aboutsummaryrefslogtreecommitdiffstats
path: root/install/sample-lighttpd.conf
diff options
context:
space:
mode:
Diffstat (limited to 'install/sample-lighttpd.conf')
-rw-r--r--install/sample-lighttpd.conf90
1 files changed, 90 insertions, 0 deletions
diff --git a/install/sample-lighttpd.conf b/install/sample-lighttpd.conf
new file mode 100644
index 000000000..db26c3b64
--- /dev/null
+++ b/install/sample-lighttpd.conf
@@ -0,0 +1,90 @@
+# See http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ConfigurationOptions
+
+### LOAD MODULES
+server.modules = (
+ "mod_access",
+ "mod_accesslog",
+ "mod_fastcgi",
+ "mod_redirect",
+ "mod_rewrite"
+)
+
+### BASIC STUFF
+server.port = 80
+
+server.username = "http"
+
+server.groupname = "http"
+
+server.document-root = "/path/to/your/www/files" #adjust to your setup
+
+server.errorlog = "/var/log/lighttpd/error.log"
+
+accesslog.filename = "/var/log/lighttpd/access.log"
+
+### DISABLE DIR LISTING
+dir-listing.activate = "disable"
+
+### DISABLE REJECT EXPECT HEADER
+### (needed for curl POST requests - otherwise they fail with error 417)
+server.reject-expect-100-with-417 = "disable"
+
+### DEFINE SUPPORTED INDEX FILENAMES
+index-file.names = (
+ "index.html",
+ "index.htm",
+ "index.php"
+)
+
+### DEFINE SUPPORTED MIME TYPES
+mimetype.assign = (
+ ".html" => "text/html",
+ ".htm" => "text/html",
+ ".css" => "text/css",
+ ".txt" => "text/plain",
+ ".svg" => "image/svg+xml",
+ ".jpg" => "image/jpeg",
+ ".png" => "image/png"
+)
+
+### DONT EVER SERVE FILES WITH EXTENSION
+static-file.exclude-extensions = ( ".php" )
+
+### PHP WITH PHP-FPM
+### (needs php-fpm installed and running)
+fastcgi.server = (
+ ".php" => (
+ "localhost" => (
+ "socket" => "/run/php-fpm/php-fpm.sock",
+ "broken-scriptfilename" => "enable",
+ "allow-x-sendfile" => "enable"
+ )
+ )
+)
+
+### ENABLE SSL
+$SERVER["socket"] == ":443" {
+ ssl.engine = "enable"
+ ssl.ca-file = "/etc/lighttpd/certs/ca-certs.crt" #adjust to your needs
+ ssl.pemfile = "/etc/lighttpd/certs/red-ssl.crt" #adjust to your needs
+
+ ssl.use-compression = "disable"
+ ssl.use-sslv2 = "disable"
+ ssl.use-sslv3 = "disable"
+ ssl.cipher-list = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
+}
+
+### RISTRICT ACCESS TO DIRECTORYS AND FILES
+$HTTP["url"] =~ "\.(out|log|htaccess)$" {
+ url.access-deny = ("")
+}
+
+$HTTP["url"] =~ "(^|/)\.git|(^|/)store" {
+ url.access-deny = ("")
+}
+
+### URL REWRITE RULES
+url.rewrite-if-not-file = (
+ "^\/([^\?]*)\?(.*)$" => "/index.php?q=$1&$2",
+ "^\/(.*)$" => "/index.php?q=$1"
+)