diff options
| author | Arno Töll <arno@debian.org> | 2012-11-21 23:03:34 +0100 |
|---|---|---|
| committer | Arno Töll <arno@debian.org> | 2012-11-21 23:03:34 +0100 |
| commit | eb45c46b906e492f063f1469486190e93ff340ff (patch) | |
| tree | 85d615969fa7bf8056a05b59006f77bc63e85892 /doc | |
| parent | 6426b37107707a1d95ffd03f68620cbda8bdb942 (diff) | |
| download | lighttpd-eb45c46b906e492f063f1469486190e93ff340ff.tar.gz | |
Imported Upstream version 1.4.10upstream/1.4.10
Diffstat (limited to 'doc')
48 files changed, 5410 insertions, 0 deletions
diff --git a/doc/Makefile.am b/doc/Makefile.am new file mode 100644 index 0000000..043e570 --- /dev/null +++ b/doc/Makefile.am @@ -0,0 +1,96 @@ +dist_man1_MANS=lighttpd.1 spawn-fcgi.1 + + +DOCS=accesslog.txt \ +authentication.txt \ +cgi.txt \ +compress.txt \ +configuration.txt \ +fastcgi-state.txt \ +fastcgi.txt \ +features.txt \ +performance.txt \ +plugins.txt \ +proxy.txt \ +redirect.txt \ +rewrite.txt \ +secdownload.txt \ +security.txt \ +simple-vhost.txt \ +skeleton.txt \ +ssi.txt \ +ssl.txt \ +state.txt \ +rrdtool.txt \ +alias.txt \ +userdir.txt \ +mysqlvhost.txt \ +access.txt \ +traffic-shaping.txt \ +setenv.txt \ +status.txt \ +scgi.txt \ +cml.txt \ +trigger_b4_dl.txt \ +webdav.txt \ +expire.txt + +HTMLDOCS=accesslog.html \ + authentication.html \ + cgi.html \ + compress.html \ + configuration.html \ + fastcgi-state.html \ + fastcgi.html \ + features.html \ + performance.html \ + plugins.html \ + proxy.html \ + redirect.html \ + rewrite.html \ + secdownload.html \ + security.html \ + simple-vhost.html \ + skeleton.html \ + ssi.html \ + ssl.html \ + state.html \ + rrdtool.html \ + alias.html \ + userdir.html \ + mysqlvhost.html \ + access.html \ + traffic-shaping.html \ + setenv.html \ + status.html \ + scgi.html \ + cml.html \ + trigger_b4_dl.html \ + webdav.html \ + expire.html + +EXTRA_DIST=lighttpd.conf lighttpd.user \ + rc.lighttpd rc.lighttpd.redhat sysconfig.lighttpd \ + rrdtool-graph.sh \ + state.dot fastcgi-state.dot \ + spawn-php.sh \ + newstyle.css \ + oldstyle.css \ + $(DOCS) + +%.html: %.txt + rst2html $^ > $@ + + +html: $(HTMLDOCS) + +#%.ps.gz: %.ps +# gzip $^ + +#%.ps: %.dot +# dot -Tps -o $@ $^ + +clean-local: + rm -f *.html + + diff --git a/doc/Makefile.in b/doc/Makefile.in new file mode 100644 index 0000000..219b2f2 --- /dev/null +++ b/doc/Makefile.in @@ -0,0 +1,495 @@ +# Makefile.in generated by automake 1.9.5 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005 Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +top_builddir = .. +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +INSTALL = @INSTALL@ +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +target_triplet = @target@ +subdir = doc +DIST_COMMON = $(dist_man1_MANS) $(srcdir)/Makefile.am \ + $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +SOURCES = +DIST_SOURCES = +man1dir = $(mandir)/man1 +am__installdirs = "$(DESTDIR)$(man1dir)" +NROFF = nroff +MANS = $(dist_man1_MANS) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMDEP_FALSE = @AMDEP_FALSE@ +AMDEP_TRUE = @AMDEP_TRUE@ +AMTAR = @AMTAR@ +AR = @AR@ +ATTR_LIB = @ATTR_LIB@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BZ_LIB = @BZ_LIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CHECK_WITH_FASTCGI_FALSE = @CHECK_WITH_FASTCGI_FALSE@ +CHECK_WITH_FASTCGI_TRUE = @CHECK_WITH_FASTCGI_TRUE@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CROSS_COMPILING_FALSE = @CROSS_COMPILING_FALSE@ +CROSS_COMPILING_TRUE = @CROSS_COMPILING_TRUE@ +CRYPT_LIB = @CRYPT_LIB@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DL_LIB = @DL_LIB@ +ECHO = @ECHO@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +F77 = @F77@ +FAM_CFLAGS = @FAM_CFLAGS@ +FAM_LIBS = @FAM_LIBS@ +FFLAGS = @FFLAGS@ +GDBM_LIB = @GDBM_LIB@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LBER_LIB = @LBER_LIB@ +LDAP_LIB = @LDAP_LIB@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LUACONFIG = @LUACONFIG@ +LUA_CFLAGS = @LUA_CFLAGS@ +LUA_LIBS = @LUA_LIBS@ +MAINT = @MAINT@ +MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@ +MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@ +MAKEINFO = @MAKEINFO@ +MEMCACHE_LIB = @MEMCACHE_LIB@ +MYSQL_CONFIG = @MYSQL_CONFIG@ +MYSQL_INCLUDE = @MYSQL_INCLUDE@ +MYSQL_LIBS = @MYSQL_LIBS@ +NO_RDYNAMIC_FALSE = @NO_RDYNAMIC_FALSE@ +NO_RDYNAMIC_TRUE = @NO_RDYNAMIC_TRUE@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PCRECONFIG = @PCRECONFIG@ +PCRE_LIB = @PCRE_LIB@ +PKG_CONFIG = @PKG_CONFIG@ +RANLIB = @RANLIB@ +SENDFILE_LIB = @SENDFILE_LIB@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SQLITE_CFLAGS = @SQLITE_CFLAGS@ +SQLITE_LIBS = @SQLITE_LIBS@ +SSL_LIB = @SSL_LIB@ +STRIP = @STRIP@ +U = @U@ +VERSION = @VERSION@ +XML_CFLAGS = @XML_CFLAGS@ +XML_LIBS = @XML_LIBS@ +Z_LIB = @Z_LIB@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_F77 = @ac_ct_F77@ +ac_ct_RANLIB = @ac_ct_RANLIB@ +ac_ct_STRIP = @ac_ct_STRIP@ +am__fastdepCC_FALSE = @am__fastdepCC_FALSE@ +am__fastdepCC_TRUE = @am__fastdepCC_TRUE@ +am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@ +am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +datadir = @datadir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +sysconfdir = @sysconfdir@ +target = @target@ +target_alias = @target_alias@ +target_cpu = @target_cpu@ +target_os = @target_os@ +target_vendor = @target_vendor@ +dist_man1_MANS = lighttpd.1 spawn-fcgi.1 +DOCS = accesslog.txt \ +authentication.txt \ +cgi.txt \ +compress.txt \ +configuration.txt \ +fastcgi-state.txt \ +fastcgi.txt \ +features.txt \ +performance.txt \ +plugins.txt \ +proxy.txt \ +redirect.txt \ +rewrite.txt \ +secdownload.txt \ +security.txt \ +simple-vhost.txt \ +skeleton.txt \ +ssi.txt \ +ssl.txt \ +state.txt \ +rrdtool.txt \ +alias.txt \ +userdir.txt \ +mysqlvhost.txt \ +access.txt \ +traffic-shaping.txt \ +setenv.txt \ +status.txt \ +scgi.txt \ +cml.txt \ +trigger_b4_dl.txt \ +webdav.txt \ +expire.txt + +HTMLDOCS = accesslog.html \ + authentication.html \ + cgi.html \ + compress.html \ + configuration.html \ + fastcgi-state.html \ + fastcgi.html \ + features.html \ + performance.html \ + plugins.html \ + proxy.html \ + redirect.html \ + rewrite.html \ + secdownload.html \ + security.html \ + simple-vhost.html \ + skeleton.html \ + ssi.html \ + ssl.html \ + state.html \ + rrdtool.html \ + alias.html \ + userdir.html \ + mysqlvhost.html \ + access.html \ + traffic-shaping.html \ + setenv.html \ + status.html \ + scgi.html \ + cml.html \ + trigger_b4_dl.html \ + webdav.html \ + expire.html + +EXTRA_DIST = lighttpd.conf lighttpd.user \ + rc.lighttpd rc.lighttpd.redhat sysconfig.lighttpd \ + rrdtool-graph.sh \ + state.dot fastcgi-state.dot \ + spawn-php.sh \ + newstyle.css \ + oldstyle.css \ + $(DOCS) + +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ + && exit 0; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \ + cd $(top_srcdir) && \ + $(AUTOMAKE) --gnu doc/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +distclean-libtool: + -rm -f libtool +uninstall-info-am: +install-man1: $(man1_MANS) $(man_MANS) + @$(NORMAL_INSTALL) + test -z "$(man1dir)" || $(mkdir_p) "$(DESTDIR)$(man1dir)" + @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ + case "$$i" in \ + *.1*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ + else file=$$i; fi; \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + case "$$ext" in \ + 1*) ;; \ + *) ext='1' ;; \ + esac; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \ + done +uninstall-man1: + @$(NORMAL_UNINSTALL) + @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ + case "$$i" in \ + *.1*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + case "$$ext" in \ + 1*) ;; \ + *) ext='1' ;; \ + esac; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \ + rm -f "$(DESTDIR)$(man1dir)/$$inst"; \ + done +tags: TAGS +TAGS: + +ctags: CTAGS +CTAGS: + + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \ + list='$(DISTFILES)'; for file in $$list; do \ + case $$file in \ + $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \ + $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \ + esac; \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test "$$dir" != "$$file" && test "$$dir" != "."; then \ + dir="/$$dir"; \ + $(mkdir_p) "$(distdir)$$dir"; \ + else \ + dir=''; \ + fi; \ + if test -d $$d/$$file; then \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + fi; \ + cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + else \ + test -f $(distdir)/$$file \ + || cp -p $$d/$$file $(distdir)/$$file \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(MANS) +installdirs: + for dir in "$(DESTDIR)$(man1dir)"; do \ + test -z "$$dir" || $(mkdir_p) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-local mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic distclean-libtool + +dvi: dvi-am + +dvi-am: + +info: info-am + +info-am: + +install-data-am: install-man + +install-exec-am: + +install-info: install-info-am + +install-man: install-man1 + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-info-am uninstall-man + +uninstall-man: uninstall-man1 + +.PHONY: all all-am check check-am clean clean-generic clean-libtool \ + clean-local distclean distclean-generic distclean-libtool \ + distdir dvi dvi-am html html-am info info-am install \ + install-am install-data install-data-am install-exec \ + install-exec-am install-info install-info-am install-man \ + install-man1 install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ + ps ps-am uninstall uninstall-am uninstall-info-am \ + uninstall-man uninstall-man1 + + +%.html: %.txt + rst2html $^ > $@ + +html: $(HTMLDOCS) + +#%.ps.gz: %.ps +# gzip $^ + +#%.ps: %.dot +# dot -Tps -o $@ $^ + +clean-local: + rm -f *.html +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/doc/access.txt b/doc/access.txt new file mode 100644 index 0000000..acfdcb7 --- /dev/null +++ b/doc/access.txt @@ -0,0 +1,41 @@ +====== +Access +====== + +------------------ +Module: mod_access +------------------ + +:Author: Allan Wind +:Date: $Date: 2005/01/30 11:34:32 $ +:Revision: $Revision: 1.1 $ + +:abstract: + The access module is used to deny access to files with given trailing path names. + +.. meta:: + :keywords: lighttpd, trailing path access control + +.. contents:: Table of Contents + +Description +=========== + +The access module is used to deny access to files with given trailing path names. + +Options +======= + +url.access-deny + Denies access to all files with any of given trailing path names. + + Default: empty + + Example: :: + + url.access-deny = ( "~", ".inc") + + will deny access to all files ended with a diacritical mark (~) or .inc + such as example~ or example.inc. A trailing diacritical mark is often + used by editors for backup files. And the .inc extension is often used + for include files with code. diff --git a/doc/accesslog.txt b/doc/accesslog.txt new file mode 100644 index 0000000..36584cf --- /dev/null +++ b/doc/accesslog.txt @@ -0,0 +1,126 @@ +========= +Accesslog +========= + +--------------------- +Module: mod_accesslog +--------------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/11/03 22:26:05 $ +:Revision: $Revision: 1.2 $ + +:abstract: + The accesslog module ... + +.. meta:: + :keywords: lighttpd, accesslog, CLF + +.. contents:: Table of Contents + +Description +=========== + +CLF like by default, flexible like apache + +Options +======= + +accesslog.use-syslog + send the accesslog to syslog + + Default: disabled + +accesslog.filename + name of the file where the accesslog should be written too if syslog + is not used. + + if the name starts with a '|' the rest of the name is taken + as the name of a process which will be spawn and will get the + output + + e.g.: :: + + accesslog.filename = "/var/log/lighttpd.log" + + $HTTP["host"] == "mail.example.org" { + accesslog.filename = "|/usr/bin/cronolog" + } + + Default: disabled + +accesslog.format + the format of the logfile + + ====== ================================ + Option Description + ====== ================================ + %% a percent sign + %h name or address of remote-host + %l ident name (not supported) + %u authenticated user + %t timestamp for the request-start + %r request-line + %s status code + %b bytes sent for the body + %i HTTP-header field + %a remote address + %A local address + %B same as %b + %C cookie field (not supported) + %D time used in ms (not supported) + %e environment (not supported) + %f phyiscal filename + %H request protocol (HTTP/1.0, ...) + %m request method (GET, POST, ...) + %n (not supported) + %o `response header`_ + %p server port + %P (not supported) + %q query string + %T time used in seconds + %U request URL + %v server-name + %V (not supported) + %X connection status + %I bytes incomming + %O bytes outgoing + ====== ================================ + + If %s is written %>s or %<s the < and the > are ignored. They are support + for compat with apache. + + %i and %o expect the name of the field which should be written in curly brackets. + + e.g.: :: + + accesslog.format = "%h %l %u %t \"%r\" %b %>s \"%{User-Agent}i\" \"%{Referer}i\"" + + Default: CLF compatible output + +Response Header +--------------- + +The accesslog module provides a special way to log content from the +application in a accesslog file. It can be used to log the session id into a +logfile. + +If you want to log it into the accesslog just specify the field-name within +a %{...}o like :: + + accesslog.format = "%h %l %u %t \"%r\" %b %>s \"%{User-Agent}i\" \"%{Referer}i\" \"%{X-LIGHTTPD-SID}o\"" + +The prefix ``X-LIGHTTPD-`` is special as every response header starting with +this prefix is assumed to be special for lighttpd and won't be sent out +to the client. + +An example the use this functionality is provided below: :: + + <?php + + session_start(); + + header("X-LIGHTTPD-SID: ".session_id()); + + ?> + diff --git a/doc/alias.txt b/doc/alias.txt new file mode 100644 index 0000000..15012e3 --- /dev/null +++ b/doc/alias.txt @@ -0,0 +1,36 @@ +===== +Alias +===== + +----------------- +Module: mod_alias +----------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/08/29 09:43:49 $ +:Revision: $Revision: 1.1 $ + +:abstract: + The alias module ... + +.. meta:: + :keywords: lighttpd, alias + +.. contents:: Table of Contents + +Description +=========== + +The alias module is used to specify a special document-root for a given url-subset. + +Options +======= + +alias.url + rewrites the document-root for a URL-subset + + Default: empty + + Example: :: + + alias.url = ( "/cgi-bin/" => "/var/www/servers/www.example.org/cgi-bin/" ) diff --git a/doc/authentication.txt b/doc/authentication.txt new file mode 100644 index 0000000..2a11f64 --- /dev/null +++ b/doc/authentication.txt @@ -0,0 +1,207 @@ +==================== +Using Authentication +==================== + +---------------- +Module: mod_auth +---------------- + +:Author: Jan Kneschke +:Date: $Date: 2006-01-12 19:34:26 +0100 (Thu, 12 Jan 2006) $ +:Revision: $Revision: 940 $ + +:abstract: + The auth module provides ... + +.. meta:: + :keywords: lighttpd, authentication + +.. contents:: Table of Contents + +Description +=========== + +Supported Methods +----------------- + +lighttpd supportes both authentication method described by +RFC 2617: + +basic +````` + +The Basic method transfers the username and the password in +cleartext over the network (base64 encoded) and might result +in security problems if not used in conjunction with a crypted +channel between client and server. + +digest +`````` + +The Digest method only transfers a hashed value over the +network which performs a lot of work to harden the +authentication process in insecure networks. + +Backends +-------- + +Depending on the method lighttpd provides various way to store +the credentials used for the authentication. + +for basic auth: + +- plain_ +- htpasswd_ +- htdigest_ +- ldap_ + +for digest auth: + +- plain_ +- htdigest_ + + +plain +````` + +A file which contains username and the cleartext password +seperated by a colon. Each entry is terminated by a single +newline.:: + + e.g.: + agent007:secret + + +htpasswd +```````` + +A file which contains username and the crypt()'ed password +seperated by a colon. Each entry is terminated by a single +newline. :: + + e.g.: + agent007:XWY5JwrAVBXsQ + +You can use htpasswd from the apache distribution to manage +those files. :: + + $ htpasswd lighttpd.user.htpasswd agent007 + + +htdigest +```````` + +A file which contains username, realm and the md5()'ed +password seperated by a colon. Each entry is terminated +by a single newline. :: + + e.g.: + agent007:download area:8364d0044ef57b3defcfa141e8f77b65 + +You can use htdigest from the apache distribution to manage +those files. :: + + $ htdigest lighttpd.user.htdigest 'download area' agent007 + +Using md5sum can also generate the password-hash: :: + + #!