diff options
Diffstat (limited to 'doc')
44 files changed, 0 insertions, 4243 deletions
diff --git a/doc/.cvsignore b/doc/.cvsignore deleted file mode 100644 index 0d1de1e9..00000000 --- a/doc/.cvsignore +++ /dev/null @@ -1,4 +0,0 @@ -Makefile.in -Makefile -*.html -*.ps.gz diff --git a/doc/CMakeLists.txt b/doc/CMakeLists.txt deleted file mode 100644 index f42521ba..00000000 --- a/doc/CMakeLists.txt +++ /dev/null @@ -1,39 +0,0 @@ -IF(NOT DOCDIR) - SET(DOCDIR "share/doc/lighttpd") -ENDIF(NOT DOCDIR) - -SET(L_DOCS - accesslog.txt - access.txt - alias.txt - authentication.txt - cgi.txt - CMakeLists.txt - compress.txt - configuration.txt - dirlisting.txt - evhost.txt - expire.txt - features.txt - performance.txt - plugins.txt - redirect.txt - rewrite.txt - rrdtool.txt - secdownload.txt - security.txt - setenv.txt - simple-vhost.txt - skeleton.txt - ssi.txt - ssl.txt - state.txt - status.txt - traffic-shaping.txt - trigger_b4_dl.txt - userdir.txt - webdav.txt -) - -INSTALL(FILES ${L_DOCS} - DESTINATION ${DOCDIR}) diff --git a/doc/Makefile.am b/doc/Makefile.am deleted file mode 100644 index b9298c31..00000000 --- a/doc/Makefile.am +++ /dev/null @@ -1,86 +0,0 @@ -dist_man8_MANS=lighttpd.8 - -DOCS=accesslog.txt \ -authentication.txt \ -cgi.txt \ -compress.txt \ -configuration.txt \ -features.txt \ -performance.txt \ -plugins.txt \ -redirect.txt \ -rewrite.txt \ -secdownload.txt \ -security.txt \ -simple-vhost.txt \ -skeleton.txt \ -ssi.txt \ -ssl.txt \ -state.txt \ -rrdtool.txt \ -alias.txt \ -userdir.txt \ -access.txt \ -traffic-shaping.txt \ -setenv.txt \ -status.txt \ -trigger_b4_dl.txt \ -webdav.txt \ -expire.txt \ -dirlisting.txt \ -evhost.txt - -HTMLDOCS=accesslog.html \ - authentication.html \ - cgi.html \ - compress.html \ - configuration.html \ - features.html \ - performance.html \ - plugins.html \ - proxy.html \ - redirect.html \ - rewrite.html \ - secdownload.html \ - security.html \ - simple-vhost.html \ - skeleton.html \ - ssi.html \ - ssl.html \ - state.html \ - rrdtool.html \ - alias.html \ - userdir.html \ - access.html \ - traffic-shaping.html \ - setenv.html \ - status.html \ - trigger_b4_dl.html \ - webdav.html \ - expire.html \ - dirlisting.html \ - evhost.html - -EXTRA_DIST=lighttpd.conf lighttpd.user \ - rc.lighttpd rc.lighttpd.redhat sysconfig.lighttpd \ - rrdtool-graph.sh \ - state.dot \ - spawn-php.sh \ - newstyle.css \ - oldstyle.css \ - $(DOCS) - -.txt.html: - rst2html $^ > $@ - - -html: $(HTMLDOCS) - -#%.ps.gz: %.ps -# gzip $^ - -#%.ps: %.dot -# dot -Tps -o $@ $^ - -clean-local: - rm -f *.html diff --git a/doc/access.txt b/doc/access.txt deleted file mode 100644 index ad8d6b06..00000000 --- a/doc/access.txt +++ /dev/null @@ -1,41 +0,0 @@ -====== -Access -====== - ------------------- -Module: mod_access ------------------- - -:Author: Allan Wind -:Date: $Date: 2005-03-28T08:30:05.699628Z $ -:Revision: $Revision: 227 $ - -:abstract: - The access module is used to deny access to files with given trailing path names. - -.. meta:: - :keywords: lighttpd, trailing path access control - -.. contents:: Table of Contents - -Description -=========== - -The access module is used to deny access to files with given trailing path names. - -Options -======= - -url.access-deny - Denies access to all files with any of given trailing path names. - - Default: empty - - Example: :: - - url.access-deny = ( "~", ".inc") - - will deny access to all files ended with a diacritical mark (~) or .inc - such as example~ or example.inc. A trailing diacritical mark is often - used by editors for backup files. And the .inc extension is often used - for include files with code. diff --git a/doc/accesslog.txt b/doc/accesslog.txt deleted file mode 100644 index 38701762..00000000 --- a/doc/accesslog.txt +++ /dev/null @@ -1,126 +0,0 @@ -========= -Accesslog -========= - ---------------------- -Module: mod_accesslog ---------------------- - -:Author: Jan Kneschke -:Date: $Date: 2005-03-28T08:30:05.699628Z $ -:Revision: $Revision: 227 $ - -:abstract: - The accesslog module ... - -.. meta:: - :keywords: lighttpd, accesslog, CLF - -.. contents:: Table of Contents - -Description -=========== - -CLF like by default, flexible like apache - -Options -======= - -accesslog.use-syslog - send the accesslog to syslog - - Default: disabled - -accesslog.filename - name of the file where the accesslog should be written too if syslog - is not used. - - if the name starts with a '|' the rest of the name is taken - as the name of a process which will be spawn and will get the - output - - e.g.: :: - - accesslog.filename = "/var/log/lighttpd.log" - - $HTTP["host"] == "mail.example.org" { - accesslog.filename = "|/usr/bin/cronolog" - } - - Default: disabled - -accesslog.format - the format of the logfile - - ====== ================================ - Option Description - ====== ================================ - %% a percent sign - %h name or address of remote-host - %l ident name (not supported) - %u authenticated user - %t timestamp for the request-start - %r request-line - %s status code - %b bytes sent for the body - %i HTTP-header field - %a remote address - %A local address - %B same as %b - %C cookie field (not supported) - %D time used in ms (not supported) - %e environment (not supported) - %f phyiscal filename - %H request protocol (HTTP/1.0, ...) - %m request method (GET, POST, ...) - %n (not supported) - %o `response header`_ - %p server port - %P (not supported) - %q query string - %T time used in seconds - %U request URL - %v server-name - %V (not supported) - %X connection status - %I bytes incomming - %O bytes outgoing - ====== ================================ - - If %s is written %>s or %<s the < and the > are ignored. They are support - for compat with apache. - - %i and %o expect the name of the field which should be written in curly brackets. - - e.g.: :: - - accesslog.format = "%h %l %u %t \"%r\" %b %>s \"%{User-Agent}i\" \"%{Referer}i\"" - - Default: CLF compatible output - -Response Header ---------------- - -The accesslog module provides a special way to log content from the -application in a accesslog file. It can be used to log the session id into a -logfile. - -If you want to log it into the accesslog just specify the field-name within -a %{...}o like :: - - accesslog.format = "%h %l %u %t \"%r\" %b %>s \"%{User-Agent}i\" \"%{Referer}i\" \"%{X-LIGHTTPD-SID}o\"" - -The prefix ``X-LIGHTTPD-`` is special as every response header starting with -this prefix is assumed to be special for lighttpd and won't be sent out -to the client. - -An example the use this functionality is provided below: :: - - <?php - - session_start(); - - header("X-LIGHTTPD-SID: ".session_id()); - - ?> - diff --git a/doc/alias.txt b/doc/alias.txt deleted file mode 100644 index 95624755..00000000 --- a/doc/alias.txt +++ /dev/null @@ -1,36 +0,0 @@ -===== -Alias -===== - ------------------ -Module: mod_alias ------------------ - -:Author: Jan Kneschke -:Date: $Date: 2005-03-28T08:30:05.699628Z $ -:Revision: $Revision: 227 $ - -:abstract: - The alias module ... - -.. meta:: - :keywords: lighttpd, alias - -.. contents:: Table of Contents - -Description -=========== - -The alias module is used to specify a special document-root for a given url-subset. - -Options -======= - -alias.url - rewrites the document-root for a URL-subset - - Default: empty - - Example: :: - - alias.url = ( "/cgi-bin/" => "/var/www/servers/www.example.org/cgi-bin/" ) diff --git a/doc/authentication.txt b/doc/authentication.txt deleted file mode 100644 index c550fb66..00000000 --- a/doc/authentication.txt +++ /dev/null @@ -1,211 +0,0 @@ -==================== -Using Authentication -==================== - ----------------- -Module: mod_auth ----------------- - -:Author: Jan Kneschke -:Date: $Date$ -:Revision: $Revision$ - -:abstract: - The auth module provides ... - -.. meta:: - :keywords: lighttpd, authentication - -.. contents:: Table of Contents - -Description -=========== - -Supported Methods ------------------ - -lighttpd supportes both authentication method described by -RFC 2617: - -basic -````` - -The Basic method transfers the username and the password in -cleartext over the network (base64 encoded) and might result -in security problems if not used in conjunction with a crypted -channel between client and server. - -digest -`````` - -The Digest method only transfers a hashed value over the -network which performs a lot of work to harden the -authentication process in insecure networks. - -Backends --------- - -Depending on the method lighttpd provides various way to store -the credentials used for the authentication. - -for basic auth: - -- plain_ -- htpasswd_ -- htdigest_ -- ldap_ - -for digest auth: - -- plain_ -- htdigest_ - - -plain -````` - -A file which contains username and the cleartext password -seperated by a colon. Each entry is terminated by a single -newline.:: - - e.g.: - agent007:secret - - -htpasswd -```````` - -A file which contains username and the crypt()'ed password -seperated by a colon. Each entry is terminated by a single -newline. :: - - e.g.: - agent007:XWY5JwrAVBXsQ - -You can use htpasswd from the apache distribution to manage -those files. :: - - $ htpasswd lighttpd.user.htpasswd agent007 - - -htdigest -```````` - -A file which contains username, realm and the md5()'ed -password seperated by a colon. Each entry is terminated -by a single newline. :: - - e.g.: - agent007:download area:8364d0044ef57b3defcfa141e8f77b65 - -You can use htdigest from the apache distribution to manage -those files. :: - - $ htdigest lighttpd.user.htdigest 'download area' agent007 - -Using md5sum can also generate the password-hash: :: - - #!/bin/sh - user=$1 - realm=$2 - pass=$3 - - hash=`echo -n "$user:$realm:$pass" | md5sum | cut -b -32` - - echo "$user:$realm:$hash" - -To use it: - - $ htdigest.sh 'agent007' 'download area' 'secret' - agent007:download area:8364d0044ef57b3defcfa141e8f77b65 - - - -ldap -```` - -the ldap backend is basically performing the following steps -to authenticate a user - -1. connect anonymously (at plugin init) -2. get DN for filter = username -3. auth against ldap server -4. disconnect - -if all 4 steps are performed without any error the user is -authenticated - -Configuration -============= - -:: - - ## debugging - # 0 for off, 1 for 'auth-ok' messages, 2 for verbose debugging - auth.debug = 0 - - ## type of backend - # plain, htpasswd, ldap or htdigest - auth.backend = "htpasswd" - - # filename of the password storage for - # plain - auth.backend.plain.userfile = "lighttpd-plain.user" - - ## for htpasswd - auth.backend.htpasswd.userfile = "lighttpd-htpasswd.user" - - ## for htdigest - auth.backend.htdigest.userfile = "lighttpd-htdigest.user" - - ## for ldap - # the $ in auth.backend.ldap.filter is replaced by the - # 'username' from the login dialog - auth.backend.ldap.hostname = "localhost" - auth.backend.ldap.base-dn = "dc=my-domain,dc=com" - auth.backend.ldap.filter = "(uid=$)" - # if enabled, startTLS needs a valid (base64-encoded) CA - # certificate - auth.backend.ldap.starttls = "enable" - auth.backend.ldap.ca-file = "/etc/CAcertificate.pem" - # if server performs client certificates validation we can - # connect using user defined client certificates - auth.backend.ldap.cert = "/etc/cert.pem" - auth.backend.ldap.key = "/etc/req.pem" - - ## restrictions - # set restrictions: - # - # ( <left-part-of-the-url> => - # ( "method" => "digest"/"basic", - # "realm" => <realm>, - # "require" => "user=<username>" ) - # ) - # - # <realm> is a string to display in the dialog - # presented to the user and is also used for the - # digest-algorithm and has to match the realm in the - # htdigest file (if used) - # - - auth.require = ( "/download/" => - ( - "method" => "digest", - "realm" => "download archiv", - "require" => "user=agent007|user=agent008" - ), - "/server-info" => - ( - "method" => "digest", - "realm" => "download archiv", - "require" => "valid-user" - ) - ) - -Limitations -============ - -- The implementation of digest method is currently not - completely compliant with the standard as it still allows - a replay attack. - diff --git a/doc/build-win32.txt b/doc/build-win32.txt deleted file mode 100644 index e343c7d3..00000000 --- a/doc/build-win32.txt +++ /dev/null @@ -1,67 +0,0 @@ -Big thanks for Ben Harper (rogojin at gmail.com) for initial work and little help to get first setups. - - -Prerequisities: - -First you need build environment. I recommend to get Visual Studio Express C++ from Microsoft. -Then you need Platform SDK for Windows. - -CMake is used to build (http://www.cmake.org) - -And then you need few libraries to make Lighty work well: -pkg-config (prebuilt can be found at: http://www.gimp.org/~tml/gimp/win32/pkg-config-0.20.zip) - -libg-2.0 library (prebuilt can be found at: http://ftp.gtk.org/pub/glib/2.12/win32/) -Don't forget to download dependencies also! - -PCRE library (Psyon provides prebuilt: http://www.psyon.org/projects/pcre-win32/index.php) - -ZLib (You can get one from http://www.zlib.net/ ) - -Current build doesn't support this yet, but good to know: - -OpenSSL (Shining Light Productions provides nice prebuilt set: http://www.slproweb.com/products/Win32OpenSSL.html) - -Install all libraries under same root, for example c:\sys\ - you need to separate PCRE .lib in "lib" dir, includes in "include" dir and - -Setting up environment: - -After installing you need few environments to setup. I recommend to make following batch files. -Update paths as propriate: - ----------------------------------------------------------------------------------------------------- - -cmakeenv.bat: - -@echo off - -set PATH=C:\sys\bin\;C:\Program Files\Microsoft Platform SDK for Windows Server 2003 R2\Bin;%PATH% -set INCLUDE=C:\Program Files\Microsoft Platform