lighttpd default config and systemd unit

rootfs/etc/systemd/system/lighttpd.service

@@ -0,0 +1,12 @@
+[Unit]
+Description = Lighty HTTP Server
+After       = network-online.target
+Wants       = network-online.target
+
+[Service]
+PIDFile    = /run/lighttpd.pid
+ExecStart  = lighttpd -D -f /usr/local/etc/lighttpd/lighttpd.conf
+ExecReload = /bin/kill -USR1 $MAINPID
+
+[Install]
+WantedBy = default.target

rootfs/usr/local/etc/lighttpd/conf.d/access_log.conf

@@ -0,0 +1,31 @@
+#######################################################################
+##
+## Corresponding documentation:
+##
+## https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModAccesslog
+##
+server.modules += ( "mod_accesslog" )
+
+##
+## Default access log.
+##
+accesslog.filename          = log_root + "/access.log"
+
+##
+## The default format produces CLF compatible output.
+## For available parameters see access.txt 
+##
+#accesslog.format = "%h %l %u %t \"%r\" %b %>s \"%{User-Agent}i\" \"%{Referer}i\""
+
+##
+## If you want to log to syslog you have to unset the 
+## accesslog.use-syslog setting and uncomment the next line.
+##
+#accesslog.use-syslog       = "enable"
+##
+## syslog level defaults to 6 ("Informational")
+## https://en.wikipedia.org/wiki/Syslog#Severity_level
+#accesslog.syslog-level     = 6
+
+#
+#######################################################################

rootfs/usr/local/etc/lighttpd/conf.d/auth.conf

@@ -0,0 +1,40 @@
+#######################################################################
+##
+##  Authentication Module
+## -----------------------
+##
+## See https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModAuth
+## for more info and many more options.
+##
+
+server.modules += ( "mod_auth" )
+
+#server.modules += ( "mod_authn_file" )
+#auth.backend                 = "plain"
+#auth.backend.plain.userfile  = "/etc/lighttpd/lighttpd.user"
+
+#server.modules += ( "mod_authn_ldap" )
+#auth.backend               = "ldap"
+#auth.backend.ldap.hostname = "localhost"
+#auth.backend.ldap.base-dn  = "dc=my-domain,dc=com"
+#auth.backend.ldap.filter   = "(uid=$)"
+
+#auth.require               = ( "/server-status" =>
+#                               (
+#                                 "method"  => "digest",
+#                                 "realm"   => "Server Status",
+#                                 "require" => "valid-user"
+#                               ),
+#                             )
+
+##
+## cache passwords/digests in memory to reduce load on the backend
+## max-age is in seconds
+##   cache is checked for expiration every 8 seconds, so actual
+##   caching may be up to 8 seconds longer than configured max-age.
+## default: inactive (no caching)
+##
+#auth.cache = ("max-age" => "600")
+
+##
+#######################################################################

rootfs/usr/local/etc/lighttpd/conf.d/cgi.conf

@@ -0,0 +1,60 @@
+#######################################################################
+##
+##  CGI modules
+## --------------- 
+##
+## See https://redmine.lighttpd.net/projects/lighttpd/wiki/docs_modcgi
+##
+server.modules += ( "mod_cgi" )
+
+##
+## Plain old CGI handling
+##
+## For PHP don't forget to set cgi.fix_pathinfo = 1 in the php.ini.
+##
+cgi.assign                 = ( ".pl"  => "/usr/bin/perl",
+                               ".cgi" => "/usr/bin/perl",
+                               ".rb"  => "/usr/bin/ruby",
+                               ".erb" => "/usr/bin/eruby",
+                               ".py"  => "/usr/bin/python" )
+
+##
+## to get the old cgi-bin behavior of apache
+##
+## Note: make sure that mod_alias is loaded if you uncomment the
+##       next line. (see modules.conf)
+##
+#alias.url += ( "/cgi-bin" => server_root + "/cgi-bin" )
+#$HTTP["url"] =~ "^/cgi-bin" {
+#   cgi.assign = ( "" => "" )
+#}
+
+##
+## require execute permission (+x) on files for CGI scripts
+## default: disable
+##
+#cgi.execute-x-only = "enable"
+
+##
+## process X-Sendfile (if present) from CGI response
+## https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModFastCGI#X-Sendfile
+## default: disable
+##
+#cgi.x-sendfile = "enable"
+#cgi.x-sendfile-docroot = ( "/srv/www/html", "/srv/www/static" )
+
+##
+## Local Redirect Response optimization
+## https://www.ietf.org/rfc/rfc3875 6.2.2 Local Redirect Response optimization
+## default: disable
+##
+#cgi.local-redir = "enable"
+
+##
+## permit Upgrade, e.g. Upgrade: websocket
+## default: disable
+##
+#cgi.upgrade = "enable"
+
+##
+#######################################################################

rootfs/usr/local/etc/lighttpd/conf.d/debug.conf

@@ -0,0 +1,49 @@
+#######################################################################
+##
+##  Debug options
+## ---------------
+##
+## See https://redmine.lighttpd.net/projects/lighttpd/wiki/DebugVariables
+##
+## Enable those options for debugging the behavior
+##
+## The settings can be set per location/vhost.
+## 
+
+## 
+## log-request-handling allows you to track the request
+## handing inside lighttpd. 
+##
+#debug.log-request-handling        = "enable"
+
+## 
+## log all request headers. 
+##
+#debug.log-request-header          = "enable"
+
+## 
+## similar to log-request-header.
+## but only logs if we encountered an error.
+## (return codes 400 and 5xx)
+##
+#debug.log-request-header-on-error = "enable"
+
+## 
+## log the header we send out to the client.
+##
+#debug.log-response-header         = "enable"
+
+## 
+## log if a file wasnt found in the error log.
+##
+#debug.log-file-not-found          = "enable"
+
+## 
+## debug conditionals handling
+##
+#debug.log-condition-handling      = "enable"
+
+#
+#######################################################################
+
+

