1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
# See http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ConfigurationOptions
### LOAD MODULES
server.modules = (
"mod_access",
"mod_accesslog",
"mod_fastcgi",
"mod_redirect",
"mod_rewrite"
)
### BASIC STUFF
server.port = 80
server.username = "http"
server.groupname = "http"
server.document-root = "/path/to/your/www/files" #adjust to your setup
server.errorlog = "/var/log/lighttpd/error.log"
accesslog.filename = "/var/log/lighttpd/access.log"
### DISABLE DIR LISTING
dir-listing.activate = "disable"
### DISABLE REJECT EXPECT HEADER
### (needed for curl POST requests - otherwise they fail with error 417)
server.reject-expect-100-with-417 = "disable"
### DEFINE SUPPORTED INDEX FILENAMES
index-file.names = (
"index.html",
"index.htm",
"index.php"
)
### DEFINE SUPPORTED MIME TYPES
mimetype.assign = (
".html" => "text/html",
".htm" => "text/html",
".css" => "text/css",
".txt" => "text/plain",
".svg" => "image/svg+xml",
".jpg" => "image/jpeg",
".png" => "image/png"
)
### DONT EVER SERVE FILES WITH EXTENSION
static-file.exclude-extensions = ( ".php" )
### PHP WITH PHP-FPM
### (needs php-fpm installed and running)
fastcgi.server = (
".php" => (
"localhost" => (
"socket" => "/run/php-fpm/php-fpm.sock",
"broken-scriptfilename" => "enable",
"allow-x-sendfile" => "enable"
)
)
)
### ENABLE SSL
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.ca-file = "/etc/lighttpd/certs/ca-certs.crt" #adjust to your needs
ssl.pemfile = "/etc/lighttpd/certs/red-ssl.crt" #adjust to your needs
ssl.use-compression = "disable"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
ssl.cipher-list = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
}
### RISTRICT ACCESS TO DIRECTORYS AND FILES
$HTTP["url"] =~ "\.(out|log|htaccess)$" {
url.access-deny = ("")
}
$HTTP["url"] =~ "(^|/)\.git|(^|/)store|(^|/)util" {
url.access-deny = ("")
}
### URL REWRITE RULES
url.rewrite-if-not-file = (
"^\/([^\?]*)\?(.*)$" => "/index.php?q=$1&$2",
"^\/(.*)$" => "/index.php?q=$1"
)
|
