server.modules = ( "mod_indexfile", "mod_access", "mod_alias", "mod_redirect", "mod_rewrite", "mod_cgi" ) server.document-root = "/var/www/html" server.errorfile-prefix = "/var/www/error_pages/" server.errorlog = "/var/log/lighttpd/error.log" server.pid-file = "/run/lighttpd.pid" server.username = "lighttpd" server.groupname = "lighttpd" server.port = 80 # features #https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_feature-flagsDetails server.feature-flags += ("server.h2proto" => "enable") server.feature-flags += ("server.h2c" => "enable") server.feature-flags += ("server.graceful-shutdown-timeout" => 5) #server.feature-flags += ("server.graceful-restart-bg" => "enable") # strict parsing and normalization of URL for consistency and security # https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails # (might need to explicitly set "url-path-2f-decode" = "disable" # if a specific application is encoding URLs inside url-path) server.http-parseopts = ( "header-strict" => "enable",# default "host-strict" => "enable",# default "host-normalize" => "enable",# default "url-normalize-unreserved"=> "enable",# recommended highly "url-normalize-required" => "enable",# recommended "url-ctrls-reject" => "enable",# recommended "url-path-2f-decode" => "enable",# recommended highly (unless breaks app) "url-path-dotseg-remove" => "enable",# recommended highly (unless breaks app) ) index-file.names = ( "index.html", "index.php", "index.py", "index.njs" ) static-file.exclude-extensions = (".php", ".py", ".njs") cgi.assign = (".php" => "/usr/bin/php-cgi", ".py" => "/usr/bin/python3" , ".njs" => "/usr/bin/node") $HTTP["url"] =~ "^/\.git/" { url.access-deny = ("") } url.access-deny = ( "~", ".inc", ".env") include "mime-types.conf" #server.compat-module-load = "disable" server.modules += ( "mod_dirlisting", "mod_staticfile", )