Suse 10.2 PHP5 lighttpd und Fastcgi

Apache, Lighttpd, nginx, Cherokee
User avatar
Joe User
Project Manager
Project Manager
Posts: 11138
Joined: 2003-02-27 01:00
Location: Hamburg

Re: Suse 10.2 PHP5 lighttpd und Fastcgi

Post by Joe User » 2007-06-28 11:11

Du musst php5-fastcgi installieren und in der lighttpd.conf auf /srv/www/cgi-bin/php5 verweisen.

rootsvr
Posts: 538
Joined: 2005-09-02 11:12

Re: Suse 10.2 PHP5 lighttpd und Fastcgi

Post by rootsvr » 2007-06-28 11:50

wie es bei Suse ist weiß ich nicht genau, bei Debian sieht die Lighty konfig so aus:
Lighty 1.4.13 (beim 1.5 muß man mit Proybackends und imho spawn cgi arbeiten)

Code: Select all

server.modules   += ( "mod_fastcgi" )

## Start an FastCGI server for php5 (needs the php5-cgi package)
fastcgi.server    = ( ".php" =>
        ((
                "bin-path" => "/usr/bin/php5-cgi",
                "socket" => "/tmp/php.socket",
                "max-procs" => 2,
                "idle-timeout" => 20,
                "bin-environment" => (
                        "PHP_FCGI_CHILDREN" => "4",
                        "PHP_FCGI_MAX_REQUESTS" => "10000"
                ),
                "bin-copy-environment" => (
                        "PATH", "SHELL", "USER"
                ),
                "broken-scriptfilename" => "enable"
        ))
Das geht zumindest hier. Willst Du individuelle Userrechte ist vermutlich Spawncgi die bessere Variante:
http://trac.lighttpd.net/trac/wiki/HowT ... ermissions

Du brauchst auf jedenfall eine cgi Variante die sollte sich aber auch bei SuSE finden lassen

User avatar
Joe User
Project Manager
Project Manager
Posts: 11138
Joined: 2003-02-27 01:00
Location: Hamburg

Re: Suse 10.2 PHP5 lighttpd und Fastcgi

Post by Joe User » 2007-06-28 12:09

matzewe01 wrote:Aber worauf muss ich in der lighttpd.conf verweisen bzw. welcher Paramater muss auf /srv/www/cgi-bin/php5 verweisen?

Code: Select all

fastcgi.server = (
  ...
  "bin-path" => "/srv/www/cgi-bin/php5",
  ...
)
matzewe01 wrote:-> Das aktivieren bzw. Einbinden über modules.conf war nicht richtig mit der Beispielkonfiguration?
Das Modul mod_fastcgi muss geladen werden.

User avatar
Joe User
Project Manager
Project Manager
Posts: 11138
Joined: 2003-02-27 01:00
Location: Hamburg

Re: Suse 10.2 PHP5 lighttpd und Fastcgi

Post by Joe User » 2007-06-28 12:47

Moin,

für Alle die gerne spawn-fcgi unter openSUSE 10.2 nutzen möchten, folgt eine an die eigenen Bedürfnisse anzupassende Beispielkonfiguration:

Code: Select all

cat > /etc/sysconfig/spawn-fcgi << "EOF"
## Path:        Network/WWW/spawn-fcgi
## Description: start parameters for spawn-fcgi.
## Type:        string
## Default:     "-f /usr/bin/php-cgi -s /tmp/php-fastcgi.socket -C 4 -u lighttpd -g lighttpd"
## Config:      spawn-fcgi
#
# start parameters for spawn-fcgi.
#
# see man 1 spawn-fcgi for more
#
SPAWN_FCGI_PARAMS="-f /srv/www/cgi-bin/php5 -s /tmp/php-fastcgi.socket -C 4 -u lighttpd -g lighttpd"

