14 the layout of the configuration file
17 :keywords: lighttpd, configuration
19 .. contents:: Table of Contents
27 A BNF like notation: ::
32 VALUE : ( <string> | <integer> | <boolean> | <array> | VALUE [ + VALUE ]*)
35 <boolean>: ( "enable" | "disable" )
36 <array> : "(" [ <string> "=>" ] <value> [, [ <string> "=>" ] <value> ]* ")"
37 INCLUDE : "include" VALUE
38 INCLUDE_SHELL : "include_shell" STRING_VALUE
45 # default document-root
46 server.document-root = "/var/www/example.org/pages/"
52 server.modules = ( "mod_access", "mod_rewrite" )
54 # variables, computed when config is read.
56 server.modules += ( "mod_" + var.mymodule )
57 # var.PID is initialised to the pid of lighttpd before config is parsed
59 # include, relative to dirname of main config file
60 include "mime.types.conf"
62 # read configuration from output of a command
63 include_shell "/usr/local/bin/confmimetype /etc/mime.types"
66 Conditional Configuration
67 =========================
69 Most options can be configured conditionally by using the following syntax
74 <field> <operator> <value> {
76 <field> <operator> <value> {
77 ... nesting: match only when parent match
80 else <field> <operator> <value> {
81 ... the "else if" block
84 where <field> is one of one of the following:
98 math on the http method
101 $HTTP["query-string"]
102 match on the (not decoded) query-string
105 match on the remote IP or a remote Network
107 match on the Accept-Language header
109 match on socket. Value must be on the format "ip:port" where ip is an IP
110 address and port a port number. Only equal match (==) is supported.
111 It also binds the daemon to this socket. Use this if you want to do IP/port-
114 <operator> is one of:
119 string not equal match
121 perl style regular expression match
123 perl style regular expression not match
125 and <value> is either a quoted ("") literal string or regular expression.
133 # disable directory-listings for /download/*
134 dir-listing.activate = "enable"
135 $HTTP["url"] =~ "^/download/" {
136 dir-listing.activate = "disable"
139 # handish virtual hosting
140 # map all domains of a top-level-domain to a single document-root
141 $HTTP["host"] =~ "(^|\.)example\.org$" {
142 server.document-root = "/var/www/htdocs/example.org/pages/"
146 $SERVER["socket"] == "127.0.0.1:81" {
147 server.document-root = "..."
150 $SERVER["socket"] == "127.0.0.1:443" {
151 ssl.pemfile = "/var/www/certs/localhost.pem"
152 ssl.engine = "enable"
154 server.document-root = "/var/www/htdocs/secure.example.org/pages/"
157 # deny access for all googlebot
158 $HTTP["useragent"] =~ "Google" {
159 url.access-deny = ( "" )
162 # deny access for all image stealers
163 $HTTP["referer"] !~ "^($|http://www\.example\.org)" {
164 url.access-deny = ( ".jpg", ".jpeg", ".png" )
167 # deny the access to www.example.org to all user which
168 # are not in the 10.0.0.0/8 network
169 $HTTP["host"] == "www.example.org" {
170 $HTTP["remoteip"] != "10.0.0.0/8" {
171 url.access-deny = ( "" )
178 You can set your own variables in the configuration to simplify your config.
181 var.basedir = "/home/www/servers/"
182 $HTTP["host"] == "www.example.org" {
183 server.name = "www.example.org"
184 include "incl-base.conf"
188 server.document-root = basedir + server.name + "/pages/"
189 accesslog.filename = basedir + server.name + "/logs/access.log"
191 You can also use environement variables or the default variables var.PID and
194 var.basedir = env.LIGHTTPDBASE
196 $HTTP["host"] == "www.example.org" {
197 server.name = "www.example.org"
198 include "incl-base.conf"
199 include "incl-fastcgi.conf"
202 in incl-fastcgi.conf:
203 fastcgi.server = ( ... => ((
204 "socket" => basedir + server.name + "/tmp/fastcgi-" + PID + ".sock"
207 Or like the lighttpd script for rails does:
209 var.basedir = var.CWD
211 server.document-root = basedir + "/public/"
222 You don't need it in the main configuration file. But you might have
223 difficulty setting server wide configuration inside a included-file from
233 $HTTP["host"] == "www.example.org" {
234 include "incl-php.conf"
239 server.modules += ("mod_fastcgi")
240 static-file.exclude-extensions += (".php")
242 fastcgi.server = "..."
254 document-root of the webserver
256 This variable has the specified as it will be used for all requests
257 without a Host: header and for all with a know hostname which you
258 might have specified with one of the above conditionals.
