1 var.root_path = env.ZYPP_TEST_SRVROOT
2 var.log_root = root_path + "/log"
3 var.state_dir = root_path + "/state"
4 var.home_dir = root_path + "/home"
5 var.conf_dir = env.ZYPP_TEST_SRVCONF
6 var.ssl_dir = env.ZYPP_SSL_CONFDIR
9 ## Cache for mod_compress
12 ## conf.d/compress.conf
14 var.cache_dir = root_path + "/cache"
17 #######################################################################
19 #######################################################################
34 include "conf.d/fastcgi.conf"
37 #######################################################################
39 #######################################################################
41 ## Basic Configuration
42 ## ---------------------
44 server.port = env.ZYPP_TEST_PORT
49 server.use-ipv6 = "enable"
52 ## bind to a specific IP
54 server.bind = "127.0.0.1"
57 ## Run as a different username/groupname.
58 ## This requires root permissions during startup.
60 #server.username = "lighttpd"
61 #server.groupname = "lighttpd"
66 #server.core-files = "disable"
71 server.document-root = env.ZYPP_TEST_DOCROOT
74 ## The value for the "Server:" response field.
76 ## It would be nice to keep it at "lighttpd".
78 #server.tag = "lighttpd"
83 server.pid-file = state_dir + "/lighttpd.pid"
86 #######################################################################
88 #######################################################################
93 ## all logging options can be overwritten per vhost.
95 ## Path to the error log file
97 server.errorlog = log_root + "/error.log"
100 ## If you want to log to syslog you have to unset the
101 ## server.errorlog setting and uncomment the next line.
103 #server.errorlog-use-syslog = "enable"
108 include "conf.d/access_log.conf"
111 ## The debug options are moved into their own file.
112 ## see conf.d/debug.conf for various options for request debugging.
114 #include "conf.d/debug.conf"
117 #######################################################################
119 #######################################################################
121 ## Tuning/Performance
122 ## --------------------
124 ## corresponding documentation:
125 ## https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_Performance
127 ## set the event-handler (read the performance section in the manual)
129 ## possible options on linux are:
135 ## linux-sysepoll is recommended on kernel 2.6.
137 server.event-handler = "linux-sysepoll"
140 ## The basic network interface for all platforms at the syscalls read()
141 ## and write(). Every modern OS provides its own syscall to help network
142 ## servers transfer files as fast as possible
144 ## sendfile - is recommended for small files.
145 ## writev - is recommended for sending many large files
147 server.network-backend = "sendfile"
150 ## As lighttpd is a single-threaded server, its main resource limit is
151 ## the number of file descriptors, which is set to 1024 by default (on
154 ## If you are running a high-traffic site you might want to increase this
155 ## limit by setting server.max-fds.
157 ## Changing this setting requires root permissions on startup. see
158 ## server.username/server.groupname.
160 ## By default lighttpd would not change the operation system default.
161 ## But setting it to 2048 is a better default for busy servers.
163 server.max-fds = 2048
166 ## listen-backlog is the size of the listen() backlog queue requested when
167 ## the lighttpd server ask the kernel to listen() on the provided network
168 ## address. Clients attempting to connect() to the server enter the listen()
169 ## backlog queue and wait for the lighttpd server to accept() the connection.
171 ## The out-of-box default on many operating systems is 128 and is identified
172 ## as SOMAXCONN. This can be tuned on many operating systems. (On Linux,
173 ## cat /proc/sys/net/core/somaxconn) Requesting a size larger than operating
174 ## system limit will be silently reduced to the limit by the operating system.
176 ## When there are too many connection attempts waiting for the server to
177 ## accept() new connections, the listen backlog queue fills and the kernel
178 ## rejects additional connection attempts. This can be useful as an
179 ## indication to an upstream load balancer that the server is busy, and
180 ## possibly overloaded. In that case, configure a smaller limit for
181 ## server.listen-backlog. On the other hand, configure a larger limit to be
182 ## able to handle bursts of new connections, but only do so up to an amount
183 ## that the server can keep up with responding in a reasonable amount of
184 ## time. Otherwise, clients may abandon the connection attempts and the
185 ## server will waste resources servicing abandoned connections.
187 ## It is best to leave this setting at its default unless you have modelled
188 ## your traffic and tested that changing this benefits your traffic patterns.
192 #server.listen-backlog = 128
195 ## Stat() call caching.
197 ## lighttpd can utilize FAM/Gamin to cache stat call.
199 ## possible values are:
200 ## disable, simple or fam.
202 #server.stat-cache-engine = "simple"
205 ## Fine tuning for the request handling
207 ## max-connections == max-fds/2 (maybe /3)
208 ## means the other file handles are used for fastcgi/files
210 server.max-connections = 1024
213 ## How many seconds to keep a keep-alive connection open,
214 ## until we consider it idle.
218 #server.max-keep-alive-idle = 5
221 ## How many keep-alive requests until closing the connection.
225 #server.max-keep-alive-requests = 16
228 ## Maximum size of a request in kilobytes.
229 ## By default it is unlimited (0).
231 ## Uploads to your server cant be larger than this value.
233 #server.max-request-size = 0
236 ## Time to read from a socket before we consider it idle.
240 #server.max-read-idle = 60
243 ## Time to write to a socket before we consider it idle.
247 #server.max-write-idle = 360
253 ## see /usr/share/doc/lighttpd/traffic-shaping.txt
255 ## Values are in kilobyte per second.