rootfs/usr/local/etc/lighttpd/conf.d/deflate.conf

@@ -0,0 +1,62 @@
+#######################################################################
+##
+##  Output Compression
+## --------------------
+##
+## See https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModDeflate
+##
+server.modules += ( "mod_deflate" )
+
+##
+## mimetypes to compress
+##
+#deflate.mimetypes = ("text/")       # prefix matches all text/* Content-Type responses
+#deflate.mimetypes = ("text/html", "text/plain", "text/css", "text/javascript", "text/xml")
+deflate.mimetypes         = ("text/plain", "text/html")
+
+##
+## permitted encodings
+##
+deflate.allowed-encodings = ("brotli", "gzip", "deflate")
+
+##
+## optional
+##
+
+##
+## file cache location
+## lighttpd can store compressed files in cache by path and etag, and can serve
+## compressed files from cache instead of re-compressing files each request
+##
+#deflate.cache-dir = "/path/to/compress/cache"
+#deflate.cache-dir = cache_dir + "/compress"
+
+##
+## maximum response size (in KB) that will be compressed
+## default: 131072  # measured in KB (131072 indicates 128 MB)
+## Specifying 0 uses internal default of 128 MB as limit
+##
+#deflate.max-compress-size = 131072
+#deflate.max-compress-size = 0
+
+##
+## minimum response size that will be compressed
+## default: 256
+##
+#deflate.min-compress-size = 256     # measured in bytes
+
+##
+## system load average limit, above which mod_deflate is temporarily disabled
+##
+#deflate.max-loadavg = "3.50"
+
+##
+## tunables for compression algorithms
+## (often best left at defaults)
+##
+#deflate.compression-level = 9
+#deflate.output-buffer-size = 8192
+#deflate.work-block-size = 2048
+
+##
+#######################################################################

rootfs/usr/local/etc/lighttpd/conf.d/dirlisting.conf

@@ -0,0 +1,95 @@
+#######################################################################
+##
+##  Dirlisting Module 
+## ------------------- 
+##
+## See https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModDirlisting
+##
+
+##
+## Enabled Directory listing
+## default: disable
+#dir-listing.activate      = "enable"
+
+##
+## Hide dot files from the listing?
+## By default they are hidden (not listed).
+## default: enable
+#dir-listing.hide-dotfiles = "enable"
+
+##
+## list of regular expressions. Files that match any of the specified
+## regular expressions will be excluded from directory listings.
+##
+dir-listing.exclude       = ( "~$" )
+
+##
+## set a encoding for the generated directory listing
+##
+## If you file-system is not using ASCII you have to set the encoding of
+## the filenames as they are put into the HTML listing AS IS (with XML
+## encoding)
+##
+dir-listing.encoding = "UTF-8"
+
+##
+## local URL to optional CSS stylesheet for the directory listing
+##
+#dir-listing.external-css  = "/dirindex.css"
+
+##
+## local URL to optional js script to include,
+## e.g. for client side directory list sorting
+##
+#dir-listing.external-js = "/dirindex.js"
+
+##
+## Include HEADER.txt files above the directory listing. 
+## default: disable
+##
+#dir-listing.show-header = "enable"
+##
+## You can disable showing the HEADER.txt in the listing. 
+## default: disable (shows file in listing)
+##
+#dir-listing.hide-header-file = "enable"
+##
+## HTML-encode HEADER.txt
+## (disable to include files as-is, e.g. if files contain valid HTML)
+## default: enable
+##
+#dir-listing.encode-header = "disable"
+
+##
+## Include README.txt files above the directory listing. 
+## default: disable
+##
+#dir-listing.show-readme = "enable"
+##
+## You can disable showing the README.txt in the listing. 
+## default: disable (shows file in listing)
+##
+#dir-listing.hide-readme-file = "enable"
+##
+## HTML-encode README.txt
+## (disable to include files as-is, e.g. if files contain valid HTML)
+## default: enable
+##
+#dir-listing.encode-readme = "disable"
+
+##
+## displays a string in the footer of a listing page
+## default: value of server.tag directive
+##   "<PACKAGE_NAME>/<PACKAGE_VERSION>" e.g. "lighttpd/1.4.56"
+##
+#dir-listing.set-footer = " "
+
+##
+## Use lighttpd-provided page tags <body> and <html>
+## (disable if HEADER.txt and README.txt provide those tags)
+## default: enable
+##
+#dir-listing.auto-layout = "disable"
+
+##
+#######################################################################

rootfs/usr/local/etc/lighttpd/conf.d/evhost.conf

@@ -0,0 +1,24 @@
+#######################################################################
+##
+##  Enhanced virtual hosting 
+## -------------------------- 
+##
+## See https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModEVhost
+##
+server.modules += ( "mod_evhost" )
+
+##
+## define a pattern for the host url finding
+## %% => % sign
+## %0 => domain name + tld
+## %1 => tld
+## %2 => domain name without tld
+## %3 => subdomain 1 name
+## %4 => subdomain 2 name
+## %_ => full domain name
+## %{M.N} => single character at 1-indexed position N in the domain segment %M (e.g %0 - %9)
+##
+evhost.path-pattern        = vhosts_dir + "/%3/htdocs/"
+
+##
+#######################################################################

