aboutsummaryrefslogtreecommitdiff
path: root/network/lighttpd/conf
diff options
context:
space:
mode:
Diffstat (limited to 'network/lighttpd/conf')
-rw-r--r--network/lighttpd/conf/lighttpd.conf814
-rw-r--r--network/lighttpd/conf/lighttpd.logrotate2
2 files changed, 460 insertions, 356 deletions
diff --git a/network/lighttpd/conf/lighttpd.conf b/network/lighttpd/conf/lighttpd.conf
index 974218d60abaf..bc88c5bd8549d 100644
--- a/network/lighttpd/conf/lighttpd.conf
+++ b/network/lighttpd/conf/lighttpd.conf
@@ -1,389 +1,493 @@
-# lighttpd configuration file
-#
-# use it as a base for lighttpd 1.0.0 and above
+#######################################################################
+##
+## /etc/lighttpd/lighttpd.conf
+##
+## check /etc/lighttpd/conf.d/*.conf for the configuration of modules.
+##
+#######################################################################
+
+#######################################################################
+##
+## Some Variable definition which will make chrooting easier.
+##
+## if you add a variable here. Add the corresponding variable in the
+## chroot example aswell.
+##
+var.log_root = "/var/log/lighttpd"
+var.server_root = "/srv/www"
+var.state_dir = "/var/run/lighttpd"
+var.home_dir = "/var/lib/lighttpd"
+var.conf_dir = "/etc/lighttpd"
+
+##
+## run the server chrooted.
+##
+## This requires root permissions during startup.
+##
+## If you run Chrooted set the the variables to directories relative to
+## the chroot dir.
+##
+## example chroot configuration:
+##
+#var.log_root = "/logs"
+#var.server_root = "/"
+#var.state_dir = "/run"
+#var.home_dir = "/lib/lighttpd"
+#var.vhosts_dir = "/vhosts"
+#var.conf_dir = "/etc"
#
-# $Id: lighttpd.conf,v 1.7 2004/11/03 22:26:05 weigon Exp $
-
-############ Options you really have to take care of ####################
-
-## modules to load
-# at least mod_access and mod_accesslog should be loaded
-# all other module should only be loaded if really neccesary
-# - saves some time
-# - saves memory
-server.modules = (
-# "mod_rewrite",
-# "mod_redirect",
-# "mod_alias",
- "mod_access",
-# "mod_cml",
-# "mod_trigger_b4_dl",
-# "mod_auth",
-# "mod_status",
-# "mod_setenv",
-# "mod_fastcgi",
-# "mod_proxy",
-# "mod_simple_vhost",
-# "mod_evhost",
-# "mod_userdir",
-# "mod_cgi",
-# "mod_compress",
-# "mod_ssi",
-# "mod_usertrack",
-# "mod_expire",
-# "mod_secdownload",
-# "mod_rrdtool",
- "mod_accesslog" )
-
-## a static document-root, for virtual-hosting take look at the
-## server.virtual-* options
-server.document-root = "/var/www/htdocs-lighttpd"
-
-## where to send error-messages to
-server.errorlog = "/var/log/lighttpd/error.log"
-
-# files to check for if .../ is requested
-index-file.names = ( "index.php", "index.html",
- "index.htm", "default.htm" )
+#server.chroot = "/srv/www"
+
+##
+## Some additional variables to make the configuration easier
+##
+
+##
+## Base directory for all virtual hosts
+##
+## used in:
+## conf.d/evhost.conf
+## conf.d/simple_vhost.conf
+## vhosts.d/vhosts.template
+##
+var.vhosts_dir = server_root + "/vhosts"
+
+##
+## Cache for mod_compress
+##
+## used in:
+## conf.d/compress.conf
+##
+var.cache_dir = "/var/cache/lighttpd"
+
+##
+## Base directory for sockets.
+##
+## used in:
+## conf.d/fastcgi.conf
+## conf.d/scgi.conf
+##
+var.socket_dir = home_dir + "/sockets"
+
+##
+#######################################################################
+
+#######################################################################
+##
+## Load the modules.
