contains the core features for generic request handling, static files, log files and buffer limits.

The following address formats can be used:

Either with port @192.168.0.1:80@ or without @192.168.0.1@; you can either use real IPs or @0.0.0.0@ to listen on all network interfaces.

Similar to IPv4; just put the IPv6 between "[" and "]" like this: @[::1]:80@ (IPv6 localhost with port 80). Please note that lighttpd always listens to IPv6 only (some platforms listen to IPv4 too on [::] by default).

A unix domain socket needs a filename where the socket is placed; use @unix:/path/to/socket@ as socket address. Please don't put unix domain sockets in @/tmp@. Use @/var/run/lighttpd/@ or something like that, where only root or selected "trusted" users can create files. This may be not supported in all places where a socket address can be specified.

enable debug output for request handling false debug.log_request_handling true; enabled ranged requests true static.range_requests false; how long a keep-alive connection is kept open (in seconds) 5 keepalive.timeout 30; maximum number of requests a client is allowed to make in one connection 0 keepalive.requests 10; list of properties used to calculate etag; specify empty list to disable etags. Available: "inode", "mtime", "size" ("inode", "mtime", "size") etag.use (); enables async stat() calls true If a filename is in lighttpd's stat "cache", lighttpd assumes the kernel still has the entry in memory, and @stat()@ therefore is unlikely to block. Otherwise it will ask a background thread to call @stat()@, so the main worker threads are not waiting on a slow disk (or a network filesystem), but only if @stat.async@ is enabled. If you know your disk is fast enough (perhaps a ramdisk?) and want to save the context switch to the background thread you can disable this. enable buffering request body on disk true Some backends like to wait for the complete response before forwarding/handling it. For this they require this option to save some memory. require Content-Length for POST requests true Some clients don't send Content-Length for POST requests with empty body; they should send @Content-Length: 0@. When this check is enabled they'll get a @411 Length required@ error. don't deliver static files with one of the listed extensions [] static.exclude_extensions [ ".php", ".htaccess", ".htpasswd" ]; server name; is used in some places instead of the HTTP request hostname if the latter was not specified in the (HTTP/1.0) request "" Even HTTP/1.0 clients usually specify a Host: header; without Host: header you could only run one domain on one IP address. This option is for the rare case that you want to handle clients without Host: header support in a nice way. server.name "lighttpd.net"; used to display server name + version in different places (HTTP response header, CGI environment, mod_dirlist footer, ...) "lighttpd/2.0.0" The default is "lighttpd/" + the current version. maps file extensions to MIME types [] Default MIME type is "application/octet-stream". The sources contain a "mimetypes example config":http://git.lighttpd.net/lighttpd/lighttpd2.git/tree/contrib/mimetypes.conf with many standard mappings. The longest matching suffix is used (@".tar.gz"@ always wins over @".gz"@), and in case of duplicate entries the last one is used. mime_types [ ".htm" => "text/html", ".txt" => "text/plain; charset=utf-8" ];

These action are not needed (or usable) in non-lua configs. (lua) combines a list of actions into one action, only needed in lua list of actions to combine (lua) build a conditional block (only usable in lua) A condition; can only be constructed in lua action to run if condition was true or lua "nil" (optional) action to run if condition was false