## Path:        Network/WWW/spawn-fcgi
## Description: umask to use with spawn-fcgi
## Type:        string
## Default:     "077"
## Config:      spawn-fcgi
#
# Since version 1.4.12 lighttpd's mod_webdav honors the umask
# from the starting environment. To keep the old default, we set
# the umask to 077.
#
SPAWN_FCGI_UMASK="077"
EOF

cat > /etc/init.d/spawn-fcgi << "EOF"
#! /bin/sh
# Copyright (c) 1995-2004 SUSE Linux AG, Nuernberg, Germany.
# All rights reserved.
#
# Author: Kurt Garloff
# Please send feedback to http://www.suse.de/feedback/
#
# /etc/init.d/spawn-fcgi
#   and its symbolic link
# /(usr/)sbin/rcspawn-fcgi
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 2 of the License, or
#    (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program; if not, write to the Free Software
#    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
# Template system startup script for some example service/daemon lighttpd
#
# LSB compatible service control script; see http://www.linuxbase.org/spec/
#
# Note: This template uses functions rc_XXX defined in /etc/rc.status on
# UnitedLinux (UL) based Linux distributions. If you want to base your
# script on this template and ensure that it works on non UL based LSB
# compliant Linux distributions, you either have to provide the rc.status
# functions from UL or change the script to work without them.
#
### BEGIN INIT INFO
# Provides:          spawn-fcgi
# Required-Start:    $syslog $remote_fs
# Should-Start: $time ypbind sendmail
# Required-Stop:     $syslog $remote_fs
# Should-Stop: $time ypbind sendmail
# Default-Start:     3 5
# Default-Stop:      0 1 2 6
# Short-Description: spawn-fcgi
# Description:       Start spawn-fcgi
### END INIT INFO
#
# Any extensions to the keywords given above should be preceeded by
# X-VendorTag- (X-UnitedLinux- X-SuSE- for us) according to LSB.
#
# Notes on Required-Start/Should-Start:
# * There are two different issues that are solved by Required-Start
#    and Should-Start
# (a) Hard dependencies: This is used by the runlevel editor to determine
#     which services absolutely need to be started to make the start of
#     this service make sense. Example: nfsserver should have
#     Required-Start: $portmap
#     Also, required services are started before the dependent ones.
#     The runlevel editor will warn about such missing hard dependencies
#     and suggest enabling. During system startup, you may expect an error,
#     if the dependency is not fulfilled.
# (b) Specifying the init script ordering, not real (hard) dependencies.
#     This is needed by insserv to determine which service should be
#     started first (and at a later stage what services can be started
#     in parallel). The tag Should-Start: is used for this.
#     It tells, that if a service is available, it should be started
#     before. If not, never mind.
# * When specifying hard dependencies or ordering requirements, you can
#   use names of services (contents of their Provides: section)
#   or pseudo names starting with a $. The following ones are available
#   according to LSB (1.1):
#       $local_fs               all local file systems are mounted
#                               (most services should need this!)
#       $remote_fs              all remote file systems are mounted
#                               (note that /usr may be remote, so
#                                many services should Require this!)
#       $syslog                 system logging facility up
#       $network                low level networking (eth card, ...)
#       $named                  hostname resolution available
#       $netdaemons             all network daemons are running
#   The $netdaemons pseudo service has been removed in LSB 1.2.
#   For now, we still offer it for backward compatibility.
#   These are new (LSB 1.2):
#       $time                   the system time has been set correctly
#       $portmap                SunRPC portmapping service available
#   UnitedLinux extensions:
#       $ALL                    indicates that a script should be inserted
#                               at the end
# * The services specified in the stop tags
#   (Required-Stop/Should-Stop)
#   specify which services need to be still running when this service
#   is shut down. Often the entries there are just copies or a subset
#   from the respective start tag.
# * Should-Start/Stop are now part of LSB as of 2.0,
#   formerly SUSE/Unitedlinux used X-UnitedLinux-Should-Start/-Stop.
#   insserv does support both variants.
# * X-UnitedLinux-Default-Enabled: yes/no is used at installation time
#   (%fillup_and_insserv macro in %post of many RPMs) to specify whether
#   a startup script should default to be enabled after installation.
#   It's not used by insserv.
#
# Note on runlevels:
# 0 - halt/poweroff                     6 - reboot
# 1 - single user                       2 - multiuser without network exported
# 3 - multiuser w/ network (text mode)  5 - multiuser w/ network and X11 (xdm)
#
# Note on script names:
# http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/scrptnames.html
# A registry has been set up to manage the init script namespace.
# http://www.lanana.org/
# Please use the names already registered or register one or use a
# vendor prefix.