SDK for Windows Server 2003 R2\Include;%INCLUDE% -set LIB=C:\Program Files\Microsoft Platform SDK for Windows Server 2003 R2\Lib;%LIB% -set PKG_CONFIG_PATH=c:\sys\lib\pkgconfig - - if not exist "C:\Program Files\Microsoft Visual Studio 8\VC\vcvarsall.bat" goto missing - echo call "C:\Program Files\Microsoft Visual Studio 8\VC\vcvarsall.bat" - call "C:\Program Files\Microsoft Visual Studio 8\VC\vcvarsall.bat" - goto :eof - - :missing - echo Missing file - echo "C:\Program Files\Microsoft Visual Studio 8\VC\vcvarsall.bat" - goto :eof - ----------------------------------------------------------------------------------------------------- - -configure.bat: - -SET CMAKE_INCLUDE_PATH=c:\sys\include -SET CMAKE_LIBRARY_PATH=c:\sys\lib - ----------------------------------------------------------------------------------------------------- - -Run from commandline: - -cmake -G"NMake Makefiles" . - -or run cmakesetup to use GUI... - diff --git a/doc/cgi.txt b/doc/cgi.txt deleted file mode 100644 index 898d57f4..00000000 --- a/doc/cgi.txt +++ /dev/null @@ -1,50 +0,0 @@ -=== -CGI -=== - ---------------- -Module: mod_cgi ---------------- - -:Author: Jan Kneschke -:Date: $Date: 2005-03-28T08:30:05.699628Z $ -:Revision: $Revision: 227 $ - -:abstract: - The cgi module provides a CGI-conforming interface. - -.. meta:: - :keywords: lighttpd, cgi - -.. contents:: Table of Contents - -Description -=========== - -CGI programs allow you to enhance the functionality of the server in a very -straight and simple way.. - -Options -======= - -cgi.assign - - file-extensions that are handled by a CGI program - - e.g.: :: - - cgi.assign = ( ".pl" => "/usr/bin/perl", - ".cgi" => "/usr/bin/perl" ) - -Examples -======== - -To setup a executable which doesn't need the help of a external program you -just don't specify a handler for the extension. :: - - cgi.assign = ( ".sh" => "" ) - -If the file has no extension keep in mind that lighttpd matches not the -extension itself but the right part of the URL: :: - - cgi.assign = ( "/testfile" => "" ) diff --git a/doc/compress.txt b/doc/compress.txt deleted file mode 100644 index 14fbc2dc..00000000 --- a/doc/compress.txt +++ /dev/null @@ -1,192 +0,0 @@ -================== -Output Compression -================== - --------------------- -Module: mod_compress --------------------- - - -.. meta:: - :keywords: lighttpd, compress - -.. contents:: Table of Contents - -Description -=========== - -Output compression reduces the network load and can improve the overall -throughput of the webserver. All major http-clients support compression by -announcing it in the Accept-Encoding header. This is used to negotiate the -most suitable compression method. We support deflate, gzip and bzip2. - -deflate (RFC1950, RFC1951) and gzip (RFC1952) depend on zlib while bzip2 -depends on libbzip2. bzip2 is only supported by lynx and some other console -text-browsers. - -We currently limit to compression support to static files. - -Caching -------- - -mod_compress can store compressed files on disk to optimize the compression -on a second request away. As soon as compress.cache-dir is set the files are -compressed. - -(You will need to create the cache directory if it doesn't already exist. The web server will not do this for you. The directory will also need the proper ownership. For Debian/Ubuntu the user and group ids should both be www-data.) - -The names of the cache files are made of the filename, the compression method -and the etag associated to the file. - -Cleaning the cache is left to the user. A cron job deleting files older than -10 days could do it: :: - - find /var/www/cache -type f -mtime +10 | xargs -r rm - -Limitations ------------ - -The module limits the compression of files to files smaller than 128 MByte and -larger than 128 Byte. - -The lower limit is set as small files tend to become larger by compressing due -to the compression headers, the upper limit is set to work sensibly with -memory and cpu-time. - -Directories containing a tilde ('~') are not created automatically (See ticket -#113). To enable compression for user dirs you have to create the directories -by hand in the cache directory. - -Options -======= - -compress.allowed-encodings - override default set of allowed encodings - - e.g.: :: - - compress.allowed-encodings = ("bzip2", "gzip", "deflate") - -compress.cache-dir - name of the directory where compressed content will be cached - - e.g.: :: - - compress.cache-dir = "/var/www/cache/" - - # even better with virt-hosting - $HTTP["host"] == "docs.example.org" { - compress.cache-dir = "/var/www/cache/docs.example.org/" - } - - Default: not set, compress the file for every request - -compress.filetype - mimetypes which might get compressed - - e.g.: :: - - compress.filetype = ("text/plain", "text/html") - - Keep in mind that compressed JavaScript and CSS files are broken in some - browsers. Not setting any filetypes will result in no files being compressed. - - NOTE: You have to specify the full mime-type! If you also define a charset, for example, you have to use "text/plain; charset=utf-8" instead of just "text/plain". - - Default: not set - -compress.max-filesize - maximum size of the original file to be compressed kBytes. - - This is meant to protect the server against DoSing as compressing large - (let's say 1Gbyte) takes a lot of time and would delay the whole operation - of the server. - - There is a hard upper limit of 128Mbyte. - - Default: unlimited (== hard-limit of 128MByte) - -Display compressed files -======================== - -If you enable mod_compress, and you want to force clients to uncompress and display compressed text files, please force mimetype to nothing. -Exemple : -If you want to add headers for uncompress and display diff.gz files , add this section in your conf : :: - - $HTTP["url"] =~ "\.diff\.gz" { - setenv.add-response-header = ( "Content-Encoding" => "gzip" ) - mimetype.assign = () - } - - -Compressing Dynamic Content -=========================== - -PHP ---- - -To compress dynamic content with PHP please enable :: - - zlib.output_compression = 1 - zlib.output_handler = On - -in the php.ini as PHP provides compression support by itself. - -mod_compress of lighttpd 1.5 r1992 may not set correct Content-Encoding with php-fcgi. A solution to that problem would be: - -1.disable mod_compress when request a php file:: - - $HTTP["url"] !~ "\.php$" { - compress.filetype = ("text/plain", "text/html", "text/javascript", "text/css", "text/xml") - } - -2.enable mod_setenv of your lighttpd:: - - server.modules += ( "mod_setenv" ) - -3.manually set Content-Encoding:: - - $HTTP["url"] =~ "\.php$" { - setenv.add-response-header = ( "Content-Encoding" => "gzip") - } - - -TurboGears ----------- - -To compress dynamic content with TurboGears please enable :: - - [/] - gzip_filter.on = True - gzip_filter.mime_types = ["application/x-javascript", "text/javascript", "text/html", "text/css", "text/plain"] - -in the config/app.cfg file in your TurboGears application. The above lines should already be in the file. You just need to remove the comment symbol in front of the lines to make them active. - -Django ------- - -To compress dynamic content with Django please enable the GZipMiddleware :: - - MIDDLEWARE_CLASSES = ( - 'django.middleware.gzip.GZipMiddleware', - ... - ) - -in the settings.py file in your Django project. - -Catalyst --------- - -To compress dynamic content with Perl/Catalyst, simply use the Catalyst::Plugin::Compress::Gzip module available on CPAN :: - - use Catalyst qw( - Compress::Gzip - ... - ); - -in your main package (MyApp.pm). Further configuration is not required. - -}}} - - - diff --git a/doc/configuration.txt b/doc/configuration.txt deleted file mode 100644 index e03e32ea..00000000 --- a/doc/configuration.txt +++ /dev/null @@ -1,520 +0,0 @@ -================== -Configuration File -================== - ------------- -Module: core ------------- - -:Author: Jan Kneschke -:Date: $Date$ -:Revision: $Revision$ - -:abstract: - the layout of the configuration file - -.. meta:: - :keywords: lighttpd, configuration - -.. contents:: Table of Contents - -Description -=========== - -Basic Syntax ------------- - -A BNF like notation: :: - - option : NAME = VALUE - merge : NAME += VALUE - NAME : modulename.key - VALUE : ( <string> | <integer> | <boolean> | <array> | VALUE [ + VALUE ]*) - <string> : "text" - <integer>: digit* - <boolean>: ( "enable" | "disable" ) - <array> : "(" [ <string> "=>" ] <value> [, [ <string> "=>" ] <value> ]* ")" - INCLUDE : "include" VALUE - INCLUDE_SHELL : "include_shell" STRING_VALUE - -Example -------- - -:: - - # default document-root - server.document-root = "/var/www/example.org/pages/" - - # TCP port - server.port = 80 - - # selecting modules - server.modules = ( "mod_access", "mod_rewrite" ) - - # variables, computed when config is read. - var.mymodule = "foo" - server.modules += ( "mod_" + var.mymodule ) - # var.PID is initialised to the pid of lighttpd before config is parsed - - # include, relative to dirname of main config file - include "mime.types.conf" - - # read configuration from output of a command - include_shell "/usr/local/bin/confmimetype /etc/mime.types" - - -Conditional Configuration -========================= - -Most options can be configured conditionally by using the following syntax -(including nesting). - -:: - - <field> <operator> <value> { - ... - <field> <operator> <value> { - ... nesting: match only when parent match - } - } - else <field> <operator> <value> { - ... the "else if" block - } - -where <field> is one of one of the following: - -$HTTP["cookie"] - match on cookie -$HTTP["scheme"] - match on scheme -$HTTP["host"] - match on host -$HTTP["useragent"] - match on useragent -$HTTP["referer"] - match on referer -$HTTP["url"] - match on url -$HTTP["remoteip"] - match on the remote IP or a remote Network -$SERVER["socket"] - match on socket. Value must be on the format "ip:port" where ip is an IP - address and port a port number. Only equal match (==) is supported. - It also binds the daemon to this socket. Use this if you want to do IP/port- - based virtual hosts. - -<operator> is one of: - -== - string equal match -!= - string not equal match -=~ - perl style regular expression match -!~ - perl style regular expression not match - -and <value> is either a quoted ("") literal string or regular expression. - - -Example -------- - -:: - - # disable directory-listings for /download/* - dir-listing.activate = "enable" - $HTTP["url"] =~ "^/download/" { - dir-listing.activate = "disable" - } - - # handish virtual hosting - # map all domains of a top-level-domain to a single document-root - $HTTP["host"] =~ "(^|\.)example\.org$" { - server.document-root = "/var/www/htdocs/example.org/pages/" - } - - # multiple sockets - $SERVER["socket"] == "127.0.0.1:81" { - server.document-root = "..." - } - - $SERVER["socket"] == "127.0.0.1:443" { - ssl.pemfile = "/var/www/certs/localhost.pem" - ssl.engine = "enable" - - server.document-root = "/var/www/htdocs/secure.example.org/pages/" - } - - # deny access for all googlebot - $HTTP["useragent"] =~ "Google" { - url.access-deny = ( "" ) - } - - # deny access for all image stealers - $HTTP["referer"] !~ "^($|http://www\.example\.org)" { - url.access-deny = ( ".jpg", ".jpeg", ".png" ) - } - - # deny the access to www.example.org to all user which - # are not in the 10.0.0.0/8 network - $HTTP["host"] == "www.example.org" { - $HTTP["remoteip"] != "10.0.0.0/8" { - url.access-deny = ( "" ) - } - } - -Using variables -=============== - -You can set your own variables in the configuration to simplify your config. -:: - - var.basedir = "/home/www/servers/" - $HTTP["host"] == "www.example.org" { - server.name = "www.example.org" - include "incl-base.conf" - } - - in incl-base.conf: - server.document-root = basedir + server.name + "/pages/" - accesslog.filename = basedir + server.name + "/logs/access.log" - -You can also use environement variables or the default variables var.PID and -var.CWD: :: - - var.basedir = env.LIGHTTPDBASE - - $HTTP["host"] == "www.example.org" { - server.name = "www.example.org" - include "incl-base.conf" - include "incl-fastcgi.conf" - } - - in incl-fastcgi.conf: - fastcgi.server = ( ... => (( - "socket" => basedir + server.name + "/tmp/fastcgi-" + PID + ".sock" - )) ) - -Or like the lighttpd script for rails does: - - var.basedir = var.CWD - - server.document-root = basedir + "/public/" - -Global context -============== - -:: - - global { - ... - } - -You don't need it in the main configuration file. But you might have -difficulty setting server wide configuration inside a included-file from -conditionals. - -Example -------- - -:: - - in lighttpd.conf: - server.modules = () - $HTTP["host"] == "www.example.org" { - include "incl-php.conf" - } - - in incl-php.conf: - global { - server.modules += ("mod_fastcgi") - static-file.exclude-extensions += (".php") - } - fastcgi.server = "..." - -Options -======= - -server module -------------- - -main sections -````````````` - -server.document-root - document-root of the webserver - - This variable has the specified as it will be used for all requests - without a Host: header and for all with a know hostname which you - might have specified with one of the above conditionals. - - Default: no default, required - -server.bind - IP address, hostname or absolute path to the unix-domain socket the server - listen on. - - Default: bind to all interfaces - - Example: :: - - server.bind = "127.0.0.1" - server.bind = "www.example.org" - server.bind = "/tmp/lighttpd.socket" - -server.port - tcp-port to bind the server to - -.. note:: port belows 1024 require root-permissions - - Default: 80 (443 if ssl is enabled) - -server.use-ipv6 - bind to the IPv6 