diff options
author | Glenn Strauss <gstrauss@gluelogic.com> | 2023-10-20 09:30:26 -0400 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-10-23 10:49:19 +0100 |
commit | 7cba02e8be91aed00f9d86ebb5488f89a29f6a45 (patch) | |
tree | 68f6e84ec98d8d453f095170ea4c24abd0284505 /meta/recipes-extended/lighttpd | |
parent | 0d3c7e9630c975b78ddccc2a2fd0c61fde98a552 (diff) | |
download | poky-7cba02e8be91aed00f9d86ebb5488f89a29f6a45.tar.gz |
lighttpd: modernize lighttpd.conf
- remove obsolete modules
- replace mod_compress directives with mod_deflate
- do not enable debug.log-request-handling by default
(should not be enabled *by default* on any production system,
especially not an embedded system)
- update TLS syntax for modern recommended use
(separate files for certificate+chain, and private key)
- remove incorrect comment about server.event-handler
lighttpd defaults correctly to use kqueue on *BSD systems
- remove ancient config which disables range requests for PDF
(cargo-culted config from ~15 years ago to address problem
in then-popular PDF client)
- use recommend config file include syntax
(more efficient and more deterministic include file ordering)
(From OE-Core rev: b52a12e66d2f9ed0751b63cea01e96890da15998)
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/lighttpd')
-rw-r--r-- | meta/recipes-extended/lighttpd/lighttpd/lighttpd.conf | 38 |
1 files changed, 8 insertions, 30 deletions
diff --git a/meta/recipes-extended/lighttpd/lighttpd/lighttpd.conf b/meta/recipes-extended/lighttpd/lighttpd/lighttpd.conf index 6e8402d242..47a6c93349 100644 --- a/meta/recipes-extended/lighttpd/lighttpd/lighttpd.conf +++ b/meta/recipes-extended/lighttpd/lighttpd/lighttpd.conf | |||
@@ -16,8 +16,6 @@ server.modules = ( | |||
16 | # "mod_redirect", | 16 | # "mod_redirect", |
17 | # "mod_alias", | 17 | # "mod_alias", |
18 | "mod_access", | 18 | "mod_access", |
19 | # "mod_cml", | ||
20 | # "mod_trigger_b4_dl", | ||
21 | # "mod_auth", | 19 | # "mod_auth", |
22 | # "mod_status", | 20 | # "mod_status", |
23 | # "mod_setenv", | 21 | # "mod_setenv", |
@@ -27,11 +25,9 @@ server.modules = ( | |||
27 | # "mod_evhost", | 25 | # "mod_evhost", |
28 | # "mod_userdir", | 26 | # "mod_userdir", |
29 | # "mod_cgi", | 27 | # "mod_cgi", |
30 | # "mod_compress", | ||
31 | # "mod_ssi", | 28 | # "mod_ssi", |
32 | # "mod_usertrack", | ||
33 | # "mod_expire", | 29 | # "mod_expire", |
34 | # "mod_secdownload", | 30 | # "mod_deflate", |
35 | # "mod_rrdtool", | 31 | # "mod_rrdtool", |
36 | # "mod_webdav", | 32 | # "mod_webdav", |
37 | "mod_accesslog" ) | 33 | "mod_accesslog" ) |
@@ -47,9 +43,6 @@ server.errorlog = "/www/logs/lighttpd.error.log" | |||
47 | index-file.names = ( "index.php", "index.html", | 43 | index-file.names = ( "index.php", "index.html", |
48 | "index.htm", "default.htm" ) | 44 | "index.htm", "default.htm" ) |
49 | 45 | ||
50 | ## set the event-handler (read the performance section in the manual) | ||
51 | # server.event-handler = "freebsd-kqueue" # needed on OS X | ||
52 | |||
53 | # mimetype mapping | 46 | # mimetype mapping |
54 | mimetype.assign = ( | 47 | mimetype.assign = ( |
55 | ".pdf" => "application/pdf", | 48 | ".pdf" => "application/pdf", |
@@ -115,7 +108,6 @@ mimetype.assign = ( | |||
115 | 108 | ||
116 | #### accesslog module | 109 | #### accesslog module |
117 | accesslog.filename = "/www/logs/access.log" | 110 | accesslog.filename = "/www/logs/access.log" |
118 | debug.log-request-handling = "enable" | ||
119 | 111 | ||
120 | 112 | ||
121 | 113 | ||
@@ -127,10 +119,6 @@ debug.log-request-handling = "enable" | |||
127 | # of the document-root | 119 | # of the document-root |
128 | url.access-deny = ( "~", ".inc" ) | 120 | url.access-deny = ( "~", ".inc" ) |
129 | 121 | ||
