14 the layout of the configuration file
17 :keywords: lighttpd, configuration
19 .. contents:: Table of Contents
27 A BNF like notation: ::
32 VALUE : ( <string> | <integer> | <boolean> | <array> | VALUE [ + VALUE ]*)
35 <boolean>: ( "enable" | "disable" )
36 <array> : "(" [ <string> "=>" ] <value> [, [ <string> "=>" ] <value> ]* ")"
37 INCLUDE : "include" VALUE
38 INCLUDE_SHELL : "include_shell" STRING_VALUE
45 # default document-root
46 server.document-root = "/var/www/example.org/pages/"
52 server.modules = ( "mod_access", "mod_rewrite" )
54 # variables, computed when config is read.
56 server.modules += ( "mod_" + var.mymodule )
57 # var.PID is initialised to the pid of lighttpd before config is parsed
59 # include, relative to dirname of main config file
60 include "mime.types.conf"
62 # read configuration from output of a command
63 include_shell "/usr/local/bin/confmimetype /etc/mime.types"
66 Conditional Configuration
67 =========================
69 Most options can be configured conditionally by using the following syntax
74 <field> <operator> <value> {
76 <field> <operator> <value> {
77 ... nesting: match only when parent match
80 else <field> <operator> <value> {
81 ... the "else if" block
84 where <field> is one of one of the following:
98 math on the http method
101 $HTTP["query-string"]
102 match on the (not decoded) query-string
105 match on the remote IP or a remote Network
107 match on the Accept-Language header
109 match on socket. Value must be on the format "ip:port" where ip is an IP
110 address and port a port number. Only equal match (==) is supported.
111 It also binds the daemon to this socket. Use this if you want to do IP/port-
114 <operator> is one of:
119 string not equal match
121 perl style regular expression match
123 perl style regular expression not match
125 and <value> is either a quoted ("") literal string or regular expression.
133 # disable directory-listings for /download/*
134 dir-listing.activate = "enable"
135 $HTTP["url"] =~ "^/download/" {
136 dir-listing.activate = "disable"
139 # handish virtual hosting
140 # map all domains of a top-level-domain to a single document-root
141 $HTTP["host"] =~ "(^|\.)example\.org$" {
142 server.document-root = "/var/www/htdocs/example.org/pages/"
146 $SERVER["socket"] == "127.0.0.1:81" {
147 server.document-root = "..."
150 $SERVER["socket"] == "127.0.0.1:443" {
151 ssl.pemfile = "/var/www/certs/localhost.pem"
152 ssl.engine = "enable"
154 server.document-root = "/var/www/htdocs/secure.example.org/pages/"
157 # deny access for all googlebot
158 $HTTP["useragent"] =~ "Google" {
159 url.access-deny = ( "" )
162 # deny access for all image stealers
163 $HTTP["referer"] !~ "^($|http://www\.example\.org)" {
164 url.access-deny = ( ".jpg", ".jpeg", ".png" )
167 # deny the access to www.example.org to all user which
168 # are not in the 10.0.0.0/8 network
169 $HTTP["host"] == "www.example.org" {
170 $HTTP["remoteip"] != "10.0.0.0/8" {
171 url.access-deny = ( "" )
178 You can set your own variables in the configuration to simplify your config.
181 var.basedir = "/home/www/servers/"
182 $HTTP["host"] == "www.example.org" {
183 server.name = "www.example.org"
184 include "incl-base.conf"
188 server.document-root = basedir + server.name + "/pages/"
189 accesslog.filename = basedir + server.name + "/logs/access.log"
191 You can also use environement variables or the default variables var.PID and
194 var.basedir = env.LIGHTTPDBASE
196 $HTTP["host"] == "www.example.org" {
197 server.name = "www.example.org"
198 include "incl-base.conf"
199 include "incl-fastcgi.conf"
202 in incl-fastcgi.conf:
203 fastcgi.server = ( ... => ((
204 "socket" => basedir + server.name + "/tmp/fastcgi-" + PID + ".sock"
207 Or like the lighttpd script for rails does:
209 var.basedir = var.CWD
211 server.document-root = basedir + "/public/"
222 You don't need it in the main configuration file. But you might have
223 difficulty setting server wide configuration inside a included-file from
233 $HTTP["host"] == "www.example.org" {
234 include "incl-php.conf"
239 server.modules += ("mod_fastcgi")
240 static-file.exclude-extensions += (".php")
242 fastcgi.server = "..."
254 document-root of the webserver
256 This variable has the specified as it will be used for all requests
257 without a Host: header and for all with a know hostname which you
258 might have specified with one of the above conditionals.
