hubzilla_ynh/sources/install/sample-lighttpd.conf

# See http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ConfigurationOptions

### LOAD MODULES
server.modules = (
  "mod_access",
  "mod_accesslog",
  "mod_fastcgi",
  "mod_redirect",
  "mod_rewrite"
)

### BASIC STUFF
server.port = 80

server.username = "http"

server.groupname = "http"

server.document-root = "/path/to/your/www/files" #adjust to your setup

server.errorlog = "/var/log/lighttpd/error.log"

accesslog.filename = "/var/log/lighttpd/access.log"

### DISABLE DIR LISTING
dir-listing.activate = "disable"

### DISABLE REJECT EXPECT HEADER
### (needed for curl POST requests - otherwise they fail with error 417)
server.reject-expect-100-with-417 = "disable"

### DEFINE SUPPORTED INDEX FILENAMES
index-file.names = (
  "index.html",
  "index.htm",
  "index.php"
)

### DEFINE SUPPORTED MIME TYPES
mimetype.assign = (
  ".html" => "text/html",
  ".htm" => "text/html",
  ".css" => "text/css",
  ".txt" => "text/plain",
  ".svg" => "image/svg+xml",
  ".jpg" => "image/jpeg",
  ".png" => "image/png"
)

### DONT EVER SERVE FILES WITH EXTENSION
static-file.exclude-extensions = ( ".php" )

### PHP WITH PHP-FPM
### (needs php-fpm installed and running)
fastcgi.server = ( 
  ".php" => (
    "localhost" => (
      "socket" => "/run/php-fpm/php-fpm.sock",
      "broken-scriptfilename" => "enable",
      "allow-x-sendfile" => "enable"
    )                     
  )
)

### ENABLE SSL
$SERVER["socket"] == ":443" {
  ssl.engine = "enable"
  ssl.ca-file = "/etc/lighttpd/certs/ca-certs.crt" #adjust to your needs
  ssl.pemfile = "/etc/lighttpd/certs/red-ssl.crt" #adjust to your needs

  ssl.use-compression = "disable"
  ssl.use-sslv2 = "disable"
  ssl.use-sslv3 = "disable"
  ssl.cipher-list = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
}

### RISTRICT ACCESS TO DIRECTORYS AND FILES
$HTTP["url"] =~ "\.(out|log|htaccess)$" {
  url.access-deny = ("")
}

$HTTP["url"] =~ "(^|/)\.git|(^|/)store" {
  url.access-deny = ("")
}

### URL REWRITE RULES
url.rewrite-if-not-file = (
  "^\/([^\?]*)\?(.*)$" => "/index.php?q=$1&$2",
  "^\/(.*)$" => "/index.php?q=$1"
)
Re-importing Hubzilla core and addons source 2015-08-23 22:38:18 +02:00			`# See http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ConfigurationOptions`

			`### LOAD MODULES`
			`server.modules = (`
			`"mod_access",`
			`"mod_accesslog",`
			`"mod_fastcgi",`
			`"mod_redirect",`
			`"mod_rewrite"`
			`)`

			`### BASIC STUFF`
			`server.port = 80`

			`server.username = "http"`

			`server.groupname = "http"`

			`server.document-root = "/path/to/your/www/files" #adjust to your setup`

			`server.errorlog = "/var/log/lighttpd/error.log"`

			`accesslog.filename = "/var/log/lighttpd/access.log"`

			`### DISABLE DIR LISTING`
			`dir-listing.activate = "disable"`

			`### DISABLE REJECT EXPECT HEADER`
			`### (needed for curl POST requests - otherwise they fail with error 417)`
			`server.reject-expect-100-with-417 = "disable"`

			`### DEFINE SUPPORTED INDEX FILENAMES`
			`index-file.names = (`
			`"index.html",`
			`"index.htm",`
			`"index.php"`
			`)`

			`### DEFINE SUPPORTED MIME TYPES`
			`mimetype.assign = (`
			`".html" => "text/html",`
			`".htm" => "text/html",`
			`".css" => "text/css",`
			`".txt" => "text/plain",`
			`".svg" => "image/svg+xml",`
			`".jpg" => "image/jpeg",`
			`".png" => "image/png"`
			`)`

			`### DONT EVER SERVE FILES WITH EXTENSION`
			`static-file.exclude-extensions = ( ".php" )`

			`### PHP WITH PHP-FPM`
			`### (needs php-fpm installed and running)`
			`fastcgi.server = (`
			`".php" => (`
			`"localhost" => (`
			`"socket" => "/run/php-fpm/php-fpm.sock",`
			`"broken-scriptfilename" => "enable",`
			`"allow-x-sendfile" => "enable"`
			`)`
			`)`
			`)`

			`### ENABLE SSL`
			`$SERVER["socket"] == ":443" {`
			`ssl.engine = "enable"`
			`ssl.ca-file = "/etc/lighttpd/certs/ca-certs.crt" #adjust to your needs`
			`ssl.pemfile = "/etc/lighttpd/certs/red-ssl.crt" #adjust to your needs`

			`ssl.use-compression = "disable"`
			`ssl.use-sslv2 = "disable"`
			`ssl.use-sslv3 = "disable"`
			ssl.cipher-list = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
			`}`

			`### RISTRICT ACCESS TO DIRECTORYS AND FILES`
			`$HTTP["url"] =~ "\.(out\|log\|htaccess)$" {`
			`url.access-deny = ("")`
			`}`

			`$HTTP["url"] =~ "(^\|/)\.git\|(^\|/)store" {`
			`url.access-deny = ("")`
			`}`

			`### URL REWRITE RULES`
			`url.rewrite-if-not-file = (`
			`"^\/([^\?])\?(.)$" => "/index.php?q=$1&$2",`
			`"^\/(.*)$" => "/index.php?q=$1"`
			`)`