/bin/sh + user=$1 + realm=$2 + pass=$3 + + hash=`echo -n "$user:$realm:$pass" | md5sum | cut -b -32` + + echo "$user:$realm:$hash" + +To use it: + + $ htdigest.sh 'agent007' 'download area' 'secret' + agent007:download area:8364d0044ef57b3defcfa141e8f77b65 + + + +ldap +```` + +the ldap backend is basically performing the following steps +to authenticate a user + +1. connect anonymously (at plugin init) +2. get DN for filter = username +3. auth against ldap server +4. disconnect + +if all 4 steps are performed without any error the user is +authenticated + +Configuration +============= + +:: + + ## debugging + # 0 for off, 1 for 'auth-ok' messages, 2 for verbose debugging + auth.debug = 0 + + ## type of backend + # plain, htpasswd, ldap or htdigest + auth.backend = "htpasswd" + + # filename of the password storage for + # plain + auth.backend.plain.userfile = "lighttpd-plain.user" + + ## for htpasswd + auth.backend.htpasswd.userfile = "lighttpd-htpasswd.user" + + ## for htdigest + auth.backend.htdigest.userfile = "lighttpd-htdigest.user" + + ## for ldap + # the $ in auth.backend.ldap.filter is replaced by the + # 'username' from the login dialog + auth.backend.ldap.hostname = "localhost" + auth.backend.ldap.base-dn = "dc=my-domain,dc=com" + auth.backend.ldap.filter = "(uid=$)" + # if enabled, startTLS needs a valid (base64-encoded) CA + # certificate + auth.backend.ldap.starttls = "enable" + auth.backend.ldap.ca-file = "/etc/CAcertificate.pem" + + ## restrictions + # set restrictions: + # + # ( <left-part-of-the-url> => + # ( "method" => "digest"/"basic", + # "realm" => <realm>, + # "require" => "user=<username>" ) + # ) + # + # <realm> is a string to display in the dialog + # presented to the user and is also used for the + # digest-algorithm and has to match the realm in the + # htdigest file (if used) + # + + auth.require = ( "/download/" => + ( + "method" => "digest", + "realm" => "download archiv", + "require" => "user=agent007|user=agent008" + ), + "/server-info" => + ( + "method" => "digest", + "realm" => "download archiv", + "require" => "valid-user" + ) + ) + +Limitations +============ + +- The implementation of digest method is currently not + completely compliant with the standard as it still allows + a replay attack. + diff --git a/doc/cgi.txt b/doc/cgi.txt new file mode 100644 index 0000000..081d795 --- /dev/null +++ b/doc/cgi.txt @@ -0,0 +1,50 @@ +=== +CGI +=== + +--------------- +Module: mod_cgi +--------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/11/03 22:26:05 $ +:Revision: $Revision: 1.2 $ + +:abstract: + The cgi module provides a CGI-conforming interface. + +.. meta:: + :keywords: lighttpd, cgi + +.. contents:: Table of Contents + +Description +=========== + +CGI programs allow you to enhance the functionality of the server in a very +straight and simple way.. + +Options +======= + +cgi.assign + + file-extensions that are handled by a CGI program + + e.g.: :: + + cgi.assign = ( ".pl" => "/usr/bin/perl", + ".cgi" => "/usr/bin/perl" ) + +Examples +======== + +To setup a executable which doesn't need the help of a external program you +just don't specify a handler for the extension. :: + + cgi.assign = ( ".sh" => "" ) + +If the file has no extension keep in mind that lighttpd matches not the +extension itself but the right part of the URL: :: + + cgi.assign = ( "/testfile" => "" ) diff --git a/doc/cml.txt b/doc/cml.txt new file mode 100644 index 0000000..ddae340 --- /dev/null +++ b/doc/cml.txt @@ -0,0 +1,261 @@ +========================= +CML (Cache Meta Language) +========================= + +--------------- +Module: mod_cml +--------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/11/03 22:26:05 $ +:Revision: $Revision: 1.2 $ + +:abstract: + CML is a Meta language to describe the dependencies of a page at one side and building a page from its fragments on the other side using LUA. + +.. meta:: + :keywords: lighttpd, cml, lua + +.. contents:: Table of Contents + +Description +=========== + +CML (Cache Meta Language) wants to solves several problems: + + * dynamic content needs caching to perform + * checking if the content is dirty inside of the application is usually more expensive than sending out the cached data + * a dynamic page is usually fragmented and the fragments have different livetimes + * the different fragements can be cached independently + +Cache Decision +-------------- + +A simple example should show how to a content caching the very simple way in PHP. + +jan.kneschke.de has a very simple design: + + * the layout is taken from a template in templates/jk.tmpl + * the menu is generated from a menu.csv file + * the content is coming from files on the local directory named content-1, content-2 and so on + +The page content is static as long non of the those tree items changes. A change in the layout +is affecting all pages, a change of menu.csv too, a change of content-x file only affects the +cached page itself. + +If we model this in PHP we get: :: + + <?php + + ## ... fetch all content-* files into $content + $cachefile = "/cache/dir/to/cached-content"; + + function is_cachable($content, $cachefile) { + if (!file_exists($cachefile)) { + return 0; + } else { + $cachemtime = filemtime($cachefile); + } + + foreach($content as $k => $v) { + if (isset($v["file"]) && + filemtime($v["file"]) > $cachemtime) { + return 0; + } + } + + if (filemtime("/menu/menu.csv") > $cachemtime) { + return 0; + } + if (filemtime("/templates/jk.tmpl") > $cachemtime) { + return 0; + } + } + + if (is_cachable(...), $cachefile) { + readfile($cachefile); + exit(); + } else { + # generate content and write it to $cachefile + } + ?> + +Quite simple. No magic involved. If the one of the files is new than the cached +content, the content is dirty and has to be regenerated. + +Now let take a look at the numbers: + + * 150 req/s for a Cache-Hit + * 100 req/s for a Cache-Miss + +As you can see the increase is not as good as it could be. The main reason as the overhead +of the PHP interpreter to start up (a byte-code cache has been used here). + +Moving these decisions out of the PHP script into a server module will remove the need +to start PHP for a cache-hit. + +To transform this example into a CML you need 'index.cml' in the list of indexfiles +and the following index.cml file: :: + + output_contenttype = "text/html" + + b = request["DOCUMENT_ROOT"] + cwd = request["CWD"] + + output_include = { b .. "_cache.html" } + + trigger_handler = "index.php" + + if file_mtime(b .. "../lib/php/menu.csv") > file_mtime(cwd .. "_cache.html") or + file_mtime(b .. "templates/jk.tmpl") > file_mtime(cwd .. "_cache.html") or + file_mtime(b .. "content.html") > file_mtime(cwd .. "_cache.html") then + return CACHE_MISS + else + return CACHE_HIT + end + +Numbers again: + + * 4900 req/s for Cache-Hit + * 100 req/s for Cache-Miss + +Content Assembling +------------------ + +Sometimes the different fragment are already generated externally. You have to cat them together: :: + + <?php + readfile("head.html"); + readfile("menu.html"); + readfile("spacer.html"); + readfile("db-content.html"); + readfile("spacer2.html"); + readfile("news.html"); + readfile("footer.html"); + ?> + +We we can do the same several times faster directly in the webserver. + +Don't forget: Webserver are built to send out static content, that is what they can do best. + +The index.cml for this looks like: :: + + output_content_type = "text/html" + + cwd = request["CWD"] + + output_include = { cwd .. "head.html", + cwd .. "menu.html", + cwd .. "spacer.html", + cwd .. "db-content.html", + cwd .. "spacer2.html", + cwd .. "news.html", + cwd .. "footer.html" } + + return CACHE_HIT + +Now we get about 10000 req/s instead of 600 req/s. + +Power Magnet +------------ + +Next to all the features about Cache Decisions CML can do more. Starting +with lighttpd 1.4.9 a power-magnet was added which attracts each request +and allows you to manipulate the request for your needs. + +We want to display a maintainance page by putting a file in a specified +place: + +We enable the power magnet: :: + + cml.power-magnet = "/home/www/power-magnet.cml" + +and create /home/www/power-magnet.cml with: :: + + dr = request["DOCUMENT_ROOT"] + + if file_isreg(dr .. 'maintainance.html') then + output_include = { 'maintainance.html' } + return CACHE_HIT + end + + return CACHE_MISS + +For each requested file the /home/www/power-magnet.cml is executed which +checks if maintainance.html exists in the docroot and displays it +instead of handling the usual request. + +Another example, create thumbnail for requested image and serve it instead +of sending the big image: :: + + ## image-url is /album/baltic_winter_2005.jpg + ## no params -> 640x480 is served + ## /album/baltic_winter_2005.jpg/orig for full size + ## /album/baltic_winter_2005.jpg/thumb for thumbnail + + dr = request["DOCUMENT_ROOT"] + sn = request["SCRIPT_NAME"] + + ## to be continued :) ... + + trigger_handler = '/gen_image.php' + + return CACHE_MISS + + +Installation +============ + +You need `lua <http://www.lua.org/>`_ and should install `libmemcache-1.3.x <http://people.freebsd.org/~seanc/libmemcache/>`_ and have to configure lighttpd with: :: + + ./configure ... --with-lua --with-memcache + +To use the plugin you have to load it: :: + + server.modules = ( ..., "mod_cml", ... ) + +Options +======= + +:cml.extension: + the file extension that is bound to the cml-module +:cml.memcache-hosts: + hosts for the memcache.* functions +:cml.memcache-namespace: + (not used yet) +:cml.power-magnet: + a cml file that is executed for each request + +Language +======== + +The language used for CML is provided by `LUA <http://www.lua.org/>`_. + +Additionally to the functions provided by lua mod_cml provides: :: + + tables: + + request + - REQUEST_URI + - SCRIPT_NAME + - SCRIPT_FILENAME + - DOCUMENT_ROOT + - PATH_INFO + - CWD + - BASEURI + + get + - parameters from the query-string + + functions: + string md5(string) + number file_mtime(string) + string memcache_get_string(string) + number memcache_get_long(string) + boolean memcache_exists(string) + + +What ever your script does, it has to return either CACHE_HIT or CACHE_MISS. +It case a error occures check the error-log, the user will get a error 500. If you don't like +the standard error-page use ``server.errorfile-prefix``. + diff --git a/doc/compress.txt b/doc/compress.txt new file mode 100644 index 0000000..7b083e9 --- /dev/null +++ b/doc/compress.txt @@ -0,0 +1,66 @@ +================== +Output Compression +================== + +-------------------- +Module: mod_compress +-------------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/08/29 09:43:49 $ +:Revision: $Revision: 1.1 $ + +:abstract: + a nice, short abstrace about the module + +.. meta:: + :keywords: lighttpd, compress + +.. contents:: Table of Contents + +Description +=========== + +Output compression reduces the network load and can improve the overall +throughput of the webserver. + +Only static content is supported up to now. + +The server negotiates automaticly which compression method is used. +Supported are gzip, deflate, bzip. + +Options +======= + +compress.cache-dir + name of the directory where compressed content will be cached + + e.g.: :: + + compress.cache-dir = "/var/www/cache/" + + # even better with virt-hosting + $HTTP["host"] == "docs.example.org" { + compress.cache-dir = "/var/www/cache/docs.example.org/" + } + + Default: not set, compress the file for every request + +compress.filetype + mimetypes where might get compressed + + e.g.: :: + + compress.filetype = ("text/plain", "text/html") + + Default: not set + + +Compressing Dynamic Content +=========================== + +To compress dynamic content with PHP please enable :: + + zlib.output_compression = 1 + +in the php.ini as PHP provides compression support by itself. diff --git a/doc/configuration.txt b/doc/configuration.txt new file mode 100644 index 0000000..c984a3f --- /dev/null +++ b/doc/configuration.txt @@ -0,0 +1,464 @@ +================== +Configuration File +================== + +------------ +Module: core +------------ + +:Author: Jan Kneschke +:Date: $Date: 2006-02-01 13:05:01 +0100 (Wed, 01 Feb 2006) $ +:Revision: $Revision: 979 $ + +:abstract: + the layout of the configuration file + +.. meta:: + :keywords: lighttpd, configuration + +.. contents:: Table of Contents + +Description +=========== + +Basic Syntax +------------ + +A BNF like notation: :: + + option : NAME = VALUE + merge : NAME += VALUE + NAME : modulename.key + VALUE : ( <string> | <integer> | <boolean> | <array> | VALUE [ + VALUE ]*) + <string> : "text" + <integer>: digit* + <boolean>: ( "enable" | "disable" ) + <array> : "(" [ <string> "=>" ] <value> [, [ <string> "=>" ] <value> ]* ")" + INCLUDE : "include" VALUE + INCLUDE_SHELL : "include_shell" STRING_VALUE + +Example +------- + +:: + + # default document-root + server.document-root = "/var/www/example.org/pages/" + + # TCP port + server.port = 80 + + # selecting modules + server.modules = ( "mod_access", "mod_rewrite" ) + + # variables, computed when config is read. + var.mymodule = "foo" + server.modules += ( "mod_" + var.mymodule ) + # var.PID is initialised to the pid of lighttpd before config is parsed + + # include, relative to dirname of main config file + include "mime.types.conf" + + # read configuration from output of a command + include_shell "/usr/local/bin/confmimetype /etc/mime.types" + + +Conditional Configuration +========================= + +Most options can be configured conditionally by using the following syntax +(including nesting). + +:: + + <field> <operator> <value> { + ... + <field> <operator> <value> { + ... nesting: match only when parent match + } + } + else <field> <operator> <value> { + ... the "else if" block + } + +where <field> is one of one of the following: + +$HTTP["cookie"] + match on cookie +$HTTP["host"] + match on host +$HTTP["useragent"] + match on useragent +$HTTP["referer"] + match on referer +$HTTP["url"] + match on url +$HTTP["remoteip"] + match on the remote IP or a remote Network +$SERVER["socket"] + match on socket. Value must be on the format "ip:port" where ip is an IP + address and port a port number. Only equal match (==) is supported. + It also binds the daemon to this socket. Use this if you want to do IP/port- + based virtual hosts. + +<operator> is one of: + +== + string equal match +!= + string not equal match +=~ + perl style regular expression match +!~ + perl style regular expression not match + +and <value> is either a quoted ("") literal string or regular expression. + + +Example +------- + +:: + + # disable directory-listings for /download/* + dir-listing.activate = "enable" + $HTTP["url"] =~ "^/download/" { + dir-listing.activate = "disable" + } + + # handish virtual hosting + # map all domains of a top-level-domain to a single document-root + $HTTP["host"] =~ "(^|\.)example\.org$" { + server.document-root = "/var/www/htdocs/example.org/pages/" + } + + # multiple sockets + $SERVER["socket"] == "127.0.0.1:81" { + server.document-root = "..." + } + + $SERVER["socket"] == "127.0.0.1:443" { + ssl.pemfile = "/var/www/certs/localhost.pem" + ssl.engine = "enable" + + server.document-root = "/var/www/htdocs/secure.example.org/pages/" + } + + # deny access for all googlebot + $HTTP["useragent"] =~ "Google" { + url.access-deny = ( "" ) + } + + # deny access for all image stealers + $HTTP["referer"] !