socket - -server.tag - set the string returned by the Server: response header - - Default: lighttpd <current-version> - -server.errorlog - pathname of the error-log - - Default: either STDERR or ``server.errorlog-use-syslog`` - -server.errorlog-use-syslog - send errorlog to syslog - - Default: disabled - -server.chroot - root-directory of the server - - NOTE: requires root-permissions - -server.username - username used to run the server - - NOTE: requires root-permissions - -server.groupname - groupname used to run the server - - NOTE: requires root-permissions - -server.follow-symlink - allow to follow-symlinks - - Default: enabled - -index-file.names - list of files to search for if a directory is requested - e.g.: :: - - index-file.names = ( "index.php", "index.html", - "index.htm", "default.htm" ) - - if a name starts with slash this file will be used a index generator - for all directories. - -server.modules - modules to load - -.. note:: the order of the modules is important. - - The modules are executed in the order as they are specified. Loading - mod_auth AFTER mod_fastcgi might disable authentication for fastcgi - backends (if check-local is disabled). - - As auth should be done first, move it before all executing modules (like - proxy, fastcgi, scgi and cgi). - - rewrites, redirects and access should be first, followed by auth and - the docroot plugins. - - Afterwards the external handlers like fastcgi, cgi, scgi and proxy and - at the bottom the post-processing plugins like mod_accesslog. - - e.g.: :: - - server.modules = ( "mod_rewrite", - "mod_redirect", - "mod_alias", - "mod_access", - "mod_auth", - "mod_status", - "mod_simple_vhost", - "mod_evhost", - "mod_userdir", - "mod_secdownload", - "mod_cgi", - "mod_ssi", - "mod_compress", - "mod_usertrack", - "mod_expire", - "mod_rrdtool", - "mod_accesslog" ) - - Starting with lighttpd 1.4.0 three default modules are loaded automaticly: - - - mod_indexfile - - mod_dirlisting - - mod_staticfile - -server.event-handler - set the event handler - - Default: "poll" - -server.pid-file - set the name of the .pid-file where the PID of the server should be placed. - This option is used in combination with a start-script and the daemon mode - - Default: not set - -server.max-request-size - maximum size in kbytes of the request (header + body). Only applies to POST - requests. - - Default: 2097152 (2GB) - -server.max-worker - number of worker processes to spawn. This is usually only needed on servers - which are fairly loaded and the network handler calls delay often (e.g. new - requests are not handled instantaneously). - - Default: 0 - -server.name - name of the server/virtual server - - Default: hostname - -server.max-keep-alive-requests - maximum number of request within a keep-alive session before the server - terminates the connection - - Default: 128 - -server.max-keep-alive-idle - maximum number of seconds until a idling keep-alive connection is droped - - Default: 30 - -server.max-read-idle - maximum number of seconds until a waiting, non keep-alive read times out - and closes the connection - - Default: 60 - -server.max-write-idle - maximum number of seconds until a waiting write call times out and closes - the connection - - Default: 360 - -server.error-handler-404 - uri to call if the requested file results in a 404 - - Default: not set - - Example: :: - - server.error-handler-404 = "/error-404.php" - -server.protocol-http11 - defines if HTTP/1.1 is allowed or not. - - Default: enabled - -server.range-requests - defines if range requests are allowed or not. - - Default: enabled - - -SSL engine -`````````` - -ssl.pemfile - path to the PEM file for SSL support - -debugging -````````` - -debug.dump-unknown-headers - enables listing of internally unhandled HTTP-headers - - e.g. :: - - debug.dump-unknown-headers = "enable" - -mimetypes -````````` - -mimetype.assign - list of known mimetype mappings - NOTE: if no mapping is given "application/octet-stream" is used - - e.g.: :: - - mimetype.assign = ( ".png" => "image/png", - ".jpg" => "image/jpeg", - ".jpeg" => "image/jpeg", - ".html" => "text/html", - ".txt" => "text/plain" ) - - The list is compared top down and the first match is taken. This is - important if you have matches like: :: - - ".tar.gz" => "application/x-tgz", - ".gz" => "application/x-gzip", - - If you want to set another default mimetype use: :: - - ..., - "" => "text/plain" ) - - as the last entry in the list. - -mimetype.use-xattr - If available, use the XFS-style extended attribute interface to - retrieve the "Content-Type" attribute on each file, and use that as the - mime type. If it's not defined or not available, fall back to the - mimetype.assign assignment. - - e.g.: :: - - mimetype.use-xattr = "enable" - - on shell use: - - $ attr -s Content-Type -V image/svg svgfile.svg - - or - - $ attr -s Content-Type -V text/html indexfile - - -debugging -````````` - -debug.log-request-header - default: disabled - -debug.log-response-header - default: disabled - -debug.log-file-not-found - default: disabled - -debug.log-request-handling - default: disabled - -debug.log-condition-handling - default: disabled - -debug.log-condition-cache-handling - for developers only - default: disabled diff --git a/doc/dirlisting.txt b/doc/dirlisting.txt deleted file mode 100644 index ea65ba6f..00000000 --- a/doc/dirlisting.txt +++ /dev/null @@ -1,82 +0,0 @@ -================== -Directory Listings -================== - ----------------------- -Module: mod_dirlisting ----------------------- - -:Author: Jan Kneschke -:Date: $Date: 2004/11/03 22:26:05 $ -:Revision: $Revision: 1.2 $ - -:abstract: - mod_dirlisting generates HTML based directory listings with full CSS - control - -.. meta:: - :keywords: lighttpd, directory listings, dirlisting - -.. contents:: Table of Contents - -Description -=========== - -mod_dirlisting is one of the modules which is loaded by default and don't have to -be specified on server.modules to work. - -A directory listing is generated if a directory is requested and no index-file -was found in that directory. - -To enable directory listings globally: :: - - dir-listing.activate = "enable" - -If you need it only for a directory, use conditionals: :: - - $HTTP["url"] =~ "^/download($|/)" { - dir-listing.activate = "enable" - } - -You can also use a external generator for directory listings if you use -mod_indexfile. :: - - index-file.names = ( "/dir-generator.php" ) - -If a directory is requested the dir-generator.php is called instead which can -take the REQUEST_URI to see which directory was requested. - -For large folders this is highly recommend. - -Options -======= - -dir-listing.activate - enables virtual directory listings if a directory is requested no - index-file was found - - Default: disabled - -dir-listing.hide-dotfiles - if enabled, does not list hidden files in directory listings generated - by the dir-listing option. - - Default: enabled - -dir-listing.external-css - path to an external css stylesheet for the directory listing - -dir-listing.exclude - list of regular expressions. Files that match any of the specified regular - expressions will be excluded from directory listings. - -dir-listing.encoding - set a encoding for the generated directory listing - - If you file-system is not using ASCII you have to set the encoding of - the filenames as they are put into the HTML listing AS IS (with XML - encoding) - - Example: :: - - dir-listing.encoding = "utf-8" diff --git a/doc/evhost.txt b/doc/evhost.txt deleted file mode 100644 index f44bd932..00000000 --- a/doc/evhost.txt +++ /dev/null @@ -1,46 +0,0 @@ -======================== -Enhanced Virtual-Hosting -======================== - ------------------- -Module: mod_evhost ------------------- - -:Author: Jan Kneschke -:Date: $Date: 2004/08/29 09:43:49 $ -:Revision: $Revision: 1.1 $ - -:abstract: - virtual hosting - -.. meta:: - :keywords: lighttpd, virtual hosting - -.. contents:: Table of Contents - -Description -=========== - -mod_evhost builds the document-root based on a pattern which contains -wildcards. Those wildcards can represent parts if the submitted hostname - - -:: - - %% => % sign - %0 => domain name + tld - %1 => tld - %2 => domain name without tld - %3 => subdomain 1 name - %4 => subdomain 2 name - %_ => the complete hostname (without port info) - - evhost.path-pattern = "/home/www/servers/%3/pages/" - -Options -======= - -evhost.path-pattern - pattern with wildcards to be replace to build a documentroot - - diff --git a/doc/expire.txt b/doc/expire.txt deleted file mode 100644 index 2aee9381..00000000 --- a/doc/expire.txt +++ /dev/null @@ -1,42 +0,0 @@ -=============================================== -Controlling the Expiration of Content in Caches -=============================================== - ------------------- -Module: mod_expire ------------------- - -:Author: Jan Kneschke -:Date: $Date: 2004/11/03 22:26:05 $ -:Revision: $Revision: 1.2 $ - -:abstract: - mod_expire controls the setting of the the Expire Response header - -.. meta:: - :keywords: lighttpd, expire - -.. contents:: Table of Contents - -Description -=========== - -mod_expire controls the Expire header in the Response Header of HTTP/1.0 -messages. It is usefull to set it for static files which should be cached -aggressivly like images, stylesheets or similar. - -Options -======= - -expire.url - assignes a expiration to all files below the specified path. The - specification of the time is made up of: :: - - <access|modification> <number> <years|months|days|hours|minutes|seconds> - - following the syntax used by mod_expire in Apache 1.3.x and later. - - Example: :: - - expire.url = ( "/images/" => "access 1 hour" ) - diff --git a/doc/features.txt b/doc/features.txt deleted file mode 100644 index cfccbb11..00000000 --- a/doc/features.txt +++ /dev/null @@ -1,116 +0,0 @@ -=============== -progress report -=============== - -:Author: Jan Kneschke -:Date: $Date: 2004/11/03 22:26:05 $ -:Revision: $Revision: 1.2 $ - -:abstract: - This document tries to track the requested features and - the release when they have been implemented. - -.. meta:: - :keywords: lighttpd, features - -.. contents:: Table of Contents - -Description -=========== - -The document was inspired by a mail from David Phillips: - -http://marc.theaimsgroup.com/?l=thttpd&m=108051453226692&w=2 - -It is used to see what is still missing and what is already done. :: - - zell@zell.best.vwh.net writes: - > Now that the author has made the source code available, I am - > considering installing and testing the latest version. From a - > quick glance, it seems to support most/all of the features of - > Premium thttpd and Zeus. - - If you think it compares to Zeus, then you've obviously never used Zeus. - - lighttpd is currently the only non-blocking open source web server to - support FastCGI responders and that's worthwhile. - - The documentation is lacking. Comments in the configuration file do not - make up for a complete manual. - -Constantly improving. :: - - The configuration syntax is overly complex, like Apache. There is no .htaccess - support. - -.htaccess support is not planed yet. :: - - There is only one server. You cannot have a separate configuration for each - virtual server. This would seem to be especially problematic when doing - SSL. - -Works since 1.3.0. :: - - There is no SSI support. Zeus has full recursive SSI support. Output from - a FastCGI program can get run through the SSI interpreter. SSI can also do - virtual includes recursively. - -SSI works since 1.2.4. :: - - Request logging is not configurable. Zeus supports fully configurable - access logging, plus a binary version of CLF that save space. - -1.2.6 adds Apache-like logfile config. :: - - Access control only allows authentication via username and password. There - is no way to allow or deny based in IP address. - -planed for 1.3.x :: - - The request rewriting appears to only allow regex substitutions. Zeus has a - simple, yet powerful, request rewrite language. - - - - There is no support for FastCGI authorizers. These are very useful for high - traffic sites that require complex authentication schemes or that store - authorization information in a central database. - -since 1.1.9. :: - - There is no bandwidth throttling support. Zeus does bandwidth throttling - correctly (i.e. unlike past versions of thttpd) and can throttle on a - per-subserver (thttpd-style virtual hosts) basis. - -since 1.3.8. :: - - There is no ISAPI support. ISAPI is an elegant, open API that allows - modification of web server behavior. While it isn't strictly necessary for - an open source web server, it nice to have a documented, consistent API, - rather than having to manually patch the server. - -If someone requests it it might be implemented. :: - - There is no web based interface. Zeus has a complete web based interface - for everything, including a powerful feature of configuring multiple virtual - servers at once. - -That is something that should be a special feature of Zeus. :) :: - - There is no support for mapping certain URLs to specific filesystem paths. - -since 1.2.6 :: - - There is no referring checking. This is incredibly important to prevent - hotlinking of bandwidth intensive media types (images, movies, etc.). - -we have something better: mod_secdownload. And if someone wants referer -checking we have a condition in the config for it since 1.2.9 :: - - Zeus has a lot of features that lighttpd doesn't have, but I only mentioned - the ones I care about and use. - - -- - David Phillips <david@acz.org> - http://david.acz.org/ - diff --git a/doc/lighttpd.8 b/doc/lighttpd.8 deleted file mode 100644 index 80ad5c95..00000000 --- a/doc/lighttpd.8 +++ /dev/null @@ -1,74 +0,0 @@ -.TH LIGHTTPD "8" "2009-03-07" "" "" -. -.SH NAME -lighttpd \- a fast, secure and flexible web server -. -.SH SYNOPSIS -\fBlighttpd\fP [\fB\-ptDIvVh\fP] \fB\-f\fP \fIconfigfile\fP [\fB\-m\fP \fImoduledir\fP] -. -.SH DESCRIPTION -\fBlighttpd\fP (pronounced 'lighty') is an advanced HTTP daemon that aims -to be secure, fast, compliant and very flexible. It has been optimized for -high performance. Its feature set includes, but is not limited to, FastCGI, -CGI, basic and digest HTTP authentication, output compression, URL rewriting. -.PP -This manual page only lists the command line arguments. For details -on how to configure \fBlighttpd\fP and its modules see the files in the -doc-directory. -. -.SH OPTIONS -The following options are supported: -.TP 8 -\fB\-f\ \fP \fIconfigfile\fP -Load configuration file \fIconfigfile\fP. -.TP 8 -\fB\-m\ \fP \fImoduledir\fP -Use -\fImoduledir\fP -as the directory that contains modules, instead of the default. -.TP 8 -\fB\-p\fP -Print the parsed configuration file in its internal form and exit. -.TP 8 -\fB\-t\fP -Test the configuration file for syntax errors and exit. -.TP 8 -\fB\-D\fP -Do not daemonize (go into background). The default is to daemonize. -.TP 8 -\fB\-I\fP -Go to background on SIGINT (useful with -D). -Has no effect when using kqueue or /dev/poll. -.TP 8 -\fB\-v\fP -Show version and exit. -.TP 8 -\fB\-V\fP -Show compile-time features and exit. -.TP 8 -\fB\-h\fP -Show a brief help message and exit. -. -.SH FILES -.TP 8 -/etc/lighttpd/lighttpd.conf -The standard location for the configuration file. -.TP 8 -/var/run/lighttpd.pid -The standard location for the PID of the running \fBlighttpd\fP process. -. -.SH SEE ALSO -Online Documentation: http://wiki.lighttpd.net/ -.PP -spawn-fcgi(1) -.PP -\fIHypertext Transfer Protocol -- HTTP/1.1\fP, RFC 2616. -.PP -\fIHTTP Authentication: Basic and Digest Access Authentication\fP, RFC 2617. -.PP -\fIThe Common Gateway Interface Version 1.1\fP, RFC 3875. -.PP -\fIThe FastCGI specification\fP. -. -.SH AUTHOR -Jan Kneschke <jan@kneschke.de> diff --git a/doc/lighttpd.conf b/doc/lighttpd.conf deleted file mode 100644 index c3348936..00000000 --- a/doc/lighttpd.conf +++ /dev/null @@ -1,310 +0,0 @@ -# lighttpd configuration file -# -# use it as a base for lighttpd 1.0.0 and above -# -# $Id: lighttpd.conf,v 1.7 2004/11/03 22:26:05 weigon Exp $ - -############ Options you really have to take care of #################### - -## modules to load -# at least mod_access and mod_accesslog should be loaded -# all other module should only be loaded if really neccesary -# - saves some time -# - saves memory -server.modules = ( -# "mod_rewrite", -# "mod_redirect", -# "mod_alias", - "mod_access", -# "mod_trigger_b4_dl", -# "mod_auth", -# "mod_status", -# "mod_setenv", -# "mod_proxy_core", -# "mod_proxy_backend_http", -# "mod_proxy_backend_fastcgi", -# "mod_proxy_backend_scgi", -# "mod_proxy_backend_ajp13", -# "mod_simple_vhost", -# "mod_evhost", -# "mod_userdir", -# "mod_cgi", -# "mod_compress", -# "mod_ssi", -# "mod_usertrack", -# "mod_expire", -# "mod_secdownload", -# "mod_rrdtool", - "mod_accesslog" ) - -## A static document-root. For virtual hosting take a look at the -## mod_simple_vhost module. -server.document-root = "/www/pages/" - -## where to send error-messages to -server.errorlog = "/www/logs/lighttpd.error.log" - -# files to check for if .../ is requested -index-file.names = ( "index.php", "index.html", - "index.htm", "default.htm" ) - -## set the event-handler (read the performance section in the manual) -# server.event-handler = "freebsd-kqueue" # needed on OS X - -# mimetype mapping -mimetype.assign = ( - ".pdf" => "application/pdf", - ".sig" => "application/pgp-signature", - ".spl" => "application/futuresplash", - ".class" => "application/octet-stream", - ".ps" => "application/postscript", - ".torrent" => "application/x-bittorrent", - ".dvi" => "application/x-dvi", - ".gz" => "application/x-gzip", - ".pac" => "application/x-ns-proxy-autoconfig", - ".swf" => "application/x-shockwave-flash", - ".tar.gz" => "application/x-tgz", - ".tgz" => "application/x-tgz", - ".tar" => "application/x-tar", - ".zip" => "application/zip", - ".mp3" => "audio/mpeg", - ".m3u" => "audio/x-mpegurl", - ".wma" => "audio/x-ms-wma", - ".wax" => "audio/x-ms-wax", - ".ogg" => "application/ogg", - ".wav" => "audio/x-wav", - ".gif" => "image/gif", - ".jar" => "application/x-java-archive", - ".jpg" => "image/jpeg", - ".jpeg" => "image/jpeg", - ".png" => "image/png", - ".xbm" => "image/x-xbitmap", - ".xpm" => "image/x-xpixmap", - ".xwd" => "image/x-xwindowdump", - ".css" => "text/css", - ".html" => "text/html", - ".htm" => "text/html", - ".js" => "text/javascript", - ".asc" => "text/plain", - ".c" => "text/plain", - ".cpp" => "text/plain", - ".log" => "text/plain", - ".conf" => "text/plain", - ".text" => "text/plain", - ".txt" => "text/plain", - ".dtd" => "text/xml", - ".xml" => "text/xml", - ".mpeg" => "video/mpeg", - ".mpg" => "video/mpeg", - ".mov" => "video/quicktime", - ".qt" => "video/quicktime", - ".avi" => "video/x-msvideo", - ".asf" => "video/x-ms-asf", - ".asx" => "video/x-ms-asf", - ".wmv" => "video/x-ms-wmv", - ".bz2" => "application/x-bzip", - ".tbz" => "application/x-bzip-compressed-tar", - ".tar.bz2" => "application/x-bzip-compressed-tar" - ) - -# Use the "Content-Type" extended attribute to obtain mime type if possible -#mimetype.use-xattr = "enable" - - -## send a different Server: header -## be nice and keep it at lighttpd -# server.tag = "lighttpd" - -#### accesslog module -accesslog.filename = "/www/logs/access.log" - -## deny access the file-extensions -# -# ~ is for backupfiles from vi, emacs, joe, ... -# .inc is often used for code includes which should in general not be part -# of the document-root -url.access-deny = ( "~", ".inc" ) - -$HTTP["url"] =~ "\.pdf$" { - server.range-requests = "disable" -} - -## -# which extensions should not be handle via static-file transfer -# -# .php, .pl, .fcgi are most often handled by mod_proxy_core or mod_cgi -static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) - -######### Options that are good to be but not neccesary to be changed ####### - -## bind to port (default: 80) -#server.port = 81 - -## bind to localhost (default: all interfaces) -#server.bind = "grisu.home.kneschke.de" - -## error-handler for status 404 -#server.error-handler-404 = "/error-handler.html" -#server.error-handler-404 = "/error-handler.php" - -## to help the rc.scripts -#server.pid-file = "/var/run/lighttpd.pid" - - -###### virtual hosts -## -## If you want name-based virtual hosting add the next three settings and load -## mod_simple_vhost -## -## document-root = -## virtual-server-root + virtual-server-default-host + virtual-server-docroot -## or -## virtual-server-root + http-host + virtual-server-docroot -## -#simple-vhost.server-root = "/home/weigon/wwwroot/servers/" -#simple-vhost.default-host = "grisu.home.kneschke.de" -#simple-vhost.document-root = "/pages/" - - -## -## Format: <errorfile-prefix><status-code>.html -## -> ..../status-404.html for 'File not found' -#server.errorfile-prefix = "/home/weigon/projects/lighttpd/doc/status-" - -## virtual directory listings -#dir-listing.activate = "enable" - -## enable debugging -#debug.log-request-header = "enable" -#debug.log-response-header = "enable" -#debug.log-request-handling = "enable" -#debug.log-file-not-found = "enable" -#debug.log-condition-handling = "enable" - -### only root can use these options -# -# chroot() to directory (default: no chroot() ) -#server.chroot = "/" - -## change uid to <uid> (default: don't care) -#server.username = "wwwrun" - -## change uid to <uid> (default: don't care) -#server.groupname = "wwwrun" - -#### compress module -#compress.cache-dir = "/tmp/lighttpd/cache/compress/" -#compress.filetype = ("text/plain", "text/html") - -#### mod-proxy-core module -## read mod-proxy-core.txt for more info -## for PHP don't forget to set cgi.fix_pathinfo = 1 in the php.ini -#$PHYSICAL["existing-path"] =~ "\.php$" { -# proxy-core.balancer = "round-robin" -# proxy-core.allow-x-sendfile = "enable" -# proxy-core.protocol = "fastcgi" -# proxy-core.backends = ( "unix:/tmp/php-fastcgi.sock" ) -# proxy-core.max-pool-size = 16 -#} - - -#### CGI module -#cgi.assign = ( ".pl" => "/usr/bin/perl", -# ".cgi" => "/usr/bin/perl" ) -# - -#### SSL engine -#ssl.engine = "enable" -#ssl.pemfile = "server.pem" - -#### status module -#status.status-url = "/server-status" -#status.config-url = "/server-config" - -#### auth module -## read authentication.txt for more info -#auth.backend = "plain" -#auth.backend.plain.userfile = "lighttpd.user" -#auth.backend.plain.groupfile = "lighttpd.group" - -#auth.backend.ldap.hostname = "localhost" -#auth.backend.ldap.base-dn = "dc=my-domain,dc=com" -#auth.backend.ldap.filter = "(uid=$)" - -#auth.require = ( "/server-status" => -# ( -# "method" => "digest", -# "realm" => "download archiv", -# "require" => "user=jan" -# ), -# "/server-config" => -# ( -# "method" => "digest", -# "realm" => "download archiv", -# "require" => "valid-user" -# ) -# ) - -#### url handling modules (rewrite, redirect, access) -#url.rewrite = ( "^/$" => "/server-status" ) -#url.redirect = ( "^/wishlist/(.+)" => "http://www.123.org/$1" ) -#### both rewrite/redirect support back reference to regex conditional using %n -#$HTTP["host"] =~ "^www\.(.*)" { -# url.redirect = ( "^/(.*)" => "http://%1/$1" ) -#} - -# -# define a pattern for the host url finding -# %% => % sign -# %0 => domain name + tld -# %1 => tld -# %2 => domain name without tld -# %3 => subdomain 1 name -# %4 => subdomain 2 name -# -#evhost.path-pattern = "/home/storage/dev/www/%3/htdocs/" - -#### expire module -#expire.url = ( "/buggy/" => "access 2 hours", "/asdhas/" => "access plus 1 seconds 2 minutes") - -#### ssi -#ssi.extension = ( ".shtml" ) - -#### rrdtool -#rrdtool.binary = "/usr/bin/rrdtool" -#rrdtool.db-name = "/var/www/lighttpd.rrd" - -#### setenv -#setenv.add-request-header = ( "TRAV_ENV" => "mysql://user@host/db" ) -#setenv.add-response-header = ( "X-Secret-Message" => "42" ) - -## for mod_trigger_b4_dl -# trigger-before-download.gdbm-filename = "/home/weigon/testbase/trigger.db" -# trigger-before-download.memcache-hosts = ( "127.0.0.1:11211" ) -# trigger-before-download.trigger-url = "^/trigger/" -# trigger-before-download.download-url = "^/download/" -# trigger-before-download.deny-url = "http://127.0.0.1/index.html" -# trigger-before-download.trigger-timeout = 10 - -#### variable usage: -## variable name without "." is auto prefixed by "var." and becomes "var.bar" -#bar = 1 -#var.mystring = "foo" - -## integer add -#bar += 1 -## string concat, with integer cast as string, result: "www.foo1.com" -#server.name = "www." + mystring + var.bar + ".com" -## array merge -#index-file.names = (foo + ".php") + index-file.names -#index-file.names += (foo + ".php") - -#### include -#include /etc/lighttpd/lighttpd-inc.conf -## same as above if you run: "lighttpd -f /etc/lighttpd/lighttpd.conf" -#include "lighttpd-inc.conf" - -#### include_shell -#include_shell "echo var.a=1" -## the above is same as: -#var.a=1 diff --git a/doc/lighttpd.user b/doc/lighttpd.user deleted file mode 100644 index 727e9c33..00000000 --- a/doc/lighttpd.user +++ /dev/null @@ -1 +0,0 @@ -dummy:test123 diff --git a/doc/newstyle.css b/doc/newstyle.css deleted file mode 100644 index 26f91d37..00000000 --- a/doc/newstyle.css +++ /dev/null @@ -1,49 +0,0 @@ -body { - background-color: #F5F5F5; -} -a, a:active { - text-decoration: none; - color: blue; -} -a:visited { - color: #48468F; -} -a:hover, a:focus { - text-decoration: underline; - color: red; -} -h2 { - margin-bottom: 12px; -} -table { - margin-left: 12px; -} -th, td { - font-family: "Courier New", Courier, monospace; - font-size: 10pt; - text-align: left; -} -th { - font-weight: bold; - padding-right: 14px; - padding-bottom: 3px; -} -td { - padding-right: 14px; -} -td.s, th.s { - text-align: right; -} -div.list { - background-color: white; - border-top: 1px solid #646464; - border-bottom: 1px solid #646464; - padding-top: 10px; - padding-bottom: 14px; -} -div.foot { - font-family: "Courier New", Courier, monospace; - font-size: 10pt; - color: #787878; - padding-top: 4px; -} diff --git a/doc/oldstyle.css b/doc/oldstyle.css deleted file mode 100644 index f3e26db3..00000000 --- a/doc/oldstyle.css +++ /dev/null @@ -1,25 +0,0 @@ -table { - border: 1px solid black; - padding: 1px; -} -th { - background-color: black; - border: 1px solid white; - color: white; - padding-right: 2px; - padding-left: 2px; -} -td { - background-color: #f0f0f0; - border: 1px solid white; - padding-right: 2px; - padding-left: 2px; -} -td.s { - background-color: #f0f0f0; - text-align: right; - padding-left: 14px; -} -div.foot { - margin-top: 4px; -} diff --git a/doc/performance.txt b/doc/performance.txt deleted file mode 100644 index c3e46f56..00000000 --- a/doc/performance.txt +++ /dev/null @@ -1,241 +0,0 @@ -======================== -Performance Improvements -======================== - ------------- -Module: core ------------- - -:Author: Jan Kneschke -:Date: $Date: 2005-03-28T08:30:05.699628Z $ -:Revision: $Revision: 227 $ - -:abstract: - handling performance issues in lighttpd - -.. meta:: - :keywords: lighttpd, performance - -.. contents:: Table of Contents - -Description -=========== - -Performance Issues ------------------- - -lighttpd is optimized into varying directions. The most important direction is -performance. The operation system has two major facilities to help lighttpd -a deliver its best performance. - -HTTP Keep-Alive ---------------- - -Disabling keep-alive might help your server if you suffer from a large -number of open file descriptors. - -The defaults for the server are: :: - - server.max-keep-alive-requests = 128 - server.max-keep-alive-idle = 30 - server.max-read-idle = 60 - server.max-write-idle = 360 - -handling 128 keep-alive requests in a row on a single connection, waiting 30 seconds -before an unused keep-alive connection gets dropped by lighttpd. - -If you handle several connections at once under a high load (let's assume 500 connections -in parallel for 24h) you might run into the out-of-fd problem described below. :: - - server.max-keep-alive-requests = 4 - server.max-keep-alive-idle = 4 - -would release the connections earlier and would free file descriptors without a -detrimental performance loss. - -Disabling keep-alive completely is the last resort if you are still short on file descriptors: :: - - server.max-keep-alive-requests = 0 - -Event Handlers --------------- - -The first one is the Event Handler which takes care of notifying the server -that one of the connections is ready to send or receive. As you can see, -every OS has at least the select() call which has some limitations. - -============ ========== =============== -OS Method Config Value -============ ========== =============== -all select select -Unix poll poll -Linux 2.4+ rt-signals linux-rtsig -Linux 2.6+ epoll linux-sysepoll -Solaris /dev/poll solaris-devpoll -FreeBSD, ... kqueue freebsd-kqueue -============ ========== =============== - - -For more information on this topic take a look at http://www.kegel.com/c10k.html - -Configuration -````````````` - -The event handler can be set by specifying the 'Config Value' from above -in the ``server.event-handler`` variable - -e.g.: :: - - server.event-handler = "linux-sysepoll" - -Network Handlers ----------------- - -The basic network interface for all platforms at the syscalls read() and -write(). Every modern OS provides its own syscall to help network servers -transfer files as fast as possible. - -If you want to send out a file from the webserver, it doesn't make any sense -to copy the file into the webserver just to write() it back into a socket -in the next step. - -sendfile() minimizes the work in the application and pushes a file directly -into the network card (ideally). - -lighttpd supports all major platform-specific calls: - -========== ========== -OS Method -========== ========== -all write -Unix writev -Linux 2.4+ sendfile -Linux 2.6+ sendfile64 -Solaris sendfilev -FreeBSD sendfile -========== ========== - -The best backend is selected at compile time. In case you want to use -another backend set: :: - - server.network-backend = "writev" - -You can find more information about network backend in: - - http://blog.lighttpd.net/articles/2005/11/11/optimizing-lighty-for-high-concurrent-large-file-downloads - - -Max Connections ---------------- - -As lighttpd is a single-threaded server, its main resource limit is the -number of file descriptors, which is set to 1024 by default (on most systems). - -If you are running a high-traffic site you might want to increase this limit -by setting :: - - server.max-fds = 2048 - -This only works if lighttpd is started as root. - -Out-of-fd condition -------------------- - -Since file descriptors are used for TCP/IP sockets, files and directories, -a simple request for a PHP page might result in using 3 file descriptors: - -1. the TCP/IP socket to the client -2. the TCP/IP and Unix domain socket to the FastCGI process -3. the filehandle to the file in the document root to check if it exists - -If lighttpd runs out of file descriptors, it will stop accepting new -connections for awhile to use the existing file descriptors to handle the -currently-running requests. - -If more than 90% of the file descriptors are used then the handling of new -connections is disabled. If it drops below 80% again new connections will -be accepted again. - -Under some circumstances you will see :: - - ... accept() failed: Too many open files - -in the error log. This tells you there were too many new requests at once -and lighttpd could not disable the incoming connections soon enough. The -connection was dropped and the client received an error message like 'connection -failed'. This is very rare and might only occur in test setups. - -Increasing the ``server.max-fds`` limit will reduce the probability of this -problem. - -stat() cache -============ - -A stat(2) can be expensive; caching it saves time and context switches. - -Instead of using stat() every time to check for the existence of a file -you can stat() it once and monitor the directory the file is in for -modifications. As long as the directory doesn't change, the files in it -must all still be the same. - -With the help of FAM or gamin you can use kernel events to assure that -your stat cache is up to date. :: - - server.stat-cache-engine = "fam" # either fam, simple or disabled - -See http://oss.sgi.com/projects/fam/faq.html for information about FAM. -See http://www.gnome.org/~veillard/gamin/overview.html for information about gamin. - -Platform-Specific Notes -======================= - -Linux ------ - -For Linux 2.4.x you should think about compiling lighttpd with the option -``--disable-lfs`` to disable the support for files larger than 2GB. lighttpd will -fall back to the ``writev() + mmap()`` network calls which is ok, but not as -fast as possible but support files larger than 2GB. - -Disabling the TCP options reduces the overhead of each TCP packet and might -help to get the last few percent of performance out of the server. Be aware that -disabling these options most likely decreases performance for high-latency and lossy -links. - -- net.ipv4.tcp_sack = 0 -- net.ipv4.tcp_timestamps = 0 - -Increasing the TCP send and receive buffers will increase the performance a -lot if (and only if) you have a lot of large files to send. - -- net.ipv4.tcp_wmem = 4096 65536 524288 -- net.core.wmem_max = 1048576 - -If you have a lot of large file uploads, increasing the receive buffers will help. - -- net.ipv4.tcp_rmem = 4096 87380 524288 -- net.core.rmem_max = 1048576 - -Keep in mind that every TCP connection uses the configured amount of memory for socket -buffers. If you've got many connections this can quickly drain the available memory. - -See http://www.acc.umu.se/~maswan/linux-netperf.txt for more information on these parameters. - -FreeBSD -------- - -On FreeBSD you might gain some performance by enabling accept filters. Just -compile your kernel with: :: - - options ACCEPT_FILTER_HTTP - -For more ideas about tuning FreeBSD read: tuning(7) - -Reducing the recvspace should always be ok if the server only handles HTTP -requests without large uploads. Increasing the sendspace would reduce the -system load if you have a lot of large files to be sent, but keep in mind that -you have to provide the memory in the kernel for each connection. 1024 * 64KB -would mean 64MB of kernel RAM. Keep this in mind. - -- net.inet.tcp.recvspace = 4096 - diff --git a/doc/plugins.txt b/doc/plugins.txt deleted file mode 100644 index a7d707db..00000000 --- a/doc/plugins.txt +++ /dev/null @@ -1,260 +0,0 @@ -================ -Plugin Interface -================ - ------------- -Module: core ------------- - -:Author: Jan Kneschke -:Date: $Date: 2005-03-28T08:30:05.699628Z $ -:Revision: $Revision: 227 $ - -:abstract: - The plugin interface is an integral part of lighttpd which - provides a flexible way to add specific functionality to lighttpd. - -.. meta:: - :keywords: lighttpd, plugins - -.. contents:: Table of Contents - -Description -=========== - -Plugins allow you to enhance the functionality of lighttpd without -changing the core of the webserver. They can be loaded at startup time -and can change virtually any aspect of the behaviour of the webserver. - -Plugin Entry Points -------------------- - -lighttpd has 16 hooks which are used in different states of the -execution of the request: - -Serverwide hooks -```````````````` - -:init_: - called when the plugin is loaded -:cleanup_: - called when the plugin is unloaded -:set_defaults_: - called when the configuration has to be processed -:handle_trigger_: - called once a second -:handle_sighup_: - called when the server received a SIGHUP - -Connectionwide hooks -```````````````````` - -Most of these hooks are called in ``http_response_prepare()`` after some -fields in the connection structure are set. - -:handle_uri_raw_: - called after uri.path_raw, uri.authority and uri.scheme are set -:handle_uri_clean_: - called after uri.path (a clean URI without .. and %20) is set -:handle_docroot_: - called at the end of the logical path handle to get a docroot -:handle_subrequest_start_: - called if the physical path is set up and checked -:handle_subrequest_: - called at the end of ``http_response_prepare()`` -:handle_physical_path_: - called after the physical path is created and no other handler is - found for this request -:handle_request_done_: - called when the request is done -:handle_connection_close_: - called if the connection has to be closed -:handle_joblist_: - called after the connection_state_engine is left again and plugin - internal handles have to be called -:connection_reset_: - called if the connection structure has to be cleaned up - - -Plugin Interface ----------------- - -\*_plugin_init -`````````````` - -Every plugin has a uniquely-named function which is called after the -plugin is loaded. It is used to set up the ``plugin`` structure with -some useful data: - -- name of the plugin ``name`` -- all hooks - -The field ``data`` and ``lib`` should not be touched in the init function. -``lib`` is the library handler from dlopen and ``data`` will be the storage -of the internal plugin data. - -:returns: - 0 (not handled) - -init -```` - -The first real call of a plugin function is the init hook which is used -to set up the internal plugin data. The internal plugin is assigned the -``data`` field mentioned in the \*_plugin_init description. - -:returns: - a pointer to the internal plugin data. - -cleanup -``````` - -The cleanup hook is called just before the plugin is unloaded. It is meant -to free all buffers allocated in ``init`` or somewhere else in the plugin -which are still not freed and to close all handles which were opened and -are not closed yet. - -:returns: - HANDLER_GO_ON if ok (not handled) - -set_defaults -```````````` - -set_defaults is your entry point into the configfile parsing. It should -pass a list of options to ``config_insert_values`` and check if -the plugin configuration is valid. If it is not valid yet, it should -set useful defaults or return with HANDLER_ERROR and an error message. - -:returns: - HANDLER_GO_ON if ok - - HANDLER_ERROR will terminate lighttpd - -connection_reset -```````````````` - -called at the end of each request - -:returns: - HANDLER_GO_ON if ok - - HANDLER_ERROR on error - -handle_trigger -`````````````` - -called once a second - -:returns: - HANDLER_GO_ON if ok - - HANDLER_ERROR on error - -handle_sighup -````````````` - -called if a SIGHUP is received (cycling logfiles, ...) - -:returns: - HANDLER_GO_ON if ok - - HANDLER_ERROR on error - -handle_uri_raw -`````````````` - -called after uri_raw is set - -:returns: - HANDLER_GO_ON if ok - HANDLER_FINISHED if the final output is prepared - - HANDLER_ERROR on error - -handle_uri_clean -```````````````` - -called after uri.path is set - -:returns: - HANDLER_GO_ON if ok - HANDLER_FINISHED if the final output is prepared - - HANDLER_ERROR on error - -handle_docroot -`````````````` - -called when a docroot is needed - -:returns: - HANDLER_GO_ON if ok - HANDLER_FINISHED if the final output is prepared - - HANDLER_ERROR on error - -handle_subrequest_start -``````````````````````` - -called after physical.path is set - -:returns: - HANDLER_GO_ON if ok - HANDLER_FINISHED if the final output is prepared - - HANDLER_ERROR on error - -handle_subrequest -````````````````` - -called if subrequest_start requested a COMEBACK or a WAIT_FOR_EVENT - -:returns: - HANDLER_GO_ON if ok - HANDLER_FINISHED if the final output is prepared - - HANDLER_ERROR on error - -handle_physical_path -```````````````````` - -called after physical.path is set - -:returns: - HANDLER_GO_ON if ok - HANDLER_FINISHED if the final output is prepared - - HANDLER_ERROR on error - - -handle_request_done -``````````````````` - -called at the end of the request (logging, statistics, ...) - -:returns: - HANDLER_GO_ON if ok - - HANDLER_ERROR on error - -handle_connection_close -``````````````````````` - -called if the connection is terminated - -:returns: - HANDLER_GO_ON if ok - - HANDLER_ERROR on error - -handle_joblist -`````````````` - -called if the state of the connection has changed - -:returns: - HANDLER_GO_ON if ok - - HANDLER_ERROR on error - - diff --git a/doc/rc.lighttpd b/doc/rc.lighttpd deleted file mode 100755 index 4dd2a1e5..00000000 --- a/doc/rc.lighttpd +++ /dev/null @@ -1,155 +0,0 @@ -#! /bin/sh -# Copyright (c) 1995-2002 SuSE Linux AG, Nuernberg, Germany. -# All rights reserved. -# -# Author: Kurt Garloff <feedback@suse.de> -# -# /etc/init.d/FOO -# -# and symbolic its link -# -# /(usr/)sbin/rcFOO -# -# LSB compliant service control script; see http://www.linuxbase.org/spec/ -# -# System startup script for some example service or daemon FOO (template) -# -### BEGIN INIT INFO -# Provides: FOO -# Required-Start: $remote_fs $syslog -# Required-Stop: $remote_fs $syslog -# Default-Start: 3 5 -# Default-Stop: 0 1 2 6 -# Description: Start FOO to allow XY and provide YZ -# continued on second line by '#<TAB>' -### END INIT INFO -# -# Note on Required-Start: It does specify the init script ordering, -# not real dependencies. Depencies have to be handled by admin -# resp. the configuration tools (s)he uses. - -# Source SuSE config (if still necessary, most info has been moved) -test -r /etc/rc.config && . /etc/rc.config - -# Check for missing