260 Default: no default, required
263 IP address, hostname or absolute path to the unix-domain socket the server
266 Default: bind to all interfaces
270 server.bind = "127.0.0.1"
271 server.bind = "www.example.org"
272 server.bind = "/tmp/lighttpd.socket"
275 tcp-port to bind the server to
277 .. note:: port belows 1024 require root-permissions
279 Default: 80 (443 if ssl is enabled)
282 bind to the IPv6 socket
285 set TCP_DEFER_ACCEPT to the specified value on the socket if the value is > 0
286 and TCP_DEFER_ACCEPT is available on the platform (linux2.4+)
290 server.bsd-accept-filter
291 set SO_ACCEPTFILTER on listen sockets (*BSD systems, e.g. FreeBSD)
292 e.g. server.bsd-accept-filter = "httpready"
293 or server.bsd-accept-filter = "dataready"
298 set the string returned by the Server: response header
300 Default: lighttpd <current-version>
303 pathname of the error-log
305 Default: either STDERR or ``server.errorlog-use-syslog``
307 server.errorlog-use-syslog
308 send errorlog to syslog
313 root-directory of the server
315 NOTE: requires root-permissions
318 username used to run the server
320 NOTE: requires root-permissions
323 groupname used to run the server
325 NOTE: requires root-permissions
327 server.follow-symlink
328 allow to follow-symlinks
333 list of files to search for if a directory is requested
336 index-file.names = ( "index.php", "index.html",
337 "index.htm", "default.htm" )
339 if a name starts with slash this file will be used a index generator
345 .. note:: the order of the modules is important.
347 The modules are executed in the order as they are specified. Loading
348 mod_auth AFTER mod_fastcgi might disable authentication for fastcgi
349 backends (if check-local is disabled).
351 As auth should be done first, move it before all executing modules (like
352 proxy, fastcgi, scgi and cgi).
354 rewrites, redirects and access should be first, followed by auth and
357 Afterwards the external handlers like fastcgi, cgi, scgi and proxy and
358 at the bottom the post-processing plugins like mod_accesslog.
362 server.modules = ( "mod_rewrite",
383 Starting with lighttpd 1.4.0 three default modules are loaded automaticly:
390 set the event handler
395 set the name of the .pid-file where the PID of the server should be placed.
396 This option is used in combination with a start-script and the daemon mode
400 server.max-request-size
401 maximum size in kbytes of the request (header + body). Only applies to POST
404 Default: 2097152 (2GB)
407 number of worker processes to spawn. This is usually only needed on servers
408 which are fairly loaded and the network handler calls delay often (e.g. new
409 requests are not handled instantaneously).
414 name of the server/virtual server
418 server.max-keep-alive-requests
419 maximum number of request within a keep-alive session before the server
420 terminates the connection
424 server.max-keep-alive-idle
425 maximum number of seconds until a idling keep-alive connection is droped
430 maximum number of seconds until a waiting, non keep-alive read times out
431 and closes the connection
435 server.max-write-idle
436 maximum number of seconds until a waiting write call times out and closes
441 server.error-handler-404
442 uri to call if the requested file results in a 404
448 server.error-handler-404 = "/error-404.php"
450 server.protocol-http11
451 defines if HTTP/1.1 is allowed or not.
455 server.range-requests
456 defines if range requests are allowed or not.
465 path to the PEM file for SSL support
470 debug.dump-unknown-headers
471 enables listing of internally unhandled HTTP-headers
475 debug.dump-unknown-headers = "enable"
481 list of known mimetype mappings
482 NOTE: if no mapping is given "application/octet-stream" is used
486 mimetype.assign = ( ".png" => "image/png",
487 ".jpg" => "image/jpeg",
488 ".jpeg" => "image/jpeg",
489 ".html" => "text/html",
490 ".txt" => "text/plain" )
492 The list is compared top down and the first match is taken. This is
493 important if you have matches like: ::
495 ".tar.gz" => "application/x-tgz",
496 ".gz" => "application/x-gzip",
498 If you want to set another default mimetype use: ::
503 as the last entry in the list.
506 If available, use the XFS-style extended attribute interface to
507 retrieve the "Content-Type" attribute on each file, and use that as the
508 mime type. If it's not defined or not available, fall back to the
509 mimetype.assign assignment.
513 mimetype.use-xattr = "enable"
517 $ attr -s Content-Type -V image/svg svgfile.svg
521 $ attr -s Content-Type -V text/html indexfile
527 debug.log-request-header
530 debug.log-response-header
533 debug.log-file-not-found
536 debug.log-request-handling