditional using %n +#$HTTP["host"] =~ "^www\.(.*)" { +# url.redirect = ( "^/(.*)" => "http://%1/$1" ) +#} + +# +# define a pattern for the host url finding +# %% => % sign +# %0 => domain name + tld +# %1 => tld +# %2 => domain name without tld +# %3 => subdomain 1 name +# %4 => subdomain 2 name +# +#evhost.path-pattern = "/home/storage/dev/www/%3/htdocs/" + +#### expire module +#expire.url = ( "/buggy/" => "access 2 hours", "/asdhas/" => "access plus 1 seconds 2 minutes") + +#### ssi +#ssi.extension = ( ".shtml" ) + +#### rrdtool +#rrdtool.binary = "/usr/bin/rrdtool" +#rrdtool.db-name = "/var/www/lighttpd.rrd" + +#### setenv +#setenv.add-request-header = ( "TRAV_ENV" => "mysql://user@host/db" ) +#setenv.add-response-header = ( "X-Secret-Message" => "42" ) + +## for mod_trigger_b4_dl +# trigger-before-download.gdbm-filename = "/home/weigon/testbase/trigger.db" +# trigger-before-download.memcache-hosts = ( "127.0.0.1:11211" ) +# trigger-before-download.trigger-url = "^/trigger/" +# trigger-before-download.download-url = "^/download/" +# trigger-before-download.deny-url = "http://127.0.0.1/index.html" +# trigger-before-download.trigger-timeout = 10 + +## for mod_cml +## don't forget to add index.cml to server.indexfiles +# cml.extension = ".cml" +# cml.memcache-hosts = ( "127.0.0.1:11211" ) + +#### variable usage: +## variable name without "." is auto prefixed by "var." and becomes "var.bar" +#bar = 1 +#var.mystring = "foo" + +## integer add +#bar += 1 +## string concat, with integer cast as string, result: "www.foo1.com" +#server.name = "www." + mystring + var.bar + ".com" +## array merge +#index-file.names = (foo + ".php") + index-file.names +#index-file.names += (foo + ".php") + +## Another example on how to start an FastCGI server for php - uses php-cgi +## - copy the php.ini from /etc/httpd/php.ini into /etc/lighttpd/ +## (or change the path, if you prefeer): don't forget to enable in it +## cgi.fix_pathinfo = 1 +## - the socket is created into /var/run/lighttpd/ +## - /var/lib/php must be owned by the user owning the lighttpd +## process for php supporting sessions +## Uncomment the section below to enable. +#fastcgi.server = ( ".php" => +# (( +# "bin-path" => "/usr/bin/php-cgi -c /etc/lighttpd/php.ini", +# "socket" => "/var/run/lighttpd/php.socket", +# "max-procs" => 1, +# "idle-timeout" => 20, +# "bin-environment" => ( +# "PHP_FCGI_CHILDREN" => "8", +# "PHP_FCGI_MAX_REQUESTS" => "200" +# ), +# "bin-copy-environment" => ( +# "PATH", "SHELL", "USER" +# ), +# "broken-scriptfilename" => "enable" +# )) +#) + +#### include +#include /etc/lighttpd/lighttpd-inc.conf +## same as above if you run: "lighttpd -f /etc/lighttpd/lighttpd.conf" +#include "lighttpd-inc.conf" + +#### include_shell +#include_shell "echo var.a=1" +## the above is same as: +#var.a=1 diff --git a/network/lighttpd/conf/lighttpd.logrotate b/network/lighttpd/conf/lighttpd.logrotate new file mode 100644 index 0000000000000..65c13f36c8b8a --- /dev/null +++ b/network/lighttpd/conf/lighttpd.logrotate @@ -0,0 +1,15 @@ +/var/log/lighttpd/*.log { + daily + missingok + copytruncate + rotate 7 + create 0644 lighttpd lighttpd + compress + notifempty + sharedscripts + postrotate + if [ -x /etc/rc.d/rc.lighttpd -a -f /var/run/lighttpd.pid ]; then + /etc/rc.d/rc.lighttpd reload + fi + endscript +} diff --git a/network/lighttpd/conf/rc.lighttpd b/network/lighttpd/conf/rc.lighttpd new file mode 100644 index 0000000000000..919f6b2104251 --- /dev/null +++ b/network/lighttpd/conf/rc.lighttpd @@ -0,0 +1,76 @@ +#!/bin/sh +# Copyright (c) 2007, Daniel de Kok <moc.mikciat@leinad> +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +LIGHTTPD=/usr/sbin/lighttpd +PIDFILE=/var/run/lighttpd/lighttpd.pid +LIGHTTPD_OPTIONS="-f /etc/lighttpd/lighttpd.conf" + +is_pidof() { + local STATE=$(ps -p $1 -o cmd= | grep "$2" > /dev/null ; echo $?) + return $STATE +} + +lighttpd_start() { + echo "Starting lighttpd: $LIGHTTPD" + if [ -r $PIDFILE ] && is_pidof $(cat $PIDFILE) lighttpd ; then + echo "Already running!" + return + fi + $LIGHTTPD $LIGHTTPD_OPTIONS +} + +lighttpd_stop() { + echo "Stopping lighttpd: $LIGHTTPD" + if [ -r $PIDFILE ] && is_pidof $(cat $PIDFILE) lighttpd ; then + kill $(cat $PIDFILE) + rm -f $PIDFILE + else + echo "Not running!" + fi +} + +lighttpd_restart() { + lighttpd_stop + sleep 1 + lighttpd_start +} + +lighttpd_reload() { + kill -s HUP $(cat $PIDFILE) +} + +case "$1" in +'start') + lighttpd_start + ;; +'stop') + lighttpd_stop + ;; +restart) + lighttpd_restart + ;; +reload) + lighttpd_reload + ;; +*) + echo "usage $0 start|stop|restart" +esac |