ansible/sonic/lighttpd.conf

server.modules = (
    "mod_access",
    "mod_accesslog",
    "mod_alias",
    "mod_compress",
    "mod_redirect",
    "mod_setenv",
    "mod_rewrite",
    "mod_proxy",
    "mod_cgi",
    "mod_openssl",
)

server.document-root        = "/var/www/html"
server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
server.errorlog             = "/var/log/lighttpd/error.log"
accesslog.filename          = "/var/log/lighttpd/access.log"
server.pid-file             = "/var/run/lighttpd.pid"
server.username             = "www-data"
server.groupname            = "www-data"
server.port                 = 80

dir-listing.activate = "enable"
dir-listing.encoding = "utf-8"

index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
url.access-deny             = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

compress.cache-dir          = "/var/cache/lighttpd/compress/"
compress.filetype           = ( "application/javascript", "text/css", "text/html", "text/plain" )

# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
# not here anymore see next line : include_shell "/usr/share/lighttpd/create-mime.assign.pl"
include_shell "/usr/share/lighttpd/create-mime.conf.pl"
#include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
include "/etc/lighttpd/conf-enabled/*.conf"

### FUZ.RE ###
### Wiki pas encore hébergé ici ###
$HTTP["host"] == "wiki.fuz.re" {
    server.document-root = "/var/www/fuz.re/dokuwiki/"
    $HTTP["scheme"] == "http" {
        url.redirect = (".*" => "https://wiki.fuz.re$0")
    }

    $HTTP["scheme"] == "https" {
        $HTTP["url"] =~ "^/" {
          server.follow-symlink = "enable"
        }

        $HTTP["url"] =~ "/(\.|_)ht" {
          url.access-deny = ( "" )
        }
        $HTTP["url"] =~ "^/(bin|data|inc|conf)" {
          url.access-deny = ( "" )
        }
#        $SERVER["socket"] == ":443" {
#                ssl.engine  = "enable"
        #       ssl.ca-file = "/etc/letsencrypt/live/wiki.fuz.re/fullchain.pem"
#                ssl.pemfile = "/etc/lighttpd/certs/wiki.fuz.re.pem"
#        }
    }
}

# Redirect www -> https without www
$HTTP["host"] == "www.fuz.re" {
    $HTTP["scheme"] == "http" {
        url.redirect = (".*" => "https://fuz.re$0")
    }
}
# Redirect http -> https without www
$HTTP["host"] == "fuz.re" {
    $HTTP["scheme"] == "http" {
        url.redirect = (".*" => "https://fuz.re$0")
    }
    # HTTPS :
    $HTTP["scheme"] == "https" {
	server.document-root = "/var/www/fuz.re/newsite/public"
        $SERVER["socket"] == ":443" {
			ssl.engine  = "enable"
			ssl.pemfile = "/etc/letsencrypt/live/fuz.re/fullchain.pem"
			ssl.privkey = "/etc/letsencrypt/live/fuz.re/privkey.pem"
		}
    }
}

# Old Jack.tf
$HTTP["host"] == "jack.fuz.re" {
    server.document-root = "/var/www/fuz.re/jack/site"
    $HTTP["scheme"] == "http" {
         $HTTP["url"] !~ "^/.well-known/acme-challenge/" {
         url.redirect = (".*" => "https://jack.fuz.re$0")
         }
    }
    $HTTP["scheme"] == "https" {
	$SERVER["socket"] == ":443" {
             ssl.engine  = "enable"
		ssl.pemfile = "/etc/letsencrypt/live/jack.fuz.re/fullchain.pem"
		ssl.privkey = "/etc/letsencrypt/live/jack.fuz.re/privkey.pem"
        }
    }
}


$HTTP["host"] == "riot.fuz.re" {
    server.document-root = "/var/www/fuz.re/riot/site"
    $HTTP["scheme"] == "http" {
		$HTTP["url"] !~ "^/.well-known/acme-challenge/" {
	            url.redirect = (".*" => "https://riot.fuz.re$0")
		}
    }
    $HTTP["scheme"] == "https" {
        alias.url = (
                "/rc" => "/var/www/fuz.re/riot/rc"
        )