~ "^($|http://www\.example\.org)" { + url.access-deny = ( ".jpg", ".jpeg", ".png" ) + } + + # deny the access to www.example.org to all user which + # are not in the 10.0.0.0/8 network + $HTTP["host"] == "www.example.org" { + $HTTP["remoteip"] != "10.0.0.0/8" { + url.access-deny = ( "" ) + } + } + +Global context +========================= + +:: + + global { + ... + } + +You don't need it in the main configuration file. But you might have +difficulty setting server wide configuration inside a included-file from +conditionals. + +Example +------- + +:: + + in lighttpd.conf: + server.modules = () + $HTTP["host"] == "www.example.org" { + include "incl-php.conf" + } + + in incl-php.conf: + global { + server.modules += ("mod_fastcgi") + static-file.exclude-extensions += (".php") + } + fastcgi.server = "..." + +Options +======= + +server module +------------- + +main sections +````````````` + +server.document-root + document-root of the webserver + + This variable has the specified as it will be used for all requests + without a Host: header and for all with a know hostname which you + might have specified with one of the above conditionals. + + Default: no default, required + +server.bind + IP address, hostname or absolute path to the unix-domain socket the server + listen on. + + Default: bind to all interfaces + + Example: :: + + server.bind = "127.0.0.1" + server.bind = "www.example.org" + server.bind = "/tmp/lighttpd.socket" + +server.port + tcp-port to bind the server to + +.. note:: port belows 1024 require root-permissions + + Default: 80 (443 if ssl is enabled) + +server.use-ipv6 + bind to the IPv6 socket + +server.tag + set the string returned by the Server: response header + + Default: lighttpd <current-version> + +server.errorlog + pathname of the error-log + + Default: either STDERR or ``server.errorlog-use-syslog`` + +server.errorlog-use-syslog + send errorlog to syslog + + Default: disabled + +server.chroot + root-directory of the server + + NOTE: requires root-permissions + +server.username + username used to run the server + + NOTE: requires root-permissions + +server.groupname + groupname used to run the server + + NOTE: requires root-permissions + +server.follow-symlink + allow to follow-symlinks + + Default: enabled + +index-file.names + list of files to search for if a directory is requested + e.g.: :: + + index-file.names = ( "index.php", "index.html", + "index.htm", "default.htm" ) + + if a name starts with slash this file will be used a index generator + for all directories. + +server.modules + modules to load + +.. note:: the order of the modules is somewhat important as the modules are + handled in the way they are specified. mod_rewrite should always be + the first module, mod_accesslog always the last. + + e.g.: :: + + server.modules = ( "mod_rewrite", + "mod_redirect", + "mod_alias", + "mod_access", + "mod_auth", + "mod_status", + "mod_fastcgi", + "mod_proxy", + "mod_simple_vhost", + "mod_evhost", + "mod_userdir", + "mod_cgi", + "mod_compress", + "mod_ssi", + "mod_usertrack", + "mod_expire", + "mod_secdownload", + "mod_rrdtool", + "mod_accesslog" ) + + Starting with lighttpd 1.4.0 three default modules are loaded automaticly: + + - mod_indexfile + - mod_dirlisting + - mod_staticfile + +server.event-handler + set the event handler + + Default: "poll" + +server.pid-file + set the name of the .pid-file where the PID of the server should be placed. + This option is used in combination with a start-script and the daemon mode + + Default: not set + +server.max-request-size + maximum size in kbytes of the request (header + body). Only applies to POST + requests. + + Default: 2097152 (2GB) + +server.max-worker + number of worker processes to spawn. This is usually only needed on servers + which are fairly loaded and the network handler calls delay often (e.g. new + requests are not handled instantaneously). + + Default: 0 + +server.name + name of the server/virtual server + + Default: hostname + +server.max-keep-alive-requests + maximum number of request within a keep-alive session before the server + terminates the connection + + Default: 128 + +server.max-keep-alive-idle + maximum number of seconds until a idling keep-alive connection is droped + + Default: 30 + +server.max-read-idle + maximum number of seconds until a waiting, non keep-alive read times out + and closes the connection + + Default: 60 + +server.max-write-idle + maximum number of seconds until a waiting write call times out and closes + the connection + + Default: 360 + +server.error-handler-404 + uri to call if the requested file results in a 404 + + Default: not set + + Example: :: + + server.error-handler-404 = "/error-404.php" + +server.protocol-http11 + defines if HTTP/1.1 is allowed or not. + + Default: enabled + +server.range-requests + defines if range requests are allowed or not. + + Default: enabled + + +SSL engine +`````````` + +ssl.pemfile + path to the PEM file for SSL support + +debugging +````````` + +debug.dump-unknown-headers + enables listing of internally unhandled HTTP-headers + + e.g. :: + + debug.dump-unknown-headers = "enable" + +mimetypes +````````` + +mimetype.assign + list of known mimetype mappings + NOTE: if no mapping is given "application/octet-stream" is used + + e.g.: :: + + mimetype.assign = ( ".png" => "image/png", + ".jpg" => "image/jpeg", + ".jpeg" => "image/jpeg", + ".html" => "text/html", + ".txt" => "text/plain" ) + + The list is compared top down and the first match is taken. This is + important if you have matches like: :: + + ".tar.gz" => "application/x-tgz", + ".gz" => "application/x-gzip", + + If you want to set another default mimetype use: :: + + ..., + "" => "text/plain" ) + + as the last entry in the list. + +mimetype.use-xattr + If available, use the XFS-style extended attribute interface to + retrieve the "Content-Type" attribute on each file, and use that as the + mime type. If it's not defined or not available, fall back to the + mimetype.assign assignment. + + e.g.: :: + + mimetype.use-xattr = "enable" + + on shell use: + + $ attr -s Content-Type -V image/svg svgfile.svg + + or + + $ attr -s Content-Type -V text/html indexfile + + +debugging +````````` + +debug.log-request-header + default: disabled + +debug.log-response-header + default: disabled + +debug.log-file-not-found + default: disabled + +debug.log-request-handling + default: disabled diff --git a/doc/expire.txt b/doc/expire.txt new file mode 100644 index 0000000..2aee938 --- /dev/null +++ b/doc/expire.txt @@ -0,0 +1,42 @@ +=============================================== +Controlling the Expiration of Content in Caches +=============================================== + +------------------ +Module: mod_expire +------------------ + +:Author: Jan Kneschke +:Date: $Date: 2004/11/03 22:26:05 $ +:Revision: $Revision: 1.2 $ + +:abstract: + mod_expire controls the setting of the the Expire Response header + +.. meta:: + :keywords: lighttpd, expire + +.. contents:: Table of Contents + +Description +=========== + +mod_expire controls the Expire header in the Response Header of HTTP/1.0 +messages. It is usefull to set it for static files which should be cached +aggressivly like images, stylesheets or similar. + +Options +======= + +expire.url + assignes a expiration to all files below the specified path. The + specification of the time is made up of: :: + + <access|modification> <number> <years|months|days|hours|minutes|seconds> + + following the syntax used by mod_expire in Apache 1.3.x and later. + + Example: :: + + expire.url = ( "/images/" => "access 1 hour" ) + diff --git a/doc/fastcgi-state.dot b/doc/fastcgi-state.dot new file mode 100644 index 0000000..8e3068c --- /dev/null +++ b/doc/fastcgi-state.dot @@ -0,0 +1,6 @@ +digraph fcgistate { + init -> connect -> prepwrite -> write -> read -> close + write -> write + read -> read + connect -> connect +} diff --git a/doc/fastcgi-state.txt b/doc/fastcgi-state.txt new file mode 100644 index 0000000..9e76a6f --- /dev/null +++ b/doc/fastcgi-state.txt @@ -0,0 +1,51 @@ +================= +FastCGI Internals +================= + +--------------- +Module: fastcgi +--------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/08/01 07:01:29 $ +:Revision: $Revision: 1.1 $ + +:abstract: + This is a short summary of the state-engine which is driving the FastCGI + module. It describes the basic concepts and the way the different parts + of the module are connected. + +.. meta:: + :keywords: lighttpd, state-engine, fastcgi + +.. contents:: Table of Contents + +Description +=========== + +States +------ + +The state-engine is currently made of 6 states which are walk-through on +the way each connection. + +:init: + prepare fastcgi-connection +:connect: + waiting for a connection +:prepwrite: + build the fastcgi-request +:write: + write the fastcgi-request to the network +:read: + read fastcgi-response from network and push it to the write-queue +:close: + terminate the connection + +.. image:: fastcgi-state.png + +Delays +------ + +connect, write and read may need to wait for an fdevent. That's the reason +for the loop in the state-diagram. diff --git a/doc/fastcgi.txt b/doc/fastcgi.txt new file mode 100644 index 0000000..01a8666 --- /dev/null +++ b/doc/fastcgi.txt @@ -0,0 +1,606 @@ +===================== +the FastCGI Interface +===================== + +------------------- +Module: mod_fastcgi +------------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/11/03 22:26:05 $ +:Revision: $Revision: 1.3 $ + +:abstract: + The FastCGI interface is the fastest and most secure way + to interface external process-handlers like Perl, PHP and + your self-written applications. + +.. meta:: + :keywords: lighttpd, FastCGI + +.. contents:: Table of Contents + +Description +=========== + +lighttpd provides an interface to a external programs that +support the FastCGI interface. The FastCGI Interface is +defined by http://www.fastcgi.com/ and is a +platform-independent and server independent interface between +a web-application and a webserver. + +This means that FastCGI programs that run with the Apache +Webserver will run seamlessly with lighttpd and vice versa. + + +FastCGI +------- + +FastCGI is removes a lot of the limitations of CGI programs. +CGI programs have the problem that they have to be restarted +by the webserver for every request which leads to really bad +performance values. + +FastCGI removes this limitation by keeping the process running +and handling the requests by this always running process. This +removes the time used for the fork() and the overall startup +and cleanup time which is necessary to create and destroy a +process. + +While CGI programs communicate to the server over pipes, +FastCGI processes use Unix-Domain-Sockets or TCP/IP to talk +with the webserver. This gives you the second advantage over +simple CGI programs: FastCGI don't have to run on the Webserver +itself but everywhere in the network. + +lighttpd takes it a little bit further by providing a internal +FastCGI load-balancer which can be used to balance the load +over multiple FastCGI Servers. In contrast to other solutions +only the FastCGI process has to be on the cluster and not the +whole webserver. That gives the FastCGI process more resources +than a e.g. load-balancer+apache+mod_php solution. + +If you compare FastCGI against a apache+mod_php solution you +should note that FastCGI provides additional security as the +FastCGI process can be run under different permissions that +the webserver and can also live a chroot which might be +different than the one the webserver is running in. + +Options +======= + +lighttpd provides the FastCGI support via the fastcgi-module +(mod_fastcgi) which provides 2 options in the config-file: + +fastcgi.debug + a value between 0 and 65535 to set the debug-level in the + FastCGI module. Currently only 0 and 1 are used. Use 1 to + enable some debug output, 0 to disable it. + +fastcgi.max-extensions + map multiple extensions to the same fastcgi server + + Example: :: + + fastcgi.map-extensions = ( ".php3" => ".php" ) + +fastcgi.server + tell the module where to send FastCGI requests to. Every + file-extension can have it own handler. Load-Balancing is + done by specifying multiple handles for the same extension. + + structure of fastcgi.server section: :: + + ( <extension> => + ( + ( "host" => <string> , + "port" => <integer> , + "socket" => <string>, # either socket + # or host+port + "bin-path" => <string>, # OPTIONAL + "bin-environment" => <array>, # OPTIONAL + "bin-copy-environment" => <array>, # OPTIONAL + "mode" => <string>, # OPTIONAL + "docroot" => <string> , # OPTIONAL if "mode" + # is not "authorizer" + "check-local" => <string>, # OPTIONAL + "min-procs" => <integer>, # OPTIONAL + "max-procs" => <integer>, # OPTIONAL + "max-load-per-proc" => <integer>, # OPTIONAL + "idle-timeout" => <integer>, # OPTIONAL + "broken-scriptfilename" => <boolean>, # OPTIONAL + "disable-time" => <integer>, # optional + "allow-x-send-file" => <boolean> # optional + ), + ( "host" => ... + ) + ) + ) + + :<extension>: is the file-extension or prefix + (if started with "/") + :"host": is hostname/ip of the FastCGI process + :"port": is tcp-port on the "host" used by the FastCGI + process + :"bin-path": path to the local FastCGI binary which should be + started if no local FastCGI is running + :"socket": path to the unix-domain socket + :"mode": is the FastCGI protocol mode. + Default is "responder", also "authorizer" + mode is implemented. + :"docroot": is optional and is the docroot on the remote + host for default "responder" mode. For + "authorizer" mode it is MANDATORY and it points + to docroot for authorized requests. For security + reasons it is recommended to keep this docroot + outside of server.document-root tree. + :"check-local": is optional and may be "enable" (default) or + "disable". If enabled the server first check + for a file in local server.document-root tree + and return 404 (Not Found) if no such file. + If disabled, the server forward request to + FastCGI interface without this check. + :"broken-scriptfilename": breaks SCRIPT_FILENAME in a wat that + PHP can extract PATH_INFO from it (default: disabled) + :"disable-time": time to wait before a disabled backend is checked + again + :"allow-x-send-file": controls if X-LIGHTTPD-send-file headers + are allowed + + If bin-path is set: + + :"min-procs": sets the minium processes to start + :"max-procs": the upper limit of the processess to start + :"max-load-per-proc": maximum number of waiting processes on + average per process before a new process is + spawned + :"idle-timeout": number of seconds before a unused process + gets terminated + :"bin-environment": put an entry into the environment of + the started process + :"bin-copy-environement": clean up the environment and copy + only the specified entries into the fresh + environment of the spawn process + + +Examples +-------- + + Multiple extensions for the same host :: + + fastcgi.server = ( ".php" => + (( "host" => "127.0.0.1", + "port" => 1026, + "bin-path" => "/usr/local/bin/php" + )), + ".php4" => + (( "host" => "127.0.0.1", + "port" => 1026 + )) + ) + + Example with prefix: :: + + fastcgi.server = ( "/remote_scripts/" => + (( "host" => "192.168.0.3", + "port" => 9000, + "check-local" => "disable", + "docroot" => "/" # remote server may use + # it's own docroot + )) + ) + + The request `http://my.host.com/remote_scripts/test.cgi` will + be forwarded to fastcgi server at 192.168.0.3 and the value + "/remote_scripts/test.cgi" will be used for the SCRIPT_NAME + variable. Remote server may prepend it with its own + document root. The handling of index files is also the + resposibility of remote server for this case. + + In the case that the prefix is not terminated with a slash + the prefix will be handled as file and /test.cgi would become + a PATH_INFO instead of part of SCRIPT_NAME. + + + Example for "authorizer" mode: :: + + fastcgi.server = ( "/remote_scripts/" => + (( "host" => "10.0.0.2", + "port" => 9000, + "docroot" => "/path_to_private_docs", + "mode" => "authorizer" + )) + ) + + Note that if "docroot" is specified then its value will be + used in DOCUMENT_ROOT and SCRIPT_FILENAME variables passed + to FastCGI server. + +Load-Balancing +============== + +The FastCGI plugin provides automaticly a load-balancing between +multiple FastCGI servers. :: + + fastcgi.server = ( ".php" => + (( "host" => "10.0.0.2", "port" => 1030 ), + ( "host" => "10.0.0.3", "port" => 1030 )) + ) + + +To understand how the load-balancing works you can enable the +fastcgi.debug option and will get a similar output as here: :: + + proc: 127.0.0.1 1031 1 1 1 31454 + proc: 127.0.0.1 1028 1 1 1 31442 + proc: 127.0.0.1 1030 1 1 1 31449 + proc: 127.0.0.1 1029 1 1 2 31447 + proc: 127.0.0.1 1026 1 1 2 31438 + got proc: 34 31454 + release proc: 40 31438 + proc: 127.0.0.1 1026 1 1 1 31438 + proc: 127.0.0.1 1028 1 1 1 31442 + proc: 127.0.0.1 1030 1 1 1 31449 + proc: 127.0.0.1 1031 1 1 2 31454 + proc: 127.0.0.1 1029 1 1 2 31447 + +Even if this for multiple FastCGI children on the local machine +the following explaination is valid for remote connections too. + +The output shows: + +- IP, port, unix-socket (is empty here) +- is-local, state (0 - unset, 1 - running, ... ) +- active connections (load) +- PID + +As you can see the list is always sorted by the load field. + +Whenever a new connection is requested, the first entry (the one +with the lowest load) is selected, the load is increased (got proc: ...) +and the list is sorted again. + +If a FastCGI request is done or the connection is dropped, the load on the +FastCGI proc decreases and the list is sorted again (release proc: ...) + +This behaviour is very light-weight in code and still very efficient +as it keeps the fastcgi-servers equally loaded even if they have different +CPUs. + +Adaptive Process Spawning +========================= + +.. note:: This feature is disabled in 1.3.14 again. min-procs is + ignored in that release + +Starting with 1.3.8 lighttpd can spawn processes on demand if +a bin-path is specified and the FastCGI process runs locally. + +If you want to have a least one FastCGI process running and +more of the number of requests increases you can use min-procs +and max-procs. + +A new process is spawned as soon as the average number of +requests waiting to be handle by a single process increases the +max-load-per-proc setting. + +The idle-timeout specifies how long a fastcgi-process should wait +for a new request before it kills itself. + +Example +------- +:: + + fastcgi.server = ( ".php" => + (( "socket" => "/tmp/php.socket", + "bin-path" => "/usr/local/bin/php", + "min-procs" => 1, + "max-procs" => 32, + "max-load-per-proc" => 4, + "idle-timeout" => 20 + )) + ) + +Disabling Adaptive Spawning +--------------------------- + +Adaptive Spawning is a quite new feature and it might misbehave +for your setup. There are several ways to control how the spawing +is done: + +1. ``"max-load-per-proc" => 1`` + if that works for you, great. + +2. If not set ``min-procs == max-procs``. + +3. For PHP you can also use: :: + + $ PHP_FCGI_CHILDREN=384 ./lighttpd -f ./lighttpd.conf + + fastcgi.server = ( ".php" => + (( "socket" => "/tmp/php.socket", + "bin-path" => "/usr/local/bin/php", + "min-procs" => 1, + "max-procs" => 1, + "max-load-per-proc" => 4, + "idle-timeout" => 20 + )) + ) + + It will create one socket and let's PHP create the 384 processes itself. + +4. If you don't want lighttpd to manage the fastcgi processes, remove the + bin-path and use spawn-fcgi to spawn them itself. + + +FastCGI and Programming Languages +================================= + +Preparing PHP as a FastCGI program +---------------------------------- + +One of the most important application that has a FastCGI +interface is php which can be downloaded from +http://www.php.net/ . You have to recompile the php from +source to enable the FastCGI interface as it is normally +not enabled by default in the distributions. + +If you already have a working installation of PHP on a +webserver execute a small script which just contains :: + + <?php phpinfo(); ?