lighttpd: modernize lighttpd.conf

- remove obsolete modules - replace mod_compress directives with mod_deflate - do not enable debug.log-request-handling by default (should not be enabled *by default* on any production system, especially not an embedded system) - update TLS syntax for modern recommended use (separate files for certificate+chain, and private key) - remove incorrect comment about server.event-handler lighttpd defaults correctly to use kqueue on *BSD systems - remove ancient config which disables range requests for PDF (cargo-culted config from ~15 years ago to address problem in then-popular PDF client) - use recommend config file include syntax (more efficient and more deterministic include file ordering) (From OE-Core rev: b52a12e66d2f9ed0751b63cea01e96890da15998) Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-07-19 12:59:02 +02:00 · 2023-10-20 09:30:26 -04:00 · 2023-10-20 09:30:26 -04:00 · 7cba02e8be
commit 7cba02e8be
parent 0d3c7e9630
1 changed files with 8 additions and 30 deletions
--- a/meta/recipes-extended/lighttpd/lighttpd/lighttpd.conf
+++ b/meta/recipes-extended/lighttpd/lighttpd/lighttpd.conf
@ -16,8 +16,6 @@ server.modules              = (
 #                               "mod_redirect",
 #                               "mod_alias",
                                "mod_access",
-#                               "mod_cml",
-#                               "mod_trigger_b4_dl",
 #                               "mod_auth",
 #                               "mod_status",
 #                               "mod_setenv",
@ -27,11 +25,9 @@ server.modules              = (
 #                               "mod_evhost",
 #                               "mod_userdir",
 #                               "mod_cgi",
-#                               "mod_compress",
 #                               "mod_ssi",
-#                               "mod_usertrack",
 #                               "mod_expire",
-#                               "mod_secdownload",
+#                               "mod_deflate",
 #                               "mod_rrdtool",
 #				"mod_webdav",
                                "mod_accesslog" )
@ -47,9 +43,6 @@ server.errorlog             = "/www/logs/lighttpd.error.log"
 index-file.names            = ( "index.php", "index.html",
                                "index.htm", "default.htm" )

-## set the event-handler (read the performance section in the manual)
-# server.event-handler = "freebsd-kqueue" # needed on OS X
-
 # mimetype mapping
 mimetype.assign             = (
  ".pdf"          =>      "application/pdf",
@ -115,7 +108,6 @@ mimetype.assign             = (

 #### accesslog module
 accesslog.filename          = "/www/logs/access.log"
-debug.log-request-handling = "enable"



@ -127,10 +119,6 @@ debug.log-request-handling = "enable"
 #      of the document-root
 url.access-deny             = ( "~", ".inc" )

-$HTTP["url"] =~ "\.pdf$" {
-  server.range-requests = "disable"
-}
-
 ##
 # which extensions should not be handle via static-file transfer
 #
@ -177,6 +165,7 @@ static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
 #dir-listing.activate       = "enable"

 ## enable debugging
+#debug.log-request-header-on-error = "enable"
 #debug.log-request-header   = "enable"
 #debug.log-response-header  = "enable"
 #debug.log-request-handling = "enable"
@ -194,8 +183,9 @@ static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
 #server.groupname           = "wwwrun"

 #### compress module
-#compress.cache-dir         = "/tmp/lighttpd/cache/compress/"
-#compress.filetype          = ("text/plain", "text/html")
+#deflate.cache-dir          = "/tmp/lighttpd/cache/compress/"
+#deflate.mimetypes          = ("text/plain", "text/html")
+#deflate.allowed-encodings  = ("gzip")

 #### proxy module
 ## read proxy.txt for more info
@ -227,7 +217,8 @@ static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

 #### SSL engine
 #ssl.engine                 = "enable"
-#ssl.pemfile                = "server.pem"
+#ssl.pemfile                = "/path/to/fullchain.pem"
+#ssl.privkey                = "/path/to/privkey.pem"

 #### status module
 #status.status-url          = "/server-status"
@ -291,19 +282,6 @@ static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
 #setenv.add-request-header  = ( "TRAV_ENV" => "mysql://user@host/db" )
 #setenv.add-response-header = ( "X-Secret-Message" => "42" )

-## for mod_trigger_b4_dl
-# trigger-before-download.gdbm-filename = "/home/weigon/testbase/trigger.db"
-# trigger-before-download.memcache-hosts = ( "127.0.0.1:11211" )
-# trigger-before-download.trigger-url = "^/trigger/"
-# trigger-before-download.download-url = "^/download/"
-# trigger-before-download.deny-url = "http://127.0.0.1/index.html"
-# trigger-before-download.trigger-timeout = 10
-
-## for mod_cml
-## don't forget to add index.cml to server.indexfiles
-# cml.extension               = ".cml"
-# cml.memcache-hosts          = ( "127.0.0.1:11211" )
-
 #### variable usage:
 ## variable name without "." is auto prefixed by "var." and becomes "var.bar"
 #bar = 1
@ -328,4 +306,4 @@ static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
 #var.a=1

 # include other config file fragments from lighttpd.d subdir
-include_shell "find /etc/lighttpd.d -maxdepth 1 -name '*.conf' -exec cat {} \;" 
+include "/etc/lighttpd.d/*.conf"