+include "modules.conf"
+
+##
+#######################################################################
+
+#######################################################################
+##
+## Basic Configuration
+## ---------------------
+##
+server.port = 80
+
+##
+## Use IPv6?
+##
+# https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_use-ipv6Details
+server.use-ipv6 = "disable"
+
+##
+## bind to a specific IP
+##
+# https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_bindDetails
+#server.bind = "localhost"
+
+##
+## Run as a different username/groupname.
+## This requires root permissions during startup.
+##
+server.username = "@USER@"
+server.groupname = "@GROUP@"
+
+##
+## enable core files.
+##
+#server.core-files = "disable"
+
+##
+## Document root
+##
+server.document-root = server_root + "/htdocs-lighttpd"
+##
+## The value for the "Server:" response field.
+##
+## It would be nice to keep it at "lighttpd".
+##
+#server.tag = "lighttpd"
+
+##
+## store a pid file
+##
+server.pid-file = state_dir + "/lighttpd.pid"
+
+##
+#######################################################################
+
+#######################################################################
+##
+## Logging Options
+## ------------------
+##
+## all logging options can be overwritten per vhost.
+##
+## Path to the error log file
+##
+server.errorlog = log_root + "/error.log"
+
+##
+## If you want to log to syslog you have to unset the
+## server.errorlog setting and uncomment the next line.
+##
+#server.errorlog-use-syslog = "enable"
+
+##
+## Access log config
+##
+include "conf.d/access_log.conf"
+
+##
+## The debug options are moved into their own file.
+## see conf.d/debug.conf for various options for request debugging.
+##
+include "conf.d/debug.conf"
+
+##
+#######################################################################
+
+#######################################################################
+##
+## Tuning/Performance
+## --------------------
+##
+## corresponding documentation:
+## http://www.lighttpd.net/documentation/performance.html
+##
## set the event-handler (read the performance section in the manual)
-# server.event-handler = "freebsd-kqueue" # needed on OS X
-
-# mimetype mapping
-mimetype.assign = (
- ".pdf" => "application/pdf",
- ".sig" => "application/pgp-signature",
- ".spl" => "application/futuresplash",
- ".class" => "application/octet-stream",
- ".ps" => "application/postscript",
- ".torrent" => "application/x-bittorrent",
- ".dvi" => "application/x-dvi",
- ".gz" => "application/x-gzip",
- ".pac" => "application/x-ns-proxy-autoconfig",
- ".swf" => "application/x-shockwave-flash",
- ".tar.gz" => "application/x-tgz",
- ".tgz" => "application/x-tgz",
- ".tar" => "application/x-tar",
- ".zip" => "application/zip",
- ".mp3" => "audio/mpeg",
- ".m3u" => "audio/x-mpegurl",
- ".wma" => "audio/x-ms-wma",
- ".wax" => "audio/x-ms-wax",
- ".ogg" => "application/ogg",
- ".wav" => "audio/x-wav",
- ".gif" => "image/gif",
- ".jpg" => "image/jpeg",
- ".jpeg" => "image/jpeg",
- ".png" => "image/png",
- ".xbm" => "image/x-xbitmap",
- ".xpm" => "image/x-xpixmap",
- ".xwd" => "image/x-xwindowdump",
- ".css" => "text/css",
- ".html" => "text/html",
- ".htm" => "text/html",
- ".js" => "text/javascript",
- ".asc" => "text/plain",
- ".c" => "text/plain",
- ".cpp" => "text/plain",
- ".log" => "text/plain",
- ".conf" => "text/plain",
- ".text" => "text/plain",
- ".txt" => "text/plain",
- ".dtd" => "text/xml",
- ".xml" => "text/xml",
- ".mpeg" => "video/mpeg",
- ".mpg" => "video/mpeg",
- ".mov" => "video/quicktime",
- ".qt" => "video/quicktime",
- ".avi" => "video/x-msvideo",
- ".asf" => "video/x-ms-asf",
- ".asx" => "video/x-ms-asf",
- ".wmv" => "video/x-ms-wmv",
- ".bz2" => "application/x-bzip",
- ".tbz" => "application/x-bzip-compressed-tar",
- ".tar.bz2" => "application/x-bzip-compressed-tar"
- )
-
-# Use the "Content-Type" extended attribute to obtain mime type if possible
-#mimetype.use-xattr = "enable"
-
-
-## send a different Server: header
-## be nice and keep it at lighttpd
-# server.tag = "lighttpd"
-
-#### accesslog module
-accesslog.filename = "/var/log/lighttpd/access.log"
+##
+## possible options on linux are:
+##
+## select
+## poll
+## linux-sysepoll
+##
+## linux-sysepoll is recommended on kernel 2.6.