260 Default: no default, required
263 IP address, hostname or absolute path to the unix-domain socket the server
266 Default: bind to all interfaces
270 server.bind = "127.0.0.1"
271 server.bind = "www.example.org"
272 server.bind = "/tmp/lighttpd.socket"
275 tcp-port to bind the server to
277 .. note:: port belows 1024 require root-permissions
279 Default: 80 (443 if ssl is enabled)
282 bind to the IPv6 socket
285 set TCP_DEFER_ACCEPT to the specified value on the socket if the value is > 0
286 and TCP_DEFER_ACCEPT is available on the platform (linux2.4+)
290 server.bsd-accept-filter
291 set SO_ACCEPTFILTER on listen sockets (*BSD systems, e.g. FreeBSD)
292 e.g. server.bsd-accept-filter = "httpready"
293 or server.bsd-accept-filter = "dataready"
298 set the string returned by the Server: response header
300 Default: lighttpd <current-version>
303 pathname of the error-log
305 Default: either STDERR or ``server.errorlog-use-syslog``
307 server.errorlog-use-syslog
308 send errorlog to syslog
313 root-directory of the server
315 NOTE: requires root-permissions
318 username used to run the server
320 NOTE: requires root-permissions
323 groupname used to run the server
325 NOTE: requires root-permissions
327 server.follow-symlink
328 allow to follow-symlinks
333 list of files to search for if a directory is requested
336 index-file.names = ( "index.php", "index.html",
337 "index.htm", "default.htm" )
339 if a name starts with slash this file will be used a index generator
345 .. note:: the order of the modules is important.
347 The modules are executed in the order as they are specified. Loading
348 mod_auth AFTER mod_fastcgi might disable authentication for fastcgi
349 backends (if check-local is disabled).
351 As auth should be done first, move it before all executing modules (like
352 proxy, fastcgi, scgi and cgi).
354 rewrites, redirects and access should be first, followed by auth and
357 Afterwards the external handlers like fastcgi, cgi, scgi and proxy and
358 at the bottom the post-processing plugins like mod_accesslog.
362 server.modules = ( "mod_rewrite",
382 Starting with lighttpd 1.4.0 three default modules are loaded automaticly:
389 set the event handler
394 set the name of the .pid-file where the PID of the server should be placed.
395 This option is used in combination with a start-script and the daemon mode
399 server.max-request-size
400 maximum size in kbytes of the request (header + body). Only applies to POST
403 Default: 2097152 (2GB)
406 number of worker processes to spawn. This is usually only needed on servers
407 which are fairly loaded and the network handler calls delay often (e.g. new
408 requests are not handled instantaneously).
413 name of the server/virtual server
417 server.max-keep-alive-requests
418 maximum number of request within a keep-alive session before the server
419 terminates the connection
423 server.max-keep-alive-idle
424 maximum number of seconds until a idling keep-alive connection is droped
429 maximum number of seconds until a waiting, non keep-alive read times out
430 and closes the connection
434 server.max-write-idle
435 maximum number of seconds until a waiting write call times out and closes
440 server.error-handler-404
441 uri to call if the requested file results in a 404
447 server.error-handler-404 = "/error-404.php"
449 server.protocol-http11
450 defines if HTTP/1.1 is allowed or not.
454 server.range-requests
455 defines if range requests are allowed or not.
464 path to the PEM file for SSL support
469 debug.dump-unknown-headers
470 enables listing of internally unhandled HTTP-headers
474 debug.dump-unknown-headers = "enable"
480 list of known mimetype mappings
481 NOTE: if no mapping is given "application/octet-stream" is used
485 mimetype.assign = ( ".png" => "image/png",
486 ".jpg" => "image/jpeg",
487 ".jpeg" => "image/jpeg",
488 ".html" => "text/html",
489 ".txt" => "text/plain" )
491 The list is compared top down and the first match is taken. This is
492 important if you have matches like: ::
494 ".tar.gz" => "application/x-tgz",
495 ".gz" => "application/x-gzip",
497 If you want to set another default mimetype use: ::
502 as the last entry in the list.
505 If available, use the XFS-style extended attribute interface to
506 retrieve the "Content-Type" attribute on each file, and use that as the
507 mime type. If it's not defined or not available, fall back to the
508 mimetype.assign assignment.
512 mimetype.use-xattr = "enable"
516 $ attr -s Content-Type -V image/svg svgfile.svg
520 $ attr -s Content-Type -V text/html indexfile
526 debug.log-request-header
529 debug.log-response-header
532 debug.log-file-not-found
535 debug.log-request-handling