# lighttpd configuration file for the rcell # include config file (/var/run/config/lighttpd_port.conf) generated at start up # # $Id: lighttpd.conf,v 1.7 2004/11/03 22:26:05 weigon Exp $ #IMPORT PORT SETTINGS include "/var/run/config/lighttpd_port.conf" ## local access from startup scripts and apps $SERVER["socket"] == "/var/run/api/http.sock" { } ## modules server.modules = ( "mod_rewrite", "mod_redirect", "mod_proxy", "mod_alias", "mod_access", "mod_fastcgi", "mod_accesslog", "mod_openssl", "mod_setenv") ## static document-root server.document-root = "/var/www/" setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*", "Content-Security-Policy" => "default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' https://fonts.googleapis.com 'self'; font-src https://fonts.gstatic.com 'self'; connect-src 'self'; img-src 'self' data:", "X-Frame-Options" =>"SAMEORIGIN", "X-XSS-Protection" => "1; mode=block", "X-Content-Type-Options" => "nosniff", "Referrer-Policy" => "strict-origin-when-cross-origin", "Feature-Policy" => "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; payment 'none'; usb 'none'", "Strict-Transport-Security" => "max-age=31536000", "Cache-Control" => "no-cache" ) server.socket-perms = "0760" ## where to send error-messages to #server.errorlog = "/var/log/lighttpd.error.log" server.errorlog-use-syslog = "enable" # disable stat cache server.stat-cache-engine = "disable" ## where to send access log #accesslog.filename = "/var/log/lighttpd.access.log" accesslog.use-syslog = "enable" ## enable debugging #debug.log-request-header = "enable" #debug.log-response-header = "enable" #debug.log-request-handling = "enable" #debug.log-file-not-found = "enable" #debug.log-condition-handling = "enable" ## where to upload files server.upload-dirs = ( "/var/volatile/tmp" ) # files to check for if .../ is requested index-file.names = ( "index.php", "index.html", "index.htm", "default.htm" ) # mimetype mapping mimetype.assign = ( ".pdf" => "application/pdf", ".sig" => "application/pgp-signature", ".spl" => "application/futuresplash", ".class" => "application/octet-stream", ".ps" => "application/postscript", ".torrent" => "application/x-bittorrent", ".dvi" => "application/x-dvi", ".pac" => "application/x-ns-proxy-autoconfig", ".swf" => "application/x-shockwave-flash", ".tar.gz" => "application/x-tgz", ".tgz" => "application/x-tgz", ".tar" => "application/x-tar", ".xhtml" => "application/xhtml+xml", ".xht" => "application/xhtml+xml", ".zip" => "application/zip", ".mp3" => "audio/mpeg", ".m3u" => "audio/x-mpegurl", ".wma" => "audio/x-ms-wma", ".wax" => "audio/x-ms-wax", ".ogg" => "application/ogg", ".wav" => "audio/x-wav", ".gif" => "image/gif", ".jpg" => "image/jpeg", ".jpeg" => "image/jpeg", ".png" => "image/png", ".svg" => "image/svg+xml", ".ico" => "image/x-icon", ".xbm" => "image/x-xbitmap", ".xpm" => "image/x-xpixmap", ".xwd" => "image/x-xwindowdump", ".css" => "text/css", ".html" => "text/html", ".htm" => "text/html", ".asc" => "text/plain", ".c" => "text/plain", ".cpp" => "text/plain", ".log" => "text/plain", ".conf" => "text/plain", ".text" => "text/plain", ".txt" => "text/plain", ".dtd" => "text/xml", ".xml" => "text/xml", ".mpeg" => "video/mpeg", ".mpg" => "video/mpeg", ".mov" => "video/quicktime", ".qt" => "video/quicktime", ".avi" => "video/x-msvideo", ".asf" => "video/x-ms-asf", ".asx" => "video/x-ms-asf", ".wmv" => "video/x-ms-wmv", ".bz2" => "application/x-bzip", ".tbz" => "application/x-bzip-compressed-tar", ".tar.bz2" => "application/x-bzip-compressed-tar", ".mib" => "application/text", ".js" => "application/javascript" ) ## deny access the file-extensions url.access-deny = ( "~", ".inc" ) # send a different Server: header server.tag = "" #server.error-handler-404 = "/index.html" #Range request are requests of one or more sub-ranges of a file. #Range requests are very helpful for resuming interrupted downloads and fetching small portions of huge files. #Note: Adobe Acrobat Reader can crash when it tries to open a PDF file if range requests are enabled. $HTTP["url"] =~ "\.pdf$" { server.range-requests = "disable" } ## # which extensions should not be handle via static-file transfer # # .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) ## to help the rc.scripts server.pid-file = "/var/run/lighttpd.pid" # Restrict server process to non priveleged user server.username = "www" server.groupname = "www" # server limit POST size in kilobytes (60MB for firmware update) server.max-request-size = 113246 # server limits server.max-keep-alive-requests = 16 server.max-keep-alive-idle = 15 server.max-read-idle = 60 server.max-write-idle = 360 ## ## Format: .html ## -> ..../status-404.html for 'File not found' server.errorfile-prefix = "/var/www/errors/status-" ## virtual directory listings #dir-listing.activate = "enable" #IMPORTED CONFIGS WILL HANDLE SETTING HTTP/HTTPS #### fastcgi module fastcgi.server = ( "/" => ( "authorizer" => ( "mode" => "authorizer", "check-local" => "disable", "socket" => "/var/run/api/rcell_api.sock", "docroot" => "/var/www" ) ) ) $HTTP["url"] =~ "/static/js" { setenv.add-response-header = ( "Content-Encoding" => "gzip") mimetype.assign = ("" => "text/javascript" ) } else $HTTP["url"] =~ "/help/template/scripts" { setenv.add-response-header = ( "Content-Encoding" => "gzip") mimetype.assign = ("" => "text/javascript" ) } else $HTTP["url"] =~ "/help/whxdata/" { setenv.add-response-header = ( "Content-Encoding" => "gzip") mimetype.assign = ("" => "text/javascript" ) } else $HTTP["url"] =~ "/help/template/Azure_Blue_MTS_1/layout.css" { setenv.add-response-header = ( "Content-Encoding" => "gzip") mimetype.assign = ("" => "text/css" ) } else $HTTP["url"] =~ "^/api" { fastcgi.server = ( "/api" => ( "api" => ( "mode" => "responder", "check-local" => "disable", "socket" => "/var/run/api/rcell_api.sock" ) ) ) } #INCLUDE DIPSERVICE SETTINGS include "/var/run/config/lighttpd_dipservice.conf" include "/var/run/config/lighttpd_custom_images.conf"