+##
+server.event-handler = "linux-sysepoll"
+
+##
+## The basic network interface for all platforms at the syscalls read()
+## and write(). Every modern OS provides its own syscall to help network
+## servers transfer files as fast as possible
+##
+## sendfile - is recommended for small files.
+## writev - is recommended for sending many large files
+##
+server.network-backend = "sendfile"
+
+##
+## As lighttpd is a single-threaded server, its main resource limit is
+## the number of file descriptors, which is set to 1024 by default (on
+## most systems).
+##
+## If you are running a high-traffic site you might want to increase this
+## limit by setting server.max-fds.
+##
+## Changing this setting requires root permissions on startup. see
+## server.username/server.groupname.
+##
+## By default lighttpd would not change the operation system default.
+## But setting it to 2048 is a better default for busy servers.
+##
+server.max-fds = 2048
+
+##
+## listen-backlog is the size of the listen() backlog queue requested when
+## the lighttpd server ask the kernel to listen() on the provided network
+## address. Clients attempting to connect() to the server enter the listen()
+## backlog queue and wait for the lighttpd server to accept() the connection.
+##
+## The out-of-box default on many operating systems is 128 and is identified
+## as SOMAXCONN. This can be tuned on many operating systems. (On Linux,
+## cat /proc/sys/net/core/somaxconn) Requesting a size larger than operating
+## system limit will be silently reduced to the limit by the operating system.
+##
+## When there are too many connection attempts waiting for the server to
+## accept() new connections, the listen backlog queue fills and the kernel
+## rejects additional connection attempts. This can be useful as an
+## indication to an upstream load balancer that the server is busy, and
+## possibly overloaded. In that case, configure a smaller limit for
+## server.listen-backlog. On the other hand, configure a larger limit to be
+## able to handle bursts of new connections, but only do so up to an amount
+## that the server can keep up with responding in a reasonable amount of
+## time. Otherwise, clients may abandon the connection attempts and the
+## server will waste resources servicing abandoned connections.
+##
+## It is best to leave this setting at its default unless you have modelled
+## your traffic and tested that changing this benefits your traffic patterns.
+##
+## Default: 1024
+##
+#server.listen-backlog = 128
+
+##
+## Stat() call caching.
+##
+## lighttpd can utilize FAM/Gamin to cache stat call.
+##
+## possible values are:
+## disable, simple or fam.
+##
+server.stat-cache-engine = "simple"
+
+##
+## Fine tuning for the request handling
+##
+## max-connections == max-fds/2 (maybe /3)
+## means the other file handles are used for fastcgi/files
+##
+server.max-connections = 1024
+
+##
+## How many seconds to keep a keep-alive connection open,
+## until we consider it idle.
+##
+## Default: 5
+##
+#server.max-keep-alive-idle = 5
+
+##
+## How many keep-alive requests until closing the connection.
+##
+## Default: 16
+##
+#server.max-keep-alive-requests = 16
+##
+## Maximum size of a request in kilobytes.
+## By default it is unlimited (0).
+##
+## Uploads to your server cant be larger than this value.
+##
+#server.max-request-size = 0
+
+##
+## Time to read from a socket before we consider it idle.