binaries (stale symlinks should not happen) -LIGHTTPD_BIN=/usr/sbin/lighttpd -test -x $LIGHTTPD_BIN || exit 5 - -# Check for existence of needed config file and read it -LIGHTTPD_CONFIG=/etc/sysconfig/lighttpd -test -r $LIGHTTPD_CONFIG || exit 6 -. $LIGHTTPD_CONFIG - -# Shell functions sourced from /etc/rc.status: -# rc_check check and set local and overall rc status -# rc_status check and set local and overall rc status -# rc_status -v ditto but be verbose in local rc status -# rc_status -v -r ditto and clear the local rc status -# rc_failed set local and overall rc status to failed -# rc_failed <num> set local and overall rc status to <num><num> -# rc_reset clear local rc status (overall remains) -# rc_exit exit appropriate to overall rc status -# rc_active checks whether a service is activated by symlinks -. /etc/rc.status - -# First reset status of this service -rc_reset - -# Return values acc. to LSB for all commands but status: -# 0 - success -# 1 - generic or unspecified error -# 2 - invalid or excess argument(s) -# 3 - unimplemented feature (e.g. "reload") -# 4 - insufficient privilege -# 5 - program is not installed -# 6 - program is not configured -# 7 - program is not running -# -# Note that starting an already running service, stopping -# or restarting a not-running service as well as the restart -# with force-reload (in case signalling is not supported) are -# considered a success. - -case "$1" in - start) - echo -n "Starting lighttpd" - ## Start daemon with startproc(8). If this fails - ## the echo return value is set appropriate. - - # NOTE: startproc returns 0, even if service is - # already running to match LSB spec. - startproc $LIGHTTPD_BIN -f $LIGHTTPD_CONF_PATH - - # Remember status and be verbose - rc_status -v - ;; - stop) - echo -n "Shutting down lighttpd" - ## Stop daemon with killproc(8) and if this fails - ## set echo the echo return value. - - killproc -TERM $LIGHTTPD_BIN - - # Remember status and be verbose - rc_status -v - ;; - try-restart) - ## Stop the service and if this succeeds (i.e. the - ## service was running before), start it again. - ## Note: try-restart is not (yet) part of LSB (as of 0.7.5) - $0 status >/dev/null && $0 restart - - # Remember status and be quiet - rc_status - ;; - restart) - ## Stop the service and regardless of whether it was - ## running or not, start it again. - $0 stop - $0 start - - # Remember status and be quiet - rc_status - ;; - force-reload|reload) - ## Like force-reload, but if daemon does not support - ## signalling, do nothing (!) - - # If it supports signalling: - echo -n "Reload service LIGHTTPD" - killproc -INT $LIGHTTPD_BIN - $0 start - touch /var/run/lighttpd.pid - rc_status -v - - ## Otherwise if it does not support reload: - #rc_failed 3 - #rc_status -v - ;; - status) - echo -n "Checking for service LIGHTTPD: " - ## Check status with checkproc(8), if process is running - ## checkproc will return with exit status 0. - - # Return value is slightly different for the status command: - # 0 - service running - # 1 - service dead, but /var/run/ pid file exists - # 2 - service dead, but /var/lock/ lock file exists - # 3 - service not running - - # NOTE: checkproc returns LSB compliant status values. - checkproc $LIGHTTPD_BIN - rc_status -v - ;; - probe) - ## Optional: Probe for the necessity of a reload, - ## print out the argument which is required for a reload. - - test /etc/lighttpd/lighttpd.conf -nt /var/run/lighttpd.pid && echo reload - ;; - *) - echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" - exit 1 - ;; -esac -rc_exit diff --git a/doc/rc.lighttpd.redhat b/doc/rc.lighttpd.redhat deleted file mode 100644 index e22d551d..00000000 --- a/doc/rc.lighttpd.redhat +++ /dev/null @@ -1,87 +0,0 @@ -#!/bin/sh -# -# lighttpd Startup script for the lighttpd server -# -# chkconfig: - 85 15 -# description: Lightning fast webserver with light system requirements -# -# processname: lighttpd -# config: /etc/lighttpd/lighttpd.conf -# config: /etc/sysconfig/lighttpd -# pidfile: /var/run/lighttpd.pid -# -# Note: pidfile is assumed to be created -# by lighttpd (config: server.pid-file). -# If not, uncomment 'pidof' line. - -# Source function library -. /etc/rc.d/init.d/functions - -if [ -f /etc/sysconfig/lighttpd ]; then - . /etc/sysconfig/lighttpd -fi - -if [ -z "$LIGHTTPD_CONF_PATH" ]; then - LIGHTTPD_CONF_PATH="/etc/lighttpd/lighttpd.conf" -fi - -prog="lighttpd" -lighttpd="/usr/sbin/lighttpd" -RETVAL=0 - -start() { - echo -n $"Starting $prog: " - daemon $lighttpd -f $LIGHTTPD_CONF_PATH - RETVAL=$? - echo - [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog - return $RETVAL -} - -stop() { - echo -n $"Stopping $prog: " - killproc $lighttpd - RETVAL=$? - echo - [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog - return $RETVAL -} - -reload() { - echo -n $"Reloading $prog: " - killproc $lighttpd -HUP - RETVAL=$? - echo - return $RETVAL -} - -case "$1" in - start) - start - ;; - stop) - stop - ;; - restart) - stop - start - ;; - condrestart) - if [ -f /var/lock/subsys/$prog ]; then - stop - start - fi - ;; - reload) - reload - ;; - status) - status $lighttpd - RETVAL=$? - ;; - *) - echo $"Usage: $0 {start|stop|restart|condrestart|reload|status}" - RETVAL=1 -esac - -exit $RETVAL diff --git a/doc/redirect.txt b/doc/redirect.txt deleted file mode 100644 index ab4e7a83..00000000 --- a/doc/redirect.txt +++ /dev/null @@ -1,41 +0,0 @@ -=============== -URL Redirection -=============== - --------------------- -Module: mod_redirect --------------------- - -:Author: Jan Kneschke -:Date: $Date: 2005-03-28T08:30:05.699628Z $ -:Revision: $Revision: 227 $ - -:abstract: - url redirection - -.. meta:: - :keywords: lighttpd, redirect - -.. contents:: Table of Contents - -Description -=========== - -... - -Options -======= - -url.redirect - redirects a set of URLs externally - - e.g. :: - - url.redirect = ( "^/show/([0-9]+)/([0-9]+)$" => "http://www.example.org/show.php?isdn=$1&page$2", - "^/get/([0-9]+)/([0-9]+)$" => "http://www.example.org/get.php?isdn=$1&page$2" ) - - # make a external redirect - # from any www.host (with www.) to the host (without www.) - $HTTP["host"] =~ "^www\.(.*)" { - url.redirect = ( "^/(.*)" => "http://%1/$1" ) - } diff --git a/doc/rewrite.txt b/doc/rewrite.txt deleted file mode 100644 index ec00f5d8..00000000 --- a/doc/rewrite.txt +++ /dev/null @@ -1,71 +0,0 @@ -============ -URL Rewrites -============ - -------------------- -Module: mod_rewrite -------------------- - -:Author: Jan Kneschke -:Date: $Date: 2005-03-28T08:30:05.699628Z $ -:Revision: $Revision: 227 $ - -:abstract: - url rewrite - -.. meta:: - :keywords: lighttpd, rewrite - -.. contents:: Table of Contents - -Description -=========== - -internal redirects, url rewrite - -Options -======= - -url.rewrite-once - rewrites a set of URLs interally in the webserver BEFORE they are handled. - - e.g. :: - - url.rewrite-once = ( "<regex>" => "<relative-uri>" ) - -url.rewrite-repeat - rewrites a set of URLs interally in the webserver BEFORE they are handled - - e.g. :: - - url.rewrite-repeat = ( "<regex>" => "<relative-uri>" ) - -The options ``url.rewrite`` and ``url.rewrite-final`` were mapped to ``url.rewrite-once`` -in 1.3.16. - -Examples -======== - -The regex is matching the full REQUEST_URI which is supplied by the user including -query-string.:: - - url.rewrite-once = ( "^/id/([0-9]+)$" => "/index.php?id=$1", - "^/link/([a-zA-Z]+)" => "/index.php?link=$1" ) - - - - # the following example, is, however just simulating vhost by rewrite - # * you can never change document-root by mod_rewrite - # use mod_*host instead to make real mass-vhost - - # request: http://any.domain.com/url/ - # before rewrite: REQUEST_URI="/www/htdocs/url/" - # and DOCUMENT_ROOT="/www/htdocs/" %0="www.domain.com" $1="url/" - # after rewrite: REQUEST_URI="/www/htdocs/domain.com/url/" - # still, you have DOCUMENT_ROOT=/www/htdocs/ - - server.document-root = "/www/htdocs/" - $HTTP["host"] =~ "^.*\.([^.]+\.com)$" { - url.rewrite-once = ( "^/(.*)" => "/%0/$1" ) - } - diff --git a/doc/rrdtool-graph.sh b/doc/rrdtool-graph.sh deleted file mode 100644 index 1157a285..00000000 --- a/doc/rrdtool-graph.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/sh - -RRDTOOL=/usr/bin/rrdtool -OUTDIR=/var/www/servers/www.example.org/pages/rrd/ -INFILE=/var/www/lighttpd.rrd -OUTPRE=lighttpd-traffic - -DISP="DEF:bin=$INFILE:InOctets:AVERAGE \ - DEF:binmin=$INFILE:InOctets:MIN \ - DEF:binmax=$INFILE:InOctets:MAX \ - DEF:bout=$INFILE:OutOctets:AVERAGE \ - DEF:boutmin=$INFILE:OutOctets:MIN \ - DEF:boutmax=$INFILE:OutOctets:MAX \ - LINE1:bin#0000FF:in \ - LINE1:binmin#2222FF: \ - STACK:binmax#2222FF: \ - LINE1:bout#FF0000:out \ - LINE1:boutmin#FF2222: \ - STACK:boutmax#FF2222: \ - -v bytes/s" - -$RRDTOOL graph $OUTDIR/$OUTPRE-hour.png -a PNG --start -14400 $DISP -$RRDTOOL graph $OUTDIR/$OUTPRE-day.png -a PNG --start -86400 $DISP -$RRDTOOL graph $OUTDIR/$OUTPRE-month.png -a PNG --start -2592000 $DISP - -OUTPRE=lighttpd-requests - -DISP="DEF:req=$INFILE:Requests:AVERAGE \ - DEF:reqmin=$INFILE:Requests:MIN \ - DEF:reqmax=$INFILE:Requests:MAX \ - LINE1:req#0000FF:requests \ - LINE1:reqmin#2222FF: \ - STACK:reqmax#2222FF: \ - -v req/s" - -$RRDTOOL graph $OUTDIR/$OUTPRE-hour.png -a PNG --start -14400 $DISP -$RRDTOOL graph $OUTDIR/$OUTPRE-day.png -a PNG --start -86400 $DISP -$RRDTOOL graph $OUTDIR/$OUTPRE-month.png -a PNG --start -2592000 $DISP diff --git a/doc/rrdtool.txt b/doc/rrdtool.txt deleted file mode 100644 index ef0a13b2..00000000 --- a/doc/rrdtool.txt +++ /dev/null @@ -1,111 +0,0 @@ -======= -rrdtool -======= - -------------------- -Module: mod_rrdtool -------------------- - -:Author: Jan Kneschke -:Date: $Date: 2005-03-28T08:30:05.699628Z $ -:Revision: $Revision: 227 $ - -:abstract: - mod_rrdtool is used to monitor the traffic and load on the webserver - -.. meta:: - :keywords: lighttpd, skeleton - -.. contents:: Table of Contents - -Description -=========== - -RRD_ is a system to store and display time-series data (i.e. network -bandwidth, machine-room temperature, server load average). - -.. _RRD: http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/ - -Options -======= - -rrdtool.binary - path to the rrdtool binary - - e.g.: :: - - rrdtool.binary = "/usr/bin/rrdtool" - -rrdtool.db-name - filename of the rrd-database. Make sure that <rrdtool.db-name> doesn't exist - before the first run, as lighttpd has to create the DB for you. - - e.g.: :: - - rrdtool.db-name = "/var/www/lighttpd.rrd" - -Generating Graphs -================= - -:: - - #!/bin/sh - - RRDTOOL=/usr/bin/rrdtool - OUTDIR=/var/www/servers/www.example.org/pages/rrd/ - INFILE=/var/www/lighttpd.rrd - OUTPRE=lighttpd-traffic - - DISP="-v bytes --title TrafficWebserver \ - DEF:binraw=$INFILE:InOctets:AVERAGE \ - DEF:binmaxraw=$INFILE:InOctets:MAX \ - DEF:binminraw=$INFILE:InOctets:MIN \ - DEF:bout=$INFILE:OutOctets:AVERAGE \ - DEF:boutmax=$INFILE:OutOctets:MAX \ - DEF:boutmin=$INFILE:OutOctets:MIN \ - CDEF:bin=binraw,-1,* \ - CDEF:binmax=binmaxraw,-1,* \ - CDEF:binmin=binminraw,-1,* \ - CDEF:binminmax=binmaxraw,binminraw,- \ - CDEF:boutminmax=boutmax,boutmin,- \ - AREA:binmin#ffffff: \ - STACK:binmax#f00000: \ - LINE1:binmin#a0a0a0: \ - LINE1:binmax#a0a0a0: \ - LINE2:bin#a0a735:incoming \ - GPRINT:bin:MIN:%.2lf \ - GPRINT:bin:AVERAGE:%.2lf \ - GPRINT:bin:MAX:%.2lf \ - AREA:boutmin#ffffff: \ - STACK:boutminmax#00f000: \ - LINE1:boutmin#a0a0a0: \ - LINE1:boutmax#a0a0a0: \ - LINE2:bout#a0a735:outgoing \ - GPRINT:bout:MIN:%.2lf \ - GPRINT:bout:AVERAGE:%.2lf \ - GPRINT:bout:MAX:%.2lf \ - " - - - $RRDTOOL graph $OUTDIR/$OUTPRE-hour.png -a PNG --start -14400 $DISP - $RRDTOOL graph $OUTDIR/$OUTPRE-day.png -a PNG --start -86400 $DISP - $RRDTOOL graph $OUTDIR/$OUTPRE-month.png -a PNG --start -2592000 $DISP - - OUTPRE=lighttpd-requests - - DISP="-v req --title RequestsperSecond -u 1 \ - DEF:req=$INFILE:Requests:AVERAGE \ - DEF:reqmax=$INFILE:Requests:MAX \ - DEF:reqmin=$INFILE:Requests:MIN \ - CDEF:reqminmax=reqmax,reqmin,- \ - AREA:reqmin#ffffff: \ - STACK:reqminmax#0e0e0e: \ - LINE1:reqmin#a0a0a0: \ - LINE1:reqmax#a0a0a0: \ - LINE2:req#00a735:requests" - - - $RRDTOOL graph $OUTDIR/$OUTPRE-hour.png -a PNG --start -14400 $DISP - $RRDTOOL graph $OUTDIR/$OUTPRE-day.png -a PNG --start -86400 $DISP - $RRDTOOL graph $OUTDIR/$OUTPRE-month.png -a PNG --start -2592000 $DISP - diff --git a/doc/secdownload.txt b/doc/secdownload.txt deleted file mode 100644 index af0d6c22..00000000 --- a/doc/secdownload.txt +++ /dev/null @@ -1,147 +0,0 @@ -=========================== -Secure and Fast Downloading -=========================== - ------------------------ -Module: mod_secdownload ------------------------ - -:Author: Jan Kneschke -:Date: $Date: 2005-06-06T21:19:25.993967Z $ -:Revision: $Revision: 374 $ - -:abstract: - authenticated file requests and a countermeasure against - deep-linking can be achieved easily by using mod_secdownload - -.. meta:: - :keywords: lighttpd, secure, fast, downloads - -.. contents:: Table of Contents - -Options -======= - -:: - - secdownload.secret = <string> - secdownload.document-root = <string> - secdownload.uri-prefix = <string> (default: /) - secdownload.timeout = <short> (default: 60 seconds) - -Description -=========== - -there are multiple ways to handle secured download mechanisms: - -1. use the webserver and the internal HTTP authentication -2. use the application to authenticate and send the file - through the application - -Both ways have limitations: - -webserver: - -- ``+`` fast download -- ``+`` no additional system load -- ``-`` inflexible authentication handling - -application: - -- ``+`` integrated into the overall layout -- ``+`` very flexible permission management -- ``-`` the download occupies an application thread/process - -A simple way to combine