257 ## Keep in mind that a limit below 32kB/s might actually limit the
258 ## traffic to 32kB/s. This is caused by the size of the TCP send
263 #server.kbytes-per-second = 128
268 #connection.kbytes-per-second = 32
271 #######################################################################
273 #######################################################################
275 ## Filename/File handling
276 ## ------------------------
279 ## files to check for if .../ is requested
280 ## index-file.names = ( "index.php", "index.rb", "index.html",
281 ## "index.htm", "default.htm" )
283 index-file.names += (
284 "index.xhtml", "index.html", "index.htm", "default.htm", "index.php"
288 ## deny access the file-extensions
290 ## ~ is for backupfiles from vi, emacs, joe, ...
291 ## .inc is often used for code includes which should in general not be part
292 ## of the document-root
293 url.access-deny = ( "~", ".inc" )
296 ## disable range requests for pdf files
297 ## workaround for a bug in the Acrobat Reader plugin.
299 $HTTP["url"] =~ "\.pdf$" {
300 server.range-requests = "disable"
304 ## url handling modules (rewrite, redirect)
306 #url.rewrite = ( "^/$" => "/server-status" )
307 #url.redirect = ( "^/wishlist/(.+)" => "http://www.example.com/$1" )
310 ## both rewrite/redirect support back reference to regex conditional using %n
312 #$HTTP["host"] =~ "^www\.(.*)" {
313 # url.redirect = ( "^/(.*)" => "http://%1/$1" )
317 ## which extensions should not be handle via static-file transfer
319 ## .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi
321 static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".scgi" )
324 ## error-handler for all status 400-599
326 #server.error-handler = "/error-handler.html"
327 #server.error-handler = "/error-handler.php"
330 ## error-handler for status 404
332 #server.error-handler-404 = "/error-handler.html"
333 #server.error-handler-404 = "/error-handler.php"
336 ## Format: <errorfile-prefix><status-code>.html
337 ## -> ..../status-404.html for 'File not found'
339 #server.errorfile-prefix = "/srv/www/htdocs/errors/status-"
344 include "conf.d/mime.conf"
347 ## directory listing configuration
349 include "conf.d/dirlisting.conf"
352 ## Should lighttpd follow symlinks?
354 server.follow-symlink = "enable"
357 ## force all filenames to be lowercase?
359 #server.force-lowercase-filenames = "disable"
362 ## defaults to /var/tmp as we assume it is a local harddisk
364 server.upload-dirs = ( root_path+"/upload" )
367 #######################################################################
370 #######################################################################
375 ## To enable SSL for the whole server you have to provide a valid
376 ## certificate and have to enable the SSL engine.::
378 ## ssl.engine = "enable"
379 ## ssl.pemfile = "/path/to/server.pem"
381 ## The HTTPS protocol does not allow you to use name-based virtual
382 ## hosting with SSL. If you want to run multiple SSL servers with
383 ## one lighttpd instance you must use IP-based virtual hosting: ::
385 ## Mitigate CVE-2009-3555 by disabling client triggered renegotation
386 ## This is enabled by default.
388 ## IMPORTANT: this setting can only be used in the global scope.
389 ## It does *not* work inside conditionals
391 # ssl.disable-client-renegotiation = "enable"
393 ## $SERVER["socket"] == "10.0.0.1:443" {
394 ## ssl.engine = "enable"
395 ## ssl.pemfile = "/etc/ssl/private/www.example.com.pem"
397 ## # (Following SSL/TLS Deployment Best Practices 1.3 / 17 September 2013 from:
398 ## # https://www.ssllabs.com/projects/best-practices/index.html)
399 ## # - BEAST is considered mitigaed on client side now, and new weaknesses have been found in RC4,
400 ## # so it is strongly advised to disable RC4 ciphers (HIGH doesn't include RC4)
401 ## # - It is recommended to disable 3DES too (although disabling RC4 and 3DES breaks IE6+8 on Windows XP,
402 ## # so you might want to support 3DES for now - just remove the '!3DES' parts below).
403 ## # - The examples below prefer ciphersuites with "Forward Secrecy" (and ECDHE over DHE (alias EDH)), remove '+kEDH +kRSA'
404 ## # if you don't want that.
405 ## # - SRP and PSK are not supported anyway, excluding those ('!kSRP !kPSK') just keeps the list smaller (easier to review)
406 ## # Check your cipher list with: openssl ciphers -v '...' (use single quotes as your shell won't like ! in double quotes)
408 ## # If you know you have RSA keys (standard), you can use:
409 ## ssl.cipher-list = "aRSA+HIGH !3DES +kEDH +kRSA !kSRP !kPSK"
410 ## # The more generic version (without the restriction to RSA keys) is
411 ## # ssl.cipher-list = "HIGH !aNULL !3DES +kEDH +kRSA !kSRP !kPSK"
413 ## # Make the server prefer the order of the server side cipher suite instead of the client suite.
414 ## # This option is enabled by default, but only used if ssl.cipher-list is set.
416 ## # ssl.honor-cipher-order = "enable"
418 ## server.name = "www.example.com"
420 ## server.document-root = "/srv/www/vhosts/example.com/www/"
424 include_shell "/usr/bin/sh "+ conf_dir + "/conf.d/maybessl.sh"
425 #ssl.engine = "enable"
426 #ssl.pemfile = conf_dir + "/ssl/server.pem"
428 ## If you have a .crt and a .key file, cat them together into a
430 ## $ cat /etc/ssl/private/lighttpd.key /etc/ssl/certs/lighttpd.crt \
431 ## > /etc/ssl/private/lighttpd.pem
433 #ssl.pemfile = "/etc/ssl/private/lighttpd.pem"
436 ## optionally pass the CA certificate here.
442 ## and the CRL revocation list here.
445 #ssl.ca-crl-file = ""
448 #######################################################################