# Check for missing binaries (stale symlinks should not happen)
# Note: Special treatment of stop for LSB conformance
SPAWN_FCGI_BIN=/usr/sbin/spawn-fcgi
test -x $SPAWN_FCGI_BIN || { echo "$SPAWN_FCGI_BIN not installed";
        if [ "$1" = "stop" ]; then exit 0;
        else exit 5; fi; }

# Check for existence of needed config file and read it
SPAWN_FCGI_CONFIG=/etc/sysconfig/spawn-fcgi
test -r $SPAWN_FCGI_CONFIG || { echo "$SPAWN_FCGI_CONFIG not existing";
        if [ "$1" = "stop" ]; then exit 0;
        else exit 6; fi; }

# Read config
. $SPAWN_FCGI_CONFIG

# Source LSB init functions
# providing start_daemon, killproc, pidofproc,
# log_success_msg, log_failure_msg and log_warning_msg.
# This is currently not used by UnitedLinux based distributions and
# not needed for init scripts for UnitedLinux only. If it is used,
# the functions from rc.status should not be sourced or used.
#. /lib/lsb/init-functions

# Shell functions sourced from /etc/rc.status:
#      rc_check         check and set local and overall rc status
#      rc_status        check and set local and overall rc status
#      rc_status -v     be verbose in local rc status and clear it afterwards
#      rc_status -v -r  ditto and clear both the local and overall rc status
#      rc_status -s     display "skipped" and exit with status 3
#      rc_status -u     display "unused" and exit with status 3
#      rc_failed        set local and overall rc status to failed
#      rc_failed <num>  set local and overall rc status to <num>
#      rc_reset         clear both the local and overall rc status
#      rc_exit          exit appropriate to overall rc status
#      rc_active        checks whether a service is activated by symlinks
. /etc/rc.status

# Reset status of this service
rc_reset

# Return values acc. to LSB for all commands but status:
# 0       - success
# 1       - generic or unspecified error
# 2       - invalid or excess argument(s)
# 3       - unimplemented feature (e.g. "reload")
# 4       - user had insufficient privileges
# 5       - program is not installed
# 6       - program is not configured
# 7       - program is not running
# 8--199  - reserved (8--99 LSB, 100--149 distrib, 150--199 appl)
#
# Note that starting an already running service, stopping
# or restarting a not-running service as well as the restart
# with force-reload (in case signaling is not supported) are
# considered a success.

case "$1" in
    start)
        echo -n "Starting spawn-fcgi "
        ## Start daemon with startproc(8). If this fails
        ## the return value is set appropriately by startproc.
        umask ${SPAWN_FCGI_UMASK:-077}
        export PHP_FCGI_MAX_REQUESTS="500" FCGI_WEB_SERVER_ADDRS="127.0.0.1" PHPRC=""
        startproc -e $SPAWN_FCGI_BIN $SPAWN_FCGI_PARAMS

        # Remember status and be verbose
        rc_status -v
        ;;
    stop)
        echo -n "Shutting down spawn-fcgi "
        ## Stop daemon with killproc(8) and if this fails
        ## killproc sets the return value according to LSB.

        killproc -TERM $SPAWN_FCGI_BIN

        # Remember status and be verbose
        rc_status -v
        ;;
    try-restart|condrestart)
        ## Do a restart only if the service was active before.
        ## Note: try-restart is now part of LSB (as of 1.9).
        ## RH has a similar command named condrestart.
        if test "$1" = "condrestart"; then
                echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
        fi
        $0 status
        if test $? = 0; then
                $0 restart
        else
                rc_reset        # Not running is not a failure.
        fi
        # Remember status and be quiet
        rc_status
        ;;
    restart)
        ## Stop the service and regardless of whether it was
        ## running or not, start it again.
        $0 stop
        $0 start

