# Debian lighttpd configuration file
#

# Chroot into our root-dir
#server.chroot            = "/data/www"

#var.root-dir             = ""
var.root-dir             = "/data/www"
var.conf-dir             = "/etc/lighttpd"
var.fcgi-dir             = var.root-dir + "/var/fcgi"

## modules to load
server.modules              = (
            "mod_auth",
            "mod_access",
            "mod_alias",
            "mod_accesslog",
            "mod_rewrite",
            "mod_redirect",
            "mod_evhost",
            "mod_cgi",
            "mod_fastcgi",
            "mod_setenv",
)

# Set a default catch-all document root, which should never be used.
server.document-root       = var.root-dir + "/default/htdocs"

## where to upload files to, purged daily.
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )

## where to send error-messages to
server.errorlog            = var.root-dir + "/default/logs/error.log"

## files to check for if .../ is requested
index-file.names           = ( "index.php", "index.html" )

#### accesslog module
accesslog.filename         = var.root-dir + "/default/logs/access.log"

## deny access the file-extensions
#
# ~    is for backupfiles from vi, emacs, joe, ...
# .inc is often used for code includes which should in general not be part
#      of the document-root
url.access-deny            = ( "~", ".inc" )

##
# which extensions should not be handle via static-file transfer
#
# .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

## Use ipv6 only if available.
server.use-ipv6 = "disable"

## to help the rc.scripts
server.pid-file            = "/var/run/lighttpd.pid"

## virtual directory listings
dir-listing.encoding        = "utf-8"
# Disable dir-listing by default
server.dir-listing          = "disable"

# Don't run as root
server.username            = "www-data"
server.groupname           = "www-data"

# Make mysqll frontend available in all domains
alias.url                  += ("/mysql" => "/usr/share/phpmyadmin")

$SERVER["socket"] == ":443" {
	ssl.engine = "enable" 
	# The CA certificates (in particular, this contains the intermediate
	# certificate used by startcom). It seems that even without this
	# option, it already works, probably because openssl ships some
	# certificates. But, let's put it here to be safe anyway.
	ssl.ca-file = "/etc/lighttpd/ssl/ca/startssl-all-ca.pem"
	# Use the mail.stdin.nl certificate as the default certificate (for
	# non-SNI browsers and domains without their own certificate), since
	# it is currently the only one we have anyway.
	ssl.pemfile = "/etc/lighttpd/ssl/mail.stdin.nl.pem"
}

#### external configuration files
## mimetype mapping
include_shell var.conf-dir + "/scripts/create-mime.assign.pl"

## load vhosts
include_shell var.conf-dir + "/scripts/include-vhosts.pl"