+##
+## Default: 60
+##
+#server.max-read-idle = 60
+
+##
+## Time to write to a socket before we consider it idle.
+##
+## Default: 360
+##
+#server.max-write-idle = 360
+
+##
+## Traffic Shaping
+## -----------------
+##
+## see /usr/share/doc/lighttpd/traffic-shaping.txt
+##
+## Values are in kilobyte per second.
+##
+## Keep in mind that a limit below 32kB/s might actually limit the
+## traffic to 32kB/s. This is caused by the size of the TCP send
+## buffer.
+##
+## per server:
+##
+#server.kbytes-per-second = 128
+
+##
+## per connection:
+##
+#connection.kbytes-per-second = 32
+
+##
+#######################################################################
+
+#######################################################################
+##
+## Filename/File handling
+## ------------------------
+
+##
+## files to check for if .../ is requested
+## index-file.names = ( "index.php", "index.rb", "index.html",
+## "index.htm", "default.htm" )
+##
+index-file.names += (
+ "index.xhtml", "index.html", "index.htm", "default.htm", "index.php"
+)
+
+##
## deny access the file-extensions
-#
-# ~ is for backupfiles from vi, emacs, joe, ...
-# .inc is often used for code includes which should in general not be part
-# of the document-root
+##
+## ~ is for backupfiles from vi, emacs, joe, ...
+## .inc is often used for code includes which should in general not be part
+## of the document-root
url.access-deny = ( "~", ".inc" )
+##
+## disable range requests for pdf files
+## workaround for a bug in the Acrobat Reader plugin.
+##
$HTTP["url"] =~ "\.pdf$" {
server.range-requests = "disable"
}
##
-# which extensions should not be handle via static-file transfer
-#
-# .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi
-static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
+## url handling modules (rewrite, redirect)
+##
+#url.rewrite = ( "^/$" => "/server-status" )
+#url.redirect = ( "^/wishlist/(.+)" => "http://www.example.com/$1" )
-######### Options that are good to be but not neccesary to be changed #######
+##
+## both rewrite/redirect support back reference to regex conditional using %n
+##
+#$HTTP["host"] =~ "^www\.(.*)" {
+# url.redirect = ( "^/(.*)" => "http://%1/$1" )
+#}
-## bind to port (default: 80)
-#server.port = 81
+##
+## which extensions should not be handle via static-file transfer
+##
+## .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi
+##
+static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".scgi" )
-## bind to localhost (default: all interfaces)
-#server.bind = "grisu.home.kneschke.de"
+##
+## error-handler for all status 400-599
+##
+#server.error-handler = "/error-handler.html"
+#server.error-handler = "/error-handler.php"
+##
## error-handler for status 404
+##
#server.error-handler-404 = "/error-handler.html"
#server.error-handler-404 = "/error-handler.php"
-## to help the rc.scripts
-server.pid-file = "/var/run/lighttpd/lighttpd.pid"
+##
+## Format: <errorfile-prefix><status-code>.html
+## -> ..../status-404.html for 'File not found'
+##
+#server.errorfile-prefix = "/srv/www/htdocs/errors/status-"
+##
+## mimetype mapping
+##
+include "conf.d/mime.conf"
-###### virtual hosts
##
-## If you want name-based virtual hosting add the next three settings and load
-## mod_simple_vhost
+## directory listing configuration
##
-## document-root =
-## virtual-server-root + virtual-server-default-host + virtual-server-docroot
-## or
-## virtual-server-root + http-host + virtual-server-docroot
+include "conf.d/dirlisting.conf"
+
##
-#simple-vhost.server-root = "/home/weigon/wwwroot/servers/"
-#simple-vhost.default-host = "grisu.home.kneschke.de"
-#simple-vhost.document-root = "/pages/"
+## Should lighttpd follow symlinks?
+##
+server.follow-symlink = "enable"
+##
+## force all filenames to be lowercase?
