configuration lighttpd

Redirection http->https

Proxy pour l'interface web de Transmission

mes fichiers de configuration pour lighttpd, pour aide-mémoire (et pour certains, ça peut aider ;) )

edit du 24/07/2012 : penser à mettre tout ça à jour parce que ça date sérieusement!!!


/etc/lighttpd/lighttpd.conf

include				"include/01-lighttpd-modules.conf"
server.document-root	=	"/srv/http/"
#inutile avec le depuis la redirection vers https mais je le laisse au cas où… →
server.errorlog		=	"/var/log/lighttpd/error.log"
#-------------------------------------------------------------------------------
index-file.names	=	( "index.php", "index.html", "index.htm", "default.htm" )
include 					"include/02-lighttpd-mime.conf"
accesslog.filename	=	"/var/log/lighttpd/access.log"
url.access-deny		=	( "~", ".inc" )
$HTTP["url"] =~ "\.pdf$" {
	server.range-requests = "disable"
}
static-file.exclude-extensions=	( ".php", ".pl", ".fcgi", ".cgi" )
server.pid-file		=	"/var/run/lighttpd/lighttpd.pid"
dir-listing.activate	=	"enable"
dir-listing.encoding	=	"utf-8"
server.username		=	"http"
server.groupname	=	"http"
include 			"include/10-lighttpd-ssl.conf"
fastcgi.server = ( ".php" =>
	( "localhost" =>
		(
			"socket" =>		"/var/run/lighttpd/php-fastcgi.socket",
			"bin-path" =>	"/usr/bin/php-cgi"
		)
	)
)
include "include/90-lighttpd-perso.conf"

 

/etc/lighttpd/include/01-lighttpd-modules.conf

server.modules = (
	"mod_rewrite",
	"mod_redirect",
	"mod_access",
	"mod_auth",
	"mod_fastcgi",
	"mod_proxy",
	"mod_cgi",
	"mod_accesslog"
)

 

/etc/lighttpd/include/02-lighttpd-mime.conf

mimetype.assign = (
	".pdf"		=>	"application/pdf",
	".sig"		=>	"application/pgp-signature",
	".spl"		=>	"application/futuresplash",
	".class"		=>	"application/octet-stream",
	".ps"		=>	"application/postscript",
	".torrent"	=>	"application/x-bittorrent",
	".dvi"		=>	"application/x-dvi",
	".gz"		=>	"application/x-gzip",
	".pac"		=>	"application/x-ns-proxy-autoconfig",
	".swf"		=>	"application/x-shockwave-flash",
	".tar.gz"		=>	"application/x-tgz",
	".tgz"		=>	"application/x-tgz",
	".tar"		=>	"application/x-tar",
	".zip"		=>	"application/zip",
	".mp3"		=>	"audio/mpeg",
	".m3u"		=>	"audio/x-mpegurl",
	".wma"		=>	"audio/x-ms-wma",
	".wax"		=>	"audio/x-ms-wax",
	".ogg"		=>	"application/ogg",
	".wav"		=>	"audio/x-wav",
	".gif"		=>	"image/gif",
	".jar"		=>	"application/x-java-archive",
	".jpg"		=>	"image/jpeg",
	".jpeg"		=>	"image/jpeg",
	".png"		=>	"image/png",
	".xbm"		=>	"image/x-xbitmap",
	".xpm"		=>	"image/x-xpixmap",
	".xwd"		=>	"image/x-xwindowdump",
	".css"		=>	"text/css",
	".html"		=>	"text/html",
	".htm"		=>	"text/html",
	".js"			=>	"text/javascript",
	".asc"		=>	"text/plain",
	".c"			=>	"text/plain",
	".cpp"		=>	"text/plain",
	".log"		=>	"text/plain",
	".conf"		=>	"text/plain",
	".text"		=>	"text/plain",
	".txt"		=>	"text/plain",
	".dtd"		=>	"text/xml",
	".xml"		=>	"text/xml",
	".mpeg"		=>	"video/mpeg",
	".mpg"		=>	"video/mpeg",
	".mov"		=>	"video/quicktime",
	".qt"		=>	"video/quicktime",
	".avi"		=>	"video/x-msvideo",
	".asf"		=>	"video/x-ms-asf",
	".asx"		=>	"video/x-ms-asf",
	".wmv"		=>	"video/x-ms-wmv",
	".bz2"		=>	"application/x-bzip",
	".tbz"		=>	"application/x-bzip-compressed-tar",
	".tar.bz2"	=>	"application/x-bzip-compressed-tar",
	""			=>	"application/octet-stream",
)
mimetype.use-xattr =	"enable"

 

/etc/lighttpd/include/10-lighttpd-ssl.conf

$SERVER["socket"] == ":443" {
	protocol				=	"https://"
	ssl.engine				=	"enable"
	ssl.ca-file				=	"/etc/lighttpd/ca-certs.crt"
	ssl.pemfile				=	"/etc/lighttpd/ssl.crt"
	server.document-root 	=	"/srv/http/"
	server.errorlog			=	"/var/log/lighttpd/serror.log"
	accesslog.filename		=	"/var/log/lighttpd/saccess.log"
}

 

/etc/lighttpd/include/90-lighttpd-perso.conf

#pour que tous les domaines soient en https
$HTTP["scheme"] != "https" {
	$HTTP["host"] =~ "(.*)" {
		url.redirect = ( "^/(.*)" => "https://%1/$1" )
	}
}

# --- Transmssion ----

#acceder à l'interface web directement depuis /transmission/
url.rewrite-once += ( "^/transmission[/]?$" => "/transmission/web" )
$HTTP["url"] =~ "^/transmission/" {
# l'authentification est déjà dans transmission, je ne la remet pas dans lighttpd
proxy.server = (
	"" => (
		(
			"host" =>	"127.0.0.1",
			"port" =>	9091
		)
	)
)
}

# --- accès à logs/ aux utilisateurs autorisés ---

auth.backend = "htdigest"
auth.backend.htdigest.userfile = "/etc/lighttpd/.passwd"
auth.debug = 2
auth.require = ( "/logs/" => (
		"method"	=>	"digest",
		"realm"		=>	"Authorized users only",
		"require"	=>	"valid-user"
	)
)

edit du 20/05/2010: j'ai rajouté un dossier nethack pour jouer à ce jeu en ligne, je mettrai ma conf à jour quand j'y penserais!