1 files changed, 209 insertions, 0 deletions
diff --git a/recipes-core/lighttpd/files/lighttpd.conf b/recipes-core/lighttpd/files/lighttpd.conf
new file mode 100644
index 0000000..a3e02da
--- /dev/null
+++ b/recipes-core/lighttpd/files/lighttpd.conf
@@ -0,0 +1,209 @@
+# lighttpd configuration file for the rcell 
+# include config file (/var/run/config/lighttpd_port.conf) generated at start up
+#
+# $Id: lighttpd.conf,v 1.7 2004/11/03 22:26:05 weigon Exp $
+
+#IMPORT PORT SETTINGS
+include "/var/run/config/lighttpd_port.conf"
+
+## local access from startup scripts and apps
+$SERVER["socket"] == "/var/run/api/http.sock" { }
+
+## modules
+server.modules              = (
+                                "mod_rewrite",
+                                "mod_redirect",
+                                "mod_proxy",
+                                "mod_alias",
+                                "mod_access",
+                                "mod_fastcgi",
+                                "mod_accesslog",
+                                "mod_openssl",
+                                "mod_setenv")
+
+
+## static document-root
+server.document-root        = "/var/www/"
+setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*",
+  "Content-Security-Policy" => "default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' https://fonts.googleapis.com 'self'; font-src https://fonts.gstatic.com 'self'; connect-src 'self'; img-src 'self' data:",
+  "X-Frame-Options" =>"SAMEORIGIN",
+  "X-XSS-Protection" => "1; mode=block",
+  "X-Content-Type-Options" => "nosniff",
+  "Referrer-Policy" => "strict-origin-when-cross-origin",
+  "Feature-Policy" => "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; payment 'none'; usb 'none'",
+  "Strict-Transport-Security" => "max-age=31536000",
+  "Cache-Control" => "no-cache"
+)
+server.socket-perms = "0760"
+
+## where to send error-messages to
+#server.errorlog             = "/var/log/lighttpd.error.log"
+server.errorlog-use-syslog = "enable"
+
+# disable stat cache
+server.stat-cache-engine = "disable"
+
+## where to send access log
+#accesslog.filename         = "/var/log/lighttpd.access.log"
+accesslog.use-syslog = "enable"
+
+## enable debugging
+#debug.log-request-header     = "enable"
+#debug.log-response-header    = "enable"
+#debug.log-request-handling   = "enable"
+#debug.log-file-not-found     = "enable"
+#debug.log-condition-handling = "enable"
+
+## where to upload files
+server.upload-dirs = ( "/var/volatile/tmp" )
+
+# files to check for if .../ is requested
+index-file.names            = ( "index.php", "index.html",
+                                "index.htm", "default.htm" )
+
+# mimetype mapping
+mimetype.assign             = (
+  ".pdf"          =>      "application/pdf",
+  ".sig"          =>      "application/pgp-signature",
+  ".spl"          =>      "application/futuresplash",
+  ".class"        =>      "application/octet-stream",
+  ".ps"           =>      "application/postscript",
+  ".torrent"      =>      "application/x-bittorrent",
+  ".dvi"          =>      "application/x-dvi",
+  ".pac"          =>      "application/x-ns-proxy-autoconfig",
+  ".swf"          =>      "application/x-shockwave-flash",
+  ".tar.gz"       =>      "application/x-tgz",
+  ".tgz"          =>      "application/x-tgz",
+  ".tar"          =>      "application/x-tar",
+  ".xhtml"        =>      "application/xhtml+xml",
+  ".xht"          =>      "application/xhtml+xml",
+  ".zip"          =>      "application/zip",
+  ".mp3"          =>      "audio/mpeg",
+  ".m3u"          =>      "audio/x-mpegurl",
+  ".wma"          =>      "audio/x-ms-wma",
+  ".wax"          =>      "audio/x-ms-wax",
+  ".ogg"          =>      "application/ogg",
+  ".wav"          =>      "audio/x-wav",
+  ".gif"          =>      "image/gif",
+  ".jpg"          =>      "image/jpeg",
+  ".jpeg"         =>      "image/jpeg",
+  ".png"          =>      "image/png",
+  ".svg"          =>      "image/svg+xml",