sets doc-root, and builds physical path for requested file One or more patterns to build docroot from Uses "patterns":core_pattern.html#core_pattern to build document roots (base location of files to server). @docroot@ uses the first pattern that results in an existing directory; otherwise it uses the *last* entry. You'll want the @docroot@ action *before* @alias@ actions! docroot ("/var/www/vhosts/$0/htdocs", "/var/www/default/htdocs"); sets doc-root depending on a matching prefix maps prefix to base location on disk The prefix is removed from the url path before it is appended to the base location. You'll want the @docroot@ action *before* @alias@ actions! "Patterns":core_pattern.html#core_pattern are supported for alias targets as in @docroot@. As only one pattern per prefix can be given @alias@ does not check whether the target exists. docroot ("/var/www/vhosts/$0/htdocs", "/var/www/default/htdocs"); alias [ "/phpmyadmin/" => "/usr/share/phpmyadmin", "/pma/" => "/usr/share/phpmyadmin", "/.well-known/openpgpkey/" => "/var/lib/gnupg/wks/$0/", ]; alias "/favicon.ico" => "/var/www/favicon.ico"; default filenames to show in a directory filenames to look for If the physical path is a directory search for the specified filenames; prefix a filename with '/' to search in the doc-root. It works like this: * if current physical path points to a regular file do nothing * walk through the list of filenames to look for: ** if filename does not start with '/' and the current physical path doesn't point to a directory, ignore the entry ** if filename does not start with '/' and the url didn't end in a '/', redirect request to url with '/' appended ** if filename does not start with '/' search for it in current physical path (which is a directory) ** if filename does start with '/' search for it in the doc-root setup { module_load "mod_dirlist"; } # if a directory was requested, first search for some default files index ["index.php", "index.html", "/index.php"]; # if none of them did exists show a simple directory listing dirlist; # ... + handle PHP and static files splits physical path into existing file/directory and the remaining PATH_INFO Searches for the longest prefix of the physical path name that exists, splitting only at the directory separator @/@; also never leaves the document root (technically speaking the filename can't get shorter than the document root). The following example maps @http://example.com/index.php/some/site@ to the file @/var/www/index.php@ with @PATH_INFO=/some/site@ (given @/var/www/index.php@ is a normal file). docroot "/var/www"; pathinfo; if phys.path =$ ".php" { fastcgi "unix:/var/run/lighttpd/php.sock"; } The following example maps @http://example.com/some/site@ to the file @/var/www/index.php@ with @PATH_INFO=/some/site@ (given @/var/www/index.php@ is a normal file, and @/var/www/some@ does not exist). docroot "/var/www"; pathinfo; index ("index.php"); if phys.path =$ ".php" { fastcgi "unix:/var/run/lighttpd/php.sock"; }

handle GET and HEAD requests with a static file from disk This action is automatically appended to the global config (unless a lua config is specified at the command line). Does nothing if: * the request is already handled * no physical path was set (missing @docroot@, @alias@, ...) * the physical path points to a directory All other problems lead to an error page, for example: * wrong request method (405) * file not found (404) * couldn't open file (403) * filename matches @static.exclude_extensions@ (403) * ... handle GET and HEAD requests with a static file from disk same as @static@, but doesn't return any error pages; instead request handling continues. returns a quick response with optional body HTTP response status code (optional) pattern for response body Generates a simple response (our favorite benchmark handler). The body is parsed as "pattern":core_pattern.html#core_pattern. respond 403 => "Forbidden"; respond 200 => "benchmark content!";

For standard logging ("error.log") lighttpd knows the following levels: * @debug@ * @info@ * @warning@ * @error@ * @abort@ (right before terminating the process) * @backend@ (for log data from backends, like FastCGI stderr stream)

The following log targets are known: * not logging: empty string * files: @file:/var/log/error.log@ or just @/var/log/error.log@ * stderr: @stderr:@ or @stderr@ * syslog: @syslog:@ (not supported yet) * pipes: @pipe:command@ or @| command@ (not supported yet) Unknown strings are mapped to @stderr@.

overwrite log targets for all log levels mapping log levels (or default) to log targets log [ "error" => "/var/log/lighttpd/error.log", "abort" => "/var/log/lighttpd/error.log", "backend" => "/var/log/lighttpd/backend.log", default => "/var/log/lighttpd/debug.log", ]; writes a log message to the "info" log level message pattern string Writes the specified message to the log using level @info@; the message is parsed as "pattern":core_pattern.html#core_pattern. log.write "hello world"; sets default log targets for all log levels mapping log levels (or default) to log targets setup { log [ "error" => "/var/log/lighttpd/error.log", "abort" => "/var/log/lighttpd/error.log", "backend" => "/var/log/lighttpd/backend.log", default => "/var/log/lighttpd/debug.log", ]; } sets the format string to use for timestamps in the log a strftime format string See "strftime":http://pubs.opengroup.org/onlinepubs/007904875/functions/strftime.html for the format string syntax. The default format string is @"%d/%b/%Y %T %Z"@.

