1#######################################################################
2##
3## /etc/lighttpd/lighttpd.conf
4##
5## check /etc/lighttpd/conf.d/*.conf for the configuration of modules.
6##
7#######################################################################
8
9#######################################################################
10##
11## Some Variable definition which will make chrooting easier.
12##
13## if you add a variable here. Add the corresponding variable in the
14## chroot example aswell.
15##
16var.log_root    = "/tmp/lighttpd"
17var.server_root = "/srv/www"
18var.state_dir   = "/var/run"
19var.home_dir    = "/var/lib/lighttpd"
20var.conf_dir    = "/etc/lighttpd"
21
22##
23## run the server chrooted.
24##
25## This requires root permissions during startup.
26##
27## If you run Chrooted set the the variables to directories relative to
28## the chroot dir.
29##
30## example chroot configuration:
31##
32#var.log_root    = "/logs"
33#var.server_root = "/"
34#var.state_dir   = "/run"
35#var.home_dir    = "/lib/lighttpd"
36#var.vhosts_dir  = "/vhosts"
37#var.conf_dir    = "/etc"
38#
39#server.chroot   = "/srv/www"
40
41##
42## Some additional variables to make the configuration easier
43##
44
45##
46## Base directory for all virtual hosts
47##
48## used in:
49## conf.d/evhost.conf
50## conf.d/simple_vhost.conf
51## vhosts.d/vhosts.template
52##
53var.vhosts_dir  = server_root + "/vhosts"
54
55##
56## Cache for mod_compress
57##
58## used in:
59## conf.d/compress.conf
60##
61var.cache_dir   = "/var/cache/lighttpd"
62
63##
64## Base directory for sockets.
65##
66## used in:
67## conf.d/fastcgi.conf
68## conf.d/scgi.conf
69##
70var.socket_dir  = home_dir + "/sockets"
71
72##
73#######################################################################
74
75#######################################################################
76##
77## Load the modules.
78include "modules.conf"
79
80##
81#######################################################################
82
83#######################################################################
84##
85##  Basic Configuration
86## ---------------------
87##
88server.port = 80
89
90##
91## Use IPv6?
92##
93server.use-ipv6 = "enable"
94
95##
96## bind to a specific IP
97##
98server.bind = "10.0.0.4"
99
100##
101## Run as a different username/groupname.
102## This requires root permissions during startup.
103##
104#server.username  = "www-data"
105#server.groupname = "www-data"
106
107##
108## enable core files.
109##
110#server.core-files = "disable"
111
112##
113## Document root (This would hold all your future WWW pages)
114##
115#server.document-root = server_root + "/htdocs"
116#server.document-root = "/home/notav/www"
117server.document-root = "/home/ajamshed/www"
118
119##
120## The value for the "Server:" response field.
121##
122## It would be nice to keep it at "lighttpd".
123##
124#server.tag = "lighttpd"
125
126##
127## store a pid file
128##
129server.pid-file = state_dir + "/lighttpd.pid"
130
131##
132#######################################################################
133
134#######################################################################
135##
136##  Logging Options
137## ------------------
138##
139## all logging options can be overwritten per vhost.
140##
141## Path to the error log file
142##
143server.errorlog             = log_root + "/error.log"
144
145##
146## If you want to log to syslog you have to unset the
147## server.errorlog setting and uncomment the next line.
148##
149#server.errorlog-use-syslog = "enable"
150
151##
152## Access log config
153##
154## LOGGING IS DISABLED TO ENHANCE PERFORMANCE
155#include "conf.d/access_log.conf"
156
157##
158## The debug options are moved into their own file.
159## see conf.d/debug.conf for various options for request debugging.
160##
161include "conf.d/debug.conf"
162
163##
164#######################################################################
165
166#######################################################################
167##
168##  Tuning/Performance
169## --------------------
170##
171## corresponding documentation:
172## http://www.lighttpd.net/documentation/performance.html
173##
174## set the event-handler (read the performance section in the manual)
175##
176## possible options on linux are:
177##
178## select
179## poll
180## linux-sysepoll
181##
182## linux-sysepoll is recommended on kernel 2.6.
