-
Notifications
You must be signed in to change notification settings - Fork 0
/
lighttpd.conf
88 lines (76 loc) · 3.15 KB
/
lighttpd.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
server.modules = (
"mod_indexfile",
"mod_access",
"mod_alias",
"mod_redirect",
)
server.document-root = "/var/www"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.host = "0.0.0.0"
#server.port = 80 #Must be enabled for the initial letsencrypt challenge, it can be disabled after that
# strict parsing and normalization of URL for consistency and security
# https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails
# (might need to explicitly set "url-path-2f-decode" = "disable"
# if a specific application is encoding URLs inside url-path)
server.http-parseopts = (
"header-strict" => "enable",# default
"host-strict" => "enable",# default
"host-normalize" => "enable",# default
"url-normalize-unreserved"=> "enable",# recommended highly
"url-normalize-required" => "enable",# recommended
"url-ctrls-reject" => "enable",# recommended
"url-path-2f-decode" => "enable",# recommended highly (unless breaks app)
#"url-path-2f-reject" => "enable",
"url-path-dotseg-remove" => "enable",# recommended highly (unless breaks app)
#"url-path-dotseg-reject" => "enable",
#"url-query-20-plus" => "enable",# consistency in query string
)
index-file.names = ( "index.php", "index.html" )
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )
# default listening port for IPv6 falls back to the IPv4 port
# include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.conf.pl"
include "/etc/lighttpd/conf-enabled/*.conf"
##### TLS/SSL #####
server.modules += ("mod_openssl")
$SERVER["socket"] == server.host + ":443" {
ssl.engine = "enable"
ssl.privkey= "/etc/letsencrypt/live/snakemountain.eternia.dev/privkey.pem"
ssl.pemfile= "/etc/letsencrypt/live/snakemountain.eternia.dev/fullchain.pem"
}
##### PROXY #####
# Inspiration: https://github.com/linuxserver/reverse-proxy-confs/blob/master/transmission.subfolder.conf.sample
#server.compat-module-load = "disable"
server.modules += (
"mod_compress",
"mod_dirlisting",
"mod_staticfile",
"mod_proxy",
"mod_setenv",
)
$HTTP["url"] == "/transmission" {
url.redirect = ("" => "/transmission/web/" )
}
$HTTP["url"] =~ "/transmission*" {
proxy.server = ("" =>
( (
"host" => server.host,
"port" => 9091 # TRANSMISSON RPC-PORT
) )
)
# CORS Headers
setenv.add-response-header = (
"Host" => server.host,
"Access-Control-Allow-Origin" => "*",
"Access-Control-Allow-Headers" => "accept, origin, x-requested-with, content-type, x-transmission-session-id",
"Access-Control-Expose-Headers" => "X-Transmission-Session-Id",
"Access-Control-Allow-Methods" => "GET, POST, OPTIONS"
)
}