        # Remember status and be quiet
        rc_status
        ;;
    *)
        echo "Usage: $0 {start|stop|try-restart|restart}"
        exit 1
        ;;
esac
rc_exit
EOF

chmod 0755 /etc/init.d/spawn-fcgi
ln -s /etc/init.d/spawn-fcgi /usr/sbin/rcspawn-fcgi
insserv spawn-fcgi

cat > /etc/sysconfig/lighttpd << "EOF"
## Path:        Network/WWW/lighttpd
## Description: start parameters for lighttpd.
## Type:        string
## Default:     "-f /etc/lighttpd/lighttpd.conf"
## Config:      lighttpd
#
# start parameters for lighttpd.
#
# see man 1 lighttpd for more
#
LIGHTTPD_PARAMS="-f /etc/lighttpd/lighttpd.conf"

## Path:        Network/WWW/lighttpd
## Description: umask to use with lighttpd
## Type:        string
## Default:     "077"
## Config:      lighttpd
#
# Since version 1.4.12 lighttpd's mod_webdav honors the umask
# from the starting environment. To keep the old default, we set
# the umask to 077.
#
LIGHTTPD_UMASK="077"
EOF

cat > /etc/init.d/lighttpd << "EOF"
#! /bin/sh
# Copyright (c) 1995-2004 SUSE Linux AG, Nuernberg, Germany.
# All rights reserved.
#
# Author: Kurt Garloff
# Please send feedback to http://www.suse.de/feedback/
#
# /etc/init.d/lighttpd
#   and its symbolic link
# /(usr/)sbin/rclighttpd
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 2 of the License, or
#    (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program; if not, write to the Free Software
#    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
# Template system startup script for some example service/daemon lighttpd
#
# LSB compatible service control script; see http://www.linuxbase.org/spec/
#
# Note: This template uses functions rc_XXX defined in /etc/rc.status on
# UnitedLinux (UL) based Linux distributions. If you want to base your
# script on this template and ensure that it works on non UL based LSB
# compliant Linux distributions, you either have to provide the rc.status
# functions from UL or change the script to work without them.
#
### BEGIN INIT INFO
# Provides:          lighttpd
# Required-Start:    $syslog $remote_fs
# Should-Start: $time ypbind sendmail
# Required-Stop:     $syslog $remote_fs
# Should-Stop: $time ypbind sendmail
# Default-Start:     3 5
# Default-Stop:      0 1 2 6
# Short-Description: lighttpd
# Description:       Start lighttpd
### END INIT INFO
#
# Any extensions to the keywords given above should be preceeded by
# X-VendorTag- (X-UnitedLinux- X-SuSE- for us) according to LSB.
#
# Notes on Required-Start/Should-Start:
# * There are two different issues that are solved by Required-Start
#    and Should-Start
# (a) Hard dependencies: This is used by the runlevel editor to determine
#     which services absolutely need to be started to make the start of
#     this service make sense. Example: nfsserver should have
#     Required-Start: $portmap
#     Also, required services are started before the dependent ones.
#     The runlevel editor will warn about such missing hard dependencies
#     and suggest enabling. During system startup, you may expect an error,
#     if the dependency is not fulfilled.
# (b) Specifying the init script ordering, not real (hard) dependencies.
#     This is needed by insserv to determine which service should be
#     started first (and at a later stage what services can be started
#     in parallel). The tag Should-Start: is used for this.
#     It tells, that if a service is available, it should be started
#     before. If not, never mind.
# * When specifying hard dependencies or ordering requirements, you can
#   use names of services (contents of their Provides: section)
#   or pseudo names starting with a $. The following ones are available
#   according to LSB (1.1):
#       $local_fs               all local file systems are mounted
#                               (most services should need this!)
#       $remote_fs              all remote file systems are mounted
#                               (note that /usr may be remote, so
#                                many services should Require this!)
#       $syslog                 system logging facility up
#       $network                low level networking (eth card, ...)
#       $named                  hostname resolution available
#       $netdaemons             all network daemons are running
#   The $netdaemons pseudo service has been removed in LSB 1.2.
#   For now, we still offer it for backward compatibility.
#   These are new (LSB 1.2):
#       $time                   the system time has been set correctly
#       $portmap                SunRPC portmapping service available
#   UnitedLinux extensions:
#       $ALL                    indicates that a script should be inserted
#                               at the end
# * The services specified in the stop tags
#   (Required-Stop/Should-Stop)
#   specify which services need to be still running when this service
#   is shut down. Often the entries there are just copies or a subset
#   from the respective start tag.
# * Should-Start/Stop are now part of LSB as of 2.0,
#   formerly SUSE/Unitedlinux used X-UnitedLinux-Should-Start/-Stop.
#   insserv does support both variants.
# * X-UnitedLinux-Default-Enabled: yes/no is used at installation time
#   (%fillup_and_insserv macro in %post of many RPMs) to specify whether
#   a startup script should default to be enabled after installation.
#   It's not used by insserv.
#
# Note on runlevels:
# 0 - halt/poweroff                     6 - reboot
# 1 - single user                       2 - multiuser without network exported
# 3 - multiuser w/ network (text mode)  5 - multiuser w/ network and X11 (xdm)
#
# Note on script names:
# http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/scrptnames.html
# A registry has been set up to manage the init script namespace.
# http://www.lanana.org/
# Please use the names already registered or register one or use a
# vendor prefix.