The connection environment is a set of variable with names and values (both simple strings). CGI backends will forward the environment in addition to the standard CGI environment variables. The connection environment overwrites the standard CGI values. sets a connection environment variable the variable name to set the pattern value to set The value is parsed as "pattern":core_pattern.html#core_pattern. env.set "INFO" => "%{req.path}"; sets a connection environment variable if not already set the variable name to set the pattern value to set The value is parsed as "pattern":core_pattern.html#core_pattern. @env.add@ does not overwrite already existing values. env.add "INFO" => "%{req.path}"; removes a connection environment variable the variable name to remove env.remove "INFO"; removes all connection environment variables env.clear;

All header values that get set are parsed as "patterns":core_pattern.html#core_pattern. adds a new response header line header name pattern header value The HTTP spec requires that multiple headers with the same name could be merged by joining their values with ",". In real life this doesn't work always, especially not for "Cookie" headers; so this action actually adds a separate header line. header.add "Cache-Control" => "public"; appends value to response header line header name pattern header value If header already exists appends new value separated by ", "; otherwise adds a new header line. overwrite response header line or add new one header name pattern header value If header already exists overwrites the value; otherwise a new line gets added. remove existing response header header name # ... some PHP handling # wait for response headers to be ready if resp.status >= 0 { header.remove "X-Powered-By"; } modify HTTP status code Modifies the HTTP status code, but doesn't handle the request in any way. Later actions could overwrite the status, or a backend (FastCGI, proxy, ...) might overwrite it if the response is parsed later. Only works if some action actually handled the request. Lighttpd will generate error pages (if it knows the code) if the action that handled the request didn't generate a response body and a body is allowed. # hide all 404s at end of config by setting 403 static; if resp.status == 404 { set_status 403; }

All header values that get set are parsed as "patterns":core_pattern.html#core_pattern. adds a new request header line header name pattern header value Same as "header.add":plugin_core.html#plugin_core__action_header-add for request headers. appends value to request header line header name pattern header value Same as "header.append":plugin_core.html#plugin_core__action_header-append for request headers. overwrite request header line or add new one header name pattern header value Same as "header.overwrite":plugin_core.html#plugin_core__action_header-overwrite for request headers. remove existing request header header name Same as "header.remove":plugin_core.html#plugin_core__action_header-remove for request headers. Remove @Accept-Encoding@ request header to workaround the "BREACH":http://en.wikipedia.org/wiki/BREACH_(security_exploit) vulnerability in https. if request.scheme == "https" { # create a copy of the header value req_header.add "HTTPS-Accept-Encoding" => '%{req.header[Accept-Encoding]}'; req_header.remove "Accept-Encoding"; }

set memory limit for outgoing chunkqueues (default is 256KiB) limit in bytes (0 means unlimited) io.buffer_out 512kbyte; set memory limit for intcoming chunkqueues (default is 256KiB) limit in bytes (0 means unlimited) io.buffer_in 512kbyte; maps the result of a pattern to a user defined action the evaluation of this pattern is used as key in the mapping maps strings (or default) to actions The pattern is parsed as "pattern":core_pattern.html#core_pattern. Have a look at "mod_vhost":mod_vhost.html#mod_vhost for special mappings on hostnames. map "%{req.path}" => [ "/" => { respond 200 => "root"; }, "/news" => { respond 200 => "news"; }, default => { respond 404; }, ]; listen to a socket address, see above for accepted formats (default TCP port is 80) socket address to listen to setup { listen "0.0.0.0"; listen "[::]"; listen "127.0.0.1:8080"; } sets worker count; each worker runs in its own thread and works on the connections it gets assigned from the master worker number of workers (default is 1) setup { workers 2; } binds worker threads to a cpu, only available on Linux systems list of integers or a list of lists of integers workers.cpu_affinity [0, 1]; load the given module(s) string or list of strings with the module name(s) modules can be "loaded" more than once without error setup { module_load "mod_rewrite"; } sets the global I/O timeout (wait for network read and write) timeout value in seconds, default is 300s set TTL for stat cache entries time to live in seconds, default is 10s sets number of background threads for blocking tasks number of threads 0@ each worker has its own thread pool with @threads@ threads. ]]> starts a Fetch API provider name of the storage A filename pattern including exactly on * Loads all filenames matching the wildcard pattern (which must include exactly on @*@) into the fetch storage. setup { fetch.files_static "sni" => "/etc/certs/lighttpd_sni_*.pem"; }