183##
184## Event handler for mtcp will always be mtcp-epoll
185#server.event-handler = "linux-sysepoll"
186server.event-handler = "mtcp-epoll"
187
188##
189## The basic network interface for all platforms at the syscalls read()
190## and write(). Every modern OS provides its own syscall to help network
191## servers transfer files as fast as possible
192##
193## linux-sendfile - is recommended for small files.
194## writev         - is recommended for sending many large files
195## mtcp_writev    - is recommended for sending multiple large files @10Gbps
196##
197## Network writes will always be writevs for mtcp
198#server.network-backend = "linux-sendfile"
199server.network-backend = "mtcp_writev"
200
201##
202## As lighttpd is a single-threaded server, its main resource limit is
203## the number of file descriptors, which is set to 1024 by default (on
204## most systems).
205##
206## If you are running a high-traffic site you might want to increase this
207## limit by setting server.max-fds.
208##
209## Changing this setting requires root permissions on startup. see
210## server.username/server.groupname.
211##
212## By default lighttpd would not change the operation system default.
213## But setting it to 2048 is a better default for busy servers.
214##
215server.max-fds = 500000
216
217##
218## Stat() call caching.
219##
220## lighttpd can utilize FAM/Gamin to cache stat call.
221##
222## possible values are:
223## disable, simple or fam.
224##
225server.stat-cache-engine = "simple"
226
227##
228## Fine tuning for the request handling
229##
230## max-connections == max-fds/2 (maybe /3)
231## means the other file handles are used for fastcgi/files
232##
233## However, for mtcp framework, we can exceed the max-connections limit to
234## a value far greater than fd/2 since mtcp does not use file descriptors.
235#server.max-connections = 1024
236server.max-connections = 80000
237
238##
239## Fine tuning for the request handling
240##
241## listen-backlog: listening limit for server socket
242## ONLY WORKS FOR MTCP
243## Please comment this line out for non-mtcp versions.
244server.listen-backlog = 4096
245
246##
247## How many seconds to keep a keep-alive connection open,
248## until we consider it idle.
249##
250## Default: 5
251##
252#server.max-keep-alive-idle = 5
253
254##
255## How many keep-alive requests until closing the connection.
256##
257## Default: 16
258##
259#server.max-keep-alive-requests = 16
260##
261## Uncomment to make keep-alive requests limitless.
262## This option will render `server.max-keep-alive-requests' useless.
263##
264server.infinite-keep-alive-requests = "enable"
265
266##
267## Maximum size of a request in kilobytes.
268## By default it is unlimited (0).
269##
270## Uploads to your server cant be larger than this value.
271##
272#server.max-request-size = 0
273
274##
275## Time to read from a socket before we consider it idle.
276##
277## Default: 60
278##
279server.max-read-idle = 3600
280
281##
282## Time to write to a socket before we consider it idle.
283##
284## Default: 360
285##
286server.max-write-idle = 3600
287
288##
289##  Traffic Shaping
290## -----------------
291##
292## see /usr/share/doc/lighttpd/traffic-shaping.txt
293##
294## Values are in kilobyte per second.
295##
296## Keep in mind that a limit below 32kB/s might actually limit the
297## traffic to 32kB/s. This is caused by the size of the TCP send
298## buffer.
299##
300## per server:
301##
302#server.kbytes-per-second = 128
303
304##
305## per connection:
306##
307#connection.kbytes-per-second = 32
308
309##
310#######################################################################
311
312#######################################################################
313##
314##  Filename/File handling
315## ------------------------
316
317##
318## files to check for if .../ is requested
319## index-file.names            = ( "index.php", "index.rb", "index.html",
320##                                 "index.htm", "default.htm" )
321##
322index-file.names += (
323  "index.xhtml", "index.html", "index.htm", "default.htm", "index.php"
324)
325
326##
327## deny access the file-extensions
328##
329## ~    is for backupfiles from vi, emacs, joe, ...