# Check for missing binaries (stale symlinks should not happen)
# Note: Special treatment of stop for LSB conformance
LIGHTTPD_BIN=/usr/sbin/lighttpd
test -x $LIGHTTPD_BIN || { echo "$LIGHTTPD_BIN not installed";
        if [ "$1" = "stop" ]; then exit 0;
        else exit 5; fi; }

# Check for existence of needed config file and read it
LIGHTTPD_CONFIG=/etc/sysconfig/lighttpd
test -r $LIGHTTPD_CONFIG || { echo "$LIGHTTPD_CONFIG not existing";
        if [ "$1" = "stop" ]; then exit 0;
        else exit 6; fi; }

# Read config
. $LIGHTTPD_CONFIG

# Source LSB init functions
# providing start_daemon, killproc, pidofproc,
# log_success_msg, log_failure_msg and log_warning_msg.
# This is currently not used by UnitedLinux based distributions and
# not needed for init scripts for UnitedLinux only. If it is used,
# the functions from rc.status should not be sourced or used.
#. /lib/lsb/init-functions

# Shell functions sourced from /etc/rc.status:
#      rc_check         check and set local and overall rc status
#      rc_status        check and set local and overall rc status
#      rc_status -v     be verbose in local rc status and clear it afterwards
#      rc_status -v -r  ditto and clear both the local and overall rc status
#      rc_status -s     display "skipped" and exit with status 3
#      rc_status -u     display "unused" and exit with status 3
#      rc_failed        set local and overall rc status to failed
#      rc_failed <num>  set local and overall rc status to <num>
#      rc_reset         clear both the local and overall rc status
#      rc_exit          exit appropriate to overall rc status
#      rc_active        checks whether a service is activated by symlinks
. /etc/rc.status

# Reset status of this service
rc_reset

# Return values acc. to LSB for all commands but status:
# 0       - success
# 1       - generic or unspecified error
# 2       - invalid or excess argument(s)
# 3       - unimplemented feature (e.g. "reload")
# 4       - user had insufficient privileges
# 5       - program is not installed
# 6       - program is not configured
# 7       - program is not running
# 8--199  - reserved (8--99 LSB, 100--149 distrib, 150--199 appl)
#
# Note that starting an already running service, stopping
# or restarting a not-running service as well as the restart
# with force-reload (in case signaling is not supported) are
# considered a success.

case "$1" in
    start)
        echo -n "Starting lighttpd "
        ## Start daemon with startproc(8). If this fails
        ## the return value is set appropriately by startproc.
        umask ${LIGHTTPD_UMASK:-077}
        startproc -e $LIGHTTPD_BIN $LIGHTTPD_PARAMS

        # Remember status and be verbose
        rc_status -v
        ;;
    stop)
        echo -n "Shutting down lighttpd "
        ## Stop daemon with killproc(8) and if this fails
        ## killproc sets the return value according to LSB.

        killproc -TERM $LIGHTTPD_BIN

        # Remember status and be verbose
        rc_status -v
        ;;
    try-restart|condrestart)
        ## Do a restart only if the service was active before.
        ## Note: try-restart is now part of LSB (as of 1.9).
        ## RH has a similar command named condrestart.
        if test "$1" = "condrestart"; then
                echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
        fi
        $0 status
        if test $? = 0; then
                $0 restart
        else
                rc_reset        # Not running is not a failure.
        fi
        # Remember status and be quiet
        rc_status
        ;;
    restart)
        ## Stop the service and regardless of whether it was
        ## running or not, start it again.
        $0 stop
        $0 start

