-server.modules = ( "mod_rewrite", "mod_alias", "mod_access", "mod_fastcgi", "mod_redirect", "mod_accesslog" )
+server.modules = ( "mod_rewrite", "mod_alias", "mod_access", "mod_auth", "mod_proxy_core", "mod_proxy_backend_fastcgi", "mod_redirect", "mod_magnet", "mod_accesslog" )
server.errorlog = "/var/log/lighttpd/error_log"
-accesslog.filename = "/var/log/lighttpd/access_log"
+$HTTP["useragent"] !~ "^check_http" {
+ accesslog.filename = "/var/log/lighttpd/access_log"
+}
etag.use-inode = "disable"
index-file.names = ( "index.php", "index.html" )
-server.tag = ""
url.access-deny = ( "~", ".inc", ".svn", "CVS" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
-static-file.etags = "enable"
server.port = 80
-#server.bind = "localhost"
-#server.error-handler-404 = "/error-handler.html"
-#server.error-handler-404 = "/error-handler.php"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "lighttpd"
server.groupname = "lighttpd"
-fastcgi.server = ( ".php" =>
- ( "localhost" => (
- "socket" => "/tmp/php-fastcgi.socket",
- "bin-path" => "/usr/bin/php-cgi",
- "min-procs" => 2,
- "max-procs" => 2,
- "bin-environment" => (
- "PHP_FCGI_CHILDREN" => "4",
- "PHP_FCGI_MAX_REQUESTS" => "10000"
- ),
- "broken-scriptfilename" => "enable"
- ))
- )
-server.document-root = "/srv/sql/web/home/"
-alias.url = ( "/~sql/" => "/srv/sql/web/" )
-alias.url += ( "/main/" => "/srv/sql/web/main/" )
-alias.url += ( "/dev/" => "/srv/sql/web/dev/" )
-alias.url += ( "/tools/" => "/srv/sql/web/tools/" )
-alias.url += ( "/" => "/srv/sql/web/home/" )
+$PHYSICAL["existing-path"] =~ "\.php$" {
+ proxy-core.balancer = "round-robin"
+ proxy-core.allow-x-sendfile = "enable"
+ proxy-core.protocol = "fastcgi"
+ proxy-core.backends = ( "unix:/tmp/php-fastcgi.sock" )
+ proxy-core.max-pool-size = 4
+}
+
+server.document-root = "/srv/web/home/"
+alias.url = ( "/~sql" => "/srv/web" )
+alias.url += ( "/main" => "/srv/web/main" )
+alias.url += ( "/dev" => "/srv/web/dev" )
+alias.url += ( "/tools" => "/srv/web/tools" )
+#alias.url += ( "/" => "/srv/web/home" )
url.rewrite-once = ( "^/tools/([^\?]+)(\??.*)" => "/tools/$1.php$2" )
url.rewrite-once += ( "^/~sql/main/do/([^\?]+)(\??.*)" => "/~sql/main/$1.php$2" )
url.rewrite-once += ( "^/~sql/dev/do/([^\?]+)(\??.*)" => "/~sql/dev/$1.php$2" )
url.rewrite-once += ( "^/main/do/([^\?]+)(\??.*)" => "/main/$1.php$2" )
url.rewrite-once += ( "^/dev/do/([^\?]+)(\??.*)" => "/dev/$1.php$2" )
url.redirect = ( "^/phpMyAdmin(.*)" => "http://scripts.mit.edu/~sql/phpMyAdmin$1" )
+
ssl.verifyclient.username = "SSL_CLIENT_S_DN_emailAddress"
$SERVER["socket"] == "0.0.0.0:443" {
ssl.engine = "enable"
- ssl.pemfile = "/etc/lighttpd/sql-mit-edu.pem"
+ ssl.pemfile = "/etc/lighttpd/sql.mit.edu.pem"
ssl.ca-file = "/etc/lighttpd/mitCAclient.pem"
ssl.verifyclient.activate = "enable"
ssl.verifyclient.enforce = "disable"
ssl.verifyclient.depth = 2
+
+ $HTTP["url"] =~ "^/api(/|$)" {
+ $HTTP["useragent"] =~ "AppleWebKit" {
+ url.access-deny = ("")
+ }
+ auth.backend = "gssapi"
+ auth.backend.gssapi.principal = "HTTP/sql.mit.edu"
+ auth.backend.gssapi.keytab = "/etc/lighttpd/krb5.keytab"
+ auth.require = ( "/" => ( "method" => "gssapi", "realm" => "ATHENA.MIT.EDU", "require" => "valid-user"))
+ magnet.attract-raw-url-to = ( "/srv/www/api.lua" )
+ }
}
+
mimetype.assign = (
".gz" => "application/x-gzip",
".tar.gz" => "application/x-tgz",
andersk / sql.git / blobdiff