rootfs/usr/local/etc/lighttpd/conf.d/expire.conf

@@ -0,0 +1,22 @@
+#######################################################################
+##
+##  Expire Module 
+## --------------- 
+##
+## See https://redmine.lighttpd.net/projects/lighttpd/wiki/docs_modexpire
+##
+server.modules += ( "mod_expire" )
+
+##
+##  assignes a expiration to all files below the specified path. The
+##  specification of the time is made up of:
+##
+##    <access|modification> <number> <years|months|days|hours|minutes|seconds>
+##    
+#expire.url = (
+#  "/buggy/"  => "access 2 hours",
+#  "/images/" => "access plus 1 seconds 2 minutes"
+#)
+
+##
+#######################################################################

rootfs/usr/local/etc/lighttpd/conf.d/fastcgi.conf

@@ -0,0 +1,132 @@
+#######################################################################
+##
+##  FastCGI Module 
+## --------------- 
+##
+## See https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModFastCGI
+##
+server.modules += ( "mod_fastcgi" )
+
+##
+## PHP Example
+## For PHP don't forget to set cgi.fix_pathinfo = 1 in the php.ini.
+##
+## The number of php processes you will get can be easily calculated:
+##
+## num-procs = max-procs * ( 1 + PHP_FCGI_CHILDREN )
+##
+## for the php-num-procs example it means you will get 17*5 = 85 php
+## processes. you always should need this high number for your very
+## busy sites. And if you have a lot of RAM. :)
+##
+#fastcgi.server = ( ".php" =>
+#                   ( "php-local" =>
+#                     (
+#                       "socket" => socket_dir + "/php-fastcgi-1.socket",
+#                       "bin-path" => server_root + "/cgi-bin/php5",
+#                       "max-procs" => 1,
+#                       "broken-scriptfilename" => "enable",
+#                     ),
+#                     "php-tcp" =>
+#                     (
+#                       "host" => "127.0.0.1",
+#                       "port" => 9999,
+#                       "check-local" => "disable",
+#                       "broken-scriptfilename" => "enable",
+#                     ),
+#                     "php-num-procs" =>
+#                     (
+#                       "socket" => socket_dir + "/php-fastcgi-2.socket",
+#                       "bin-path" => server_root + "/cgi-bin/php5",
+#                       "bin-environment" => (
+#                         "PHP_FCGI_CHILDREN" => "16",
+#                         "PHP_FCGI_MAX_REQUESTS" => "10000",
+#                       ),
+#                       "max-procs" => 5,
+#                       "broken-scriptfilename" => "enable",
+#                     ),
+#                   ),
+#                 )
+
+##
+## Ruby on Rails Example
+##
+## Normally you only run one Rails application on one vhost.
+##
+#$HTTP["host"] == "rails1.example.com" {
+#  server.document-root  = server_root + "/rails/someapp/public"
+#  server.error-handler-404 = "/dispatch.fcgi"
+#  fastcgi.server = ( ".fcgi" =>
+#    ("someapp" =>
+#      ( "socket" => socket_dir + "/someapp-fcgi.socket",
+#        "bin-path" => server_root + "/rails/someapp/public/dispatch.fcgi",
+#        "bin-environment" => (
+#              "RAILS_ENV" => "production",
+#              "TMP" => home_dir + "/rails/someapp",
+#        ),
+#      )
+#    )
+#  )
+#}
+
+##
+## Another example with multiple rails applications on one vhost.
+##
+## https://blog.lighttpd.net/articles/2005/11/23/lighttpd-1-4-8-and-multiple-rails-apps
+##
+#$HTTP["host"] == "rails2.example.com" {
+#  $HTTP["url"] =~ "^/someapp1" {
+#    server.document-root  = server_root + "/rails/someapp1/public"
+#    server.error-handler-404 = "/dispatch.fcgi"
+#    fastcgi.server = ( ".fcgi" =>
+#      ("someapp1" =>
+#        ( "socket" => socket_dir + "/someapp1-fcgi.socket",
+#          "bin-path" => server_root + "/rails/someapp1/public/dispatch.fcgi",
+#          "bin-environment" => (
+#                "RAILS_ENV" => "production",
+#                "TMP" => home_dir + "/rails/someapp1",
+#          ),
+#          "strip-request-uri" => "/someapp1/"
+#        )
+#      )
+#    )
+#  }
+#
+#  $HTTP["url"] =~ "^/someapp2" {
+#    server.document-root  = server_root + "/rails/someapp2/public"
+#    server.error-handler-404 = "/dispatch.fcgi"
+#    fastcgi.server = ( ".fcgi" =>
+#      ("someapp2" =>
+#        ( "socket" => socket_dir + "/someapp2-fcgi.socket",
+#          "bin-path" => server_root + "/rails/someapp2/public/dispatch.fcgi",
+#          "bin-environment" => (
+#                "RAILS_ENV" => "production",
+#                "TMP" => home_dir + "/rails/someapp2",
+#          ),
+#          "strip-request-uri" => "/someapp2/"
+#        )
+#      )
+#    )
+#  }
+#}
+
+## chrooted webserver + external PHP
+##
+## $ spawn-fcgi -f /usr/bin/php-cgi -p 2000 -a 127.0.0.1 -C 8
+##
+## webserver chrooted to /srv/www/
+## php running outside the chroot
+#
+#fastcgi.server = ( 
+#  ".php" => (( 
+#    "host" => "127.0.0.1",
+#    "port" => "2000",
+#    "docroot" => "/srv/www/servers/www.example.org/htdocs/"
+#  )))
+#
+#server.chroot = "/srv/www"
+#server.document-root = "/servers/wwww.example.org/htdocs/"
+#
+
+##
+#######################################################################