the two ways could be: - -1. app authenticates user and checks permissions to - download the file. -2. app redirects user to the file accessable by the webserver - for further downloading. -3. the webserver transfers the file to the user. - -As the webserver doesn't know anything about the permissions -used in the app, the resulting URL would be available to every -user who knows the URL. - -mod_secdownload removes this problem by introducing a way to -authenticate a URL for a specified time. The application has -to generate a token and a timestamp which are checked by the -webserver before it allows the file to be downloaded by the -webserver. - -The generated URL has to have the format: - -<uri-prefix><token>/<timestamp-in-hex><rel-path> - -<token> is an MD5 of - -1. a secret string (user supplied) -2. <rel-path> (starts with /) -3. <timestamp-in-hex> - - -As you can see, the token is not bound to the user at all. The -only limiting factor is the timestamp which is used to -invalidate the URL after a given timeout (secdownload.timeout). - -.. Note:: - Be sure to choose a another secret than the one used in the - examples, as this is the only part of the token that is not - known to the user. - - - -If the user tries to fake the URL by choosing a random token, -status 403 'Forbidden' will be sent out. - -If the timeout is reached, status 408 'Request Timeout' will be -sent. (This does not really conform to the standard, but should -do the trick). - -If token and timeout are valid, the <rel-path> is appended to -the configured (secdownload.document-root) and passed to the -normal internal file transfer functionality. This might lead to -status 200 or 404. - -Example -======= - -Application ------------ - -Your application has to generate the correct URLs. The following sample -code for PHP should be easily adaptable to any other language: :: - - <?php - - $secret = "verysecret"; - $uri_prefix = "/dl/"; - - # filename, make sure it's started with a "/" or you'll get 404 in the browser - $f = "/secret-file.txt"; - - # current timestamp - $t = time(); - - $t_hex = sprintf("%08x", $t); - $m = md5($secret.$f.$t_hex); - - # generate link - printf('<a href="%s%s/%s%s">%s</a>', - $uri_prefix, $m, $t_hex, $f, $f); - ?> - -Webserver ---------- - -The server has to be configured in the same way. The URI prefix and -secret have to match: :: - - server.modules = ( ..., "mod_secdownload", ... ) - - secdownload.secret = "verysecret" - secdownload.document-root = "/home/www/servers/download-area/" - secdownload.uri-prefix = "/dl/" - secdownload.timeout = 120 - diff --git a/doc/security.txt b/doc/security.txt deleted file mode 100644 index 441a28a4..00000000 --- a/doc/security.txt +++ /dev/null @@ -1,60 +0,0 @@ -================= -Security Features -================= - ------------- -Module: core ------------- - -:Author: Jan Kneschke -:Date: $Date: 2005-03-28T08:30:05.699628Z $ -:Revision: $Revision: 227 $ - -:abstract: - lighttpd was developed with security in mind ... - -.. meta:: - :keywords: lighttpd, security - -.. contents:: Table of Contents - -Description -=========== - -Limiting POST requests ----------------------- - - - -:: - - server.max-request-size = <kbyte> - -System Security ---------------- - -Running daemons as root with full privileges is a bad idea in general. -lighttpd runs best without any extra privileges and runs perfectly in chroot. - -Change Root -``````````` - -server.chroot = "..." - -Drop root privileges -```````````````````` - -server.username = "..." -server.groupname = "..." - -FastCGI -``````` - -fastcgi + chroot - -Permissions -``````````` - -:: - - $ useradd wwwrun ... diff --git a/doc/setenv.txt b/doc/setenv.txt deleted file mode 100644 index 12d94958..00000000 --- a/doc/setenv.txt +++ /dev/null @@ -1,37 +0,0 @@ -=========================== -Conditional Request Headers -=========================== - ------------------- -Module: mod_setenv ------------------- - -:Author: Jan Kneschke -:Date: $Date: 2005-03-28T08:30:05.699628Z $ -:Revision: $Revision: 227 $ - -:abstract: - mod_setenv is used to add request - -.. meta:: - :keywords: lighttpd, skeleton - -.. contents:: Table of Contents - -Description -=========== - -... - -Options -======= - -setenv.add-environment - adds a value to the process environment that is passed to the external applications - - -setenv.add-response-header - adds a header to the HTTP response sent to the client - -setenv.add-request-header - adds a header to the HTTP request that was received from the client diff --git a/doc/simple-vhost.txt b/doc/simple-vhost.txt deleted file mode 100644 index 75c10d22..00000000 --- a/doc/simple-vhost.txt +++ /dev/null @@ -1,109 +0,0 @@ -====================== -Simple Virtual-Hosting -====================== - ------------------------- -Module: mod_simple_vhost ------------------------- - -:Author: Jan Kneschke -:Date: $Date: 2005-03-28T08:30:05.699628Z $ -:Revision: $Revision: 227 $ - -:abstract: - virtual hosting - -.. meta:: - :keywords: lighttpd, virtual hosting - -.. contents:: Table of Contents - -Description -=========== - -Simple assumption: - -Every virtual host is in a directory below a base directory in a path that -is the same as the name of the vhost. Below this vhost path might be an -extra directory which is the document root of the vhost. - -The document root for each vhost is built from three values: - -- server-root -- hostname -- document-root - -The complete document root is constructed either by :: - - server-root + hostname + document-root - -or if this path does not exist by :: - - server-root + default-host + document-root - -A small example should make this idea clear: :: - - /var/www/ - /var/www/logs/ - /var/www/servers/ - /var/www/servers/www.example.org/ - /var/www/servers/www.example.org/lib/ - /var/www/servers/www.example.org/pages/ - /var/www/servers/mail.example.org/ - /var/www/servers/mail.example.org/lib/ - /var/www/servers/mail.example.org/pages/ - - simple-vhost.server-root = "/var/www/servers/" - simple-vhost.default-host = "www.example.org" - simple-vhost.document-root = "pages" - -You can use symbolic links to map several hostnames to the same directory. - -Conditionals vs. simple-vhost ------------------------------ - -You have to keep in mind that conditionals and simple-vhost interfere -with one another. :: - - simple-vhost.server-root = "/var/www/servers/" - simple-vhost.default-host = "www.example.org" - simple-vhost.document-root = "pages" - - $HTTP["host"] == "news.example.org" { - server.document-root = "/var/www/servers/news2.example.org/pages/" - } - -When ``news.example.org`` is requested, the ``server.document-root`` -will be set to ``/var/www/servers/news2.example.org/pages/``, but -simple-vhost will overwrite it shortly afterwards. - -If ``/var/www/servers/news.example.org/pages/`` exists, that will be -used. If not, ``/var/www/servers/www.example.org/pages/`` will be taken -because it is the default. - -To use conditionals together with simple-vhost, you should do this: :: - - $HTTP["host"] !~ "^(news\.example\.org)$" { - simple-vhost.server-root = "/var/www/servers/" - simple-vhost.default-host = "www.example.org" - simple-vhost.document-root = "pages" - } - - $HTTP["host"] == "news.example.org" { - server.document-root = "/var/www/servers/news2.example.org/pages/" - } - -It will enable simple vhosting for all hosts other than ``news.example.org``. - -Options -======= - -simple-vhost.server-root - root of the virtual host - -simple-vhost.default-host - use this hostname if the requested hostname does not have its own directory - -simple-vhost.document-root - path below the vhost directory - diff --git a/doc/skeleton.txt b/doc/skeleton.txt deleted file mode 100644 index 20519d4e..00000000 --- a/doc/skeleton.txt +++ /dev/null @@ -1,29 +0,0 @@ -=================== -headline -=================== - --------------------- -Module: mod_skeleton --------------------- - -:Author: Jan Kneschke -:Date: $Date: 2005-03-28T08:30:05.699628Z $ -:Revision: $Revision: 227 $ - -:abstract: - a nice, short abstrace about the module - -.. meta:: - :keywords: lighttpd, skeleton - -.. contents:: Table of Contents - -Description -=========== - -... - -Options -======= - -... diff --git a/doc/spawn-php.sh b/doc/spawn-php.sh deleted file mode 100755 index 83b7b167..00000000 --- a/doc/spawn-php.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash - -## ABSOLUTE path to the spawn-fcgi binary -SPAWNFCGI="/home/weigon/projects/spawn-fcgi/src/spawn-fcgi" - -## ABSOLUTE path to the PHP binary -FCGIPROGRAM="/usr/local/bin/php" - -## TCP port to which to bind on localhost -FCGIPORT="1026" - -## number of PHP children to spawn -PHP_FCGI_CHILDREN=10 - -## maximum number of requests a single PHP process can serve before it is restarted -PHP_FCGI_MAX_REQUESTS=1000 - -## IP addresses from which PHP should access server connections -FCGI_WEB_SERVER_ADDRS="127.0.0.1,192.168.2.10" - -# allowed environment variables, separated by spaces -ALLOWED_ENV="ORACLE_HOME PATH USER" - -## if this script is run as root, switch to the following user -USERID=wwwrun -GROUPID=wwwrun - - -################## no config below this line - -if test x$PHP_FCGI_CHILDREN = x; then - PHP_FCGI_CHILDREN=5 -fi - -export PHP_FCGI_MAX_REQUESTS -export FCGI_WEB_SERVER_ADDRS - -ALLOWED_ENV="$ALLOWED_ENV PHP_FCGI_MAX_REQUESTS FCGI_WEB_SERVER_ADDRS" - -if test x$UID = x0; then - EX="$SPAWNFCGI -p $FCGIPORT -f $FCGIPROGRAM -u $USERID -g $GROUPID -C $PHP_FCGI_CHILDREN" -else - EX="$SPAWNFCGI -p $FCGIPORT -f $FCGIPROGRAM -C $PHP_FCGI_CHILDREN" -fi - -# copy the allowed environment variables -E= - -for i in $ALLOWED_ENV; do - E="$E $i=${!i}" -done - -# clean the environment and set up a new one -env - $E $EX diff --git a/doc/ssi.txt b/doc/ssi.txt deleted file mode 100644 index ce0665b1..00000000 --- a/doc/ssi.txt +++ /dev/null @@ -1,76 +0,0 @@ -==================== -Server-Side Includes -==================== - ---------------- -Module: mod_ssi ---------------- - -:Author: Jan Kneschke -:Date: $Date: 2005-03-28T08:30:05.699628Z $ -:Revision: $Revision: 227 $ - -:abstract: - The module for server-side includes provides a compatability - layer for NSCA/Apache SSI. - -.. meta:: - :keywords: lighttpd, ssi, Server-Side Includes - -.. contents:: Table of Contents - -Description -=========== - -Configuration -------------- - -:: - - server.modules = ( ..., "mod_ssi", ... ) - ssi.extension = ( ".shtml" ) - -Supported Options ------------------ - -- ``<!--#echo var="..." -->`` -- ``<!--#include (file="..."\|virtual="...") -->`` -- ``<!--#flastmod (file="..."\|virtual="...") -->`` -- ``<!--#fsize (file="..."\|virtual="...") -->`` -- ``<!--#config timefmt="..." sizefmt="(bytes|abbrev)" -->`` -- ``<!--#printenv -->`` -- ``<!--#set var="..." value="..." -->`` -- ``<!--#if expr="..." -->`` -- ``<!--#elif expr="..." -->`` -- ``<!--#else -->`` -- ``<!--#endif -->`` - -Expression Handling -------------------- - -Every ''expr'' is interpreted: - -- logical: AND, OR, ! -- compare: =, <, <=, >, =>, != -- precedence: (, ) -- quoted strings: 'string with a dollar: $FOO' -- variable substitution: $REMOTE_ADDR -- unquoted strings: string - -Flow Control ------------- - -if, elif, else and endif can only be used to insert content under special -conditions. - -Unsupported Features --------------------- - -The original SSI module from NCSA and Apache provided some more options -which are not supported by this module for various reasons: - -- exec -- nested virtual -- config.errmsg -- echo.encoding - diff --git a/doc/ssl.txt b/doc/ssl.txt deleted file mode 100644 index 28b5891d..00000000 --- a/doc/ssl.txt +++ /dev/null @@ -1,62 +0,0 @@ -=========== -Secure HTTP -=========== - ------------- -Module: core ------------- - -:Author: Jan Kneschke -:Date: $Date: 2005-04-25T23:00:48.654439Z $ -:Revision: $Revision: 305 $ - -:abstract: - How to set up SSL in lighttpd - -.. meta:: - :keywords: lighttpd, ssl - -.. contents:: Table of Contents - -Description -=========== - -lighttpd supports SSLv2 and SSLv3 if it is compiled against openssl. - -Configuration -------------- - -To enable SSL for the whole server you have to provide a valid -certificate and have to enable the SSL engine.:: - - ssl.engine = "enable" - ssl.pemfile = "/path/to/server.pem" - -The HTTPS protocol does not allow you to use name-based virtual -hosting with SSL. If you want to run multiple SSL servers with -one lighttpd instance you must use IP-based virtual hosting: :: - - $SERVER["socket"] == "10.0.0.1:443" { - ssl.engine = "enable" - ssl.pemfile = "www.example.org.pem" - server.name = "www.example.org" - - server.document-root = "/www/servers/www.example.org/pages/" - } - -If you have a .crt and a .key file, cat them together into a -single PEM file: -:: - - $ cat host.key host.crt > host.pem - - -Self-Signed Certificates ------------------------- - -A self-signed SSL certificate can be generated like this: :: - - $ openssl req -new -x509 \ - -keyout server.pem -out server.pem \ - -days 365 -nodes - diff --git a/doc/state.dot b/doc/state.dot deleted file mode 100644 index 551b2323..00000000 --- a/doc/state.dot +++ /dev/null @@ -1,18 +0,0 @@ -digraph state { - edge [color=green]; - connect -> reqstart -> read -> reqend -> handlereq -> respstart -> write -> respend -> connect; - edge [color=grey]; - reqend -> readpost -> handlereq [ label="POST" ]; - edge [ color=blue] - respend -> reqstart [ label="keep-alive" ]; - edge [ color=lightblue] - handlereq -> handlereq [ label="sub-request" ]; - edge [style=dashed, color=red]; - error -> close -> connect; - error -> connect; - handlereq -> error; - read -> error; - readpost -> error; - write -> error; - connect [shape=box]; -} diff --git a/doc/state.txt b/doc/state.txt deleted file mode 100644 