130 | $HTTP["url"] =~ "\.pdf$" { | ||
131 | server.range-requests = "disable" | ||
132 | } | ||
133 | |||
134 | ## | 122 | ## |
135 | # which extensions should not be handle via static-file transfer | 123 | # which extensions should not be handle via static-file transfer |
136 | # | 124 | # |
@@ -177,6 +165,7 @@ static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) | |||
177 | #dir-listing.activate = "enable" | 165 | #dir-listing.activate = "enable" |
178 | 166 | ||
179 | ## enable debugging | 167 | ## enable debugging |
168 | #debug.log-request-header-on-error = "enable" | ||
180 | #debug.log-request-header = "enable" | 169 | #debug.log-request-header = "enable" |
181 | #debug.log-response-header = "enable" | 170 | #debug.log-response-header = "enable" |
182 | #debug.log-request-handling = "enable" | 171 | #debug.log-request-handling = "enable" |
@@ -194,8 +183,9 @@ static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) | |||
194 | #server.groupname = "wwwrun" | 183 | #server.groupname = "wwwrun" |
195 | 184 | ||
196 | #### compress module | 185 | #### compress module |
197 | #compress.cache-dir = "/tmp/lighttpd/cache/compress/" | 186 | #deflate.cache-dir = "/tmp/lighttpd/cache/compress/" |
198 | #compress.filetype = ("text/plain", "text/html") | 187 | #deflate.mimetypes = ("text/plain", "text/html") |
188 | #deflate.allowed-encodings = ("gzip") | ||
199 | 189 | ||
200 | #### proxy module | 190 | #### proxy module |
201 | ## read proxy.txt for more info | 191 | ## read proxy.txt for more info |
@@ -227,7 +217,8 @@ static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) | |||
227 | 217 | ||
228 | #### SSL engine | 218 | #### SSL engine |
229 | #ssl.engine = "enable" | 219 | #ssl.engine = "enable" |
230 | #ssl.pemfile = "server.pem" | 220 | #ssl.pemfile = "/path/to/fullchain.pem" |
221 | #ssl.privkey = "/path/to/privkey.pem" | ||
231 | 222 | ||
232 | #### status module | 223 | #### status module |
233 | #status.status-url = "/server-status" | 224 | #status.status-url = "/server-status" |
@@ -291,19 +282,6 @@ static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) | |||
291 | #setenv.add-request-header = ( "TRAV_ENV" => "mysql://user@host/db" ) | 282 | #setenv.add-request-header = ( "TRAV_ENV" => "mysql://user@host/db" ) |
292 | #setenv.add-response-header = ( "X-Secret-Message" => "42" ) | 283 | #setenv.add-response-header = ( "X-Secret-Message" => "42" ) |
293 | 284 | ||
294 | ## for mod_trigger_b4_dl | ||
295 | # trigger-before-download.gdbm-filename = "/home/weigon/testbase/trigger.db" | ||
296 | # trigger-before-download.memcache-hosts = ( "127.0.0.1:11211" ) | ||
297 | # trigger-before-download.trigger-url = "^/trigger/" | ||
298 | # trigger-before-download.download-url = "^/download/" | ||
299 | # trigger-before-download.deny-url = "http://127.0.0.1/index.html" | ||
300 | # trigger-before-download.trigger-timeout = 10 | ||
301 | |||
302 | ## for mod_cml | ||
303 | ## don't forget to add index.cml to server.indexfiles | ||
304 | # cml.extension = ".cml" | ||
305 | # cml.memcache-hosts = ( "127.0.0.1:11211" ) | ||
306 | |||
307 | #### variable usage: | 285 | #### variable usage: |
308 | ## variable name without "." is auto prefixed by "var." and becomes "var.bar" | 286 | ## variable name without "." is auto prefixed by "var." and becomes "var.bar" |
309 | #bar = 1 | 287 | #bar = 1 |
@@ -328,4 +306,4 @@ static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) | |||
328 | #var.a=1 | 306 | #var.a=1 |
329 | 307 | ||
330 | # include other config file fragments from lighttpd.d subdir | 308 | # include other config file fragments from lighttpd.d subdir |
331 | include_shell "find /etc/lighttpd.d -maxdepth 1 -name '*.conf' -exec cat {} \;" | 309 | include "/etc/lighttpd.d/*.conf" |