> + +and search for the line in that contains the configure call. +You can use it as the base for the compilation. + +You have to remove all occurences of `--with-apxs`, `--with-apxs2` +and the like which would build PHP with Apache support. Add the +next three switches to compile PHP with FastCGI support:: + + $ ./configure \ + --enable-fastcgi \ + --enable-force-cgi-redirect \ + ... + +After compilation and installation check that your PHP +binary contains FastCGI support by calling: :: + + $ php -v + PHP 4.3.3RC2-dev (cgi-fcgi) (built: Oct 19 2003 23:19:17) + +The important part is the (cgi-fcgi). + + +Starting a FastCGI-PHP +---------------------- + +Starting with version 1.3.6 lighttpd can spawn the FastCGI +processes locally itself if necessary: :: + + fastcgi.server = ( ".php" => + (( "socket" => "/tmp/php-fastcgi.socket", + "bin-path" => "/usr/local/bin/php" + )) + ) + +PHP provides 2 special environment variables which control the number of +spawned workes under the control of a single watching process +(PHP_FCGI_CHILDREN) and the number of requests what a single worker +handles before it kills itself. :: + + fastcgi.server = ( ".php" => + (( "socket" => "/tmp/php-fastcgi.socket", + "bin-path" => "/usr/local/bin/php", + "bin-environment" => ( + "PHP_FCGI_CHILDREN" => "16", + "PHP_FCGI_MAX_REQUESTS" => "10000" + ) + )) + ) + +To increase the security of the started process you should only pass +the necessary environment variables to the FastCGI process. :: + + fastcgi.server = ( ".php" => + (( "socket" => "/tmp/php-fastcgi.socket", + "bin-path" => "/usr/local/bin/php", + "bin-environment" => ( + "PHP_FCGI_CHILDREN" => "16", + "PHP_FCGI_MAX_REQUESTS" => "10000" ), + "bin-copy-environment" => ( + "PATH", "SHELL", "USER" ) + )) + ) + +Configuring PHP +--------------- + +If you want to use PATH_INFO and PHP_SELF in you PHP scripts you have to +configure php and lighttpd. The php.ini needs the option: :: + + cgi.fix_pathinfo = 1 + +and the option ``broken-scriptfilename`` in your fastcgi.server config: :: + + fastcgi.server = ( ".php" => + (( "socket" => "/tmp/php-fastcgi.socket", + "bin-path" => "/usr/local/bin/php", + "bin-environment" => ( + "PHP_FCGI_CHILDREN" => "16", + "PHP_FCGI_MAX_REQUESTS" => "10000" ), + "bin-copy-environment" => ( + "PATH", "SHELL", "USER" ), + "broken-scriptfilename" => "enable" + )) + ) + +Why this ? the ``cgi.fix_pathinfo = 0`` would give you a working ``PATH_INFO`` +but no ``PHP_SELF``. If you enable it, it turns around. To fix the +``PATH_INFO`` `--enable-discard-path` needs a SCRIPT_FILENAME which is against the CGI spec, a +broken-scriptfilename. With ``cgi.fix_pathinfo = 1`` in php.ini and +``broken-scriptfilename => "enable"`` you get both. + + +External Spawning +----------------- + +Spawning FastCGI processes directly in the webserver has some +disadvantages like + +- FastCGI process can only run locally +- has the same permissions as the webserver +- has the same base-dir as the webserver + +As soon as you are using a seperate FastCGI Server to +take off some load from the webserver you have to control +the FastCGI process by a external program like spawn-fcgi. + +spawn-fcgi is used to start a FastCGI process in its own +environment and set the user-id, group-id and change to +another root-directory (chroot). + +For convenience a wrapper script should be used which takes +care of all the necessary option. Such a script in included +in the lighttpd distribution and is call spawn-php.sh. + +The script has a set of config variables you should take +a look at: :: + + ## ABSOLUTE path to the spawn-fcgi binary + SPAWNFCGI="/usr/local/sbin/spawn-fcgi" + + ## ABSOLUTE path to the PHP binary + FCGIPROGRAM="/usr/local/bin/php" + + ## bind to tcp-port on localhost + FCGIPORT="1026" + + ## bind to unix domain socket + # FCGISOCKET="/tmp/php.sock" + + ## number of PHP childs to spawn + PHP_FCGI_CHILDREN=10 + + ## number of request server by a single php-process until + ## is will be restarted + PHP_FCGI_MAX_REQUESTS=1000 + + ## IP adresses where PHP should access server connections + ## from + FCGI_WEB_SERVER_ADDRS="127.0.0.1,192.168.0.1" + + # allowed environment variables sperated by spaces + ALLOWED_ENV="ORACLE_HOME PATH USER" + + ## if this script is run as root switch to the following user + USERID=wwwrun + GROUPID=wwwrun + +If you have set the variables to values that fit to your +setup you can start it by calling: :: + + $ spawn-php.sh + spawn-fcgi.c.136: child spawned successfully: PID: 6925 + +If you get "child spawned successfully: PID:" the php +processes could be started successfully. You should see them +in your processlist: :: + + $ ps ax | grep php + 6925 ? S 0:00 /usr/local/bin/php + 6928 ? S 0:00 /usr/local/bin/php + ... + +The number of processes should be PHP_FCGI_CHILDREN + 1. +Here the process 6925 is the master of the slaves which +handle the work in parallel. Number of parallel workers can +be set by PHP_FCGI_CHILDREN. A worker dies automaticly of +handling PHP_FCGI_MAX_REQUESTS requests as PHP might have +memory leaks. + +If you start the script as user root php processes will be +running as the user USERID and group GROUPID to drop the +root permissions. Otherwise the php processes will run as +the user you started script as. + +As the script might be started from a unknown stage or even +directly from the command-line it cleans the environment +before starting the processes. ALLOWED_ENV contains all +the external environement variables that should be available +to the php-process. + + +Perl +---- + +For Perl you have to install the FCGI module from CPAN. + +Skeleton for remote authorizer +============================== + +The basic functionality of authorizer is as follows (see +http://www.fastcgi.com/devkit/doc/fcgi-spec.html, 6.3 for +details). :: + + #include <fcgi_stdio.h> + #include <stdlib.h> + #include <unistd.h> + int main () { + char* p; + + while (FCGI_Accept() >= 0) { + /* wait for fastcgi authorizer request */ + + printf("Content-type: text/html\r\n"); + + if ((p = getenv("QUERY_STRING")) == NULL) || + <QUERY_STRING is unauthorized>) + printf("Status: 403 Forbidden\r\n\r\n"); + + else printf("\r\n"); + /* default Status is 200 - allow access */ + } + + return 0; + } + +It is possible to use any other variables provided by +FastCGI interface for authorization check. Here is only an +example. + + +Troubleshooting +=============== + +fastcgi.debug should be enabled for troubleshooting. + +If you get: :: + + (fcgi.c.274) connect delayed: 8 + (fcgi.c.289) connect succeeded: 8 + (fcgi.c.745) unexpected end-of-file (perhaps the fastcgi + process died): 8 + +the fastcgi process accepted the connection but closed it +right away. This happens if FCGI_WEB_SERVER_ADDRS doesn't +include the host where you are connection from. + +If you get :: + + (fcgi.c.274) connect delayed: 7 + (fcgi.c.1107) error: unexpected close of fastcgi connection + for /peterp/seite1.php (no fastcgi process on host/port ?) + (fcgi.c.1015) emergency exit: fastcgi: connection-fd: 5 + fcgi-fd: 7 + +the fastcgi process is not running on the host/port you are +connection to. Check your configuration. + +If you get :: + + (fcgi.c.274) connect delayed: 7 + (fcgi.c.289) connect succeeded: 7 + +everything is fine. The connect() call just was delayed a +little bit and is completly normal. + diff --git a/doc/features.txt b/doc/features.txt new file mode 100644 index 0000000..cfccbb1 --- /dev/null +++ b/doc/features.txt @@ -0,0 +1,116 @@ +=============== +progress report +=============== + +:Author: Jan Kneschke +:Date: $Date: 2004/11/03 22:26:05 $ +:Revision: $Revision: 1.2 $ + +:abstract: + This document tries to track the requested features and + the release when they have been implemented. + +.. meta:: + :keywords: lighttpd, features + +.. contents:: Table of Contents + +Description +=========== + +The document was inspired by a mail from David Phillips: + +http://marc.theaimsgroup.com/?l=thttpd&m=108051453226692&w=2 + +It is used to see what is still missing and what is already done. :: + + zell@zell.best.vwh.net writes: + > Now that the author has made the source code available, I am + > considering installing and testing the latest version. From a + > quick glance, it seems to support most/all of the features of + > Premium thttpd and Zeus. + + If you think it compares to Zeus, then you've obviously never used Zeus. + + lighttpd is currently the only non-blocking open source web server to + support FastCGI responders and that's worthwhile. + + The documentation is lacking. Comments in the configuration file do not + make up for a complete manual. + +Constantly improving. :: + + The configuration syntax is overly complex, like Apache. There is no .htaccess + support. + +.htaccess support is not planed yet. :: + + There is only one server. You cannot have a separate configuration for each + virtual server. This would seem to be especially problematic when doing + SSL. + +Works since 1.3.0. :: + + There is no SSI support. Zeus has full recursive SSI support. Output from + a FastCGI program can get run through the SSI interpreter. SSI can also do + virtual includes recursively. + +SSI works since 1.2.4. :: + + Request logging is not configurable. Zeus supports fully configurable + access logging, plus a binary version of CLF that save space. + +1.2.6 adds Apache-like logfile config. :: + + Access control only allows authentication via username and password. There + is no way to allow or deny based in IP address. + +planed for 1.3.x :: + + The request rewriting appears to only allow regex substitutions. Zeus has a + simple, yet powerful, request rewrite language. + + + + There is no support for FastCGI authorizers. These are very useful for high + traffic sites that require complex authentication schemes or that store + authorization information in a central database. + +since 1.1.9. :: + + There is no bandwidth throttling support. Zeus does bandwidth throttling + correctly (i.e. unlike past versions of thttpd) and can throttle on a + per-subserver (thttpd-style virtual hosts) basis. + +since 1.3.8. :: + + There is no ISAPI support. ISAPI is an elegant, open API that allows + modification of web server behavior. While it isn't strictly necessary for + an open source web server, it nice to have a documented, consistent API, + rather than having to manually patch the server. + +If someone requests it it might be implemented. :: + + There is no web based interface. Zeus has a complete web based interface + for everything, including a powerful feature of configuring multiple virtual + servers at once. + +That is something that should be a special feature of Zeus. :) :: + + There is no support for mapping certain URLs to specific filesystem paths. + +since 1.2.6 :: + + There is no referring checking. This is incredibly important to prevent + hotlinking of bandwidth intensive media types (images, movies, etc.). + +we have something better: mod_secdownload. And if someone wants referer +checking we have a condition in the config for it since 1.2.9 :: + + Zeus has a lot of features that lighttpd doesn't have, but I only mentioned + the ones I care about and use. + + -- + David Phillips <david@acz.org> + http://david.acz.org/ + diff --git a/doc/lighttpd.1 b/doc/lighttpd.1 new file mode 100644 index 0000000..308ed96 --- /dev/null +++ b/doc/lighttpd.1 @@ -0,0 +1,18 @@ +.TH LIGHTTPD 1 2003-12-21 +.SH NAME +lighttpd - a fast, secure and flexible webserver +.SH SYNOPSIS +lighttpd -D -f <configfile> +.SH DESCRIPTION +.SH FILES +/etc/lighttpd/lighttpd.conf +.SH CONFORMING TO +HTTP/1.0 +HTTP/1.0 +HTTP-Authentification - Basic, Digest +FastCGI +CGI/1.1 +.SH SEE ALSO +spawn-fcgi(1) +.SH AUTHOR +jan@kneschke.de diff --git a/doc/lighttpd.conf b/doc/lighttpd.conf new file mode 100644 index 0000000..28402ea --- /dev/null +++ b/doc/lighttpd.conf @@ -0,0 +1,321 @@ +# lighttpd configuration file +# +# use it as a base for lighttpd 1.0.0 and above +# +# $Id: lighttpd.conf,v 1.7 2004/11/03 22:26:05 weigon Exp $ + +############ Options you really have to take care of #################### + +## modules to load +# at least mod_access and mod_accesslog should be loaded +# all other module should only be loaded if really neccesary +# - saves some time +# - saves memory +server.modules = ( +# "mod_rewrite", +# "mod_redirect", +# "mod_alias", + "mod_access", +# "mod_cml", +# "mod_trigger_b4_dl", +# "mod_auth", +# "mod_status", +# "mod_setenv", +# "mod_fastcgi", +# "mod_proxy", +# "mod_simple_vhost", +# "mod_evhost", +# "mod_userdir", +# "mod_cgi", +# "mod_compress", +# "mod_ssi", +# "mod_usertrack", +# "mod_expire", +# "mod_secdownload", +# "mod_rrdtool", + "mod_accesslog" ) + +## a static document-root, for virtual-hosting take look at the +## server.virtual-* options +server.document-root = "/www/pages/" + +## where to send error-messages to +server.errorlog = "/www/logs/lighttpd.error.log" + +# files to check for if .../ is requested +index-file.names = ( "index.php", "index.html", + "index.htm", "default.htm" ) + +## set the event-handler (read the performance section in the manual) +# server.event-handler = "freebsd-kqueue" # needed on OS X + +# mimetype mapping +mimetype.assign = ( + ".pdf" => "application/pdf", + ".sig" => "application/pgp-signature", + ".spl" => "application/futuresplash", + ".class" => "application/octet-stream", + ".ps" => "application/postscript", + ".torrent" => "application/x-bittorrent", + ".dvi" => "application/x-dvi", + ".gz" => "application/x-gzip", + ".pac" => "application/x-ns-proxy-autoconfig", + ".swf" => "application/x-shockwave-flash", + ".tar.gz" => "application/x-tgz", + ".tgz" => "application/x-tgz", + ".tar" => "application/x-tar", + ".zip" => "application/zip", + ".mp3" => "audio/mpeg", + ".m3u" => "audio/x-mpegurl", + ".wma" => "audio/x-ms-wma", + ".wax" => "audio/x-ms-wax", + ".ogg" => "application/ogg", + ".wav" => "audio/x-wav", + ".gif" => "image/gif", + ".jpg" => "image/jpeg", + ".jpeg" => "image/jpeg", + ".png" => "image/png", + ".xbm" => "image/x-xbitmap", + ".xpm" => "image/x-xpixmap", + ".xwd" => "image/x-xwindowdump", + ".css" => "text/css", + ".html" => "text/html", + ".htm" => "text/html", + ".js" => "text/javascript", + ".asc" => "text/plain", + ".c" => "text/plain", + ".cpp" => "text/plain", + ".log" => "text/plain", + ".conf" => "text/plain", + ".text" => "text/plain", + ".txt" => "text/plain", + ".dtd" => "text/xml", + ".xml" => "text/xml", + ".mpeg" => "video/mpeg", + ".mpg" => "video/mpeg", + ".mov" => "video/quicktime", + ".qt" => "video/quicktime", + ".avi" => "video/x-msvideo", + ".asf" => "video/x-ms-asf", + ".asx" => "video/x-ms-asf", + ".wmv" => "video/x-ms-wmv", + ".bz2" => "application/x-bzip", + ".tbz" => "application/x-bzip-compressed-tar", + ".tar.bz2" => "application/x-bzip-compressed-tar" + ) + +# Use the "Content-Type" extended attribute to obtain mime type if possible +#mimetype.use-xattr = "enable" + + +## send a different Server: header +## be nice and keep it at lighttpd +# server.tag = "lighttpd" + +#### accesslog module +accesslog.filename = "/www/logs/access.log" + +## deny access the file-extensions +# +# ~ is for backupfiles from vi, emacs, joe, ... +# .inc is often used for code includes which should in general not be part +# of the document-root +url.access-deny = ( "~", ".inc" ) + +$HTTP["url"] =~ "\.pdf$" { + server.range-requests = "disable" +} + +## +# which extensions should not be handle via static-file transfer +# +# .