+  ".ico"          =>      "image/x-icon",
+  ".xbm"          =>      "image/x-xbitmap",
+  ".xpm"          =>      "image/x-xpixmap",
+  ".xwd"          =>      "image/x-xwindowdump",
+  ".css"          =>      "text/css",
+  ".html"         =>      "text/html",
+  ".htm"          =>      "text/html",
+  ".asc"          =>      "text/plain",
+  ".c"            =>      "text/plain",
+  ".cpp"          =>      "text/plain",
+  ".log"          =>      "text/plain",
+  ".conf"         =>      "text/plain",
+  ".text"         =>      "text/plain",
+  ".txt"          =>      "text/plain",
+  ".dtd"          =>      "text/xml",
+  ".xml"          =>      "text/xml",
+  ".mpeg"         =>      "video/mpeg",
+  ".mpg"          =>      "video/mpeg",
+  ".mov"          =>      "video/quicktime",
+  ".qt"           =>      "video/quicktime",
+  ".avi"          =>      "video/x-msvideo",
+  ".asf"          =>      "video/x-ms-asf",
+  ".asx"          =>      "video/x-ms-asf",
+  ".wmv"          =>      "video/x-ms-wmv",
+  ".bz2"          =>      "application/x-bzip",
+  ".tbz"          =>      "application/x-bzip-compressed-tar",
+  ".tar.bz2"      =>      "application/x-bzip-compressed-tar",
+  ".mib"          =>      "application/text",
+  ".js"           =>      "application/javascript"
+ )
+
+## deny access the file-extensions
+url.access-deny             = ( "~", ".inc" )
+
+# send a different Server: header
+server.tag = ""
+
+#server.error-handler-404   = "/index.html"
+
+#Range request are requests of one or more sub-ranges of a file. 
+#Range requests are very helpful for resuming interrupted downloads and fetching small portions of huge files.
+#Note: Adobe Acrobat Reader can crash when it tries to open a PDF file if range requests are enabled.
+$HTTP["url"] =~ "\.pdf$" {
+  server.range-requests = "disable"
+}
+
+##
+# which extensions should not be handle via static-file transfer
+#
+# .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi
+static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
+
+## to help the rc.scripts
+server.pid-file             = "/var/run/lighttpd.pid"
+
+# Restrict server process to non priveleged user
+server.username = "www"
+server.groupname = "www"
+
+# server limit POST size in kilobytes (60MB for firmware update)
+server.max-request-size  = 113246
+
+# server limits
+server.max-keep-alive-requests 	= 16
+server.max-keep-alive-idle 	= 15
+server.max-read-idle 		= 60
+server.max-write-idle 		= 360
+
+##
+## Format: <errorfile-prefix><status-code>.html
+## -> ..../status-404.html for 'File not found'
+server.errorfile-prefix    = "/var/www/errors/status-"
+
+## virtual directory listings
+#dir-listing.activate       = "enable"
+
+#IMPORTED CONFIGS WILL HANDLE SETTING HTTP/HTTPS
+
+#### fastcgi module
+fastcgi.server = ( "/" =>
+	( "authorizer" =>
+		(
+		"mode"   	=> "authorizer",
+		"check-local" 	=> "disable",
+		"socket"	=> "/var/run/api/rcell_api.sock",
+		"docroot"	=> "/var/www"
+		 )
+	)
+)
+
+
+$HTTP["url"] =~ "/static/js" {
+    setenv.add-response-header  = ( "Content-Encoding" => "gzip")
+    mimetype.assign = ("" => "text/javascript" )
+  } else $HTTP["url"] =~ "/help/template/scripts" {
+    setenv.add-response-header  = ( "Content-Encoding" => "gzip")
+    mimetype.assign = ("" => "text/javascript" )
+  } else $HTTP["url"] =~ "/help/whxdata/" {
+    setenv.add-response-header  = ( "Content-Encoding" => "gzip")
+    mimetype.assign = ("" => "text/javascript" )
+  } else $HTTP["url"] =~ "/help/template/Azure_Blue_MTS_1/layout.css" {
+    setenv.add-response-header  = ( "Content-Encoding" => "gzip")
+    mimetype.assign = ("" => "text/css" )
+  } else $HTTP["url"] =~ "^/api" {
+	fastcgi.server =  ( "/api" => 
+		( "api" => 
+			( 
+			"mode"		=> "responder",
+			"check-local"	=> "disable",
+			"socket"	=> "/var/run/api/rcell_api.sock"
+			)
+		)
+	)
+}
+
+#INCLUDE DIPSERVICE SETTINGS
+include "/var/run/config/lighttpd_dipservice.conf"
+include "/var/run/config/lighttpd_custom_images.conf"