server.document-root = "/system/sdcard/www" server.pid-file = "/run/lighttpd.pid" server.port = 80 # uncomment to allow more exotic hostnames e.g. with underscores #server.http-parseopt-host-strict = "disable" mimetype.assign = ( ".html" => "text/html", ".txt" => "text/plain", ".jpg" => "image/jpeg", ".png" => "image/png", ".css" => "text/css", ".js" => "text/javascript" ) index-file.names = ( "index.html" ) server.modules = ("mod_alias", "mod_auth", "mod_authn_file", "mod_redirect", "mod_rewrite", "mod_cgi", "mod_fastcgi", "mod_dirlisting", "mod_staticfile", "mod_accesslog", "mod_openssl") cgi.assign = ( ".cgi" => "/bin/sh" ) #If below 4 lines are commented out then SSL is disabled if un-commented SSL is enabled #SSL is enabled by default #If disabling SSL you must clear your site cookie $SERVER["socket"] == ":443" { ssl.engine = "enable" ssl.pemfile = "/system/sdcard/config/lighttpd.pem" } # Support letsencrypt SSL cert paths # (we don't want to upgrade to SSL nor auth' this path) $HTTP["url"] !~ "^/.well-known/(.*)" { $HTTP["scheme"] == "https" { auth.backend = "htdigest" auth.backend.htdigest.userfile = "/system/sdcard/config/lighttpd.user" auth.require = ( "/" => ("method" => "basic", "realm" => "all", "require" => "user=root")) alias.url = ( "/viewer" => "/system/sdcard/DCIM/" ) $HTTP["url"] =~ "^/viewer($|/)" { server.dir-listing = "enable" } } #If below 7 lines are commented out then SSL is disabled if un-commented SSL is enabled #SSL is enabled by default #If disabling SSL you must clear your site cookie $HTTP["scheme"] == "http" { # Do not apply rule to 127.0.0.1, for ssh tunnels $HTTP["remote-ip"] != "127.0.0.1" { # capture vhost name with regex conditiona -> %0 in redirect pattern # must be the most inner block to the redirect rule $HTTP["host"] =~ ".*" { url.redirect = (".*" => "https://%0$0") } } } } ## enable debugging #debug.log-request-header = "enable" #debug.log-response-header = "enable" #debug.log-request-handling = "enable" #debug.log-file-not-found = "enable" #debug.log-condition-handling = "enable" ## where to send error-messages to server.errorlog = "/tmp/lighttpd-error.log" ## CGI (etc) stderr log server.breakagelog = "/tmp/lighttpd-cgi-stderr.log" ## accesslog module accesslog.filename = "/tmp/lighttpd-access.log"