	$SERVER["socket"] == ":443" {
                ssl.engine  = "enable"
		ssl.pemfile = "/etc/letsencrypt/live/riot.fuz.re/fullchain.pem"
		ssl.privkey = "/etc/letsencrypt/live/riot.fuz.re/privkey.pem"
        }
    }
}

$HTTP["host"] == "matrix.fuz.re" {
    server.document-root = "/var/www/fuz.re/matrix/site"
    $HTTP["scheme"] == "http" {
		$HTTP["url"] !~ "^/.well-known/acme-challenge/" {
			url.redirect = (".*" => "https://matrix.fuz.re$0")
		}
    }
    $SERVER["socket"] == ":443" {
    	ssl.engine  = "enable"
	ssl.pemfile = "/etc/letsencrypt/live/matrix.fuz.re/fullchain.pem"
	ssl.privkey = "/etc/letsencrypt/live/matrix.fuz.re/privkey.pem"
    	proxy.server = ( "" => (( "host" => "127.0.0.1", "port" => 8008 )))
    	proxy.header = ( "map-host-request" => ( "-" => "matrix.fuz.re"),
    			     "map-host-response" => ("-" => "-"))
    }
    $SERVER["socket"] == ":8448" {
    	ssl.engine  = "enable"
	ssl.pemfile = "/etc/letsencrypt/live/matrix.fuz.re/fullchain.pem"
	ssl.privkey = "/etc/letsencrypt/live/matrix.fuz.re/privkey.pem"
    	proxy.server = ( "" => (( "host" => "127.0.0.1", "port" => 8008 )))
    	proxy.header = ( "map-host-request" => ( "-" => "matrix.fuz.re"),
    			     "map-host-response" => ("-" => "-"))
    }
}

$HTTP["host"] == "mumble.fuz.re" {
    $HTTP["scheme"] == "http" {
    	server.document-root = "/var/www/fuz.re/mumble/site"
	$HTTP["url"] !~ "^/.well-known/acme-challenge/" {
		url.redirect = (".*" => "https://mumble.fuz.re$0")
	}
    }

    $SERVER["socket"] == ":443" {
    	ssl.engine  = "enable"
	ssl.pemfile = "/etc/letsencrypt/live/mumble.fuz.re/fullchain.pem"
	ssl.privkey = "/etc/letsencrypt/live/mumble.fuz.re/privkey.pem"
    	url.redirect-code = 302 # it's a workaround for retarded lighttpd unable to handle websockets, hence a temp 302 redirection -- Lomanic 20200606
    	url.redirect = (".*" => "https://mumble.fuz.re:64737$0")
    }
}


$HTTP["host"] == "presence.fuz.re" { # added by Lomanic 20200606
    $HTTP["scheme"] == "http" {
    	server.document-root = "/var/www/fuz.re/presence/site"
		$HTTP["url"] !~ "^/.well-known/acme-challenge/" {
			url.redirect = (".*" => "https://${url.authority}${url.path}${qsa}")
		}
    }

	$SERVER["socket"] == ":443" {
		ssl.engine  = "enable"
		proxy.server = ( "" => (("host" => "127.0.0.1", "port" => 3000)) )
		#ssl.ca-file = "/etc/letsencrypt/live/presence.fuz.re/chain.pem"
		#ssl.pemfile = "/etc/lighttpd/certs/presence.fuz.re.pem"

		ssl.pemfile = "/etc/letsencrypt/live/presence.fuz.re/fullchain.pem"
		ssl.privkey = "/etc/letsencrypt/live/presence.fuz.re/privkey.pem"
	}
}
$HTTP["host"] == "spaceapi.fuz.re" { # added by Lomanic 20201017
	$HTTP["scheme"] == "http" {
		server.document-root = "/var/www/fuz.re/spaceapi/site"
		$HTTP["url"] !~ "^/.well-known/acme-challenge/" {
			url.redirect = (".*" => "https://${url.authority}${url.path}${qsa}")
		}
	}