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi +static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) + +######### Options that are good to be but not neccesary to be changed ####### + +## bind to port (default: 80) +#server.port = 81 + +## bind to localhost (default: all interfaces) +#server.bind = "grisu.home.kneschke.de" + +## error-handler for status 404 +#server.error-handler-404 = "/error-handler.html" +#server.error-handler-404 = "/error-handler.php" + +## to help the rc.scripts +#server.pid-file = "/var/run/lighttpd.pid" + + +###### virtual hosts +## +## If you want name-based virtual hosting add the next three settings and load +## mod_simple_vhost +## +## document-root = +## virtual-server-root + virtual-server-default-host + virtual-server-docroot +## or +## virtual-server-root + http-host + virtual-server-docroot +## +#simple-vhost.server-root = "/home/weigon/wwwroot/servers/" +#simple-vhost.default-host = "grisu.home.kneschke.de" +#simple-vhost.document-root = "/pages/" + + +## +## Format: <errorfile-prefix><status-code>.html +## -> ..../status-404.html for 'File not found' +#server.errorfile-prefix = "/home/weigon/projects/lighttpd/doc/status-" + +## virtual directory listings +#dir-listing.activate = "enable" + +## enable debugging +#debug.log-request-header = "enable" +#debug.log-response-header = "enable" +#debug.log-request-handling = "enable" +#debug.log-file-not-found = "enable" + +### only root can use these options +# +# chroot() to directory (default: no chroot() ) +#server.chroot = "/" + +## change uid to <uid> (default: don't care) +#server.username = "wwwrun" + +## change uid to <uid> (default: don't care) +#server.groupname = "wwwrun" + +#### compress module +#compress.cache-dir = "/tmp/lighttpd/cache/compress/" +#compress.filetype = ("text/plain", "text/html") + +#### proxy module +## read proxy.txt for more info +#proxy.server = ( ".php" => +# ( "localhost" => +# ( +# "host" => "192.168.0.101", +# "port" => 80 +# ) +# ) +# ) + +#### fastcgi module +## read fastcgi.txt for more info +#fastcgi.server = ( ".php" => +# ( "localhost" => +# ( +# "socket" => "/tmp/php-fastcgi.socket", +# "bin-path" => "/usr/local/bin/php" +# ) +# ) +# ) + +#### CGI module +#cgi.assign = ( ".pl" => "/usr/bin/perl", +# ".cgi" => "/usr/bin/perl" ) +# + +#### SSL engine +#ssl.engine = "enable" +#ssl.pemfile = "server.pem" + +#### status module +#status.status-url = "/server-status" +#status.config-url = "/server-config" + +#### auth module +## read authentication.txt for more info +#auth.backend = "plain" +#auth.backend.plain.userfile = "lighttpd.user" +#auth.backend.plain.groupfile = "lighttpd.group" + +#auth.backend.ldap.hostname = "localhost" +#auth.backend.ldap.base-dn = "dc=my-domain,dc=com" +#auth.backend.ldap.filter = "(uid=$)" + +#auth.require = ( "/server-status" => +# ( +# "method" => "digest", +# "realm" => "download archiv", +# "require" => "user=jan" +# ), +# "/server-config" => +# ( +# "method" => "digest", +# "realm" => "download archiv", +# "require" => "valid-user" +# ) +# ) + +#### url handling modules (rewrite, redirect, access) +#url.rewrite = ( "^/$" => "/server-status" ) +#url.redirect = ( "^/wishlist/(.+)" => "http://www.123.org/$1" ) +#### both rewrite/redirect support back reference to regex conditional using %n +#$HTTP["host"] =~ "^www\.(.*)" { +# url.redirect = ( "^/(.*)" => "http://%1/$1" ) +#} + +# +# define a pattern for the host url finding +# %% => % sign +# %0 => domain name + tld +# %1 => tld +# %2 => domain name without tld +# %3 => subdomain 1 name +# %4 => subdomain 2 name +# +#evhost.path-pattern = "/home/storage/dev/www/%3/htdocs/" + +#### expire module +#expire.url = ( "/buggy/" => "access 2 hours", "/asdhas/" => "access plus 1 seconds 2 minutes") + +#### ssi +#ssi.extension = ( ".shtml" ) + +#### rrdtool +#rrdtool.binary = "/usr/bin/rrdtool" +#rrdtool.db-name = "/var/www/lighttpd.rrd" + +#### setenv +#setenv.add-request-header = ( "TRAV_ENV" => "mysql://user@host/db" ) +#setenv.add-response-header = ( "X-Secret-Message" => "42" ) + +## for mod_trigger_b4_dl +# trigger-before-download.gdbm-filename = "/home/weigon/testbase/trigger.db" +# trigger-before-download.memcache-hosts = ( "127.0.0.1:11211" ) +# trigger-before-download.trigger-url = "^/trigger/" +# trigger-before-download.download-url = "^/download/" +# trigger-before-download.deny-url = "http://127.0.0.1/index.html" +# trigger-before-download.trigger-timeout = 10 + +## for mod_cml +## don't forget to add index.cml to server.indexfiles +# cml.extension = ".cml" +# cml.memcache-hosts = ( "127.0.0.1:11211" ) + +#### variable usage: +## variable name without "." is auto prefixed by "var." and becomes "var.bar" +#bar = 1 +#var.mystring = "foo" + +## integer add +#bar += 1 +## string concat, with integer cast as string, result: "www.foo1.com" +#server.name = "www." + mystring + var.bar + ".com" +## array merge +#index-file.names = (foo + ".php") + index-file.names +#index-file.names += (foo + ".php") + +#### include +#include /etc/lighttpd/lighttpd-inc.conf +## same as above if you run: "lighttpd -f /etc/lighttpd/lighttpd.conf" +#include "lighttpd-inc.conf" + +#### include_shell +#include_shell "echo var.a=1" +## the above is same as: +#var.a=1 diff --git a/doc/lighttpd.user b/doc/lighttpd.user new file mode 100644 index 0000000..727e9c3 --- /dev/null +++ b/doc/lighttpd.user @@ -0,0 +1 @@ +dummy:test123 diff --git a/doc/mysqlvhost.txt b/doc/mysqlvhost.txt new file mode 100644 index 0000000..9a869a1 --- /dev/null +++ b/doc/mysqlvhost.txt @@ -0,0 +1,58 @@ +==================== +MySQL-based vhosting +==================== + +----------------------- +Module: mod_mysql_vhost +----------------------- + +:Author: ada@riksnet.se +:Date: $Date: 2004/08/29 09:43:49 $ +:Revision: $Revision: 1.1 $ + +:abstract: + This module provides virtual hosts (vhosts) based on a MySQL table + +.. meta:: + :keywords: lighttpd, mysql, vhost + +.. contents:: Table of Contents + +Description +=========== + +With MySQL-based vhosting you can store the path to a given host's +document root in a MySQL database. + +.. note:: Keep in mind that only one vhost module should be active at a time. + Don't mix mod_simple_vhost with mod_mysql_vhost. + +Options +======= + +Example: :: + + mysql-vhost.db = "lighttpd" + mysql-vhost.user = "lighttpd" + mysql-vhost.pass = "secret" + mysql-vhost.sock = "/var/mysql.lighttpd.sock" + mysql-vhost.sql = "SELECT docroot FROM domains WHERE domain='?'" + + +MySQL setup: :: + + GRANT SELECT ON lighttpd.* TO lighttpd@localhost IDENTIFIED BY 'secret'; + + CREATE DATABASE lighttpd; + + USE lighttpd; + + CREATE TABLE domains ( + domain varchar(64) not null primary key, + docroot varchar(128) not null + ); + + INSERT INTO domains VALUES ('host.dom.ain','/http/host.dom.ain/'); + + + diff --git a/doc/newstyle.css b/doc/newstyle.css new file mode 100644 index 0000000..26f91d3 --- /dev/null +++ b/doc/newstyle.css @@ -0,0 +1,49 @@ +body { + background-color: #F5F5F5; +} +a, a:active { + text-decoration: none; + color: blue; +} +a:visited { + color: #48468F; +} +a:hover, a:focus { + text-decoration: underline; + color: red; +} +h2 { + margin-bottom: 12px; +} +table { + margin-left: 12px; +} +th, td { + font-family: "Courier New", Courier, monospace; + font-size: 10pt; + text-align: left; +} +th { + font-weight: bold; + padding-right: 14px; + padding-bottom: 3px; +} +td { + padding-right: 14px; +} +td.s, th.s { + text-align: right; +} +div.list { + background-color: white; + border-top: 1px solid #646464; + border-bottom: 1px solid #646464; + padding-top: 10px; + padding-bottom: 14px; +} +div.foot { + font-family: "Courier New", Courier, monospace; + font-size: 10pt; + color: #787878; + padding-top: 4px; +} diff --git a/doc/oldstyle.css b/doc/oldstyle.css new file mode 100644 index 0000000..f3e26db --- /dev/null +++ b/doc/oldstyle.css @@ -0,0 +1,25 @@ +table { + border: 1px solid black; + padding: 1px; +} +th { + background-color: black; + border: 1px solid white; + color: white; + padding-right: 2px; + padding-left: 2px; +} +td { + background-color: #f0f0f0; + border: 1px solid white; + padding-right: 2px; + padding-left: 2px; +} +td.s { + background-color: #f0f0f0; + text-align: right; + padding-left: 14px; +} +div.foot { + margin-top: 4px; +} diff --git a/doc/performance.txt b/doc/performance.txt new file mode 100644 index 0000000..56a7ca1 --- /dev/null +++ b/doc/performance.txt @@ -0,0 +1,239 @@ +======================== +Performance Improvements +======================== + +------------ +Module: core +------------ + +:Author: Jan Kneschke +:Date: $Date: 2004/11/03 22:26:05 $ +:Revision: $Revision: 1.3 $ + +:abstract: + handling performance issues in lighttpd + +.. meta:: + :keywords: lighttpd, performance + +.. contents:: Table of Contents + +Description +=========== + +Performance Issues +------------------ + +lighttpd is optimized into varying directions. The most important direction is +performance. The operation system has two major facilities to help lighttpd +a deliver its best performance. + +HTTP Keep-Alive +--------------- + +Disabling keep-alive might help your server if you suffer from a large +number of open file descriptors. + +The defaults for the server are: :: + + server.max-keep-alive-requests = 128 + server.max-keep-alive-idle = 30 + server.max-read-idle = 60 + server.max-write-idle = 360 + +handling 128 keep-alive requests in a row on a single connection, waiting 30 seconds +before an unused keep-alive connection gets dropped by lighttpd. + +If you handle several connections at once under a high load (let's assume 500 connections +in parallel for 24h) you might run into the out-of-fd problem described below. :: + + server.max-keep-alive-requests = 4 + server.max-keep-alive-idle = 4 + +would release the connections earlier and would free file descriptors without a +detrimental performance loss. + +Disabling keep-alive completely is the last resort if you are still short on file descriptors: :: + + server.max-keep-alive-requests = 0 + +Event Handlers +-------------- + +The first one is the Event Handler which takes care of notifying the server +that one of the connections is ready to send or receive. As you can see, +every OS has at least the select() call which has some limitations. + +============ ========== =============== +OS Method Config Value +============ ========== =============== +all select select +Unix poll poll +Linux 2.4+ rt-signals linux-rtsig +Linux 2.6+ epoll linux-sysepoll +Solaris /dev/poll solaris-devpoll +FreeBSD, ... kqueue freebsd-kqueue +============ ========== =============== + + +For more information on this topic take a look at http://www.kegel.com/c10k.html + +Configuration +````````````` + +The event handler can be set by specifying the 'Config Value' from above +in the ``server.event-handler`` variable + +e.g.: :: + + server.event-handler = "linux-sysepoll" + +Network Handlers +---------------- + +The basic network interface for all platforms at the syscalls read() and +write(). Every modern OS provides its own syscall to help network servers +transfer files as fast as possible. + +If you want to send out a file from the webserver, it doesn't make any sense +to copy the file into the webserver just to write() it back into a socket +in the next step. + +sendfile() minimizes the work in the application and pushes a file directly +into the network card (ideally). + +lighttpd supports all major platform-specific calls: + +========== ========== +OS Method +========== ========== +all write +Unix writev +Linux 2.4+ sendfile +Linux 2.6+ sendfile64 +Solaris sendfilev +FreeBSD sendfile +========== ========== + +The best backend is selected at compile time. In case you want to use +another backend set: :: + + server.network-backend = "writev" + +You can find more information about network backend in: + + http://blog.lighttpd.net/articles/2005/11/11/optimizing-lighty-for-high-concurrent-large-file-downloads + + +Max Connections +--------------- + +As lighttpd is a single-threaded server, its main resource limit is the +number of file descriptors, which is set to 1024 by default (on most systems). + +If you are running a high-traffic site you might want to increase this limit +by setting :: + + server.max-fds = 2048 + +This only works if lighttpd is started as root. + +Out-of-fd condition +------------------- + +Since file descriptors are used for TCP/IP sockets, files and directories, +a simple request for a PHP page might result in using 3 file descriptors: + +1. the TCP/IP socket to the client +2. the TCP/IP and Unix domain socket to the FastCGI process +3. the filehandle to the file in the document root to check if it exists + +If lighttpd runs out of file descriptors, it will stop accepting new +connections for awhile to use the existing file descriptors to handle the +currently-running requests. + +If more than 90% of the file descriptors are used then the handling of new +connections is disabled. If it drops below 80% again new connections will +be accepted again. + +Under some circumstances you will see :: + + ... accept() failed: Too many open files + +in the error log. This tells you there were too many new requests at once +and lighttpd could not disable the incoming connections soon enough. The +connection was dropped and the client received an error message like 'connection +failed'. This is very rare and might only occur in test setups. + +Increasing the ``server.max-fds`` limit will reduce the probability of this +problem. + +stat() cache +============ + +A stat(2) can be expensive; caching it saves time and context switches. + +Instead of using stat() every time to check for the existence of a file +you can stat() it once and monitor the directory the file is in for +modifications. As long as the directory doesn't change, the files in it +must all still be the same. + +With the help of FAM or gamin you can use kernel events to assure that +your stat cache is up to date. :: + + server.stat-cache-engine = "fam" # either fam, simple or disabled + + +Platform-Specific Notes +======================= + +Linux +----- + +For Linux 2.4.x you should think about compiling lighttpd with the option +``--disable-lfs`` to disable the support for files larger than 2GB. lighttpd will +fall back to the ``writev() + mmap()`` network calls which is ok, but not as +fast as possible but support files larger than 2GB. + +Disabling the TCP options reduces the overhead of each TCP packet and might +help to get the last few percent of performance out of the server. Be aware that +disabling these options most likely decreases performance for high-latency and lossy +links. + +- net.ipv4.tcp_sack = 0 +- net.ipv4.tcp_timestamps = 0 + +Increasing the TCP send and receive buffers will increase the performance a +lot if (and only if) you have a lot of large files to send. + +- net.ipv4.tcp_wmem = 4096 65536 524288 +- net.core.wmem_max = 1048576 + +If you have a lot of large file uploads, increasing the receive buffers will help. + +- net.ipv4.tcp_rmem = 4096 87380 524288 +- net.core.rmem_max = 1048576 + +Keep in mind that every TCP connection uses the configured amount of memory for socket +buffers. If you've got many connections this can quickly drain the available memory. + +See http://www.acc.umu.se/~maswan/linux-netperf.txt for more information on these parameters. + +FreeBSD +------- + +On FreeBSD you might gain some performance by enabling accept filters. Just +compile your kernel with: :: + + options ACCEPT_FILTER_HTTP + +For more ideas about tuning FreeBSD read: tuning(7) + +Reducing the recvspace should always be ok if the server only handles HTTP +requests without large uploads. Increasing the sendspace would reduce the +system load if you have a lot of large files to be sent, but keep in mind that +you have to provide the memory in the kernel for each connection. 