WebSVN – ALCASAR – Diff – /conf/lighttpd/vhosts.d/alcasar-with-ssl.conf


$HTTP["url"] =~ ".*" {
    # Disabling directory listing as default setting
    dir-listing.activate = "disable"
}
 
# If a wrong url is used, displaying homepage for unprivileged users
$HTTP["url"] !~ "^/(acc|save)/" {
    server.error-handler-404 = "/"
}
 
# Error pages
server.errorfile-prefix = "/var/www/html/errors/error-" 
 
$SERVER["socket"] == "alcasar.localdomain:443" {
    ssl.engine = "enable"
    ssl.pemfile = "/etc/pki/tls/private/alcasar.pem"
    ssl.verifyclient.ca-file = "/etc/pki/tls/certs/server-chain.pem"
 
 
    var.server_name = "alcasar.localdomain"
    server.name = server_name
    server.document-root = "/var/www/html"
}
 
$HTTP["scheme"] == "https" {
    alias.url = (
        "/save" => "/var/Save"
    )
    # Digest authentication configuration
    auth.backend = "htdigest"
    auth.require = (
        "/acc/" => 
        (
            "method"  => "digest",
            "realm"   => "ALCASAR Control Center (ACC)",
            "require" => "valid-user"
        ),
        "/save/" => 
        (
            "method"  => "digest",
            "realm"   => "ALCASAR Control Center (ACC)",
            "require" => "valid-user"
        )
    )
    $HTTP["url"] =~ "^/(acc|save)/" {
        # Setting digest files according access permissions
        $HTTP["url"] =~ "^/acc/" {
            auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_all"
            $HTTP["url"] =~ "^/acc/admin" {
                auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_admin"
            }
            $HTTP["url"] =~ "^/acc/manager/" {
                auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_manager"
            }
            $HTTP["url"] =~ "^/acc/backup/" {
                auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_backup"
            }
        }
        $HTTP["url"] =~ "^/save" {
            auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_backup"
            # Enabling directory listing
            dir-listing.activate = "enable"
        }
    }
}
 
$HTTP["scheme"] == "http" {
        # Force HTTPS for specific pages
        $HTTP["url"] =~ "^/(acc|save)" {
                $HTTP["host"] =~ ".*" {
                        url.redirect = (".*" => "https://%0$0")
                }
        }
}
 