	$SERVER["socket"] == ":443" {
		ssl.engine  = "enable"
		proxy.server = ( "" => (("host" => "127.0.0.1", "port" => 3001)) )
		ssl.pemfile = "/etc/letsencrypt/live/spaceapi.fuz.re/fullchain.pem"
		ssl.privkey = "/etc/letsencrypt/live/spaceapi.fuz.re/privkey.pem"
	}
}

$HTTP["host"] == "sonic.fuz.re" {
	server.document-root = "/var/www/sonic.fuz.re/"
}

### Mailman ###
$HTTP["host"] == "liste.fuz.re" {
	server.document-root = "/var/www/fuz.re/liste/site"
	$HTTP["scheme"] == "http" {
		$HTTP["url"] !~ "^/.well-known/acme-challenge/" {
			url.redirect = (".*" => "https://liste.fuz.re$0")
		}
	}
	$SERVER["socket"] == ":443" {
		ssl.engine  = "enable"
		#ssl.ca-file = "/etc/letsencrypt/live/liste.fuz.re/chain.pem"
		#ssl.pemfile = "/etc/letsencrypt/live/liste.fuz.re/combined.pem"
		ssl.pemfile = "/etc/letsencrypt/live/liste.fuz.re/fullchain.pem"
		ssl.privkey = "/etc/letsencrypt/live/liste.fuz.re/privkey.pem"
	}
	alias.url = (
        "/mailman/" => "/usr/lib/cgi-bin/mailman/",
        "/cgi-bin/mailman/" => "/usr/lib/cgi-bin/mailman/",
        "/images/mailman/" => "/usr/share/images/mailman/",
        #"/pipermail/" => "/var/lib/mailman/archives/public/"
    )
    cgi.assign = (
        "/admin" => "",
        "/admindb" => "",
        "/confirm" => "",
        "/create" => "",
        "/edithtml" => "",
        "/listinfo" => "",
        "/options" => "",
        "/private" => "",
        "/rmlist" => "",
        "/roster" => "",
        "/subscribe" => "")
}

## Datapaulette - Pas hébérgé ici non plus
$HTTP["host"] =~ "www.datapaulette.org" {
	url.redirect = (".*" => "http://datapaulette.org")
}
$HTTP["host"] =~ "datapaulette.org" {
        server.error-handler-404 = "/index.php"
        server.document-root = "/var/www/datapaulette.org/dp-wp"
#        $SERVER["socket"] == ":443" {
#                ssl.engine  = "enable"
#                ssl.ca-file = "/etc/letsencrypt/live/datapaulette.org/fullchain.pem"
#                ssl.pemfile = "/etc/lighttpd/certs/datapaulette.org.pem"
#        }
        #url.rewrite = (
        #       "^/(.*)\.(.+)$" => "$0",
        #       ###"^/(wp-admin|wp-includes|wp-content|gallery2)/(.*)" => "$0",
        #       "^/(.+)/?$" => "/index.php/$1"
        #)
}

### WOOTDEVICES.IO  - https à activer après copie des certs
$HTTP["host"] == "wootdevices.io" {
        server.document-root = "/var/www/wootdevices.io/site/"
#        $SERVER["socket"] == ":443" {
#                ssl.engine  = "enable"
#                ssl.ca-file = "/etc/letsencrypt/live/wootdevices.io/fullchain.pem"
#                ssl.pemfile = "/etc/lighttpd/certs/wootdevices.io.pem"
#        }
}
bootstrap 2022-06-14 20:33:48 +00:00			`server.modules = (`
			`"mod_access",`
			`"mod_accesslog",`
			`"mod_alias",`
			`"mod_compress",`
			`"mod_redirect",`
			`"mod_setenv",`
			`"mod_rewrite",`
			`"mod_proxy",`
			`"mod_cgi",`
			`"mod_openssl",`
			`)`

			`server.document-root = "/var/www/html"`
			`server.upload-dirs = ( "/var/cache/lighttpd/uploads" )`
			`server.errorlog = "/var/log/lighttpd/error.log"`
			`accesslog.filename = "/var/log/lighttpd/access.log"`
			`server.pid-file = "/var/run/lighttpd.pid"`
			`server.username = "www-data"`
			`server.groupname = "www-data"`
			`server.port = 80`