1024 * 64KB +would mean 64MB of kernel RAM. Keep this in mind. + +- net.inet.tcp.recvspace = 4096 + diff --git a/doc/plugins.txt b/doc/plugins.txt new file mode 100644 index 0000000..91c81fd --- /dev/null +++ b/doc/plugins.txt @@ -0,0 +1,260 @@ +================ +Plugin Interface +================ + +------------ +Module: core +------------ + +:Author: Jan Kneschke +:Date: $Date: 2004/08/01 07:01:29 $ +:Revision: $Revision: 1.1 $ + +:abstract: + The plugin interface is an integral part of lighttpd which + provides a flexible way to add specific functionality to lighttpd. + +.. meta:: + :keywords: lighttpd, plugins + +.. contents:: Table of Contents + +Description +=========== + +Plugins allow you to enhance the functionality of lighttpd without +changing the core of the webserver. They can be loaded at startup time +and can change virtually any aspect of the behaviour of the webserver. + +Plugin Entry Points +------------------- + +lighttpd has 16 hooks which are used in different states of the +execution of the request: + +Serverwide hooks +```````````````` + +:init_: + called when the plugin is loaded +:cleanup_: + called when the plugin is unloaded +:set_defaults_: + called when the configuration has to be processed +:handle_trigger_: + called once a second +:handle_sighup_: + called when the server received a SIGHUP + +Connectionwide hooks +```````````````````` + +Most of these hooks are called in ``http_response_prepare()`` after some +fields in the connection structure are set. + +:handle_uri_raw_: + called after uri.path_raw, uri.authority and uri.scheme are set +:handle_uri_clean_: + called after uri.path (a clean URI without .. and %20) is set +:handle_docroot_: + called at the end of the logical path handle to get a docroot +:handle_subrequest_start_: + called if the physical path is set up and checked +:handle_subrequest_: + called at the end of ``http_response_prepare()`` +:handle_physical_path_: + called after the physical path is created and no other handler is + found for this request +:handle_request_done_: + called when the request is done +:handle_connection_close_: + called if the connection has to be closed +:handle_joblist_: + called after the connection_state_engine is left again and plugin + internal handles have to be called +:connection_reset_: + called if the connection structure has to be cleaned up + + +Plugin Interface +---------------- + +\*_plugin_init +`````````````` + +Every plugin has a uniquely-named function which is called after the +plugin is loaded. It is used to set up the ``plugin`` structure with +some useful data: + +- name of the plugin ``name`` +- all hooks + +The field ``data`` and ``lib`` should not be touched in the init function. +``lib`` is the library handler from dlopen and ``data`` will be the storage +of the internal plugin data. + +:returns: + 0 (not handled) + +init +```` + +The first real call of a plugin function is the init hook which is used +to set up the internal plugin data. The internal plugin is assigned the +``data`` field mentioned in the \*_plugin_init description. + +:returns: + a pointer to the internal plugin data. + +cleanup +``````` + +The cleanup hook is called just before the plugin is unloaded. It is meant +to free all buffers allocated in ``init`` or somewhere else in the plugin +which are still not freed and to close all handles which were opened and +are not closed yet. + +:returns: + HANDLER_GO_ON if ok (not handled) + +set_defaults +```````````` + +set_defaults is your entry point into the configfile parsing. It should +pass a list of options to ``config_insert_values`` and check if +the plugin configuration is valid. If it is not valid yet, it should +set useful defaults or return with HANDLER_ERROR and an error message. + +:returns: + HANDLER_GO_ON if ok + + HANDLER_ERROR will terminate lighttpd + +connection_reset +```````````````` + +called at the end of each request + +:returns: + HANDLER_GO_ON if ok + + HANDLER_ERROR on error + +handle_trigger +`````````````` + +called once a second + +:returns: + HANDLER_GO_ON if ok + + HANDLER_ERROR on error + +handle_sighup +````````````` + +called if a SIGHUP is received (cycling logfiles, ...) + +:returns: + HANDLER_GO_ON if ok + + HANDLER_ERROR on error + +handle_uri_raw +`````````````` + +called after uri_raw is set + +:returns: + HANDLER_GO_ON if ok + HANDLER_FINISHED if the final output is prepared + + HANDLER_ERROR on error + +handle_uri_clean +```````````````` + +called after uri.path is set + +:returns: + HANDLER_GO_ON if ok + HANDLER_FINISHED if the final output is prepared + + HANDLER_ERROR on error + +handle_docroot +`````````````` + +called when a docroot is needed + +:returns: + HANDLER_GO_ON if ok + HANDLER_FINISHED if the final output is prepared + + HANDLER_ERROR on error + +handle_subrequest_start +``````````````````````` + +called after physical.path is set + +:returns: + HANDLER_GO_ON if ok + HANDLER_FINISHED if the final output is prepared + + HANDLER_ERROR on error + +handle_subrequest +````````````````` + +called if subrequest_start requested a COMEBACK or a WAIT_FOR_EVENT + +:returns: + HANDLER_GO_ON if ok + HANDLER_FINISHED if the final output is prepared + + HANDLER_ERROR on error + +handle_physical_path +```````````````````` + +called after physical.path is set + +:returns: + HANDLER_GO_ON if ok + HANDLER_FINISHED if the final output is prepared + + HANDLER_ERROR on error + + +handle_request_done +``````````````````` + +called at the end of the request (logging, statistics, ...) + +:returns: + HANDLER_GO_ON if ok + + HANDLER_ERROR on error + +handle_connection_close +``````````````````````` + +called if the connection is terminated + +:returns: + HANDLER_GO_ON if ok + + HANDLER_ERROR on error + +handle_joblist +`````````````` + +called if the state of the connection has changed + +:returns: + HANDLER_GO_ON if ok + + HANDLER_ERROR on error + + diff --git a/doc/proxy.txt b/doc/proxy.txt new file mode 100644 index 0000000..8ff5c3e --- /dev/null +++ b/doc/proxy.txt @@ -0,0 +1,104 @@ +=================== +the Proxy Interface +=================== + +----------------- +Module: mod_proxy +----------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/08/01 07:01:29 $ +:Revision: $Revision: 1.1 $ + +:abstract: + The proxy module a simplest way to connect lighttpd to + java servers which have a HTTP-interface. + +.. meta:: + :keywords: lighttpd, Proxy + +.. contents:: Table of Contents + +Description +=========== + +... + +Options +======= + +lighttpd provides the Proxy support via the proxy-module +(mod_proxy) which provides 2 options in the config-file: + +:proxy.debug: + a value between 0 and 65535 to set the debug-level in the + Proxy module. Currently only 0 and 1 are used. Use 1 to + enable some debug output, 0 to disable it. + +:proxy.balance: + might be one of 'hash', 'round-robin' or 'fair' (default). + + 'round-robin' choses another host for each request, 'hash' + is generating a hash over the request-uri and makes sure + that the same request URI is sent to always the same host. + That can increase the performance of the backend servers + a lot due to higher cache-locality. 'fair' is the normal + load-based, passive balancing. + +:proxy.server: + tell the module where to send Proxy requests to. Every + file-extension can have its own handler. Load-Balancing is + done by specifying multiple handles for the same extension. + + structure of proxy.server section: :: + + ( <extension> => + ( + ( "host" => <string> , + "port" => <integer> ), + ( "host" => <string> , + "port" => <integer> ) + ), + <extension> => ... + ) + + :<extension>: is the file-extension or prefix (if started with "/") + might empty to match all requests + :"host": is ip of the proxy server + :"port": is tcp-port on the "host" used by the proxy + server (default: 80) + + e.g.: :: + + proxy.server = ( ".jsp" => + ( ( + "host" => "10.0.0.242", + "port" => 81 + ) ) + ) + +Example: +======== + +Using lighttpd + mod_proxy in front of 8 Squids which handle the +caching of dynamic content for you. All requests for the host +www.example.org should be forwarded to the proxy. All proxies +listen on port 80 for requests. :: + + $HTTP["host"] == "www.example.org" { + proxy.balance = "hash" + proxy.server = ( "" => ( ( "host" => "10.0.0.10" ), + ( "host" => "10.0.0.11" ), + ( "host" => "10.0.0.12" ), + ( "host" => "10.0.0.13" ), + ( "host" => "10.0.0.14" ), + ( "host" => "10.0.0.15" ), + ( "host" => "10.0.0.16" ), + ( "host" => "10.0.0.17" ) ) ) + } + +If one of the hosts goes down the all requests for this one server are +moved equally to the other servers. If you want to know more about +the algorithm used here google for 'Microsoft CARP'. + + diff --git a/doc/rc.lighttpd b/doc/rc.lighttpd new file mode 100755 index 0000000..91accdd --- /dev/null +++ b/doc/rc.lighttpd @@ -0,0 +1,156 @@ +#! /bin/sh +# Copyright (c) 1995-2002 SuSE Linux AG, Nuernberg, Germany. +# All rights reserved. +# +# Author: Kurt Garloff <feedback@suse.de> +# +# /etc/init.d/FOO +# +# and symbolic its link +# +# /(usr/)sbin/rcFOO +# +# LSB compliant service control script; see http://www.linuxbase.org/spec/ +# +# System startup script for some example service or daemon FOO (template) +# +### BEGIN INIT INFO +# Provides: FOO +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 3 5 +# Default-Stop: 0 1 2 6 +# Description: Start FOO to allow XY and provide YZ +# continued on second line by '#<TAB>' +### END INIT INFO +# +# Note on Required-Start: It does specify the init script ordering, +# not real dependencies. Depencies have to be handled by admin +# resp. the configuration tools (s)he uses. + +# Source SuSE config (if still necessary, most info has been moved) +test -r /etc/rc.config && . /etc/rc.config + +# Check for missing binaries (stale symlinks should not happen) +LIGHTTPD_BIN=/usr/sbin/lighttpd +test -x $LIGHTTPD_BIN || exit 5 + +# Check for existence of needed config file and read it +LIGHTTPD_CONFIG=/etc/sysconfig/lighttpd +test -r $LIGHTTPD_CONFIG || exit 6 +. $LIGHTTPD_CONFIG + +# Shell functions sourced from /etc/rc.status: +# rc_check check and set local and overall rc status +# rc_status check and set local and overall rc status +# rc_status -v ditto but be verbose in local rc status +# rc_status -v -r ditto and clear the local rc status +# rc_failed set local and overall rc status to failed +# rc_failed <num> set local and overall rc status to <num><num> +# rc_reset clear local rc status (overall remains) +# rc_exit exit appropriate to overall rc status +# rc_active checks whether a service is activated by symlinks +. /etc/rc.status + +# First reset status of this service +rc_reset + +# Return values acc. to LSB for all commands but status: +# 0 - success +# 1 - generic or unspecified error +# 2 - invalid or excess argument(s) +# 3 - unimplemented feature (e.g. "reload") +# 4 - insufficient privilege +# 5 - program is not installed +# 6 - program is not configured +# 7 - program is not running +# +# Note that starting an already running service, stopping +# or restarting a not-running service as well as the restart +# with force-reload (in case signalling is not supported) are +# considered a success. + +case "$1" in + start) + echo -n "Starting lighttpd" + ## Start daemon with startproc(8). If this fails + ## the echo return value is set appropriate. + + # NOTE: startproc returns 0, even if service is + # already running to match LSB spec. + startproc $LIGHTTPD_BIN -f $LIGHTTPD_CONF_PATH + + # Remember status and be verbose + rc_status -v + ;; + stop) + echo -n "Shutting down lighttpd" + ## Stop daemon with killproc(8) and if this fails + ## set echo the echo return value. + + killproc -TERM $LIGHTTPD_BIN + + # Remember status and be verbose + rc_status -v + ;; + try-restart) + ## Stop the service and if this succeeds (i.e. the + ## service was running before), start it again. + ## Note: try-restart is not (yet) part of LSB (as of 0.7.5) + $0 status >/dev/null && $0 restart + + # Remember status and be quiet + rc_status + ;; + restart) + ## Stop the service and regardless of whether it was + ## running or not, start it again. + $0 stop + $0 start + + # Remember status and be quiet + rc_status + ;; + force-reload) + reload) + ## Like force-reload, but if daemon does not support + ## signalling, do nothing (!) + + # If it supports signalling: + echo -n "Reload service LIGHTTPD" + killproc -INT $LIGHTTPD_BIN + $0 start + touch /var/run/lighttpd.pid + rc_status -v + + ## Otherwise if it does not support reload: + #rc_failed 3 + #rc_status -v + ;; + status) + echo -n "Checking for service LIGHTTPD: " + ## Check status with checkproc(8), if process is running + ## checkproc will return with exit status 0. + + # Return value is slightly different for the status command: + # 0 - service running + # 1 - service dead, but /var/run/ pid file exists + # 2 - service dead, but /var/lock/ lock file exists + # 3 - service not running + + # NOTE: checkproc returns LSB compliant status values. + checkproc $LIGHTTPD_BIN + rc_status -v + ;; + probe) + ## Optional: Probe for the necessity of a reload, + ## print out the argument which is required for a reload. + + test /etc/lighttpd/lighttpd.conf -nt /var/run/lighttpd.pid && echo reload + ;; + *) + echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" + exit 1 + ;; +esac +rc_exit diff --git a/doc/rc.lighttpd.redhat b/doc/rc.lighttpd.redhat new file mode 100755 index 0000000..e22d551 --- /dev/null +++ b/doc/rc.lighttpd.redhat @@ -0,0 +1,87 @@ +#!/bin/sh +# +# lighttpd Startup script for the lighttpd server +# +# chkconfig: - 85 15 +# description: Lightning fast webserver with light system requirements +# +# processname: lighttpd +# config: /etc/lighttpd/lighttpd.conf +# config: /etc/sysconfig/lighttpd +# pidfile: /var/run/lighttpd.pid +# +# Note: pidfile is assumed to be created +# by lighttpd (config: server.pid-file). +# If not, uncomment 'pidof' line. + +# Source function library +. /etc/rc.d/init.d/functions + +if [ -f /etc/sysconfig/lighttpd ]; then + . /etc/sysconfig/lighttpd +fi + +if [ -z "$LIGHTTPD_CONF_PATH" ]; then + LIGHTTPD_CONF_PATH="/etc/lighttpd/lighttpd.conf" +fi + +prog="lighttpd" +lighttpd="/usr/sbin/lighttpd" +RETVAL=0 + +start() { + echo -n $"Starting $prog: " + daemon $lighttpd -f $LIGHTTPD_CONF_PATH + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog + return $RETVAL +} + +stop() { + echo -n $"Stopping $prog: " + killproc $lighttpd + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog + return $RETVAL +} + +reload() { + echo -n $"Reloading $prog: " + killproc $lighttpd -HUP + RETVAL=$? + echo + return $RETVAL +} + +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart) + stop + start + ;; + condrestart) + if [ -f /var/lock/subsys/$prog ]; then + stop + start + fi + ;; + reload) + reload + ;; + status) + status $lighttpd + RETVAL=$? + ;; + *) + echo $"Usage: $0 {start|stop|restart|condrestart|reload|status}" + RETVAL=1 +esac + +exit $RETVAL diff --git a/doc/redirect.txt b/doc/redirect.txt new file mode 100644 index 0000000..118ea8e --- /dev/null +++ b/doc/redirect.txt @@ -0,0 +1,41 @@ +=============== +URL Redirection +=============== + +-------------------- +Module: mod_redirect +-------------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/08/29 09:43:49 $ +:Revision: $Revision: 1.1 $ + +:abstract: + url redirection + +.. meta:: + :keywords: lighttpd, redirect + +.. contents:: Table of Contents + +Description +=========== + +... + +Options +======= + +url.redirect + redirects a set of URLs externally + + e.g. :: + + url.redirect = ( "^/show/([0-9]+)/([0-9]+)$" => "http://www.example.org/show.php?isdn=$1&page$2", + "^/get/([0-9]+)/([0-9]+)$" => "http://www.example.org/get.php?isdn=$1&page$2" ) + + # make a external redirect + # from any www.host (with www.) to the host (without www.) + $HTTP["host"] =~ "^www\.(.*)" { + url.redirect = ( "^/(.*)" => "http://%1/$1" ) + } diff --git a/doc/rewrite.txt b/doc/rewrite.txt new file mode 100644 index 0000000..09d4b66 --- /dev/null +++ b/doc/rewrite.txt @@ -0,0 +1,71 @@ +============ +URL Rewrites +============ + +------------------- +Module: mod_rewrite +------------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/11/03 22:26:05 $ +:Revision: $Revision: 1.2 $ + +:abstract: + url rewrite + +.. meta:: + :keywords: lighttpd, rewrite + +.. contents:: Table of Contents + +Description +=========== + +internal redirects, url rewrite + +Options +======= + +url.rewrite-once + rewrites a set of URLs interally in the webserver BEFORE they are handled. + + e.g. :: + + url.rewrite-once = ( "<regex>" => "<relative-uri>" ) + +url.rewrite-repeat + rewrites a set of URLs interally in the webserver BEFORE they are handled + + e.g. :: + + url.rewrite-repeat = ( "<regex>" => "<relative-uri>" ) + +The options ``url.rewrite`` and ``url.rewrite-final`` were mapped to ``url.rewrite-once`` +in 1.3.16. + +Examples +======== + +The regex is matching the full REQUEST_URI which is supplied by the user including +query-string.:: + + url.rewrite-once = ( "^/id/([0-9]+)$" => "/index.php?id=$1", + "^/link/([a-zA-Z]+)" => "/index.php?link=$1" ) + + + + # the following example, is, however just simulating vhost by rewrite + # * you can never change document-root by mod_rewrite + # use mod_*host instead to make real mass-vhost + + # request: http://any.domain.com/url/ + # before rewrite: REQUEST_URI="/www/htdocs/url/" + # and DOCUMENT_ROOT="/www/htdocs/" %0="www.domain.com" $1="url/" + # after rewrite: REQUEST_URI="/www/htdocs/domain.com/url/" + # still, you have DOCUMENT_ROOT=/www/htdocs/ + + server.document-root = "/www/htdocs/" + $HTTP["host"] =~ "^.*\.([^.]+\.com)$" { + url.rewrite-once = ( "^/(.*)" => "/%0/$1" ) + } + diff --git a/doc/rrdtool-graph.sh b/doc/rrdtool-graph.sh new file mode 100755 index 0000000..1157a28 --- /dev/null +++ b/doc/rrdtool-graph.sh @@ -0,0 +1,38 @@ +#!