Guest User

Untitled

a guest
Nov 13th, 2018
90
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. server.modules = ( "mod_openssl", "mod_auth", "mod_status", "mod_setenv", "mod_deflate", "mod_accesslog", "mod_proxy", "mod_redirect" )
  2.  
  3. server.errorlog = "/var/log/lighttpd/error.log"
  4. server.pid-file = "/var/run/lighttpd.pid"
  5. server.username = "www"
  6. server.groupname = "www"
  7. server.use-ipv6 = "disable"
  8. server.document-root = "/nonexistent"
  9.  
  10. server.max-connections = 65536
  11. server.max-keep-alive-requests = 15
  12. server.max-keep-alive-idle = 5
  13. server.max-read-idle = 30
  14. server.max-write-idle = 30
  15.  
  16. index-file.names = ( "index.html", "index.htm" )
  17. server.dir-listing = "enable"
  18. dir-listing.encoding = "utf-8"
  19. dir-listing.hide-dotfiles = "enable"
  20.  
  21. deflate.mimetypes = ( "text/html", "text/css", "application/javascript", "text/plain", "text/xml", "application/json", "image/svg+xml" )
  22. deflate.min-compress-size = 512
  23. deflate.compression-level = 1
  24.  
  25. $SERVER["socket"] == ":80" {
  26. $HTTP["url"] =~ "^/.well-known/acme-challenge/" {
  27. server.document-root = "/store/webroot/web_open"
  28. server.dir-listing = "disable"
  29. }
  30. else {
  31. url.redirect = ("" => "https://${url.authority}${url.path}${qsa}")
  32. }
  33. }
  34.  
  35. $HTTP["host"] == "home.private.example.com" {
  36. $SERVER["socket"] == ":443" {
  37. auth.backend = "plain"
  38. auth.backend.plain.userfile = "/store/webroot/htpasswd"
  39. auth.require = (
  40. "/status" => ("method" => "digest", "realm" => "private.example.com", "require" => "user=admin"),
  41. "/dashboard" => ("method" => "digest", "realm" => "private.example.com", "require" => "user=admin"),
  42. "/documenti" => ("method" => "digest", "realm" => "private.example.com", "require" => "user=admin"),
  43. "/images" => ("method" => "digest", "realm" => "private.example.com", "require" => "user=admin"),
  44. "/software/config" => ("method" => "digest", "realm" => "private.example.com", "require" => "user=admin"),
  45. "/logs" => ("method" => "digest", "realm" => "private.example.com", "require" => "user=admin"),
  46. "/" => ("method" => "digest", "realm" => "private.example.com", "require" => "valid-user")
  47. )
  48.  
  49. server.document-root = "/store/webroot/web_ssl"
  50. status.status-url = "/status"
  51.  
  52. ssl.engine = "enable"
  53. ssl.pemfile = "/usr/local/etc/lighttpd/ssl/home.private.example.com.pem"
  54. ssl.ca-file = "/usr/local/etc/letsencrypt/live/home.private.example.com/fullchain.pem"
  55. ssl.dh-file = "/usr/local/etc/lighttpd/ssl/dhparam4096.pem"
  56. ssl.ec-curve = "secp384r1"
  57. ssl.cipher-list = "ECDHE+AES:DHE+AES@STRENGTH"
  58. ssl.honor-cipher-order = "enable"
  59. ssl.use-sslv2 = "disable"
  60. ssl.use-sslv3 = "disable"
  61.  
  62. setenv.add-response-header += ( "Strict-Transport-Security" => "max-age=31536000; includeSubDomains" )
  63. setenv.add-response-header += ( "X-Frame-Options" => "DENY" )
  64. setenv.add-response-header += ( "X-Content-Type-Options" => "nosniff" )
  65.  
  66. $HTTP["url"] !~ "^((.*/)|(/robots.txt)|(/favicon.ico)|(/apple-touch-icon.*\.png)|(.*\.php))$" {
  67. accesslog.filename = "/var/log/lighttpd/access.log"
  68. accesslog.format = "[%{%d/%m/%Y %H:%M:%S}t] %h %u \"%r\" %s %b %T"
  69. }
  70. }
  71. }
  72.  
  73. $HTTP["host"] =~ "(example.com)|(www.example.com)" {
  74. $SERVER["socket"] == ":443" {
  75. url.redirect = ("^/$" => "/myapp/" )
  76. proxy.server = ( "" => (( "host" => "127.0.0.1", "port" => "8080" )))
  77.  
  78. ssl.engine = "enable"
  79. ssl.pemfile = "/usr/local/etc/lighttpd/ssl/example.com.pem"
  80. ssl.ca-file = "/usr/local/etc/letsencrypt/live/example.com/fullchain.pem"
  81. ssl.dh-file = "/usr/local/etc/lighttpd/ssl/dhparam4096.pem"
  82. ssl.ec-curve = "secp384r1"
  83. ssl.cipher-list = "ECDHE+AES:DHE+AES@STRENGTH"
  84. ssl.honor-cipher-order = "enable"
  85. ssl.use-sslv2 = "disable"
  86. ssl.use-sslv3 = "disable"
  87.  
  88. setenv.add-response-header += ( "Strict-Transport-Security" => "max-age=31536000; includeSubDomains" )
  89. setenv.add-response-header += ( "X-Frame-Options" => "DENY" )
  90. setenv.add-response-header += ( "X-Content-Type-Options" => "nosniff" )
  91. }
  92. }
  93.  
  94. include "conf.d/mime.conf"
RAW Paste Data