gssapi:/api, cleanup old php.ini files

[sql.git] / etc / lighttpd / lighttpd.conf

diff --git a/etc/lighttpd/lighttpd.conf b/etc/lighttpd/lighttpd.conf
index ff497cb67dd239d554ae829117f388845c5c5c6f..e17178e879b3141108e65eb2e0765b7fd3b51f06 100644 (file)
--- a/etc/lighttpd/lighttpd.conf
+++ b/etc/lighttpd/lighttpd.conf
@@ -1,4 +1,4 @@
-server.modules              = ( "mod_rewrite", "mod_alias", "mod_access", "mod_fastcgi", "mod_redirect", "mod_accesslog" )
+server.modules              = ( "mod_rewrite", "mod_alias", "mod_access", "mod_auth", "mod_proxy_core", "mod_proxy_backend_fastcgi", "mod_redirect", "mod_magnet", "mod_accesslog" )
 server.errorlog             = "/var/log/lighttpd/error_log"
 $HTTP["useragent"] !~ "^check_http" {
     accesslog.filename          = "/var/log/lighttpd/access_log"
@@ -7,27 +7,18 @@ etag.use-inode              = "disable"
 index-file.names            = ( "index.php", "index.html" )
 url.access-deny             = ( "~", ".inc", ".svn", "CVS" )
 static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
-static-file.etags           = "enable"
 server.port                 = 80
-#server.bind                = "localhost"
-#server.error-handler-404   = "/error-handler.html"
-#server.error-handler-404   = "/error-handler.php"
 server.pid-file             = "/var/run/lighttpd.pid"
 server.username             = "lighttpd"
 server.groupname            = "lighttpd"
-fastcgi.server              = ( ".php" =>
-                                ( "localhost" => (
-                                    "socket" => "/tmp/php-fastcgi.socket",
-                                    "bin-path" => "/usr/bin/php-cgi",
-                                    "min-procs" => 2,
-                                    "max-procs" => 2,
-                                    "bin-environment" => (
-                                        "PHP_FCGI_CHILDREN" => "4",
-                                        "PHP_FCGI_MAX_REQUESTS" => "10000"
-                                    ),
-                                    "broken-scriptfilename" => "enable"
-                                ))
-                              )
+
+$PHYSICAL["existing-path"] =~ "\.php$" {
+    proxy-core.balancer = "round-robin"
+    proxy-core.allow-x-sendfile = "enable"
+    proxy-core.protocol = "fastcgi"
+    proxy-core.backends = ( "unix:/tmp/php-fastcgi.sock" )
+    proxy-core.max-pool-size = 4
+}
 
 server.document-root = "/srv/web/home/"
 alias.url = ( "/~sql" => "/srv/web" )
@@ -41,6 +32,7 @@ url.rewrite-once += ( "^/~sql/dev/do/([^\?]+)(\??.*)" => "/~sql/dev/$1.php$2" )
 url.rewrite-once += ( "^/main/do/([^\?]+)(\??.*)" => "/main/$1.php$2" )
 url.rewrite-once += ( "^/dev/do/([^\?]+)(\??.*)" => "/dev/$1.php$2" )
 url.redirect = ( "^/phpMyAdmin(.*)" => "http://scripts.mit.edu/~sql/phpMyAdmin$1" )
+
 ssl.verifyclient.username  = "SSL_CLIENT_S_DN_emailAddress"
 $SERVER["socket"] == "0.0.0.0:443" {
     ssl.engine = "enable"
@@ -49,7 +41,19 @@ $SERVER["socket"] == "0.0.0.0:443" {
     ssl.verifyclient.activate   = "enable"
     ssl.verifyclient.enforce    = "disable"
     ssl.verifyclient.depth      = 2
+
+    $HTTP["url"] =~ "^/api(/|$)" {
+        $HTTP["useragent"] =~ "AppleWebKit" {
+            url.access-deny = ("")
+        }
+        auth.backend = "gssapi"
+        auth.backend.gssapi.principal = "HTTP/sql.mit.edu"
+        auth.backend.gssapi.keytab = "/etc/lighttpd/krb5.keytab"
+        auth.require = ( "/" => ( "method" => "gssapi", "realm" => "ATHENA.MIT.EDU", "require" => "valid-user"))
+        magnet.attract-raw-url-to = ( "/srv/www/api.lua" )
+    }
 }
+
 mimetype.assign = (
     ".gz"           =>      "application/x-gzip",
     ".tar.gz"       =>      "application/x-tgz",