        # Remember status and be quiet
        rc_status
        ;;
    force-reload)
        ## Signal the daemon to reload its config. Most daemons
        ## do this on signal 1 (SIGHUP).
        ## If it does not support it, restart.

        echo -n "Reload service lighttpd "
        ## if it supports it:
        killproc -HUP $LIGHTTPD_BIN
        #touch /var/run/lighttpd.pid
        rc_status -v

        ## Otherwise:
        #$0 try-restart
        #rc_status
        ;;
    reload)
        ## Like force-reload, but if daemon does not support
        ## signaling, do nothing (!)

        # If it supports signaling:
        echo -n "Reload service lighttpd "
        killproc -HUP $LIGHTTPD_BIN
        #touch /var/run/lighttpd.pid
        rc_status -v

        ## Otherwise if it does not support reload:
        #rc_failed 3
        #rc_status -v
        ;;
    status)
        echo -n "Checking for service lighttpd "
        ## Check status with checkproc(8), if process is running
        ## checkproc will return with exit status 0.

        # Return value is slightly different for the status command:
        # 0 - service up and running
        # 1 - service dead, but /var/run/  pid  file exists
        # 2 - service dead, but /var/lock/ lock file exists
        # 3 - service not running (unused)
        # 4 - service status unknown :-(
        # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)

        # NOTE: checkproc returns LSB compliant status values.
        checkproc $LIGHTTPD_BIN
        # NOTE: rc_status knows that we called this init script with
        # "status" option and adapts its messages accordingly.
        rc_status -v
        ;;
    probe)
        ## Optional: Probe for the necessity of a reload, print out the
        ## argument to this init script which is required for a reload.
        ## Note: probe is not (yet) part of LSB (as of 1.9)

        test /etc/lighttpd/lighttpd.conf -nt /var/run/lighttpd.pid && echo reload
        ;;
    *)
        echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
        exit 1
        ;;
esac
rc_exit
EOF

chmod 0755 /etc/init.d/lighttpd
insserv lighttpd

mkdir -p /etc/lighttpd/ssl
cd /etc/lighttpd/ssl

/etc/ssl/misc/CA.pl -newca
openssl req -new -nodes -x509 -keyout lighttpd.pem -out lighttpd.pem -days 365
chown lighttpd:lighttpd lighttpd.pem
chmod 0600 lighttpd.pem