+##
+#server.force-lowercase-filenames = "disable"
##
-## Format: <errorfile-prefix><status-code>.html
-## -> ..../status-404.html for 'File not found'
-#server.errorfile-prefix = "/home/weigon/projects/lighttpd/doc/status-"
+## defaults to /var/tmp as we assume it is a local harddisk
+##
+server.upload-dirs = ( "/var/tmp" )
-## virtual directory listings
-#dir-listing.activate = "enable"
+##
+#######################################################################
-## enable debugging
-#debug.log-request-header = "enable"
-#debug.log-response-header = "enable"
-#debug.log-request-handling = "enable"
-#debug.log-file-not-found = "enable"
-### only root can use these options
-#
-# chroot() to directory (default: no chroot() )
-#server.chroot = "/"
-
-## change uid to <uid> (default: don't care)
-server.username = "lighttpd"
-
-## change uid to <uid> (default: don't care)
-server.groupname = "lighttpd"
-
-#### compress module
-#compress.cache-dir = "/tmp/lighttpd/cache/compress/"
-#compress.filetype = ("text/plain", "text/html")
-
-#### proxy module
-## read proxy.txt for more info
-#proxy.server = ( ".php" =>
-# ( "localhost" =>
-# (
-# "host" => "192.168.0.101",
-# "port" => 80
-# )
-# )
-# )
-
-#### fastcgi module
-## read fastcgi.txt for more info
-## for PHP don't forget to set cgi.fix_pathinfo = 1 in the php.ini
-#fastcgi.server = ( ".php" =>
-# ( "localhost" =>
-# (
-# "socket" => "/var/run/lighttpd/php-fastcgi.socket",
-# "bin-path" => "/usr/bin/php"
-# )
-# )
-# )
-
-#### CGI module
-#cgi.assign = ( ".pl" => "/usr/bin/perl",
-# ".cgi" => "/usr/bin/perl" )
-#
+#######################################################################
+##
+## SSL Support
+## -------------
+##
+## To enable SSL for the whole server you have to provide a valid
+## certificate and have to enable the SSL engine.::
+##
+## ssl.engine = "enable"
+## ssl.pemfile = "/path/to/server.pem"
+##
+## The HTTPS protocol does not allow you to use name-based virtual
+## hosting with SSL. If you want to run multiple SSL servers with
+## one lighttpd instance you must use IP-based virtual hosting: ::
+##
+## Mitigate CVE-2009-3555 by disabling client triggered renegotation
+## This is enabled by default.
+##
+## IMPORTANT: this setting can only be used in the global scope.
+## It does *not* work inside conditionals
+##
+# ssl.disable-client-renegotiation = "enable"
+##
+## $SERVER["socket"] == "10.0.0.1:443" {
+## ssl.engine = "enable"
+## ssl.pemfile = "/etc/ssl/private/www.example.com.pem"
+## #
+## # (Following SSL/TLS Deployment Best Practices 1.3 / 17 September 2013 from:
+## # https://www.ssllabs.com/projects/best-practices/index.html)
+## # - BEAST is considered mitigaed on client side now, and new weaknesses have been found in RC4,
+## # so it is strongly advised to disable RC4 ciphers (HIGH doesn't include RC4)
+## # - It is recommended to disable 3DES too (although disabling RC4 and 3DES breaks IE6+8 on Windows XP,
+## # so you might want to support 3DES for now - just remove the '!3DES' parts below).
+## # - The examples below prefer ciphersuites with "Forward Secrecy" (and ECDHE over DHE (alias EDH)), remove '+kEDH +kRSA'
+## # if you don't want that.
+## # - SRP and PSK are not supported anyway, excluding those ('!kSRP !kPSK') just keeps the list smaller (easier to review)
+## # Check your cipher list with: openssl ciphers -v '...' (use single quotes as your shell won't like ! in double quotes)
+## #
+## # If you know you have RSA keys (standard), you can use:
+## ssl.cipher-list = "aRSA+HIGH !3DES +kEDH +kRSA !kSRP !kPSK"
+## # The more generic version (without the restriction to RSA keys) is
+## # ssl.cipher-list = "HIGH !aNULL !3DES +kEDH +kRSA !kSRP !kPSK"
+## #
+## # Make the server prefer the order of the server side cipher suite instead of the client suite.