rootfs/usr/local/etc/lighttpd/conf.d/magnet.conf

@@ -0,0 +1,22 @@
+#######################################################################
+##
+##  Magnet Module 
+## --------------- 
+##
+## See https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModMagnet
+##
+server.modules += ( "mod_magnet" )
+
+##
+##
+##
+#magnet.attract-raw-url-to = (  )
+
+##
+## as an example for that see the mod_magnet docs and
+## http://pixel.global-banlist.de./
+##
+#magnet.attract-physical-path-to = ( conf_dir + "/cleanurl.lua" )
+
+##
+#######################################################################

rootfs/usr/local/etc/lighttpd/conf.d/mod.template

@@ -0,0 +1,14 @@
+#######################################################################
+##
+##  Foo Module 
+## --------------- 
+##
+server.modules += ( "mod_Foo" )
+
+##
+## foo
+##
+#foo.bar = 1
+
+##
+#######################################################################

rootfs/usr/local/etc/lighttpd/conf.d/proxy.conf

@@ -0,0 +1,35 @@
+#######################################################################
+##
+##  Proxy Module 
+## --------------- 
+##
+## See https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModProxy
+##
+server.modules += ( "mod_proxy" )
+
+##
+## a value between 0 and 65535 to set the debug-level in the Proxy module.
+## Currently only 0 and 1 are used. Use 1 to enable some debug output, 0 to
+## disable it. 
+##
+#proxy.debug = 1
+
+##  
+## might be one of 'hash', 'round-robin' or 'fair' (default).
+##  
+#proxy.balance = "fair"
+  
+##
+## Handle all jsp requests via 192.168.0.101
+##
+#proxy.server = ( ".jsp" =>
+#                 ( "tomcat" =>
+#                   (
+#                     "host" => "192.168.0.101",
+#                     "port" => 80
+#                   )
+#                 )
+#               )
+
+##
+#######################################################################

rootfs/usr/local/etc/lighttpd/conf.d/rrdtool.conf

@@ -0,0 +1,21 @@
+#######################################################################
+##
+##  RRD Tool Module 
+## ----------------- 
+##
+## See https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModRRDTool
+##
+server.modules += ( "mod_rrdtool" )
+
+##
+## Path to the rrdtool binary.
+##
+rrdtool.binary             = "/usr/bin/rrdtool"
+
+##
+## Path to the rrdtool database. You can override this in conditionals.
+##
+rrdtool.db-name            = "/var/lib/lighttpd/lighttpd.rrd"
+
+##
+#######################################################################

rootfs/usr/local/etc/lighttpd/conf.d/scgi.conf

@@ -0,0 +1,51 @@
+#######################################################################
+##
+##  SCGI Module 
+## --------------- 
+##
+## See https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModSCGI
+##
+server.modules += ( "mod_scgi" )
+
+##
+## Ruby on Rails Example
+##
+## Normally you only run one Rails application on one vhost.
+##
+#$HTTP["host"] == "rails1.example.com" {
+#  server.document-root  = server_root + "/rails/someapp/public"
+#  server.error-handler-404 = "/dispatch.fcgi"
+#  scgi.server = ( ".scgi" =>
+#    ("scgi-someapp" =>
+#      ( "socket" => socket_dir + "/someapp-scgi.socket",
+#        "bin-path" => server_root + "/rails/someapp/public/dispatch.scgi",
+#        "bin-environment" => (
+#              "RAILS_ENV" => "production",
+#              "TMP" => home_dir + "/rails/someapp",
+#        ),
+#      )
+#    )
+#  )
+#}
+
+##
+## 2nd Ruby on Rails Example
+##
+## This time we launch the rails application via scgi_rails externally. 
+##
+#$HTTP["host"] == "rails2.example.com" {
+#  server.document-root  = server_root + "/rails/someapp/public"
+#  server.error-handler-404 = "/dispatch.scgi"
+#  scgi.server = ( ".scgi" =>
+#    ( "scgi-tcp" =>
+#      (
+#        "host" => "127.0.0.1",
+#        "port" => 9998,
+#        "check-local" => "disable",
+#      )
+#    )
+#  )
+#}
+
+##
+#######################################################################

rootfs/usr/local/etc/lighttpd/conf.d/secdownload.conf

@@ -0,0 +1,35 @@
+#######################################################################
+##
+##  Secure Download Module 
+## ------------------------ 
+##
+## See https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModSecDownload
+##
+server.modules += ( "mod_secdownload" )
+
+##
+## Document root for the download area.
+## The directory should not be below your normal 
+## document root! 
+##
+#secdownload.document-root = server_root + "/downloads"
+
+##
+## Secret string that will be used for the checksum calculation.
+##
+#secdownload.secret = ""
+
+##
+## How long is the secret valid?
+##
+## Default: 60 seconds
+##
+#secdownload.timeout = 60
+
+##
+## Prefix for the download area. 
+##
+#secdownload.uri-prefix = "/download/"
+
+##
+#######################################################################

