Outils pour utilisateurs

Outils du site


tuto:lighttpd_config
lighttpd.conf
server.modules = (
	"mod_access",
	"mod_accesslog",
	"mod_alias",
	"mod_compress",
 	"mod_redirect",
#	"mod_fastcgi",   #  use sudo lighty-enable
	"mod_setenv",
#       "mod_rewrite",
	"mod_extforward",
)
 
server.document-root        = "/var/www"
server.pid-file             = "/var/run/lighttpd.pid"
server.username             = "www-data"
server.groupname            = "www-data"
server.tag = "lighttpd"
server.port                 = 80
etag.use-mtime		= "enable"
etag.use-size		= "enable"
static-file.etags	= "enable"
 
 
# logging
# better use syslog on prod: logging on disk is SLOW
server.errorlog			= "/var/log/lighttpd/error.log"
accesslog.filename		= "/var/log/lighttpd/access.log"
 
 
index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
url.access-deny             = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
 
compress.cache-dir          = "/var/log/lighttpd/compress/"
compress.filetype           = ( "application/javascript", "text/css", "text/xml", "text/html", "text/plain", "text/vtt" )
 
fastcgi.server = ( ".php" => (( 
	"bin-path" => "/usr/bin/php-cgi",
	"socket" => "/tmp/php.socket", 
	"max-procs" => 1,
	"bin-environment" => ( 
		"PHP_FCGI_CHILDREN" => "16",
		"PHP_FCGI_MAX_REQUESTS" => "10000" 
	),
	"bin-copy-environment" => (
		"PATH", "SHELL", "USER" 
	),
	)))
 
# default listening port for IPv6 falls back to the IPv4 port
## Use ipv6 if available
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.assign.pl"
include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
 
connection.kbytes-per-second = 1024
 
## To have real IP when using CloudFlare
#extforward.forwarder = ( "all" => "trust" ) 
#extforward.headers = ("CF-Connecting-IP")
 
$SERVER["socket"] == ":443" {
	ssl.engine = "enable"
	ssl.use-sslv2 = "disable"
	ssl.use-sslv3 = "disable"
	setenv.add-environment = ( "HTTPS" => "on" )
	ssl.cipher-list = "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
	ssl.pemfile = "/etc/ssl/default.pem" 
	ssl.dh-file="/etc/ssl/dhparams.pem"  #custom dhparams for better security
 
	$HTTP["host"] =~ "suumitsu.eu" {
		ssl.cipher-list = "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
		ssl.pemfile = "/etc/ssl/suumitsu_eu.pem"
		ssl.ca-file = "/etc/ssl/cacert.crt"
	}
 
}
 
###  IPv6
$SERVER["socket"] == "[::]:443" {
        ssl.engine = "enable"
        ssl.use-sslv2 = "disable"
        ssl.use-sslv3 = "disable"
        setenv.add-environment = ( "HTTPS" => "on" )
        ssl.cipher-list = "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
        ssl.pemfile = "/etc/ssl/default.pem"
        ssl.dh-file="/etc/ssl/dhparams.pem"  #custom dhparams for better security
 
        $HTTP["host"] =~ "suumitsu.eu" {
                ssl.cipher-list = "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
                ssl.pemfile = "/etc/ssl/suumitsu.eu.pem"
                ssl.ca-file = "/etc/ssl/cacert.crt"
                setenv.add-response-header  = ("Strict-Transport-Security" => "max-age=31536000; includeSubDomains")
        }
 
}
 
 
$HTTP["host"] == "media.suumitsu.eu" {
	server.document-root = "/var/www/suumitsu.eu/media/"
	server.use-ipv6 = "enable"
	setenv.add-response-header = ( 
		"Strict-Transport-Security" => "max-age=31536000; includeSubDomains",
		"X-kitsune" => "Grrr",
		"X-response" => "42",
		"Cache-Control" => "public, max-age=691200, must-revalidate" )
}
 
$HTTP["host"] =~ "(^|.)pw.suumitsu.eu"  {
	server.document-root = "/var/www/suumitsu.eu/autoblog/"
}
 
$HTTP["host"] =~ "(^)autoblogmitsu(^)$"  {
	server.document-root = "/var/www/suumitsu.eu/ab1/"
	server.use-ipv6 = "enable"
	setenv.add-response-header = ( "Cache-Control" => "public, max-age=691200, must-revalidate", "Strict-Transport-Security" => "max-age=31536000; includeSubDomains" )
}
 
$HTTP["host"] == "ab1.suumitsu.eu" {
	server.document-root = "/var/www/suumitsu.eu/ab1/"
	server.use-ipv6 = "enable"
	setenv.add-response-header = ( "Cache-Control" => "public, max-age=691200, must-revalidate", "Strict-Transport-Security" => "max-age=31536000; includeSubDomains" )
}
 
$HTTP["host"] == "autoblog.suumitsu.eu" {
	server.document-root = "/var/www/suumitsu.eu/autoblog/"
	server.use-ipv6 = "enable"
	setenv.add-response-header = ( "Cache-Control" => "public, max-age=691200, must-revalidate", "Strict-Transport-Security" => "max-age=31536000; includeSubDomains" )
}
 
$HTTP["host"] == "storage.suumitsu.eu" {
        server.document-root = "/var/www/suumitsu.eu/storage/"
        server.use-ipv6 = "enable"
        setenv.add-response-header = ( "Cache-Control" => "public, max-age=691200, must-revalidate", "Strict-Transport-Security" => "max-age=31536000; includeSubDomains" )
	$HTTP["url"] =~ "^/public-folder-experiment/" {
		fastcgi.server = ()
		static-file.exclude-extensions = ( )
		index-file.names = ( )
	}
}
 
$HTTP["host"] == "root.suumitsu.eu" {
	server.document-root = "/dev/null/"
	url.redirect = ( "^/(.*)" => "https://suumitsu.eu/")
}
tuto/lighttpd_config.txt · Dernière modification: 2015/06/08 19:50 par mitsu