+## # This option is enabled by default, but only used if ssl.cipher-list is set.
+## #
+## # ssl.honor-cipher-order = "enable"
+## #
+## server.name = "www.example.com"
+##
+## server.document-root = "/srv/www/vhosts/example.com/www/"
+## }
+##
+
+## If you have a .crt and a .key file, cat them together into a
+## single PEM file:
+## $ cat /etc/ssl/private/lighttpd.key /etc/ssl/certs/lighttpd.crt \
+## > /etc/ssl/private/lighttpd.pem
+##
+#ssl.pemfile = "/etc/ssl/private/lighttpd.pem"
-#### SSL engine
+##
+## optionally pass the CA certificate here.
+##
+##
+#ssl.ca-file = ""
+
+##
#######################################################################
-###
-### SSL Support
-### -------------
-###
-### To enable SSL for the whole server you have to provide a valid
-### certificate and have to enable the SSL engine.::
-###
-### ssl.engine = "enable"
-### ssl.pemfile = "/path/to/server.pem"
-###
-### The HTTPS protocol does not allow you to use name-based virtual
-### hosting with SSL. If you want to run multiple SSL servers with
-### one lighttpd instance you must use IP-based virtual hosting: ::
-###
-### $SERVER["socket"] == "10.0.0.1:443" {
-### ssl.engine = "enable"
-### ssl.pemfile = "/etc/ssl/private/www.example.com.pem"
-### #
-### # Mitigate BEAST attack:
-### #
-### # A stricter base cipher suite. For details see:
-### # http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html
-### #
-### ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
-### #
-### # Make the server prefer the order of the server side cipher suite instead of the client suite.
-### # This is necessary to mitigate the BEAST attack (unless you disable all non RC4 algorithms).
-### # This option is enabled by default, but only used if ssl.cipher-list is set.
-### #
-### # ssl.honor-cipher-order = "enable"
-### #
-### # Mitigate CVE-2009-3555 by disabling client triggered renegotation
-### # This is enabled by default.
-### #
-### # ssl.disable-client-renegotiation = "enable"
-### #
-### server.name = "www.example.com"
-###
-### server.document-root = "/var/www/vhosts/example.com/www/"
-### }
-###
-#ssl.engine = "enable"
-#ssl.pemfile = "server.pem"
-
-#### status module
-#status.status-url = "/server-status"
-#status.config-url = "/server-config"
-
-#### auth module
-## read authentication.txt for more info
-#auth.backend = "plain"
-#auth.backend.plain.userfile = "lighttpd.user"
-#auth.backend.plain.groupfile = "lighttpd.group"
-
-#auth.backend.ldap.hostname = "localhost"
-#auth.backend.ldap.base-dn = "dc=my-domain,dc=com"
-#auth.backend.ldap.filter = "(uid=$)"
-
-#auth.require = ( "/server-status" =>
-# (
-# "method" => "digest",
-# "realm" => "download archiv",
-# "require" => "user=jan"
-# ),
-# "/server-config" =>
-# (
-# "method" => "digest",
-# "realm" => "download archiv",
-# "require" => "valid-user"
-# )
-# )
-
-#### url handling modules (rewrite, redirect, access)
-#url.rewrite = ( "^/$" => "/server-status" )
-#url.redirect = ( "^/wishlist/(.+)" => "http://www.123.org/$1" )
-#### both rewrite/redirect support back reference to regex conditional using %n
-#$HTTP["host"] =~ "^www\.(.*)" {
-# url.redirect = ( "^/(.*)" => "http://%1/$1" )
-#}
-#
-# define a pattern for the host url finding
-# %% => % sign