rootfs/usr/local/etc/lighttpd/conf.d/simple_vhost.conf

@@ -0,0 +1,28 @@
+#######################################################################
+##
+##  Simple Virtual hosting 
+## ------------------------ 
+##
+## See https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModSimpleVhost
+##
+server.modules += ( "mod_simple_vhost" )
+
+##  If you want name-based virtual hosting add the next three settings and load
+##  mod_simple_vhost
+##
+## document-root =
+##   virtual-server-root + virtual-server-default-host + virtual-server-docroot
+## or
+##   virtual-server-root + http-host + virtual-server-docroot
+##
+simple-vhost.server-root   = vhosts_dir + "/"
+simple-vhost.default-host  = "default.example.com"
+simple-vhost.document-root = "/htdocs/"
+
+##
+## Print some errors for finding the document-root
+##
+#simple-vhost.debug = 1
+
+##
+#######################################################################

rootfs/usr/local/etc/lighttpd/conf.d/ssi.conf

@@ -0,0 +1,49 @@
+#######################################################################
+##
+##  Server Side Includes
+## -----------------------
+##
+## See https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModSSI
+##
+server.modules += ( "mod_ssi" )
+
+##
+## which extensions should be ran through mod_ssi.
+##
+ssi.extension              = ( ".shtml" )
+
+##
+## The  ssi.conditional-requests  directive only affects requests
+## handled by the SSI module and allows to declare which SSI pages
+## are cacheable and which are not. This directive can be enabled
+## or disabled globally and/or in any context.
+##
+## As the name of this directive suggests, conditional requests will
+## be handled appropriately for any SSI page for which the directive
+## is enabled. In particular, the "ETag" and "Last-Modified" headers
+## will both be sent. Conversely, these headers will NOT be sent for
+## pages for which the directive is disabled.
+##
+## The directive should be set to "enable" ONLY for requests that are
+## known to generate cacheable documents. An SSI page which only
+## includes contents from other static files and/or which uses SSI
+## commands that produce predictable output (e.g. the echo command
+## for the LAST_MODIFIED variable) is likely to be cacheable.
+##
+## The directive should be set to "disable" for ALL other documents,
+## that is, for SSI pages which depend on non-predictable input such
+## as (but not limited to) output from ssi exec commands, data from
+## the client's request headers (other than the request URI), or any
+## other non constant input such as the current date or time, the
+## client's user-agent, etc...
+##
+## Disabled by default.
+##
+## For further explanation of conditional requests, please see
+## Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests
+## https://tools.ietf.org/html/rfc7232
+##
+#ssi.conditional-requests = "enable"
+
+##
+#######################################################################

rootfs/usr/local/etc/lighttpd/conf.d/status.conf

@@ -0,0 +1,24 @@
+#######################################################################
+##
+##  Status Module 
+## --------------- 
+##
+## See https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModStatus
+##
+server.modules += ( "mod_status" )
+
+$HTTP["remoteip"] == "127.0.0.0/8" {
+##
+## configure urls for the various parts of the module. 
+##
+  status.status-url          = "/server-status"
+  status.config-url          = "/server-config"
+  status.statistics-url      = "/server-statistics"
+##
+## add JavaScript which allows client-side sorting for the connection
+## overview 
+##
+  status.enable-sort         = "enable"
+}
+##
+#######################################################################

rootfs/usr/local/etc/lighttpd/conf.d/userdir.conf

@@ -0,0 +1,36 @@
+#######################################################################
+##
+##  Userdir Module 
+## ----------------
+##
+## See https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModUserDir
+##
+server.modules += ( "mod_userdir" )
+
+##
+## usually it should be set to "public_html" to take ~/public_html/ as
+## the document root
+## Default: empty (document root is the home directory)
+##
+userdir.path = "public_html"
+
+##
+## If set, don't check /etc/passwd for homedir
+## Default: empty
+#userdir.basepath = server_root + "/users/"
+
+##
+## list of usernames which may not use this feature
+## Default: empty (all users may use it)
+##
+#userdir.exclude-user = ( "root", "postmaster" )
+
+##
+## if set, only users from this list may use the feature
+## Default: empty (all users may use it) 
+##
+#userdir.include-user = ("user1", "user2")
+
+##
+#######################################################################
+

rootfs/usr/local/etc/lighttpd/conf.d/webdav.conf

@@ -0,0 +1,40 @@
+#######################################################################
+##
+##  WebDAV Module
+## ---------------
+##
+## See https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModWebDAV
+##
+server.modules += ( "mod_webdav" )
+
+$HTTP["url"] =~ "^/dav($|/)" {
+  ##
+  ## enable webdav for this location
+  ##
+  webdav.activate = "enable"
+
+  ##
+  ## By default the webdav url is writable.
+  ## Uncomment the following line if you want to make it readonly.
+  ##
+  #webdav.is-readonly = "enable"
+
+  ##
+  ## SQLite database for WebDAV properties and WebDAV locks
+  ##
+  webdav.sqlite-db-name = home_dir + "/webdav.db"
+
+  ##
+  ## Log the XML Request bodies for debugging
+  ##
+  #webdav.log-xml = "disable"
+
+  ##
+  ## mod_webdav further tunables
+  ## See online doc:
+  ##   https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModWebDAV
+  ##
+  #webdav.opts = ( ... )
+}
+##
+#######################################################################

