tuto:lighttpd_config
- lighttpd.conf
server.modules = ( "mod_access", "mod_accesslog", "mod_alias", "mod_compress", "mod_redirect", # "mod_fastcgi", # use sudo lighty-enable "mod_setenv", # "mod_rewrite", "mod_extforward", ) server.document-root = "/var/www" server.pid-file = "/var/run/lighttpd.pid" server.username = "www-data" server.groupname = "www-data" server.tag = "lighttpd" server.port = 80 etag.use-mtime = "enable" etag.use-size = "enable" static-file.etags = "enable" # logging # better use syslog on prod: logging on disk is SLOW server.errorlog = "/var/log/lighttpd/error.log" accesslog.filename = "/var/log/lighttpd/access.log" index-file.names = ( "index.php", "index.html", "index.lighttpd.html" ) url.access-deny = ( "~", ".inc" ) static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) compress.cache-dir = "/var/log/lighttpd/compress/" compress.filetype = ( "application/javascript", "text/css", "text/xml", "text/html", "text/plain", "text/vtt" ) fastcgi.server = ( ".php" => (( "bin-path" => "/usr/bin/php-cgi", "socket" => "/tmp/php.socket", "max-procs" => 1, "bin-environment" => ( "PHP_FCGI_CHILDREN" => "16", "PHP_FCGI_MAX_REQUESTS" => "10000" ), "bin-copy-environment" => ( "PATH", "SHELL", "USER" ), ))) # default listening port for IPv6 falls back to the IPv4 port ## Use ipv6 if available include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port include_shell "/usr/share/lighttpd/create-mime.assign.pl" include_shell "/usr/share/lighttpd/include-conf-enabled.pl" connection.kbytes-per-second = 1024 ## To have real IP when using CloudFlare #extforward.forwarder = ( "all" => "trust" ) #extforward.headers = ("CF-Connecting-IP") $SERVER["socket"] == ":443" { ssl.engine = "enable" ssl.use-sslv2 = "disable" ssl.use-sslv3 = "disable" setenv.add-environment = ( "HTTPS" => "on" ) ssl.cipher-list = "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4" ssl.pemfile = "/etc/ssl/default.pem" ssl.dh-file="/etc/ssl/dhparams.pem" #custom dhparams for better security $HTTP["host"] =~ "suumitsu.eu" { ssl.cipher-list = "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4" ssl.pemfile = "/etc/ssl/suumitsu_eu.pem" ssl.ca-file = "/etc/ssl/cacert.crt" } } ### IPv6 $SERVER["socket"] == "[::]:443" { ssl.engine = "enable" ssl.use-sslv2 = "disable" ssl.use-sslv3 = "disable" setenv.add-environment = ( "HTTPS" => "on" ) ssl.cipher-list = "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4" ssl.pemfile = "/etc/ssl/default.pem" ssl.dh-file="/etc/ssl/dhparams.pem" #custom dhparams for better security $HTTP["host"] =~ "suumitsu.eu" { ssl.cipher-list = "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4" ssl.pemfile = "/etc/ssl/suumitsu.eu.pem" ssl.ca-file = "/etc/ssl/cacert.crt" setenv.add-response-header = ("Strict-Transport-Security" => "max-age=31536000; includeSubDomains") } } $HTTP["host"] == "media.suumitsu.eu" { server.document-root = "/var/www/suumitsu.eu/media/" server.use-ipv6 = "enable" setenv.add-response-header = ( "Strict-Transport-Security" => "max-age=31536000; includeSubDomains", "X-kitsune" => "Grrr", "X-response" => "42", "Cache-Control" => "public, max-age=691200, must-revalidate" ) } $HTTP["host"] =~ "(^|.)pw.suumitsu.eu" { server.document-root = "/var/www/suumitsu.eu/autoblog/" } $HTTP["host"] =~ "(^)autoblogmitsu(^)$" { server.document-root = "/var/www/suumitsu.eu/ab1/" server.use-ipv6 = "enable" setenv.add-response-header = ( "Cache-Control" => "public, max-age=691200, must-revalidate", "Strict-Transport-Security" => "max-age=31536000; includeSubDomains" ) } $HTTP["host"] == "ab1.suumitsu.eu" { server.document-root = "/var/www/suumitsu.eu/ab1/" server.use-ipv6 = "enable" setenv.add-response-header = ( "Cache-Control" => "public, max-age=691200, must-revalidate", "Strict-Transport-Security" => "max-age=31536000; includeSubDomains" ) } $HTTP["host"] == "autoblog.suumitsu.eu" { server.document-root = "/var/www/suumitsu.eu/autoblog/" server.use-ipv6 = "enable" setenv.add-response-header = ( "Cache-Control" => "public, max-age=691200, must-revalidate", "Strict-Transport-Security" => "max-age=31536000; includeSubDomains" ) } $HTTP["host"] == "storage.suumitsu.eu" { server.document-root = "/var/www/suumitsu.eu/storage/" server.use-ipv6 = "enable" setenv.add-response-header = ( "Cache-Control" => "public, max-age=691200, must-revalidate", "Strict-Transport-Security" => "max-age=31536000; includeSubDomains" ) $HTTP["url"] =~ "^/public-folder-experiment/" { fastcgi.server = () static-file.exclude-extensions = ( ) index-file.names = ( ) } } $HTTP["host"] == "root.suumitsu.eu" { server.document-root = "/dev/null/" url.redirect = ( "^/(.*)" => "https://suumitsu.eu/") }
tuto/lighttpd_config.txt · Dernière modification : 2015-06-08 19:50 de mitsu