-server.modules = ( "mod_rewrite", "mod_alias", "mod_access", "mod_fastcgi", "mod_redirect", "mod_accesslog" )
+server.modules = ( "mod_rewrite", "mod_alias", "mod_access", "mod_auth", "mod_proxy_core", "mod_proxy_backend_fastcgi", "mod_redirect", "mod_magnet", "mod_accesslog" )
server.errorlog = "/var/log/lighttpd/error_log"
$HTTP["useragent"] !~ "^check_http" {
accesslog.filename = "/var/log/lighttpd/access_log"
index-file.names = ( "index.php", "index.html" )
url.access-deny = ( "~", ".inc", ".svn", "CVS" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
-static-file.etags = "enable"
server.port = 80
-#server.bind = "localhost"
-#server.error-handler-404 = "/error-handler.html"
-#server.error-handler-404 = "/error-handler.php"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "lighttpd"
server.groupname = "lighttpd"
-fastcgi.server = ( ".php" =>
- ( "localhost" => (
- "socket" => "/tmp/php-fastcgi.socket",
- "bin-path" => "/usr/bin/php-cgi",
- "min-procs" => 2,
- "max-procs" => 2,
- "bin-environment" => (
- "PHP_FCGI_CHILDREN" => "4",
- "PHP_FCGI_MAX_REQUESTS" => "10000"
- ),
- "broken-scriptfilename" => "enable"
- ))
- )
+
+$PHYSICAL["existing-path"] =~ "\.php$" {
+ proxy-core.balancer = "round-robin"
+ proxy-core.allow-x-sendfile = "enable"
+ proxy-core.protocol = "fastcgi"
+ proxy-core.backends = ( "unix:/tmp/php-fastcgi.sock" )
+ proxy-core.max-pool-size = 4
+}
server.document-root = "/srv/web/home/"
alias.url = ( "/~sql" => "/srv/web" )
url.rewrite-once += ( "^/main/do/([^\?]+)(\??.*)" => "/main/$1.php$2" )
url.rewrite-once += ( "^/dev/do/([^\?]+)(\??.*)" => "/dev/$1.php$2" )
url.redirect = ( "^/phpMyAdmin(.*)" => "http://scripts.mit.edu/~sql/phpMyAdmin$1" )
+
ssl.verifyclient.username = "SSL_CLIENT_S_DN_emailAddress"
$SERVER["socket"] == "0.0.0.0:443" {
ssl.engine = "enable"
ssl.verifyclient.activate = "enable"
ssl.verifyclient.enforce = "disable"
ssl.verifyclient.depth = 2
+
+ $HTTP["url"] =~ "^/api(/|$)" {
+ $HTTP["useragent"] =~ "AppleWebKit" {
+ url.access-deny = ("")
+ }
+ auth.backend = "gssapi"
+ auth.backend.gssapi.principal = "HTTP/sql.mit.edu"
+ auth.backend.gssapi.keytab = "/etc/lighttpd/krb5.keytab"
+ auth.require = ( "/" => ( "method" => "gssapi", "realm" => "ATHENA.MIT.EDU", "require" => "valid-user"))
+ magnet.attract-raw-url-to = ( "/srv/www/api.lua" )
+ }
}
+
mimetype.assign = (
".gz" => "application/x-gzip",
".tar.gz" => "application/x-tgz",