rootfs/usr/local/etc/lighttpd/lighttpd.conf

@@ -0,0 +1,463 @@
+#######################################################################
+##
+## /etc/lighttpd/lighttpd.conf
+##
+## check /etc/lighttpd/conf.d/*.conf for the configuration of modules.
+##
+#######################################################################
+
+#######################################################################
+##
+## Some Variable definition which will make chrooting easier.
+##
+## if you add a variable here. Add the corresponding variable in the
+## chroot example as well.
+##
+var.log_root    = "/var/log/lighttpd"
+var.server_root = "/srv/www"
+var.state_dir   = "/run"
+var.home_dir    = "/var/lib/lighttpd"
+var.conf_dir    = "/usr/local/etc/lighttpd"
+
+## 
+## run the server chrooted.
+## 
+## This requires root permissions during startup.
+##
+## If you run Chrooted set the the variables to directories relative to
+## the chroot dir.
+##
+## example chroot configuration:
+## 
+#var.log_root    = "/logs"
+#var.server_root = "/"
+#var.state_dir   = "/run"
+#var.home_dir    = "/lib/lighttpd"
+#var.vhosts_dir  = "/vhosts"
+#var.conf_dir    = "/etc"
+#
+#server.chroot   = "/srv/www"
+
+##
+## Some additional variables to make the configuration easier
+##
+
+##
+## Base directory for all virtual hosts
+##
+## used in:
+## conf.d/evhost.conf
+## conf.d/simple_vhost.conf
+## vhosts.d/vhosts.template
+##
+var.vhosts_dir  = server_root + "/vhosts"
+
+##
+## Cache for mod_deflate
+##
+## used in:
+## conf.d/deflate.conf
+##
+var.cache_dir   = "/var/cache/lighttpd"
+
+##
+## Base directory for sockets.
+##
+## used in:
+## conf.d/fastcgi.conf
+## conf.d/scgi.conf
+##
+var.socket_dir  = home_dir + "/sockets"
+
+##
+#######################################################################
+
+#######################################################################
+##
+## Load the modules.
+include conf_dir + "/modules.conf"
+
+##
+#######################################################################
+
+#######################################################################
+##
+##  Basic Configuration
+## ---------------------
+##
+server.port = 80
+
+##
+## Use IPv6?
+##
+server.use-ipv6 = "enable"
+
+##
+## bind to a specific IP
+##
+#server.bind = "localhost"
+
+##
+## Run as a different username/groupname.
+## This requires root permissions during startup. 
+##
+server.username  = "lighttpd"
+server.groupname = "lighttpd"
+
+##
+## Enable lighttpd to serve requests on sockets received from systemd
+## https://www.freedesktop.org/software/systemd/man/systemd.socket.html
+##
+#server.systemd-socket-activation = "enable"
+
+## 
+## enable core files.
+##
+#server.core-files = "disable"
+
+##
+## Document root
+##
+server.document-root = server_root + "/htdocs"
+
+##
+## The value for the "Server:" response field.
+##
+## It would be nice to keep it at "lighttpd".
+##
+#server.tag = "lighttpd"
+
+##
+## store a pid file
+##
+server.pid-file = state_dir + "/lighttpd.pid"
+
+##
+#######################################################################
+
+#######################################################################
+##
+##  Logging Options
+## ------------------
+##
+## all logging options can be overwritten per vhost.
+##
+## Path to the error log file
+##
+server.errorlog             = log_root + "/error.log"
+
+##
+## If you want to log to syslog you have to unset the 
+## server.errorlog setting and uncomment the next line.
+##
+#server.errorlog-use-syslog = "enable"
+
+##
+## Access log config
+## 
+include conf_dir + "/conf.d/access_log.conf"
+
+##
+## The debug options are moved into their own file.
+## see conf.d/debug.conf for various options for request debugging.
+##
+include conf_dir + "/conf.d/debug.conf"
+
+##
+#######################################################################
+
+#######################################################################
+##
+##  Tuning/Performance
+## --------------------
+##
+## corresponding documentation:
+## https://wiki.lighttpd.net/Docs_Performance
+##
+## set the event-handler (read the performance section in the manual)
+##
+## The recommended server.event-handler is chosen by default for each OS.
+##
+## epoll  (recommended on Linux)
+## kqueue (recommended on *BSD and MacOS X)
+## solaris-eventports (recommended on Solaris)
+## poll   (recommended if none of above are available)
+## select (*not* recommended)
+## libev  (*not* recommended)
+##
+#server.event-handler = "linux-sysepoll"
+
+##
+## The basic network interface for all platforms at the syscalls read()
+## and write(). Every modern OS provides its own syscall to help network
+## servers transfer files as fast as possible 
+##
+#server.network-backend = "sendfile"
+
+##
+## As lighttpd is a single-threaded server, its main resource limit is
+## the number of file descriptors, which is set to 1024 by default (on
+## most systems).
+##
+## If you are running a high-traffic site you might want to increase this
+## limit by setting server.max-fds.
+##
+## Changing this setting requires root permissions on startup. see
+## server.username/server.groupname.
+##
+## By default lighttpd would not change the operation system default.
+## But setting it to 16384 is a better default for busy servers.
+##
+## With SELinux enabled, this is denied by default and needs to be allowed
+## by running the following once: setsebool -P httpd_setrlimit on
+##
+server.max-fds = 16384
+
+##
+## listen-backlog is the size of the listen() backlog queue requested when
+## the lighttpd server ask the kernel to listen() on the provided network
+## address.  Clients attempting to connect() to the server enter the listen()
+## backlog queue and wait for the lighttpd server to accept() the connection.
+##
+## The out-of-box default on many operating systems is 128 and is identified
+## as SOMAXCONN.  This can be tuned on many operating systems.  (On Linux,
+## cat /proc/sys/net/core/somaxconn)  Requesting a size larger than operating
+## system limit will be silently reduced to the limit by the operating system.
+##
+## When there are too many connection attempts waiting for the server to
+## accept() new connections, the listen backlog queue fills and the kernel
+## rejects additional connection attempts.  This can be useful as an
+## indication to an upstream load balancer that the server is busy, and