			`dir-listing.activate = "enable"`
			`dir-listing.encoding = "utf-8"`

			`index-file.names = ( "index.php", "index.html", "index.lighttpd.html" )`
			`url.access-deny = ( "~", ".inc" )`
			`static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )`

			`compress.cache-dir = "/var/cache/lighttpd/compress/"`
			`compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )`

			`# default listening port for IPv6 falls back to the IPv4 port`
			`include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port`
			`# not here anymore see next line : include_shell "/usr/share/lighttpd/create-mime.assign.pl"`
			`include_shell "/usr/share/lighttpd/create-mime.conf.pl"`
			`#include_shell "/usr/share/lighttpd/include-conf-enabled.pl"`
			`include "/etc/lighttpd/conf-enabled/*.conf"`

			`### FUZ.RE ###`
			`### Wiki pas encore hébergé ici ###`
			`$HTTP["host"] == "wiki.fuz.re" {`
			`server.document-root = "/var/www/fuz.re/dokuwiki/"`
			`$HTTP["scheme"] == "http" {`
			`url.redirect = (".*" => "https://wiki.fuz.re$0")`
			`}`

			`$HTTP["scheme"] == "https" {`
			`$HTTP["url"] =~ "^/" {`
			`server.follow-symlink = "enable"`
			`}`

			`$HTTP["url"] =~ "/(\.\|_)ht" {`
			`url.access-deny = ( "" )`
			`}`
			`$HTTP["url"] =~ "^/(bin\|data\|inc\|conf)" {`
			`url.access-deny = ( "" )`
			`}`
			`# $SERVER["socket"] == ":443" {`
			`# ssl.engine = "enable"`
			`# ssl.ca-file = "/etc/letsencrypt/live/wiki.fuz.re/fullchain.pem"`
			`# ssl.pemfile = "/etc/lighttpd/certs/wiki.fuz.re.pem"`
			`# }`
			`}`
			`}`

			`# Redirect www -> https without www`
			`$HTTP["host"] == "www.fuz.re" {`
			`$HTTP["scheme"] == "http" {`
			`url.redirect = (".*" => "https://fuz.re$0")`
			`}`
			`}`
			`# Redirect http -> https without www`
			`$HTTP["host"] == "fuz.re" {`
			`$HTTP["scheme"] == "http" {`
			`url.redirect = (".*" => "https://fuz.re$0")`
			`}`
			`# HTTPS :`
			`$HTTP["scheme"] == "https" {`
			`server.document-root = "/var/www/fuz.re/newsite/public"`
			`$SERVER["socket"] == ":443" {`
			`ssl.engine = "enable"`
			`ssl.pemfile = "/etc/letsencrypt/live/fuz.re/fullchain.pem"`
			`ssl.privkey = "/etc/letsencrypt/live/fuz.re/privkey.pem"`
			`}`
			`}`
			`}`

			`# Old Jack.tf`
			`$HTTP["host"] == "jack.fuz.re" {`
			`server.document-root = "/var/www/fuz.re/jack/site"`
			`$HTTP["scheme"] == "http" {`
			`$HTTP["url"] !~ "^/.well-known/acme-challenge/" {`
			`url.redirect = (".*" => "https://jack.fuz.re$0")`
			`}`
			`}`
			`$HTTP["scheme"] == "https" {`
			`$SERVER["socket"] == ":443" {`
			`ssl.engine = "enable"`
			`ssl.pemfile = "/etc/letsencrypt/live/jack.fuz.re/fullchain.pem"`
			`ssl.privkey = "/etc/letsencrypt/live/jack.fuz.re/privkey.pem"`
			`}`
			`}`
			`}`


			`$HTTP["host"] == "riot.fuz.re" {`
			`server.document-root = "/var/www/fuz.re/riot/site"`
			`$HTTP["scheme"] == "http" {`
			`$HTTP["url"] !~ "^/.well-known/acme-challenge/" {`
			`url.redirect = (".*" => "https://riot.fuz.re$0")`
			`}`
			`}`
			`$HTTP["scheme"] == "https" {`
			`alias.url = (`
			`"/rc" => "/var/www/fuz.re/riot/rc"`
			`)`