-# %0 => domain name + tld
-# %1 => tld
-# %2 => domain name without tld
-# %3 => subdomain 1 name
-# %4 => subdomain 2 name
-#
-#evhost.path-pattern = "/home/storage/dev/www/%3/htdocs/"
-
-#### expire module
-#expire.url = ( "/buggy/" => "access 2 hours", "/asdhas/" => "access plus 1 seconds 2 minutes")
-
-#### ssi
-#ssi.extension = ( ".shtml" )
-
-#### rrdtool
-#rrdtool.binary = "/usr/bin/rrdtool"
-#rrdtool.db-name = "/var/www/lighttpd.rrd"
-
-#### setenv
-#setenv.add-request-header = ( "TRAV_ENV" => "mysql://user@host/db" )
-#setenv.add-response-header = ( "X-Secret-Message" => "42" )
-
-## for mod_trigger_b4_dl
-# trigger-before-download.gdbm-filename = "/home/weigon/testbase/trigger.db"
-# trigger-before-download.memcache-hosts = ( "127.0.0.1:11211" )
-# trigger-before-download.trigger-url = "^/trigger/"
-# trigger-before-download.download-url = "^/download/"
-# trigger-before-download.deny-url = "http://127.0.0.1/index.html"
-# trigger-before-download.trigger-timeout = 10
-
-## for mod_cml
-## don't forget to add index.cml to server.indexfiles
-# cml.extension = ".cml"
-# cml.memcache-hosts = ( "127.0.0.1:11211" )
-
-#### variable usage:
-## variable name without "." is auto prefixed by "var." and becomes "var.bar"
-#bar = 1
-#var.mystring = "foo"
-
-## integer add
-#bar += 1
-## string concat, with integer cast as string, result: "www.foo1.com"
-#server.name = "www." + mystring + var.bar + ".com"
-## array merge
-#index-file.names = (foo + ".php") + index-file.names
-#index-file.names += (foo + ".php")
-
-## Another example on how to start an FastCGI server for php - uses php-cgi
-## - copy the php.ini from /etc/httpd/php.ini into /etc/lighttpd/
-## (or change the path, if you prefeer): don't forget to enable in it
-## cgi.fix_pathinfo = 1
-## - the socket is created into /var/run/lighttpd/
-## - /var/lib/php must be owned by the user owning the lighttpd
-## process for php supporting sessions
-## Uncomment the section below to enable.
-#fastcgi.server = ( ".php" =>
-# ((
-# "bin-path" => "/usr/bin/php-cgi -c /etc/lighttpd/php.ini",
-# "socket" => "/var/run/lighttpd/php.socket",
-# "max-procs" => 1,
-# "idle-timeout" => 20,
-# "bin-environment" => (
-# "PHP_FCGI_CHILDREN" => "8",
-# "PHP_FCGI_MAX_REQUESTS" => "200"
-# ),
-# "bin-copy-environment" => (
-# "PATH", "SHELL", "USER"
-# ),
-# "broken-scriptfilename" => "enable"
-# ))
-#)
-
-#### include
-#include /etc/lighttpd/lighttpd-inc.conf
-## same as above if you run: "lighttpd -f /etc/lighttpd/lighttpd.conf"
-#include "lighttpd-inc.conf"
-
-#### include_shell
-#include_shell "echo var.a=1"
-## the above is same as:
-#var.a=1
+#######################################################################
+##
+## custom includes like vhosts.
+##
+#include "conf.d/config.conf"
+#include_shell "cat /etc/lighttpd/vhosts.d/*.conf"
+##
+#######################################################################
diff --git a/network/lighttpd/conf/lighttpd.logrotate b/network/lighttpd/conf/lighttpd.logrotate
index 7001f869bd279..1a44bd9aa59f2 100644
--- a/network/lighttpd/conf/lighttpd.logrotate
+++ b/network/lighttpd/conf/lighttpd.logrotate
@@ -4,7 +4,7 @@
missingok
copytruncate
rotate 7
- create 0644 lighttpd lighttpd
+ create 0644 @USER@ @GROUP@
compress
notifempty
sharedscripts