541 lines
12 KiB

Configuration File
Module: core
:Author: Jan Kneschke
:Date: $Date$
:Revision: $Revision$
the layout of the configuration file
.. meta::
:keywords: lighttpd, configuration
.. contents:: Table of Contents
Basic Syntax
A BNF like notation: ::
option : NAME = VALUE
merge : NAME += VALUE
NAME : modulename.key
VALUE : ( <string> | <integer> | <boolean> | <array> | VALUE [ + VALUE ]*)
<string> : "text"
<integer>: digit*
<boolean>: ( "enable" | "disable" )
<array> : "(" [ <string> "=>" ] <value> [, [ <string> "=>" ] <value> ]* ")"
INCLUDE : "include" VALUE
# default document-root
server.document-root = "/var/www/"
# TCP port
server.port = 80
# selecting modules
server.modules = ( "mod_access", "mod_rewrite" )
# variables, computed when config is read.
var.mymodule = "foo"
server.modules += ( "mod_" + var.mymodule )
# var.PID is initialised to the pid of lighttpd before config is parsed
# include, relative to dirname of main config file
include "mime.types.conf"
# read configuration from output of a command
include_shell "/usr/local/bin/confmimetype /etc/mime.types"
Conditional Configuration
Most options can be configured conditionally by using the following syntax
(including nesting).
<field> <operator> <value> {
<field> <operator> <value> {
... nesting: match only when parent match
else <field> <operator> <value> {
... the "else if" block
where <field> is one of one of the following:
match on cookie
match on scheme
match on host
match on useragent
match on referer
math on the http method
match on url
match on the (not decoded) query-string
match on the remote IP or a remote Network
match on the Accept-Language header
match on socket. Value must be on the format "ip:port" where ip is an IP
address and port a port number. Only equal match (==) is supported.
It also binds the daemon to this socket. Use this if you want to do IP/port-
based virtual hosts.
<operator> is one of:
string equal match
string not equal match
perl style regular expression match
perl style regular expression not match
and <value> is either a quoted ("") literal string or regular expression.
# disable directory-listings for /download/*
dir-listing.activate = "enable"
$HTTP["url"] =~ "^/download/" {
dir-listing.activate = "disable"
# handish virtual hosting
# map all domains of a top-level-domain to a single document-root
$HTTP["host"] =~ "(^|\.)example\.org$" {
server.document-root = "/var/www/htdocs/"
# multiple sockets
$SERVER["socket"] == "" {
server.document-root = "..."
$SERVER["socket"] == "" {
ssl.pemfile = "/var/www/certs/localhost.pem"
ssl.engine = "enable"
server.document-root = "/var/www/htdocs/"
# deny access for all googlebot
$HTTP["useragent"] =~ "Google" {
url.access-deny = ( "" )
# deny access for all image stealers
$HTTP["referer"] !~ "^($|http://www\.example\.org)" {
url.access-deny = ( ".jpg", ".jpeg", ".png" )
# deny the access to to all user which
# are not in the network
$HTTP["host"] == "" {
$HTTP["remoteip"] != "" {
url.access-deny = ( "" )
Using variables
You can set your own variables in the configuration to simplify your config.
var.basedir = "/home/www/servers/"
$HTTP["host"] == "" { = ""
include "incl-base.conf"
in incl-base.conf:
server.document-root = basedir + + "/pages/"
accesslog.filename = basedir + + "/logs/access.log"
You can also use environement variables or the default variables var.PID and
var.CWD: ::
var.basedir = env.LIGHTTPDBASE
$HTTP["host"] == "" { = ""
include "incl-base.conf"
include "incl-fastcgi.conf"
in incl-fastcgi.conf:
fastcgi.server = ( ... => ((
"socket" => basedir + + "/tmp/fastcgi-" + PID + ".sock"
)) )
Or like the lighttpd script for rails does:
var.basedir = var.CWD
server.document-root = basedir + "/public/"
Global context
global {
You don't need it in the main configuration file. But you might have
difficulty setting server wide configuration inside a included-file from
in lighttpd.conf:
server.modules = ()
$HTTP["host"] == "" {
include "incl-php.conf"
in incl-php.conf:
global {
server.modules += ("mod_fastcgi")
static-file.exclude-extensions += (".php")
fastcgi.server = "..."
server module
main sections
document-root of the webserver
This variable has the specified as it will be used for all requests
without a Host: header and for all with a know hostname which you
might have specified with one of the above conditionals.