			`$SERVER["socket"] == ":443" {`
			`ssl.engine = "enable"`
			`ssl.pemfile = "/etc/letsencrypt/live/riot.fuz.re/fullchain.pem"`
			`ssl.privkey = "/etc/letsencrypt/live/riot.fuz.re/privkey.pem"`
			`}`
			`}`
			`}`

			`$HTTP["host"] == "matrix.fuz.re" {`
			`server.document-root = "/var/www/fuz.re/matrix/site"`
			`$HTTP["scheme"] == "http" {`
			`$HTTP["url"] !~ "^/.well-known/acme-challenge/" {`
			`url.redirect = (".*" => "https://matrix.fuz.re$0")`
			`}`
			`}`
			`$SERVER["socket"] == ":443" {`
			`ssl.engine = "enable"`
			`ssl.pemfile = "/etc/letsencrypt/live/matrix.fuz.re/fullchain.pem"`
			`ssl.privkey = "/etc/letsencrypt/live/matrix.fuz.re/privkey.pem"`
			`proxy.server = ( "" => (( "host" => "127.0.0.1", "port" => 8008 )))`
			`proxy.header = ( "map-host-request" => ( "-" => "matrix.fuz.re"),`
			`"map-host-response" => ("-" => "-"))`
			`}`
			`$SERVER["socket"] == ":8448" {`
			`ssl.engine = "enable"`
			`ssl.pemfile = "/etc/letsencrypt/live/matrix.fuz.re/fullchain.pem"`
			`ssl.privkey = "/etc/letsencrypt/live/matrix.fuz.re/privkey.pem"`
			`proxy.server = ( "" => (( "host" => "127.0.0.1", "port" => 8008 )))`
			`proxy.header = ( "map-host-request" => ( "-" => "matrix.fuz.re"),`
			`"map-host-response" => ("-" => "-"))`
			`}`
			`}`

			`$HTTP["host"] == "mumble.fuz.re" {`
			`$HTTP["scheme"] == "http" {`
			`server.document-root = "/var/www/fuz.re/mumble/site"`
			`$HTTP["url"] !~ "^/.well-known/acme-challenge/" {`
			`url.redirect = (".*" => "https://mumble.fuz.re$0")`
			`}`
			`}`

			`$SERVER["socket"] == ":443" {`
			`ssl.engine = "enable"`
			`ssl.pemfile = "/etc/letsencrypt/live/mumble.fuz.re/fullchain.pem"`
			`ssl.privkey = "/etc/letsencrypt/live/mumble.fuz.re/privkey.pem"`
			`url.redirect-code = 302 # it's a workaround for retarded lighttpd unable to handle websockets, hence a temp 302 redirection -- Lomanic 20200606`
			`url.redirect = (".*" => "https://mumble.fuz.re:64737$0")`
			`}`
			`}`



			`$HTTP["host"] == "presence.fuz.re" { # added by Lomanic 20200606`
			`$HTTP["scheme"] == "http" {`
			`server.document-root = "/var/www/fuz.re/presence/site"`
			`$HTTP["url"] !~ "^/.well-known/acme-challenge/" {`
			`url.redirect = (".*" => "https://${url.authority}${url.path}${qsa}")`
			`}`
			`}`

			`$SERVER["socket"] == ":443" {`
			`ssl.engine = "enable"`
			`proxy.server = ( "" => (("host" => "127.0.0.1", "port" => 3000)) )`
			`#ssl.ca-file = "/etc/letsencrypt/live/presence.fuz.re/chain.pem"`
			`#ssl.pemfile = "/etc/lighttpd/certs/presence.fuz.re.pem"`

			`ssl.pemfile = "/etc/letsencrypt/live/presence.fuz.re/fullchain.pem"`
			`ssl.privkey = "/etc/letsencrypt/live/presence.fuz.re/privkey.pem"`
			`}`
			`}`
			`$HTTP["host"] == "spaceapi.fuz.re" { # added by Lomanic 20201017`
			`$HTTP["scheme"] == "http" {`
			`server.document-root = "/var/www/fuz.re/spaceapi/site"`
			`$HTTP["url"] !~ "^/.well-known/acme-challenge/" {`
			`url.redirect = (".*" => "https://${url.authority}${url.path}${qsa}")`
			`}`
			`}`