+## possibly overloaded.  In that case, configure a smaller limit for
+## server.listen-backlog.  On the other hand, configure a larger limit to be
+## able to handle bursts of new connections, but only do so up to an amount
+## that the server can keep up with responding in a reasonable amount of
+## time.  Otherwise, clients may abandon the connection attempts and the
+## server will waste resources servicing abandoned connections.
+##
+## It is best to leave this setting at its default unless you have modelled
+## your traffic and tested that changing this benefits your traffic patterns.
+##
+## Default: 1024
+##
+#server.listen-backlog = 128
+
+##
+## Stat() call caching.
+##
+## lighttpd can utilize FAM/Gamin to cache stat call.
+##
+## possible values are:
+## disable, simple, inotify, kqueue, or fam.
+##
+#server.stat-cache-engine = "simple"
+
+##
+## Fine tuning for the request handling
+##
+## max-connections == max-fds/3)
+## (other file handles are used for fastcgi/files)
+##
+#server.max-connections = 1024
+
+##
+## How many seconds to keep a keep-alive connection open,
+## until we consider it idle. 
+##
+## Default: 5
+##
+#server.max-keep-alive-idle = 5
+
+##
+## How many keep-alive requests until closing the connection.
+##
+## Default: 16
+##
+#server.max-keep-alive-requests = 16
+
+##
+## Maximum size of a request in kilobytes.
+## By default it is unlimited (0).
+##
+## Uploads to your server cant be larger than this value.
+##
+#server.max-request-size = 0
+
+##
+## Time to read from a socket before we consider it idle.
+##
+## Default: 60
+##
+#server.max-read-idle = 60
+
+##
+## Time to write to a socket before we consider it idle.
+##
+## Default: 360
+##
+#server.max-write-idle = 360
+
+##
+##  Traffic Shaping 
+## -----------------
+##
+## see /usr/share/doc/lighttpd/traffic-shaping.txt
+##
+## Values are in kilobyte per second.
+##
+## Keep in mind that a limit below 32kB/s might actually limit the
+## traffic to 32kB/s. This is caused by the size of the TCP send
+## buffer. 
+##
+## per server:
+##
+#server.kbytes-per-second = 128
+
+##
+## per connection:
+##
+#connection.kbytes-per-second = 32
+
+##
+#######################################################################
+
+#######################################################################
+##
+##  Filename/File handling
+## ------------------------
+
+##
+## files to check for if .../ is requested
+## index-file.names            = ( "index.php", "index.rb", "index.html",
+##                                 "index.htm", "default.htm" )
+##
+index-file.names += (
+  "index.xhtml", "index.html", "index.htm", "default.htm", "index.php"
+)
+
+##
+## deny access the file-extensions
+##
+## ~    is for backupfiles from vi, emacs, joe, ...
+## .inc is often used for code includes which should in general not be part
+##      of the document-root
+url.access-deny             = ( "~", ".inc" )
+
+##
+## disable range requests for pdf files
+## workaround for a bug in the Acrobat Reader plugin.
+## (ancient; should no longer be needed)
+##
+#$HTTP["url"] =~ "\.pdf$" {
+#  server.range-requests = "disable"
+#}
+
+##
+## url handling modules (rewrite, redirect)
+##
+#url.rewrite                = ( "^/$"             => "/server-status" )
+#url.redirect               = ( "^/wishlist/(.+)" => "http://www.example.com/$1" )
+
+##
+## both rewrite/redirect support back reference to regex conditional using %n
+##
+#$HTTP["host"] =~ "^www\.(.*)" {
+#  url.redirect            = ( "^/(.*)" => "http://%1/$1" )
+#}
+
+##
+## which extensions should not be handle via static-file transfer
+##
+## .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi
+##
+static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".scgi" )
+
+##
+## error-handler for all status 400-599
+##
+#server.error-handler       = "/error-handler.html"
+#server.error-handler       = "/error-handler.php"
+
+##
+## error-handler for status 404
+##
+#server.error-handler-404   = "/error-handler.html"
+#server.error-handler-404   = "/error-handler.php"
+
+##
+## Format: <errorfile-prefix><status-code>.html
+## -> ..../status-404.html for 'File not found'
+##
+#server.errorfile-prefix    = "/srv/www/htdocs/errors/status-"
+
+##
+## mimetype mapping
+##
+include conf_dir + "/conf.d/mime.conf"
+
+##
+## directory listing configuration
+##
+include conf_dir + "/conf.d/dirlisting.conf"
+
+##
+## Should lighttpd follow symlinks?
+## default: "enable"
+#server.follow-symlink = "enable"
+
+##
+## force all filenames to be lowercase?
+##
+#server.force-lowercase-filenames = "disable"
+
+##
+## defaults to /var/tmp as we assume it is a local harddisk
+## default: "/var/tmp"
+#server.upload-dirs = ( "/var/tmp" )
+
+##
+#######################################################################
+
+#######################################################################
+##
+##  SSL Support
+## ------------- 
+##
+## https://wiki.lighttpd.net/Docs_SSL
+#
+## To enable SSL for the whole server you have to provide a valid
+## certificate and have to enable the SSL engine.::
+##
+##   server.modules += ( "mod_openssl" )
+##
+##   ssl.privkey = "/path/to/privkey.pem"
+##   ssl.pemfile = "/path/to/fullchain.pem"
+##   # ssl.pemfile should contain the sorted certificate chain, including
+##   # intermediate certificates, as provided by the certificate issuer.
+##   # If both privkey and cert are in same file, specify only ssl.pemfile.
+##
+##   # Check your cipher list with: openssl ciphers -v '...'
+##   # (use single quotes with: openssl ciphers -v '...'
+##   #  as your shell won't like ! in double quotes)
+##   #ssl.cipher-list            = "HIGH"   # default
+##
+##   # (recommended to accept only TLSv1.2 and TLSv1.3)
+##   #ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1.2")  # default
+##
+##   $SERVER["socket"] == "*:443" {
+##     ssl.engine  = "enable"
+##   }
+##   $SERVER["socket"] == "[::]:443" {
+##     ssl.engine  = "enable"
+##   }
+##
+#######################################################################
+
+#######################################################################
+##
+## custom includes like vhosts.
+##
+#include conf_dir + "/conf.d/config.conf"
+#include conf_dir + "/vhosts.d/*.conf"
+##
+#######################################################################