index c45152f8..00000000 --- a/doc/state.txt +++ /dev/null @@ -1,170 +0,0 @@ -============================ -The State Engine of lighttpd -============================ - ------------- -Module: core ------------- - -:Author: Jan Kneschke -:Date: $Date: 2005-03-28T08:30:05.699628Z $ -:Revision: $Revision: 227 $ - -:abstract: - This is a short summary of the state-engine which is driving the lighttpd - webserver. It describes the basic concepts and the way the different parts - of the server are connected. - -.. meta:: - :keywords: lighttpd, state-engine - -.. contents:: Table of Contents - -Description -=========== - -States ------- - -The state-engine is currently made of 11 states which are walk-through on -the way each connection. Some of them are specific for a special operation -and some may never be hit at all. - -:connect: - waiting for a connection -:reqstart: - init the read-idle timer -:read: - read http-request-header from network -:reqend: - parse request -:readpost: - read http-request-content from network -:handlereq: - handle the request internally (might result in sub-requests) -:respstart: - prepare response header -:write: - write response-header + content to network -:respend: - cleanup environment, log request -:error: - reset connection (incl. close()) -:close: - close connection (handle lingering close) - -.. image:: state.png - -A simple GET request (green path) ---------------------------------- - -The connection is idling in the 'connect' state waiting for a connection. -As soon as the connection is set up we init the read-timer in 'reqstart' -and start to read data from the network. As soon as we get the -HTTP-request terminator (CRLFCRLF) we forward the header to the parser. - -The parsed request is handled by 'handlereq' and as soon as a decision out -the request is made it is sent to 'respstart' to prepare the -HTTP-response header. In the 'write' state the prepare content is sent out -to the network. When everything is sent 'respend' is entered to log the -request and cleanup the environment. After the close() call the connection -is set back to the 'connect' state again. - -Keep-Alive (blue path) ----------------------- - -The Keep-Alive handling is implemented by going from the 'respend' -directly to 'reqstart' without the close() and the accept() calls. - -POST requests (grey path) -------------------------- - -As requests might contain a request-body the state 'readpost' entered as -soon as the header is parsed and we know how much data we expect. - -Pipelining ----------- - -HTTP/1.1 supportes pipelining (sending multiple requests without waiting -for the response of the first request). This is handled transparently by -the 'read' state. - -Unexpected errors (red path) ----------------------------- - -For really hard errors we use the 'error' state which resets the -connection and can be call from every state. It is only use if there is no -other way to handle the issue (e.g. client-side close of the connection). -If possible we should use http-status 500 ('internal server error') and -log the issue in the errorlog. - -If we have to take care of some data which is coming in after we ran into -the error condition the 'close' state is used the init a half-close and -read all the delay packet from the network. - -Sub-Requests (lightblue) ------------------------- - -The FastCGI, CGI, ... intergration is done by introducing a loop in -'handlereq' to handle all aspect which are neccesary to find out what has -to be sent back to the client. - -Functions -========= - -Important functions used by the state-engine - -:state-engine: - -- ``connection_state_machine()`` - -:connect: - -- (nothing) - -:reqstart: - -- (nothing) - -:read: - -- ``connection_handle_read_state()`` -- ``connection_handle_read()`` - -:reqend: - -- ``http_request_parse()`` - -:readpost: - -- ``connection_handle_read_state()`` -- ``connection_handle_read()`` - -:handlereq: - -- ``http_response_prepare()`` - -:respstart: - -- ``connection_handle_write_prepare()`` - -:write: - -- ``connection_handle_write()`` - -:respend: - -- ``plugins_call_handle_request_done()`` -- ``plugins_call_handle_connection_close()`` -- ``connection_close()`` (if not keep-alive) -- ``connection_reset()`` - -:error: - -- ``plugins_call_handle_request_done()`` -- ``plugins_call_handle_connection_close()`` -- ``connection_reset()`` - -:close: - -- ``connection_close()`` diff --git a/doc/status.txt b/doc/status.txt deleted file mode 100644 index 5045c0f4..00000000 --- a/doc/status.txt +++ /dev/null @@ -1,111 +0,0 @@ -============= -Server Status -============= - ------------------- -Module: mod_status ------------------- - -:Author: Jan Kneschke -:Date: $Date: 2005-03-28T08:30:05.699628Z $ -:Revision: $Revision: 227 $ - -:abstract: - mod_status displays the server's status and configuration - -.. meta:: - :keywords: lighttpd, server status - -.. contents:: Table of Contents - -Description -=========== - -The server status module generates the status overview of the webserver. The -information covers: - -- uptime -- average throughput -- current throughput -- active connections and their state - - -We need to load the module first. :: - - server.modules = ( ..., "mod_ssi", ... ) - -By default the status page is disabled to hide internal information from -unauthorized users. :: - - status.status-url = "/server-status" - -If you want to open the status page just for users from the local network -cover it in a conditional. :: - - $HTTP["remoteip"] == "10.0.0.0/8" { - status.status-url = "/server-status" - } - -Or require authorization: :: - - auth.require = ( "/server-status" => - ( "realm" ... ) ) - - -Please note that when using the server.max-worker directive, the stati of the -childs are not combined yet, so you're going to see different stats with each -request. - - -Output Format -------------- - -By default a nice looking HTML page is generated. If you append ?auto to the -status-url you can get a text version which is simpler to parse. :: - - Total Accesses: 1234 - Total kBytes: 1043 - Uptime: 1234 - BusyServers: 123 - -Total Accesses is the number of handled requests, kBytes the overall outgoing -traffic, Uptime the uptime in seconds and BusyServers the number of currently -active connections. - -The naming is kept compatible to Apache even if we have another concept and -don't start new servers for each connection. - - -Options -======= - -status.status-url - - relative URL which is used to retrieve the status-page - - Default: unset - - Example: status.status-url = "/server-status" - -status.enable-sort - - add JavaScript which allows client-side sorting for the connection overview - - Default: enable - -status.config-url - - relative URL for the config page which displays the loaded modules - - Default: unset - - Example: status.config-url = "/server-config" - -status.statistics-url - - relative URL for a plain-text page containing the internal statistics - - Default: unset - - Example: status.statistics-url = "/server-statistics" - diff --git a/doc/sysconfig.lighttpd b/doc/sysconfig.lighttpd deleted file mode 100644 index c8154c96..00000000 --- a/doc/sysconfig.lighttpd +++ /dev/null @@ -1 +0,0 @@ -LIGHTTPD_CONF_PATH=/etc/lighttpd/lighttpd.conf diff --git a/doc/traffic-shaping.txt b/doc/traffic-shaping.txt deleted file mode 100644 index d2d0a807..00000000 --- a/doc/traffic-shaping.txt +++ /dev/null @@ -1,55 +0,0 @@ -=============== -Traffic Shaping -=============== - ------------- -Module: core ------------- - -:Author: Jan Kneschke -:Date: $Date: 2005-03-28T08:30:05.699628Z $ -:Revision: $Revision: 227 $ - -:abstract: - limiting bandwidth usage - -.. meta:: - :keywords: lighttpd, bandwidth limit, traffic shaping - -.. contents:: Table of Contents - -Description -=========== - -Starting with 1.3.8, lighttpd supports limiting the bandwidth for -a single connection or config context like a virtual host or a URL. - -Options -======= - -:connection.kbytes-per-second: - limit the throughput for each single connection to the given - limit in kbyte/s - - default: 0 (no limit) - -:server.kbytes-per-second: - limit the throughput for all connections to the given limit - in kbyte/s - - if you want to specify a limit for a special virtual server - use: :: - - $HTTP["host"] == "www.example.org" { - server.kbytes-per-second = 128 - } - - which will override the default for this host. - - default: 0 (no limit) - -Additional Notes -================ - -Keep in mind that a limit below 32kb/s might actually limit the traffic to 32kb/s. This -is caused by the size of the TCP send buffer. diff --git a/doc/trigger_b4_dl.txt b/doc/trigger_b4_dl.txt deleted file mode 100644 index f5c9d299..00000000 --- a/doc/trigger_b4_dl.txt +++ /dev/null @@ -1,57 +0,0 @@ -======================= -Trigger before Download -======================= - -------------------------- -Module: mod_trigger_b4_dl -------------------------- - -:Author: Jan Kneschke -:Date: $Date: 2004/11/03 22:26:05 $ -:Revision: $Revision: 1.2 $ - -:abstract: - another anti-hot-linking module - -.. meta:: - :keywords: lighttpd, hot-linking, deep-linking - -.. contents:: Table of Contents - -Description -=========== - -Anti Hotlinking: - - * if user requests ''download-url'' directly, the request is denied and he is redirected to ''deny-url' - * if user visits ''trigger-url'' before requesting ''download-url'', access is granted - * if user visits ''download-url'' again after ''trigger-timeout'' has elapsed, the request is denied and he is redirected to ''deny-url'' - -The trigger information is either stored locally in a gdbm file or remotely in memcached. - -Requirements ------------- - - * libpcre - * libgdbm or libmemcache - -Options -======= - -:: - - trigger-before-download.gdbm-filename = "/home/weigon/testbase/trigger.db" - trigger-before-download.memcache-hosts = ( "127.0.0.1:11211" ) - trigger-before-download.trigger-url = "^/trigger/" - trigger-before-download.download-url = "^/download/" - trigger-before-download.deny-url = "http://192.168.1.5:1025/index.html" - trigger-before-download.trigger-timeout = 10 - -If both trigger-before-download.gdbm-filename and -trigger-before-download.memcache-hosts is set gdbm will take precedence. - -Installation -============ - -memcached should be started with the option -M as we don't want to remove entry if the memory is full. - diff --git a/doc/userdir.txt b/doc/userdir.txt deleted file mode 100644 index 9dde1fb8..00000000 --- a/doc/userdir.txt +++ /dev/null @@ -1,72 +0,0 @@ -======= -userdir -======= - -------------------- -Module: mod_userdir -------------------- - -:Author: Jan Kneschke -:Date: $Date: 2005-03-28T08:30:05.699628Z $ -:Revision: $Revision: 227 $ - -:abstract: - The userdir module ... - -.. meta:: - :keywords: lighttpd, userdir - -.. contents:: Table of Contents - -Description -=========== - -The userdir module provides a simple way to link user-based directories into the global namespace of the webserver. - -Requests in the form ``/~user/page.html`` are rewritten to take the file ``page.html`` from the home directory of the user. -If ``userdir.path`` is set, the path will be appended to the home directory -building the classic mapping of: :: - - userdir.path = "public_html" - - URL: http://www.example.org/~jan/index.html - Path: /home/jan/public_html/ - -To control which users should be able to use this feature you can set a list of usernames to include or exclude. - -In case your mapping is independent of /etc/passwd you can use -``userdir.basepath``: :: - - userdir.path = "htdocs" - userdir.basepath = "/var/www/users/" - - URL: http://www.example.org/~jan/index.html - Path: /var/www/users/jan/htdocs/index.html - -Options -======= - -userdir.path - usually it should be set to "public_html" to take ~/public_html/ as the document root - - Default: empty (document root is the home directory) - Example: :: - - userdir.path = "public_html" - -userdir.exclude-user - list of usernames which may not use this feature - - Default: empty (all users may use it) - Example: :: - - userdir.exclude-user = ( "root", "postmaster" ) - - -userdir.include-user - if set, only users from this list may use the feature - - Default: empty (all users may use it) - -userdir.basepath - if set, don't check /etc/passwd for homedir diff --git a/doc/webdav.txt b/doc/webdav.txt deleted file mode 100644 index b10012f7..00000000 --- a/doc/webdav.txt +++ /dev/null @@ -1,64 +0,0 @@ -====== -WebDAV -====== - --------------------- -Module: mod_webdav --------------------- - -:Author: Jan Kneschke -:Date: $Date: 2004/11/03 22:26:05 $ -:Revision: $Revision: 1.2 $ - -:abstract: - WebDAV module for lighttpd - -.. meta:: - :keywords: lighttpd, webdav - -.. contents:: Table of Contents - -Description -=========== - -The WebDAV module is a very minimalistic implementation of RFC 2518. -Minimalistic means that not all operations are implemented yet. - -So far we have - - * PROPFIND - * OPTIONS - * MKCOL - * DELETE - * PUT - -and the usual GET, POST, HEAD from HTTP/1.1. - -So far, mounting a WebDAV resource into Windows XP works and the basic litmus -tests are passed. - -Options -======= - -webdav.activate - If you load the webdav module, the WebDAV functionality has to be - enabled for the directories you want to provide to the user. - - Default: disable - -webdav.is-readonly - Only allow reading methods (GET, PROPFIND, OPTIONS) on WebDAV resources. - - Default: writable - -Examples -======== - -To enable WebDAV for the /dav directory, you wrap your webdav options in -a conditional. You have to use the regex like below as you want to match -the directory /dav and everything below it, but not e.g. /davos. :: - - $HTTP["url"] =~ "^/dav($|/)" { - webdav.activate = "enable" - webdav.is-readonly = "enable" - } |