			`$SERVER["socket"] == ":443" {`
			`ssl.engine = "enable"`
			`proxy.server = ( "" => (("host" => "127.0.0.1", "port" => 3001)) )`
			`ssl.pemfile = "/etc/letsencrypt/live/spaceapi.fuz.re/fullchain.pem"`
			`ssl.privkey = "/etc/letsencrypt/live/spaceapi.fuz.re/privkey.pem"`
			`}`
			`}`

			`$HTTP["host"] == "sonic.fuz.re" {`
			`server.document-root = "/var/www/sonic.fuz.re/"`
			`}`

			`### Mailman ###`
			`$HTTP["host"] == "liste.fuz.re" {`
			`server.document-root = "/var/www/fuz.re/liste/site"`
			`$HTTP["scheme"] == "http" {`
			`$HTTP["url"] !~ "^/.well-known/acme-challenge/" {`
			`url.redirect = (".*" => "https://liste.fuz.re$0")`
			`}`
			`}`
			`$SERVER["socket"] == ":443" {`
			`ssl.engine = "enable"`
			`#ssl.ca-file = "/etc/letsencrypt/live/liste.fuz.re/chain.pem"`
			`#ssl.pemfile = "/etc/letsencrypt/live/liste.fuz.re/combined.pem"`
			`ssl.pemfile = "/etc/letsencrypt/live/liste.fuz.re/fullchain.pem"`
			`ssl.privkey = "/etc/letsencrypt/live/liste.fuz.re/privkey.pem"`
			`}`
			`alias.url = (`
			`"/mailman/" => "/usr/lib/cgi-bin/mailman/",`
			`"/cgi-bin/mailman/" => "/usr/lib/cgi-bin/mailman/",`
			`"/images/mailman/" => "/usr/share/images/mailman/",`
			`#"/pipermail/" => "/var/lib/mailman/archives/public/"`
			`)`
			`cgi.assign = (`
			`"/admin" => "",`
			`"/admindb" => "",`
			`"/confirm" => "",`
			`"/create" => "",`
			`"/edithtml" => "",`
			`"/listinfo" => "",`
			`"/options" => "",`
			`"/private" => "",`
			`"/rmlist" => "",`
			`"/roster" => "",`
			`"/subscribe" => "")`
			`}`

			`## Datapaulette - Pas hébérgé ici non plus`
			`$HTTP["host"] =~ "www.datapaulette.org" {`
			`url.redirect = (".*" => "http://datapaulette.org")`
			`}`
			`$HTTP["host"] =~ "datapaulette.org" {`
			`server.error-handler-404 = "/index.php"`
			`server.document-root = "/var/www/datapaulette.org/dp-wp"`
			`# $SERVER["socket"] == ":443" {`
			`# ssl.engine = "enable"`
			`# ssl.ca-file = "/etc/letsencrypt/live/datapaulette.org/fullchain.pem"`
			`# ssl.pemfile = "/etc/lighttpd/certs/datapaulette.org.pem"`
			`# }`
			`#url.rewrite = (`
			`# "^/(.*)\.(.+)$" => "$0",`
			`# ###"^/(wp-admin\|wp-includes\|wp-content\|gallery2)/(.*)" => "$0",`
			`# "^/(.+)/?$" => "/index.php/$1"`
			`#)`
			`}`

			`### WOOTDEVICES.IO - https à activer après copie des certs`
			`$HTTP["host"] == "wootdevices.io" {`
			`server.document-root = "/var/www/wootdevices.io/site/"`
			`# $SERVER["socket"] == ":443" {`
			`# ssl.engine = "enable"`
			`# ssl.ca-file = "/etc/letsencrypt/live/wootdevices.io/fullchain.pem"`
			`# ssl.pemfile = "/etc/lighttpd/certs/wootdevices.io.pem"`
			`# }`
			`}`