/bin/sh + +RRDTOOL=/usr/bin/rrdtool +OUTDIR=/var/www/servers/www.example.org/pages/rrd/ +INFILE=/var/www/lighttpd.rrd +OUTPRE=lighttpd-traffic + +DISP="DEF:bin=$INFILE:InOctets:AVERAGE \ + DEF:binmin=$INFILE:InOctets:MIN \ + DEF:binmax=$INFILE:InOctets:MAX \ + DEF:bout=$INFILE:OutOctets:AVERAGE \ + DEF:boutmin=$INFILE:OutOctets:MIN \ + DEF:boutmax=$INFILE:OutOctets:MAX \ + LINE1:bin#0000FF:in \ + LINE1:binmin#2222FF: \ + STACK:binmax#2222FF: \ + LINE1:bout#FF0000:out \ + LINE1:boutmin#FF2222: \ + STACK:boutmax#FF2222: \ + -v bytes/s" + +$RRDTOOL graph $OUTDIR/$OUTPRE-hour.png -a PNG --start -14400 $DISP +$RRDTOOL graph $OUTDIR/$OUTPRE-day.png -a PNG --start -86400 $DISP +$RRDTOOL graph $OUTDIR/$OUTPRE-month.png -a PNG --start -2592000 $DISP + +OUTPRE=lighttpd-requests + +DISP="DEF:req=$INFILE:Requests:AVERAGE \ + DEF:reqmin=$INFILE:Requests:MIN \ + DEF:reqmax=$INFILE:Requests:MAX \ + LINE1:req#0000FF:requests \ + LINE1:reqmin#2222FF: \ + STACK:reqmax#2222FF: \ + -v req/s" + +$RRDTOOL graph $OUTDIR/$OUTPRE-hour.png -a PNG --start -14400 $DISP +$RRDTOOL graph $OUTDIR/$OUTPRE-day.png -a PNG --start -86400 $DISP +$RRDTOOL graph $OUTDIR/$OUTPRE-month.png -a PNG --start -2592000 $DISP diff --git a/doc/rrdtool.txt b/doc/rrdtool.txt new file mode 100644 index 0000000..0e05cd3 --- /dev/null +++ b/doc/rrdtool.txt @@ -0,0 +1,111 @@ +======= +rrdtool +======= + +------------------- +Module: mod_rrdtool +------------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/08/29 09:43:49 $ +:Revision: $Revision: 1.1 $ + +:abstract: + mod_rrdtool is used to monitor the traffic and load on the webserver + +.. meta:: + :keywords: lighttpd, skeleton + +.. contents:: Table of Contents + +Description +=========== + +RRD_ is a system to store and display time-series data (i.e. network +bandwidth, machine-room temperature, server load average). + +.. _RRD: http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/ + +Options +======= + +rrdtool.binary + path to the rrdtool binary + + e.g.: :: + + rrdtool.binary = "/usr/bin/rrdtool" + +rrdtool.db-name + filename of the rrd-database. Make sure that <rrdtool.db-name> doesn't exist + before the first run, as lighttpd has to create the DB for you. + + e.g.: :: + + rrdtool.db-name = "/var/www/lighttpd.rrd" + +Generating Graphs +================= + +:: + + #!/bin/sh + + RRDTOOL=/usr/bin/rrdtool + OUTDIR=/var/www/servers/www.example.org/pages/rrd/ + INFILE=/var/www/lighttpd.rrd + OUTPRE=lighttpd-traffic + + DISP="-v bytes --title TrafficWebserver \ + DEF:binraw=$INFILE:InOctets:AVERAGE \ + DEF:binmaxraw=$INFILE:InOctets:MAX \ + DEF:binminraw=$INFILE:InOctets:MIN \ + DEF:bout=$INFILE:OutOctets:AVERAGE \ + DEF:boutmax=$INFILE:OutOctets:MAX \ + DEF:boutmin=$INFILE:OutOctets:MIN \ + CDEF:bin=binraw,-1,* \ + CDEF:binmax=binmaxraw,-1,* \ + CDEF:binmin=binminraw,-1,* \ + CDEF:binminmax=binmaxraw,binminraw,- \ + CDEF:boutminmax=boutmax,boutmin,- \ + AREA:binmin#ffffff: \ + STACK:binmax#f00000: \ + LINE1:binmin#a0a0a0: \ + LINE1:binmax#a0a0a0: \ + LINE2:bin#a0a735:incoming \ + GPRINT:bin:MIN:%.2lf \ + GPRINT:bin:AVERAGE:%.2lf \ + GPRINT:bin:MAX:%.2lf \ + AREA:boutmin#ffffff: \ + STACK:boutminmax#00f000: \ + LINE1:boutmin#a0a0a0: \ + LINE1:boutmax#a0a0a0: \ + LINE2:bout#a0a735:outgoing \ + GPRINT:bout:MIN:%.2lf \ + GPRINT:bout:AVERAGE:%.2lf \ + GPRINT:bout:MAX:%.2lf \ + " + + + $RRDTOOL graph $OUTDIR/$OUTPRE-hour.png -a PNG --start -14400 $DISP + $RRDTOOL graph $OUTDIR/$OUTPRE-day.png -a PNG --start -86400 $DISP + $RRDTOOL graph $OUTDIR/$OUTPRE-month.png -a PNG --start -2592000 $DISP + + OUTPRE=lighttpd-requests + + DISP="-v req --title RequestsperSecond -u 1 \ + DEF:req=$INFILE:Requests:AVERAGE \ + DEF:reqmax=$INFILE:Requests:MAX \ + DEF:reqmin=$INFILE:Requests:MIN \ + CDEF:reqminmax=reqmax,reqmin,- \ + AREA:reqmin#ffffff: \ + STACK:reqminmax#0e0e0e: \ + LINE1:reqmin#a0a0a0: \ + LINE1:reqmax#a0a0a0: \ + LINE2:req#00a735:requests" + + + $RRDTOOL graph $OUTDIR/$OUTPRE-hour.png -a PNG --start -14400 $DISP + $RRDTOOL graph $OUTDIR/$OUTPRE-day.png -a PNG --start -86400 $DISP + $RRDTOOL graph $OUTDIR/$OUTPRE-month.png -a PNG --start -2592000 $DISP + diff --git a/doc/scgi.txt b/doc/scgi.txt new file mode 100644 index 0000000..eeb694c --- /dev/null +++ b/doc/scgi.txt @@ -0,0 +1,33 @@ +================== +the SCGI Interface +================== + +------------------- +Module: mod_scgi +------------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/11/03 22:26:05 $ +:Revision: $Revision: 1.3 $ + +:abstract: + SCGI is a fast and simplified CGI interface. It is mostly + used by Python + WSGI. + +.. meta:: + :keywords: lighttpd, FastCGI + +.. contents:: Table of Contents + +Description +=========== + +The SCGI module is heavily based on the FastCGI when it comes +to configuration. Only the internal protocol between server +and client has been replaced. Please check the documentation +of the FastCGI module for more information. + +History +======= + +Added in lighttpd 1.3.14 as it was really simple to do. diff --git a/doc/secdownload.txt b/doc/secdownload.txt new file mode 100644 index 0000000..570b911 --- /dev/null +++ b/doc/secdownload.txt @@ -0,0 +1,147 @@ +=========================== +Secure and Fast Downloading +=========================== + +----------------------- +Module: mod_secdownload +----------------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/08/01 07:01:29 $ +:Revision: $Revision: 1.1 $ + +:abstract: + authenticated file requests and a countermeasure against + deep-linking can be achieved easily by using mod_secdownload + +.. meta:: + :keywords: lighttpd, secure, fast, downloads + +.. contents:: Table of Contents + +Options +======= + +:: + + secdownload.secret = <string> + secdownload.document-root = <string> + secdownload.uri-prefix = <string> (default: /) + secdownload.timeout = <short> (default: 60 seconds) + +Description +=========== + +there are multiple ways to handle secured download mechanisms: + +1. use the webserver and the internal HTTP authentication +2. use the application to authenticate and send the file + through the application + +Both ways have limitations: + +webserver: + +- ``+`` fast download +- ``+`` no additional system load +- ``-`` inflexible authentication handling + +application: + +- ``+`` integrated into the overall layout +- ``+`` very flexible permission management +- ``-`` the download occupies an application thread/process + +A simple way to combine the two ways could be: + +1. app authenticates user and checks permissions to + download the file. +2. app redirects user to the file accessable by the webserver + for further downloading. +3. the webserver transfers the file to the user. + +As the webserver doesn't know anything about the permissions +used in the app, the resulting URL would be available to every +user who knows the URL. + +mod_secdownload removes this problem by introducing a way to +authenticate a URL for a specified time. The application has +to generate a token and a timestamp which are checked by the +webserver before it allows the file to be downloaded by the +webserver. + +The generated URL has to have the format: + +<uri-prefix><token>/<timestamp-in-hex><rel-path> + +<token> is an MD5 of + +1. a secret string (user supplied) +2. <rel-path> (starts with /) +3. <timestamp-in-hex> + + +As you can see, the token is not bound to the user at all. The +only limiting factor is the timestamp which is used to +invalidate the URL after a given timeout (secdownload.timeout). + +.. Note:: + Be sure to choose a another secret than the one used in the + examples, as this is the only part of the token that is not + known to the user. + + + +If the user tries to fake the URL by choosing a random token, +status 403 'Forbidden' will be sent out. + +If the timeout is reached, status 408 'Request Timeout' will be +sent. (This does not really conform to the standard, but should +do the trick). + +If token and timeout are valid, the <rel-path> is appended to +the configured (secdownload.document-root) and passed to the +normal internal file transfer functionality. This might lead to +status 200 or 404. + +Example +======= + +Application +----------- + +Your application has to generate the correct URLs. The following sample +code for PHP should be easily adaptable to any other language: :: + + <?php + + $secret = "verysecret"; + $uri_prefix = "/dl/"; + + # filename + $f = "/secret-file.txt"; + + # current timestamp + $t = time(); + + $t_hex = sprintf("%08x", $t); + $m = md5($secret.$f.$t_hex); + + # generate link + printf('<a href="%s%s/%s%s">%s</a>', + $uri_prefix, $m, $t_hex, $f, $f); + ?> + +Webserver +--------- + +The server has to be configured in the same way. The URI prefix and +secret have to match: :: + + server.modules = ( ..., "mod_secdownload", ... ) + + secdownload.secret = "verysecret" + secdownload.document-root = "/home/www/servers/download-area/" + secdownload.uri-prefix = "/dl/" + secdownload.timeout = 120 + diff --git a/doc/security.txt b/doc/security.txt new file mode 100644 index 0000000..ebbbf68 --- /dev/null +++ b/doc/security.txt @@ -0,0 +1,60 @@ +================= +Security Features +================= + +------------ +Module: core +------------ + +:Author: Jan Kneschke +:Date: $Date: 2004/08/29 09:44:53 $ +:Revision: $Revision: 1.2 $ + +:abstract: + lighttpd was developed with security in mind ... + +.. meta:: + :keywords: lighttpd, security + +.. contents:: Table of Contents + +Description +=========== + +Limiting POST requests +---------------------- + + + +:: + + server.max-request-size = <kbyte> + +System Security +--------------- + +Running daemons as root with full privileges is a bad idea in general. +lighttpd runs best without any extra privileges and runs perfectly in chroot. + +Change Root +``````````` + +server.chroot = "..." + +Drop root privileges +```````````````````` + +server.username = "..." +server.groupname = "..." + +FastCGI +``````` + +fastcgi + chroot + +Permissions +``````````` + +:: + + $ useradd wwwrun ... diff --git a/doc/setenv.txt b/doc/setenv.txt new file mode 100644 index 0000000..0238c10 --- /dev/null +++ b/doc/setenv.txt @@ -0,0 +1,37 @@ +=========================== +Conditional Request Headers +=========================== + +------------------ +Module: mod_setenv +------------------ + +:Author: Jan Kneschke +:Date: $Date: 2004/11/03 22:26:05 $ +:Revision: $Revision: 1.2 $ + +:abstract: + mod_setenv is used to add request + +.. meta:: + :keywords: lighttpd, skeleton + +.. contents:: Table of Contents + +Description +=========== + +... + +Options +======= + +setenv.add-environment + adds a value to the process environment that is passed to the external applications + + +setenv.add-response-header + adds a header to the HTTP response sent to the client + +setenv.add-request-header + adds a header to the HTTP request that was received from the client diff --git a/doc/simple-vhost.txt b/doc/simple-vhost.txt new file mode 100644 index 0000000..d4b4db2 --- /dev/null +++ b/doc/simple-vhost.txt @@ -0,0 +1,109 @@ +====================== +Simple Virtual-Hosting +====================== + +------------------------ +Module: mod_simple_vhost +------------------------ + +:Author: Jan Kneschke +:Date: $Date: 2004/08/29 09:43:49 $ +:Revision: $Revision: 1.1 $ + +:abstract: + virtual hosting + +.. meta:: + :keywords: lighttpd, virtual hosting + +.. contents:: Table of Contents + +Description +=========== + +Simple assumption: + +Every virtual host is in a directory below a base directory in a path that +is the same as the name of the vhost. Below this vhost path might be an +extra directory which is the document root of the vhost. + +The document root for each vhost is built from three values: + +- server-root +- hostname +- document-root + +The complete document root is constructed either by :: + + server-root + hostname + document-root + +or if this path does not exist by :: + + server-root + default-host + document-root + +A small example should make this idea clear: :: + + /var/www/ + /var/www/logs/ + /var/www/servers/ + /var/www/servers/www.example.org/ + /var/www/servers/www.example.org/lib/ + /var/www/servers/www.example.org/pages/ + /var/www/servers/mail.example.org/ + /var/www/servers/mail.example.org/lib/ + /var/www/servers/mail.example.org/pages/ + + simple-vhost.server-root = "/var/www/servers/" + simple-vhost.default-host = "www.example.org" + simple-vhost.document-root = "pages" + +You can use symbolic links to map several hostnames to the same directory. + +Conditionals vs. simple-vhost +----------------------------- + +You have to keep in mind that conditionals and simple-vhost interfere +with one another. :: + + simple-vhost.server-root = "/var/www/servers/" + simple-vhost.default-host = "www.example.org" + simple-vhost.document-root = "pages" + + $HTTP["host"] == "news.example.org" { + server.document-root = "/var/www/servers/news2.example.org/pages/" + } + +When ``news.example.org`` is requested, the ``server.document-root`` +will be set to ``/var/www/servers/news2.example.org/pages/``, but +simple-vhost will overwrite it shortly afterwards. + +If ``/var/www/servers/news.example.org/pages/`` exists, that will be +used. If not, ``/var/www/servers/www.example.org/pages/`` will be taken +because it is the default. + +To use conditionals together with simple-vhost, you should do this: :: + + $HTTP["host"] !~ "^(news\.example\.org)$" { + simple-vhost.server-root = "/var/www/servers/" + simple-vhost.default-host = "www.example.org" + simple-vhost.document-root = "pages" + } + + $HTTP["host"] == "news.example.org" { + server.document-root = "/var/www/servers/news2.example.org/pages/" + } + +It will enable simple vhosting for all hosts other than ``news.example.org``. + +Options +======= + +simple-vhost.server-root + root of the virtual host + +simple-vhost.default-host + use this hostname if the requested hostname does not have its own directory + +simple-vhost.document-root + path below the vhost directory + diff --git a/doc/skeleton.txt b/doc/skeleton.txt new file mode 100644 index 0000000..13c6881 --- /dev/null +++ b/doc/skeleton.txt @@ -0,0 +1,29 @@ +=================== +headline +=================== + +-------------------- +Module: mod_skeleton +-------------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/11/03 22:26:05 $ +:Revision: $Revision: 1.2 $ + +:abstract: + a nice, short abstrace about the module + +.. meta:: + :keywords: lighttpd, skeleton + +.. contents:: Table of Contents + +Description +=========== + +... + +Options +======= + +... diff --git a/doc/spawn-fcgi.1 b/doc/spawn-fcgi.1 new file mode 100644 index 0000000..2ad5bd9 --- /dev/null +++ b/doc/spawn-fcgi.1 @@ -0,0 +1,13 @@ +.TH SPAWNFCGI 1 2003-12-21 +.SH NAME +spawn-fcgi \- spawning FastCGI processes +.SH SYNOPSIS +spawn-fcgi -f <fastcgi-binary> [-p <port> | -s <socket>] [-C <num-of-php-procs>] [-c <chroot-dir>] [-u <username>] [-g <groupname>] +spawn-fcgi -v +spawn-fcgi -h +.SH DESCRIPTION +spawn-fcgi is used to spawn remote FastCGI processes. +.SH SEE ALSO +lighttpd(1) +.SH AUTHOR +jan@kneschke.de diff --git a/doc/spawn-php.sh b/doc/spawn-php.sh new file mode 100755 index 0000000..83b7b16 --- /dev/null +++ b/doc/spawn-php.sh @@ -0,0 +1,54 @@ +#!/bin/bash + +## ABSOLUTE path to the spawn-fcgi binary +SPAWNFCGI="/home/weigon/projects/spawn-fcgi/src/spawn-fcgi" + +## ABSOLUTE path to the PHP binary +FCGIPROGRAM="/usr/local/bin/php" + +## TCP port to which to bind on localhost +FCGIPORT="1026" + +## number of PHP children to spawn +PHP_FCGI_CHILDREN=10 + +## maximum number of requests a single PHP process can serve before it is restarted +PHP_FCGI_MAX_REQUESTS=1000 + +## IP addresses from which PHP should access server connections +FCGI_WEB_SERVER_ADDRS="127.0.0.1,192.168.2.10" + +# allowed environment variables, separated by spaces +ALLOWED_ENV="ORACLE_HOME PATH USER" + +## if this script is run as root, switch to the following user +USERID=wwwrun +GROUPID=wwwrun + + +################## no config below this line + +if test x$PHP_FCGI_CHILDREN = x; then + PHP_FCGI_CHILDREN=5 +fi + +export PHP_FCGI_MAX_REQUESTS +export FCGI_WEB_SERVER_ADDRS + +ALLOWED_ENV="$ALLOWED_ENV PHP_FCGI_MAX_REQUESTS FCGI_WEB_SERVER_ADDRS" + +if test x$UID = x0; then + EX="$SPAWNFCGI -p $FCGIPORT -f $FCGIPROGRAM -u $USERID -g $GROUPID -C $PHP_FCGI_CHILDREN" +else + EX="$SPAWNFCGI -p $FCGIPORT -f $FCGIPROGRAM -C $PHP_FCGI_CHILDREN" +fi + +# copy the allowed environment variables +E= + +for i in $ALLOWED_ENV; do + E="$E $i=${!i}" +done + +# clean the environment and set up a new one +env - $E $EX diff --git a/doc/ssi.txt b/doc/ssi.txt new file mode 100644 index 0000000..8761416 --- /dev/null +++ b/doc/ssi.txt @@ -0,0 +1,76 @@ +==================== +Server-Side Includes +==================== + +--------------- +Module: mod_ssi +--------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/08/29 09:44:53 $ +:Revision: $Revision: 1.2 $ + +:abstract: + The module for server-side includes provides a compatability + layer for NSCA/Apache SSI. + +.. meta:: + :keywords: lighttpd, ssi, Server-Side Includes + +.. contents:: Table of Contents + +Description +=========== + +Configuration +------------- + +:: + + server.modules = ( ..., "mod_ssi", ... ) + ssi.extension = ( ".shtml" ) + +Supported Options +----------------- + +- ``<!