Default: no default, required
IP address, hostname or absolute path to the unix-domain socket the server
listen on.
Default: bind to all interfaces
Example: ::
server.bind = ""
server.bind = ""
server.bind = "/tmp/lighttpd.socket"
tcp-port to bind the server to
.. note:: port belows 1024 require root-permissions
Default: 80 (443 if ssl is enabled)
bind to the IPv6 socket
set TCP_DEFER_ACCEPT to the specified value on the socket if the value is > 0
and TCP_DEFER_ACCEPT is available on the platform (linux2.4+)
Default: 0
set SO_ACCEPTFILTER on listen sockets (*BSD systems, e.g. FreeBSD)
e.g. server.bsd-accept-filter = "httpready"
or server.bsd-accept-filter = "dataready"
Default: "" (none)
set the string returned by the Server: response header
Default: lighttpd <current-version>
pathname of the error-log
Default: either STDERR or ``server.errorlog-use-syslog``
send errorlog to syslog
Default: disabled
root-directory of the server
NOTE: requires root-permissions
username used to run the server
NOTE: requires root-permissions
groupname used to run the server
NOTE: requires root-permissions
allow to follow-symlinks
Default: enabled
list of files to search for if a directory is requested
e.g.: ::
index-file.names = ( "index.php", "index.html",
"index.htm", "default.htm" )
if a name starts with slash this file will be used a index generator
for all directories.
modules to load
.. note:: the order of the modules is important.
The modules are executed in the order as they are specified. Loading
mod_auth AFTER mod_fastcgi might disable authentication for fastcgi
backends (if check-local is disabled).
As auth should be done first, move it before all executing modules (like
proxy, fastcgi, scgi and cgi).
rewrites, redirects and access should be first, followed by auth and
the docroot plugins.
Afterwards the external handlers like fastcgi, cgi, scgi and proxy and
at the bottom the post-processing plugins like mod_accesslog.
e.g.: ::
server.modules = ( "mod_rewrite",
"mod_accesslog" )
Starting with lighttpd 1.4.0 three default modules are loaded automaticly:
- mod_indexfile
- mod_dirlisting
- mod_staticfile
set the event handler
Default: "poll"
set the name of the .pid-file where the PID of the server should be placed.
This option is used in combination with a start-script and the daemon mode
Default: not set
maximum size in kbytes of the request (header + body). Only applies to POST
Default: 2097152 (2GB)
number of worker processes to spawn. This is usually only needed on servers
which are fairly loaded and the network handler calls delay often (e.g. new
requests are not handled instantaneously).
Default: 0
name of the server/virtual server
Default: hostname
maximum number of request within a keep-alive session before the server
terminates the connection
Default: 128
maximum number of seconds until a idling keep-alive connection is droped
Default: 30
maximum number of seconds until a waiting, non keep-alive read times out
and closes the connection
Default: 60
maximum number of seconds until a waiting write call times out and closes
the connection
Default: 360
uri to call if the requested file results in a 404
Default: not set
Example: ::
server.error-handler-404 = "/error-404.php"
defines if HTTP/1.1 is allowed or not.
Default: enabled
defines if range requests are allowed or not.
Default: enabled
SSL engine
path to the PEM file for SSL support
enables listing of internally unhandled HTTP-headers
e.g. ::
debug.dump-unknown-headers = "enable"
list of known mimetype mappings
NOTE: if no mapping is given "application/octet-stream" is used
e.g.: ::
mimetype.assign = ( ".png" => "image/png",
".jpg" => "image/jpeg",
".jpeg" => "image/jpeg",
".html" => "text/html",
".txt" => "text/plain" )
The list is compared top down and the first match is taken. This is
important if you have matches like: ::
".tar.gz" => "application/x-tgz",
".gz" => "application/x-gzip",
If you want to set another default mimetype use: ::
"" => "text/plain" )
as the last entry in the list.
If available, use the XFS-style extended attribute interface to
retrieve the "Content-Type" attribute on each file, and use that as the
mime type. If it's not defined or not available, fall back to the
mimetype.assign assignment.
e.g.: ::
mimetype.use-xattr = "enable"
on shell use:
$ attr -s Content-Type -V image/svg svgfile.svg
$ attr -s Content-Type -V text/html indexfile
default: disabled
default: disabled
default: disabled
default: disabled
default: disabled