330## .inc is often used for code includes which should in general not be part
331##      of the document-root
332url.access-deny             = ( "~", ".inc" )
333
334##
335## disable range requests for pdf files
336## workaround for a bug in the Acrobat Reader plugin.
337##
338$HTTP["url"] =~ "\.pdf$" {
339  server.range-requests = "disable"
340}
341
342##
343## url handling modules (rewrite, redirect)
344##
345#url.rewrite                = ( "^/$"             => "/server-status" )
346#url.redirect               = ( "^/wishlist/(.+)" => "http://www.example.com/$1" )
347
348##
349## both rewrite/redirect support back reference to regex conditional using %n
350##
351#$HTTP["host"] =~ "^www\.(.*)" {
352#  url.redirect            = ( "^/(.*)" => "http://%1/$1" )
353#}
354
355##
356## which extensions should not be handle via static-file transfer
357##
358## .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi
359##
360static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".scgi" )
361
362##
363## error-handler for status 404
364##
365#server.error-handler-404   = "/error-handler.html"
366#server.error-handler-404   = "/error-handler.php"
367
368##
369## Format: <errorfile-prefix><status-code>.html
370## -> ..../status-404.html for 'File not found'
371##
372#server.errorfile-prefix    = "/srv/www/htdocs/errors/status-"
373
374##
375## mimetype mapping
376##
377include "conf.d/mime.conf"
378
379##
380## directory listing configuration
381##
382include "conf.d/dirlisting.conf"
383
384##
385## Should lighttpd follow symlinks?
386##
387server.follow-symlink = "enable"
388
389##
390## force all filenames to be lowercase?
391##
392#server.force-lowercase-filenames = "disable"
393
394##
395## defaults to /var/tmp as we assume it is a local harddisk
396##
397server.upload-dirs = ( "/var/tmp" )
398
399##
400#######################################################################
401
402
403#######################################################################
404##
405##  SSL Support
406## -------------
407##
408## To enable SSL for the whole server you have to provide a valid
409## certificate and have to enable the SSL engine.::
410##
411##   ssl.engine = "enable"
412##   ssl.pemfile = "/path/to/server.pem"
413##
414## The HTTPS protocol does not allow you to use name-based virtual
415## hosting with SSL. If you want to run multiple SSL servers with
416## one lighttpd instance you must use IP-based virtual hosting: ::
417##
418##   $SERVER["socket"] == "10.0.0.1:443" {
419##     ssl.engine                  = "enable"
420##     ssl.pemfile                 = "/etc/ssl/private/www.example.com.pem"
421##     #
422##     # Mitigate BEAST attack:
423##     #
424##     # A stricter base cipher suite. For details see:
425##     # http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html
426##     #
427##     ssl.cipher-list             = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
428##     #
429##     # Make the server prefer the order of the server side cipher suite instead of the client suite.
430##     # This is necessary to mitigate the BEAST attack (unless you disable all non RC4 algorithms).
431##     # This option is enabled by default, but only used if ssl.cipher-list is set.
432##     #
433##     # ssl.honor-cipher-order = "enable"
434##     #
435##     # Mitigate CVE-2009-3555 by disabling client triggered renegotation
436##     # This is enabled by default.
437##     #
438##     # ssl.disable-client-renegotiation = "enable"
439##     #
440##     server.name                 = "www.example.com"
441##
442##     server.document-root        = "/srv/www/vhosts/example.com/www/"
443##   }
444##
445
446## If you have a .crt and a .key file, cat them together into a
447## single PEM file:
448## $ cat /etc/ssl/private/lighttpd.key /etc/ssl/certs/lighttpd.crt \
449##   > /etc/ssl/private/lighttpd.pem
450##
451#ssl.pemfile = "/etc/ssl/private/lighttpd.pem"
452
453##
454## optionally pass the CA certificate here.
455##
456##
457#ssl.ca-file = ""
458
459##
460#######################################################################
461
462#######################################################################
463##
464## custom includes like vhosts.
465##
466#include "conf.d/config.conf"
467#include_shell "cat /etc/lighttpd/vhosts.d/*.conf"
468##
469#######################################################################
470