Subversion Repositories ALCASAR

(root)/conf/lighttpd/vhosts.d/alcasar-with-ssl.conf – Rev 3110 → 3191

Rev 3110		Rev 3191
1	`$HTTP["url"] =~ ".*" {`	1	`$HTTP["url"] =~ ".*" {`
2	`# Disabling directory listing as default setting`	2	`# Disabling directory listing as default setting`
3	`dir-listing.activate = "disable"`	3	`dir-listing.activate = "disable"`
4	`}`	4	`}`
5		5
6	`# If a wrong url is used, displaying homepage for unprivileged users`	6	`# If a wrong url is used, displaying homepage for unprivileged users`
7	`$HTTP["url"] !~ "^/(acc\|save)/" {`	7	`$HTTP["url"] !~ "^/(acc\|save)/" {`
8	`server.error-handler-404 = "/"`	8	`server.error-handler-404 = "/"`
9	`}`	9	`}`
10		10
11	`# Error pages`	11	`# Error pages`
12	`server.errorfile-prefix = "/var/www/html/errors/error-"`	12	`server.errorfile-prefix = "/var/www/html/errors/error-"`
13		13
14	`$SERVER["socket"] == "alcasar.localdomain:443" {`	14	`$SERVER["socket"] == "alcasar.localdomain:443" {`
15	`ssl.engine = "enable"`	15	`ssl.engine = "enable"`
16	`ssl.pemfile = "/etc/pki/tls/private/alcasar.pem"`	16	`ssl.pemfile = "/etc/pki/tls/private/alcasar.pem"`
17	`ssl.ca-file = "/etc/pki/tls/certs/server-chain.pem"`	17	`ssl.verifyclient.ca-file = "/etc/pki/tls/certs/server-chain.pem"`
18	`ssl.honor-cipher-order = "enable"`	-
19	`ssl.cipher-list = "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"`	-
20	`var.server_name = "alcasar.localdomain"`	18	`var.server_name = "alcasar.localdomain"`
21	`server.name = server_name`	19	`server.name = server_name`
22	`server.document-root = "/var/www/html"`	20	`server.document-root = "/var/www/html"`
23	`}`	21	`}`
24		22
25	`$HTTP["scheme"] == "https" {`	23	`$HTTP["scheme"] == "https" {`
26	`alias.url = (`	24	`alias.url = (`
27	`"/save" => "/var/Save"`	25	`"/save" => "/var/Save"`
28	`)`	26	`)`
29	`# Digest authentication configuration`	27	`# Digest authentication configuration`
30	`auth.backend = "htdigest"`	28	`auth.backend = "htdigest"`
31	`auth.require = (`	29	`auth.require = (`
32	`"/acc/" =>`	30	`"/acc/" =>`
33	`(`	31	`(`
34	`"method" => "digest",`	32	`"method" => "digest",`
35	`"realm" => "ALCASAR Control Center (ACC)",`	33	`"realm" => "ALCASAR Control Center (ACC)",`
36	`"require" => "valid-user"`	34	`"require" => "valid-user"`
37	`),`	35	`),`
38	`"/save/" =>`	36	`"/save/" =>`
39	`(`	37	`(`
40	`"method" => "digest",`	38	`"method" => "digest",`
41	`"realm" => "ALCASAR Control Center (ACC)",`	39	`"realm" => "ALCASAR Control Center (ACC)",`
42	`"require" => "valid-user"`	40	`"require" => "valid-user"`
43	`)`	41	`)`
44	`)`	42	`)`
45	`$HTTP["url"] =~ "^/(acc\|save)/" {`	43	`$HTTP["url"] =~ "^/(acc\|save)/" {`
46	`# Setting digest files according access permissions`	44	`# Setting digest files according access permissions`
47	`$HTTP["url"] =~ "^/acc/" {`	45	`$HTTP["url"] =~ "^/acc/" {`
48	`auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_all"`	46	`auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_all"`
49	`$HTTP["url"] =~ "^/acc/admin" {`	47	`$HTTP["url"] =~ "^/acc/admin" {`
50	`auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_admin"`	48	`auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_admin"`
51	`}`	49	`}`
52	`$HTTP["url"] =~ "^/acc/manager/" {`	50	`$HTTP["url"] =~ "^/acc/manager/" {`
53	`auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_manager"`	51	`auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_manager"`
54	`}`	52	`}`
55	`$HTTP["url"] =~ "^/acc/backup/" {`	53	`$HTTP["url"] =~ "^/acc/backup/" {`
56	`auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_backup"`	54	`auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_backup"`
57	`}`	55	`}`
58	`}`	56	`}`
59	`$HTTP["url"] =~ "^/save" {`	57	`$HTTP["url"] =~ "^/save" {`
60	`auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_backup"`	58	`auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_backup"`
61	`# Enabling directory listing`	59	`# Enabling directory listing`
62	`dir-listing.activate = "enable"`	60	`dir-listing.activate = "enable"`
63	`}`	61	`}`
64	`}`	62	`}`
65	`}`	63	`}`
66		64
67	`$HTTP["scheme"] == "http" {`	65	`$HTTP["scheme"] == "http" {`
68	`# Force HTTPS for specific pages`	66	`# Force HTTPS for specific pages`
69	`$HTTP["url"] =~ "^/(acc\|save)" {`	67	`$HTTP["url"] =~ "^/(acc\|save)" {`
70	`$HTTP["host"] =~ ".*" {`	68	`$HTTP["host"] =~ ".*" {`
71	`url.redirect = (".*" => "https://%0$0")`	69	`url.redirect = (".*" => "https://%0$0")`
72	`}`	70	`}`
73	`}`	71	`}`
74	`}`	72	`}`
75		73