--#echo var="..." -->`` +- ``<!--#include (file="..."\|virtual="...") -->`` +- ``<!--#flastmod (file="..."\|virtual="...") -->`` +- ``<!--#fsize (file="..."\|virtual="...") -->`` +- ``<!--#config timefmt="..." sizefmt="(bytes|abbrev)" -->`` +- ``<!--#printenv -->`` +- ``<!--#set var="..." value="..." -->`` +- ``<!--#if expr="..." -->`` +- ``<!--#elif expr="..." -->`` +- ``<!--#else -->`` +- ``<!--#endif -->`` + +Expression Handling +------------------- + +Every ''expr'' is interpreted: + +- logical: AND, OR, ! +- compare: =, <, <=, >, =>, != +- precedence: (, ) +- quoted strings: 'string with a dollar: $FOO' +- variable substitution: $REMOTE_ADDR +- unquoted strings: string + +Flow Control +------------ + +if, elif, else and endif can only be used to insert content under special +conditions. + +Unsupported Features +-------------------- + +The original SSI module from NCSA and Apache provided some more options +which are not supported by this module for various reasons: + +- exec +- nested virtual +- config.errmsg +- echo.encoding + diff --git a/doc/ssl.txt b/doc/ssl.txt new file mode 100644 index 0000000..447da4e --- /dev/null +++ b/doc/ssl.txt @@ -0,0 +1,62 @@ +=========== +Secure HTTP +=========== + +------------ +Module: core +------------ + +:Author: Jan Kneschke +:Date: $Date: 2004/08/29 09:44:53 $ +:Revision: $Revision: 1.2 $ + +:abstract: + How to set up SSL in lighttpd + +.. meta:: + :keywords: lighttpd, ssl + +.. contents:: Table of Contents + +Description +=========== + +lighttpd supports SSLv2 and SSLv3 if it is compiled against openssl. + +Configuration +------------- + +To enable SSL for the whole server you have to provide a valid +certificate and have to enable the SSL engine.:: + + ssl.engine = "enable" + ssl.pemfile = "/path/to/server.pem" + +The HTTPS protocol does not allow you to use name-based virtual +hosting with SSL. If you want to run multiple SSL servers with +one lighttpd instance you must use IP-based virtual hosting: :: + + $SERVER["socket"] == "10.0.0.1:443" { + ssl.engine = "enable" + ssl.pemfile = "www.example.org.pem" + server.name = "www.example.org" + + server.document-root = "/www/servers/www.example.org/pages/" + } + +If you have a .crt and a .key file, cat them together into a +single PEM file: +:: + + $ cat host.key host.crt > host.pem + + +Self-Signed Certificates +------------------------ + +A self-signed SSL certificate can be generated like this: :: + + $ openssl req -new -x509 \ + -keyout server.pem -out server.pem \ + -days 365 -nodes + diff --git a/doc/state.dot b/doc/state.dot new file mode 100644 index 0000000..551b232 --- /dev/null +++ b/doc/state.dot @@ -0,0 +1,18 @@ +digraph state { + edge [color=green]; + connect -> reqstart -> read -> reqend -> handlereq -> respstart -> write -> respend -> connect; + edge [color=grey]; + reqend -> readpost -> handlereq [ label="POST" ]; + edge [ color=blue] + respend -> reqstart [ label="keep-alive" ]; + edge [ color=lightblue] + handlereq -> handlereq [ label="sub-request" ]; + edge [style=dashed, color=red]; + error -> close -> connect; + error -> connect; + handlereq -> error; + read -> error; + readpost -> error; + write -> error; + connect [shape=box]; +} diff --git a/doc/state.txt b/doc/state.txt new file mode 100644 index 0000000..d0768bc --- /dev/null +++ b/doc/state.txt @@ -0,0 +1,170 @@ +============================ +The State Engine of lighttpd +============================ + +------------ +Module: core +------------ + +:Author: Jan Kneschke +:Date: $Date: 2004/08/01 07:01:29 $ +:Revision: $Revision: 1.1 $ + +:abstract: + This is a short summary of the state-engine which is driving the lighttpd + webserver. It describes the basic concepts and the way the different parts + of the server are connected. + +.. meta:: + :keywords: lighttpd, state-engine + +.. contents:: Table of Contents + +Description +=========== + +States +------ + +The state-engine is currently made of 11 states which are walk-through on +the way each connection. Some of them are specific for a special operation +and some may never be hit at all. + +:connect: + waiting for a connection +:reqstart: + init the read-idle timer +:read: + read http-request-header from network +:reqend: + parse request +:readpost: + read http-request-content from network +:handlereq: + handle the request internally (might result in sub-requests) +:respstart: + prepare response header +:write: + write response-header + content to network +:respend: + cleanup environment, log request +:error: + reset connection (incl. close()) +:close: + close connection (handle lingering close) + +.. image:: state.png + +A simple GET request (green path) +--------------------------------- + +The connection is idling in the 'connect' state waiting for a connection. +As soon as the connection is set up we init the read-timer in 'reqstart' +and start to read data from the network. As soon as we get the +HTTP-request terminator (CRLFCRLF) we forward the header to the parser. + +The parsed request is handled by 'handlereq' and as soon as a decision out +the request is made it is sent to 'respstart' to prepare the +HTTP-response header. In the 'write' state the prepare content is sent out +to the network. When everything is sent 'respend' is entered to log the +request and cleanup the environment. After the close() call the connection +is set back to the 'connect' state again. + +Keep-Alive (blue path) +---------------------- + +The Keep-Alive handling is implemented by going from the 'respend' +directly to 'reqstart' without the close() and the accept() calls. + +POST requests (grey path) +------------------------- + +As requests might contain a request-body the state 'readpost' entered as +soon as the header is parsed and we know how much data we expect. + +Pipelining +---------- + +HTTP/1.1 supportes pipelining (sending multiple requests without waiting +for the response of the first request). This is handled transparently by +the 'read' state. + +Unexpected errors (red path) +---------------------------- + +For really hard errors we use the 'error' state which resets the +connection and can be call from every state. It is only use if there is no +other way to handle the issue (e.g. client-side close of the connection). +If possible we should use http-status 500 ('internal server error') and +log the issue in the errorlog. + +If we have to take care of some data which is coming in after we ran into +the error condition the 'close' state is used the init a half-close and +read all the delay packet from the network. + +Sub-Requests (lightblue) +------------------------ + +The FastCGI, CGI, ... intergration is done by introducing a loop in +'handlereq' to handle all aspect which are neccesary to find out what has +to be sent back to the client. + +Functions +========= + +Important functions used by the state-engine + +:state-engine: + +- ``connection_state_machine()`` + +:connect: + +- (nothing) + +:reqstart: + +- (nothing) + +:read: + +- ``connection_handle_read_state()`` +- ``connection_handle_read()`` + +:reqend: + +- ``http_request_parse()`` + +:readpost: + +- ``connection_handle_read_state()`` +- ``connection_handle_read()`` + +:handlereq: + +- ``http_response_prepare()`` + +:respstart: + +- ``connection_handle_write_prepare()`` + +:write: + +- ``connection_handle_write()`` + +:respend: + +- ``plugins_call_handle_request_done()`` +- ``plugins_call_handle_connection_close()`` +- ``connection_close()`` (if not keep-alive) +- ``connection_reset()`` + +:error: + +- ``plugins_call_handle_request_done()`` +- ``plugins_call_handle_connection_close()`` +- ``connection_reset()`` + +:close: + +- ``connection_close()`` diff --git a/doc/status.txt b/doc/status.txt new file mode 100644 index 0000000..fe3ee87 --- /dev/null +++ b/doc/status.txt @@ -0,0 +1,111 @@ +============= +Server Status +============= + +------------------ +Module: mod_status +------------------ + +:Author: Jan Kneschke +:Date: $Date: 2004/11/03 22:26:05 $ +:Revision: $Revision: 1.2 $ + +:abstract: + mod_status displays the server's status and configuration + +.. meta:: + :keywords: lighttpd, server status + +.. contents:: Table of Contents + +Description +=========== + +The server status module generates the status overview of the webserver. The +information covers: + +- uptime +- average throughput +- current throughput +- active connections and their state + + +We need to load the module first. :: + + server.modules = ( ..., "mod_ssi", ... ) + +By default the status page is disabled to hide internal information from +unauthorized users. :: + + status.status-url = "/server-status" + +If you want to open the status page just for users from the local network +cover it in a conditional. :: + + $HTTP["remoteip"] == "10.0.0.0/8" { + status.status-url = "/server-status" + } + +Or require authorization: :: + + auth.require = ( "/server-status" => + ( "realm" ... ) ) + + +Please note that when using the server.max-worker directive, the stati of the +childs are not combined yet, so you're going to see different stats with each +request. + + +Output Format +------------- + +By default a nice looking HTML page is generated. If you append ?auto to the +status-url you can get a text version which is simpler to parse. :: + + Total Accesses: 1234 + Total kBytes: 1043 + Uptime: 1234 + BusyServers: 123 + +Total Accesses is the number of handled requests, kBytes the overall outgoing +traffic, Uptime the uptime in seconds and BusyServers the number of currently +active connections. + +The naming is kept compatible to Apache even if we have another concept and +don't start new servers for each connection. + + +Options +======= + +status.status-url + + relative URL which is used to retrieve the status-page + + Default: unset + + Example: status.status-url = "/server-status" + +status.enable-sort + + add JavaScript which allows client-side sorting for the connection overview + + Default: enable + +status.config-url + + relative URL for the config page which displays the loaded modules + + Default: unset + + Example: status.config-url = "/server-config" + +status.statistics-url + + relative URL for a plain-text page containing the internal statistics + + Default: unset + + Example: status.statistics-url = "/server-statistics" + diff --git a/doc/sysconfig.lighttpd b/doc/sysconfig.lighttpd new file mode 100644 index 0000000..c8154c9 --- /dev/null +++ b/doc/sysconfig.lighttpd @@ -0,0 +1 @@ +LIGHTTPD_CONF_PATH=/etc/lighttpd/lighttpd.conf diff --git a/doc/traffic-shaping.txt b/doc/traffic-shaping.txt new file mode 100644 index 0000000..1076686 --- /dev/null +++ b/doc/traffic-shaping.txt @@ -0,0 +1,55 @@ +=============== +Traffic Shaping +=============== + +------------ +Module: core +------------ + +:Author: Jan Kneschke +:Date: $Date: 2004/11/03 22:26:05 $ +:Revision: $Revision: 1.2 $ + +:abstract: + limiting bandwidth usage + +.. meta:: + :keywords: lighttpd, bandwidth limit, traffic shaping + +.. contents:: Table of Contents + +Description +=========== + +Starting with 1.3.8, lighttpd supports limiting the bandwidth for +a single connection or config context like a virtual host or a URL. + +Options +======= + +:connection.kbytes-per-second: + limit the throughput for each single connection to the given + limit in kbyte/s + + default: 0 (no limit) + +:server.kbytes-per-second: + limit the throughput for all connections to the given limit + in kbyte/s + + if you want to specify a limit for a special virtual server + use: :: + + $HTTP["host"] == "www.example.org" { + server.kbytes-per-second = 128 + } + + which will override the default for this host. + + default: 0 (no limit) + +Additional Notes +================ + +Keep in mind that a limit below 32kb/s might actually limit the traffic to 32kb/s. This +is caused by the size of the TCP send buffer. diff --git a/doc/trigger_b4_dl.txt b/doc/trigger_b4_dl.txt new file mode 100644 index 0000000..f5c9d29 --- /dev/null +++ b/doc/trigger_b4_dl.txt @@ -0,0 +1,57 @@ +======================= +Trigger before Download +======================= + +------------------------- +Module: mod_trigger_b4_dl +------------------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/11/03 22:26:05 $ +:Revision: $Revision: 1.2 $ + +:abstract: + another anti-hot-linking module + +.. meta:: + :keywords: lighttpd, hot-linking, deep-linking + +.. contents:: Table of Contents + +Description +=========== + +Anti Hotlinking: + + * if user requests ''download-url'' directly, the request is denied and he is redirected to ''deny-url' + * if user visits ''trigger-url'' before requesting ''download-url'', access is granted + * if user visits ''download-url'' again after ''trigger-timeout'' has elapsed, the request is denied and he is redirected to ''deny-url'' + +The trigger information is either stored locally in a gdbm file or remotely in memcached. + +Requirements +------------ + + * libpcre + * libgdbm or libmemcache + +Options +======= + +:: + + trigger-before-download.gdbm-filename = "/home/weigon/testbase/trigger.db" + trigger-before-download.memcache-hosts = ( "127.0.0.1:11211" ) + trigger-before-download.trigger-url = "^/trigger/" + trigger-before-download.download-url = "^/download/" + trigger-before-download.deny-url = "http://192.168.1.5:1025/index.html" + trigger-before-download.trigger-timeout = 10 + +If both trigger-before-download.gdbm-filename and +trigger-before-download.memcache-hosts is set gdbm will take precedence. + +Installation +============ + +memcached should be started with the option -M as we don't want to remove entry if the memory is full. + diff --git a/doc/userdir.txt b/doc/userdir.txt new file mode 100644 index 0000000..10ba065 --- /dev/null +++ b/doc/userdir.txt @@ -0,0 +1,72 @@ +======= +userdir +======= + +------------------- +Module: mod_userdir +------------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/08/29 09:43:49 $ +:Revision: $Revision: 1.1 $ + +:abstract: + The userdir module ... + +.. meta:: + :keywords: lighttpd, userdir + +.. contents:: Table of Contents + +Description +=========== + +The userdir module provides a simple way to link user-based directories into the global namespace of the webserver. + +Requests in the form ``/~user/page.html`` are rewritten to take the file ``page.html`` from the home directory of the user. +If ``userdir.path`` is set, the path will be appended to the home directory +building the classic mapping of: :: + + userdir.path = "public_html" + + URL: http://www.example.org/~jan/index.html + Path: /home/jan/public_html/ + +To control which users should be able to use this feature you can set a list of usernames to include or exclude. + +In case your mapping is independent of /etc/passwd you can use +``userdir.basepath``: :: + + userdir.path = "htdocs" + userdir.basepath = "/var/www/users/" + + URL: http://www.example.org/~jan/index.html + Path: /var/www/users/jan/htdocs/index.html + +Options +======= + +userdir.path + usually it should be set to "public_html" to take ~/public_html/ as the document root + + Default: empty (document root is the home directory) + Example: :: + + userdir.path = "public_html" + +userdir.exclude-user + list of usernames which may not use this feature + + Default: empty (all users may use it) + Example: :: + + userdir.exclude-user = ( "root", "postmaster" ) + + +userdir.include-user + if set, only users from this list may use the feature + + Default: empty (all users may use it) + +userdir.basepath + if set, don't check /etc/passwd for homedir diff --git a/doc/webdav.txt b/doc/webdav.txt new file mode 100644 index 0000000..b10012f --- /dev/null +++ b/doc/webdav.txt @@ -0,0 +1,64 @@ +====== +WebDAV +====== + +-------------------- +Module: mod_webdav +-------------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/11/03 22:26:05 $ +:Revision: $Revision: 1.2 $ + +:abstract: + WebDAV module for lighttpd + +.. meta:: + :keywords: lighttpd, webdav + +.. contents:: Table of Contents + +Description +=========== + +The WebDAV module is a very minimalistic implementation of RFC 2518. +Minimalistic means that not all operations are implemented yet. + +So far we have + + * PROPFIND + * OPTIONS + * MKCOL + * DELETE + * PUT + +and the usual GET, POST, HEAD from HTTP/1.1. + +So far, mounting a WebDAV resource into Windows XP works and the basic litmus +tests are passed. + +Options +======= + +webdav.activate + If you load the webdav module, the WebDAV functionality has to be + enabled for the directories you want to provide to the user. + + Default: disable + +webdav.is-readonly + Only allow reading methods (GET, PROPFIND, OPTIONS) on WebDAV resources. + + Default: writable + +Examples +======== + +To enable WebDAV for the /dav directory, you wrap your webdav options in +a conditional. You have to use the regex like below as you want to match +the directory /dav and everything below it, but not e.g. /davos. :: + + $HTTP["url"] =~ "^/dav($|/)" { + webdav.activate = "enable" + webdav.is-readonly = "enable" + } |