cd /root

cat > /etc/lighttpd/lighttpd.conf << "EOF"
server.username = "lighttpd"
server.groupname = "lighttpd"
server.stat-cache-engine = "simple"
server.event-handler = "linux-sysepoll"
server.pid-file = "/var/run/lighttpd.pid"
server.errorlog = "/var/log/lighttpd/error_log"
server.document-root = "/srv/www/htdocs"
server.name = "www.domain.tld"
server.modules = (
    "mod_rewrite",
    "mod_redirect",
    "mod_alias",
    "mod_access",
    "mod_auth",
    "mod_setenv",
    "mod_expire",
    "mod_fastcgi",
    "mod_cgi",
    "mod_ssi",
    "mod_compress",
    "mod_accesslog",
)
server.indexfiles = (
    "index.xhtml",
    "index.html",
    "index.htm",
    "index.php",
)
mimetype.assign = (
    ".pdf"     => "application/pdf",
    ".sig"     => "application/pgp-signature",
    ".spl"     => "application/futuresplash",
    ".class"   => "application/octet-stream",
    ".ps"      => "application/postscript",
    ".torrent" => "application/x-bittorrent",
    ".dvi"     => "application/x-dvi",
    ".pac"     => "application/x-ns-proxy-autoconfig",
    ".swf"     => "application/x-shockwave-flash",
    ".tgz"     => "application/x-tgz",
    ".mp3"     => "audio/mpeg",
    ".m3u"     => "audio/x-mpegurl",
    ".wma"     => "audio/x-ms-wma",
    ".wax"     => "audio/x-ms-wax",
    ".ogg"     => "application/ogg",
    ".wav"     => "audio/x-wav",
    ".xbm"     => "image/x-xbitmap",
    ".xpm"     => "image/x-xpixmap",
    ".xwd"     => "image/x-xwindowdump",
    ".asc"     => "text/plain",
    ".c"       => "text/plain",
    ".h"       => "text/plain",
    ".cc"      => "text/plain",
    ".cpp"     => "text/plain",
    ".hh"      => "text/plain",
    ".hpp"     => "text/plain",
    ".conf"    => "text/plain",
    ".log"     => "text/plain",
    ".text"    => "text/plain",
    ".txt"     => "text/plain",
    ".diff"    => "text/plain",
    ".patch"   => "text/plain",
    ".ebuild"  => "text/plain",
    ".eclass"  => "text/plain",
    ".rtf"     => "application/rtf",
    ".bmp"     => "image/bmp",
    ".tif"     => "image/tiff",
    ".tiff"    => "image/tiff",
    ".ico"     => "image/x-icon",
    ".mpeg"    => "video/mpeg",
    ".mpg"     => "video/mpeg",
    ".mov"     => "video/quicktime",
    ".qt"      => "video/quicktime",
    ".avi"     => "video/x-msvideo",
    ".asf"     => "video/x-ms-asf",
    ".asx"     => "video/x-ms-asf",
    ".wmv"     => "video/x-ms-wmv",
    ".tbz"     => "application/x-bzip-compressed-tar",
    ".tar.bz2" => "application/x-bzip-compressed-tar",
    ".tar.gz"  => "application/x-tgz",
    ".bz2"     => "application/x-bzip",
    ".gz"      => "application/x-gzip",
    ".tar"     => "application/x-tar",
    ".zip"     => "application/zip",
    ".jpeg"    => "image/jpeg",
    ".jpg"     => "image/jpeg",
    ".png"     => "image/png",
    ".gif"     => "image/gif",
    ".xhtml"   => "text/html",
    ".html"    => "text/html",
    ".htm"     => "text/html",
    ".dtd"     => "text/xml",
    ".xml"     => "text/xml",
    ".css"     => "text/css",
    ".js"      => "text/javascript",
    ".php"     => "application/x-httpd-php",
    ""         => "text/plain",
)
static-file.exclude-extensions = (
    ".pl",
    ".cgi",
    ".fcgi",
    ".php",
)
dir-listing.activate = "disable"
dir-listing.hide-dotfiles = "enable"
dir-listing.encoding = "utf-8"
dir-listing.exclude = (
    "^.",
    "~$",
    "favicon.ico",
    "robots.txt",
)
url.access-deny = (
    "~",
    ".ini",
    ".inc",
    ".cfg",
    ".tpl",
    ".bak",
    ".dist",
    ".orig",
    ".htaccess",
    ".htpasswd",
    ".example",
    ".sample",
    ".lang",
)
fastcgi.server = (
    ".php" => (
        (
            "socket" => "/tmp/php-fastcgi.socket",
            "broken-scriptfilename" => "enable",
        ),
    ),
)
cgi.assign = (
    ".pl" => "/usr/bin/perl",
    ".cgi" => "/usr/bin/perl",
)
ssi.extension = (
    ".shtml",
)
compress.filetype = (
    "text/javascript",
    "text/plain",
    "text/html",
    "text/css",
    "text/xml",
)
accesslog.filename = "/var/log/lighttpd/access_log"
accesslog.format = "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i""
$HTTP["url"] =~ ".pdf$" {
    server.range-requests = "disable"
}
$SERVER["socket"] == ":443" {
    ssl.engine = "enable"
    ssl.use-sslv2 = "disable"
    ssl.pemfile = "/etc/lighttpd/ssl/lighttpd.pem"
    ssl.ca-file = "/etc/lighttpd/ssl/demoCA/cacert.pem"
    server.document-root = "/srv/www/htdocs"
    accesslog.filename = "/var/log/lighttpd/ssl_access_log"
}
$SERVER["socket"] == ":80" {
    $HTTP["host"] == "www.domain.tld" {
        server.name = "www.domain.tld"
        server.document-root = "/srv/www/htdocs"
    }
}
EOF
Gruss,
Joe User