rootfs/usr/local/etc/lighttpd/modules.conf

@@ -0,0 +1,168 @@
+#######################################################################
+##
+##  Modules to load
+## -----------------
+##
+## Load only the modules needed in order to keep things simple.
+##
+## lighttpd automatically adds the following default modules
+## to server.modules, if not explicitly listed in server.modules:
+##   "mod_indexfile", "mod_dirlisting", "mod_staticfile"
+##
+## You may disable automatic loading of default modules by setting
+##   server.compat-module-load = "disable"
+##
+## lighttpd provides many modules, and not all are listed below.  Please see:
+## https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ConfigurationOptions
+##
+## Modules, which are pulled in via conf.d/*.conf
+##
+## - mod_accesslog     -> conf.d/access_log.conf
+## - mod_deflate       -> conf.d/deflate.conf
+## - mod_status        -> conf.d/status.conf
+## - mod_webdav        -> conf.d/webdav.conf
+## - mod_evhost        -> conf.d/evhost.conf
+## - mod_simple_vhost  -> conf.d/simple_vhost.conf
+## - mod_userdir       -> conf.d/userdir.conf
+## - mod_rrdtool       -> conf.d/rrdtool.conf
+## - mod_ssi           -> conf.d/ssi.conf
+## - mod_cgi           -> conf.d/cgi.conf
+## - mod_scgi          -> conf.d/scgi.conf
+## - mod_fastcgi       -> conf.d/fastcgi.conf
+## - mod_proxy         -> conf.d/proxy.conf
+## - mod_secdownload   -> conf.d/secdownload.conf
+## - mod_expire        -> conf.d/expire.conf
+##
+## NOTE: The order of modules in server.modules is important.
+##
+## Modules which gate requests (e.g. mod_access, mod_auth) or modify
+## requests (e.g. mod_alias, mod_setenv) should be listed before
+## modules which complete requests (e.g. mod_redirect, mod_rewrite),
+## and which, in turn, should be listed before dynamic handlers
+## (e.g. mod_cgi, mod_fastcgi, mod_proxy, mod_scgi, ...)
+##
+## DO NOT alphabetize modules.
+## Alphabetizing may break expected functionality.  See explanation above.
+##
+
+server.modules = (
+#  "mod_rewrite",
+  "mod_access",
+#  "mod_evasive",
+#  "mod_auth",
+#  "mod_authn_file",
+#  "mod_redirect",
+#  "mod_setenv",
+#  "mod_alias",
+)
+
+##
+#######################################################################
+
+#######################################################################
+##
+##  Config for various Modules
+##
+
+##
+## mod_expire
+##
+#include conf_dir + "/conf.d/expire.conf"
+
+##
+## mod_deflate
+##
+#include conf_dir + "/conf.d/deflate.conf"
+
+##
+## mod_magnet
+##
+#include conf_dir + "/conf.d/magnet.conf"
+
+##
+## mod_ssi
+##
+#include conf_dir + "/conf.d/ssi.conf"
+
+##
+## mod_status
+##
+#include conf_dir + "/conf.d/status.conf"
+
+##
+## mod_webdav
+##
+#include conf_dir + "/conf.d/webdav.conf"
+
+##
+## mod_userdir
+##
+#include conf_dir + "/conf.d/userdir.conf"
+
+##
+## mod_rrdtool
+##
+#include conf_dir + "/conf.d/rrdtool.conf"
+
+##
+## mod_secdownload
+##
+#include conf_dir + "/conf.d/secdownload.conf"
+
+##
+#######################################################################
+
+#######################################################################
+##
+## CGI/proxy modules
+##
+
+##
+## mod_proxy
+##
+#include conf_dir + "/conf.d/proxy.conf"
+
+##
+## SCGI (mod_scgi)
+##
+#include conf_dir + "/conf.d/scgi.conf"
+
+##
+## FastCGI (mod_fastcgi)
+##
+#include conf_dir + "/conf.d/fastcgi.conf"
+
+##
+## plain old CGI (mod_cgi)
+##
+#include conf_dir + "/conf.d/cgi.conf"
+
+##
+#######################################################################
+
+#######################################################################
+##
+## VHost Modules
+##
+##  Only load ONE of them!
+## ========================
+##
+
+##
+## You can use conditionals for vhosts aswell.
+## 
+## see https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_Configuration
+##
+
+##
+## mod_evhost
+##
+#include conf_dir + "/conf.d/evhost.conf"
+
+##
+## mod_simple_vhost
+##
+#include conf_dir + "/conf.d/simple_vhost.conf"
+
+##
+#######################################################################