Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- server.modules = ( "mod_openssl", "mod_auth", "mod_status", "mod_setenv", "mod_deflate", "mod_accesslog", "mod_proxy", "mod_redirect" )
- server.errorlog = "/var/log/lighttpd/error.log"
- server.pid-file = "/var/run/lighttpd.pid"
- server.username = "www"
- server.groupname = "www"
- server.use-ipv6 = "disable"
- server.document-root = "/nonexistent"
- server.max-connections = 65536
- server.max-keep-alive-requests = 15
- server.max-keep-alive-idle = 5
- server.max-read-idle = 30
- server.max-write-idle = 30
- index-file.names = ( "index.html", "index.htm" )
- server.dir-listing = "enable"
- dir-listing.encoding = "utf-8"
- dir-listing.hide-dotfiles = "enable"
- deflate.mimetypes = ( "text/html", "text/css", "application/javascript", "text/plain", "text/xml", "application/json", "image/svg+xml" )
- deflate.min-compress-size = 512
- deflate.compression-level = 1
- $SERVER["socket"] == ":80" {
- $HTTP["url"] =~ "^/.well-known/acme-challenge/" {
- server.document-root = "/store/webroot/web_open"
- server.dir-listing = "disable"
- }
- else {
- url.redirect = ("" => "https://${url.authority}${url.path}${qsa}")
- }
- }
- $HTTP["host"] == "home.private.example.com" {
- $SERVER["socket"] == ":443" {
- auth.backend = "plain"
- auth.backend.plain.userfile = "/store/webroot/htpasswd"
- auth.require = (
- "/status" => ("method" => "digest", "realm" => "private.example.com", "require" => "user=admin"),
- "/dashboard" => ("method" => "digest", "realm" => "private.example.com", "require" => "user=admin"),
- "/documenti" => ("method" => "digest", "realm" => "private.example.com", "require" => "user=admin"),
- "/images" => ("method" => "digest", "realm" => "private.example.com", "require" => "user=admin"),
- "/software/config" => ("method" => "digest", "realm" => "private.example.com", "require" => "user=admin"),
- "/logs" => ("method" => "digest", "realm" => "private.example.com", "require" => "user=admin"),
- "/" => ("method" => "digest", "realm" => "private.example.com", "require" => "valid-user")
- )
- server.document-root = "/store/webroot/web_ssl"
- status.status-url = "/status"
- ssl.engine = "enable"
- ssl.pemfile = "/usr/local/etc/lighttpd/ssl/home.private.example.com.pem"
- ssl.ca-file = "/usr/local/etc/letsencrypt/live/home.private.example.com/fullchain.pem"
- ssl.dh-file = "/usr/local/etc/lighttpd/ssl/dhparam4096.pem"
- ssl.ec-curve = "secp384r1"
- ssl.cipher-list = "ECDHE+AES:DHE+AES@STRENGTH"
- ssl.honor-cipher-order = "enable"
- ssl.use-sslv2 = "disable"
- ssl.use-sslv3 = "disable"
- setenv.add-response-header += ( "Strict-Transport-Security" => "max-age=31536000; includeSubDomains" )
- setenv.add-response-header += ( "X-Frame-Options" => "DENY" )
- setenv.add-response-header += ( "X-Content-Type-Options" => "nosniff" )
- $HTTP["url"] !~ "^((.*/)|(/robots.txt)|(/favicon.ico)|(/apple-touch-icon.*\.png)|(.*\.php))$" {
- accesslog.filename = "/var/log/lighttpd/access.log"
- accesslog.format = "[%{%d/%m/%Y %H:%M:%S}t] %h %u \"%r\" %s %b %T"
- }
- }
- }
- $HTTP["host"] =~ "(example.com)|(www.example.com)" {
- $SERVER["socket"] == ":443" {
- url.redirect = ("^/$" => "/myapp/" )
- proxy.server = ( "" => (( "host" => "127.0.0.1", "port" => "8080" )))
- ssl.engine = "enable"
- ssl.pemfile = "/usr/local/etc/lighttpd/ssl/example.com.pem"
- ssl.ca-file = "/usr/local/etc/letsencrypt/live/example.com/fullchain.pem"
- ssl.dh-file = "/usr/local/etc/lighttpd/ssl/dhparam4096.pem"
- ssl.ec-curve = "secp384r1"
- ssl.cipher-list = "ECDHE+AES:DHE+AES@STRENGTH"
- ssl.honor-cipher-order = "enable"
- ssl.use-sslv2 = "disable"
- ssl.use-sslv3 = "disable"
- setenv.add-response-header += ( "Strict-Transport-Security" => "max-age=31536000; includeSubDomains" )
- setenv.add-response-header += ( "X-Frame-Options" => "DENY" )
- setenv.add-response-header += ( "X-Content-Type-Options" => "nosniff" )
- }
- }
- include "conf.d/mime.conf"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement