server.modules = ( "mod_access", "mod_accesslog", "mod_alias", "mod_compress", "mod_redirect", "mod_setenv", "mod_rewrite", "mod_proxy", "mod_cgi", "mod_openssl", ) server.document-root = "/var/www/html" server.upload-dirs = ( "/var/cache/lighttpd/uploads" ) server.errorlog = "/var/log/lighttpd/error.log" accesslog.filename = "/var/log/lighttpd/access.log" server.pid-file = "/var/run/lighttpd.pid" server.username = "www-data" server.groupname = "www-data" server.port = 80 dir-listing.activate = "enable" dir-listing.encoding = "utf-8" index-file.names = ( "index.php", "index.html", "index.lighttpd.html" ) url.access-deny = ( "~", ".inc" ) static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) compress.cache-dir = "/var/cache/lighttpd/compress/" compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" ) # default listening port for IPv6 falls back to the IPv4 port include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port # not here anymore see next line : include_shell "/usr/share/lighttpd/create-mime.assign.pl" include_shell "/usr/share/lighttpd/create-mime.conf.pl" #include_shell "/usr/share/lighttpd/include-conf-enabled.pl" include "/etc/lighttpd/conf-enabled/*.conf" ### FUZ.RE ### ### Wiki pas encore hébergé ici ### $HTTP["host"] == "wiki.fuz.re" { server.document-root = "/var/www/fuz.re/dokuwiki/" $HTTP["scheme"] == "http" { url.redirect = (".*" => "https://wiki.fuz.re$0") } $HTTP["scheme"] == "https" { $HTTP["url"] =~ "^/" { server.follow-symlink = "enable" } $HTTP["url"] =~ "/(\.|_)ht" { url.access-deny = ( "" ) } $HTTP["url"] =~ "^/(bin|data|inc|conf)" { url.access-deny = ( "" ) } # $SERVER["socket"] == ":443" { # ssl.engine = "enable" # ssl.ca-file = "/etc/letsencrypt/live/wiki.fuz.re/fullchain.pem" # ssl.pemfile = "/etc/lighttpd/certs/wiki.fuz.re.pem" # } } } # Redirect www -> https without www $HTTP["host"] == "www.fuz.re" { $HTTP["scheme"] == "http" { url.redirect = (".*" => "https://fuz.re$0") } } # Redirect http -> https without www $HTTP["host"] == "fuz.re" { $HTTP["scheme"] == "http" { url.redirect = (".*" => "https://fuz.re$0") } # HTTPS : $HTTP["scheme"] == "https" { server.document-root = "/var/www/fuz.re/newsite/public" $SERVER["socket"] == ":443" { ssl.engine = "enable" ssl.pemfile = "/etc/letsencrypt/live/fuz.re/fullchain.pem" ssl.privkey = "/etc/letsencrypt/live/fuz.re/privkey.pem" } } } # Old Jack.tf $HTTP["host"] == "jack.fuz.re" { server.document-root = "/var/www/fuz.re/jack/site" $HTTP["scheme"] == "http" { $HTTP["url"] !~ "^/.well-known/acme-challenge/" { url.redirect = (".*" => "https://jack.fuz.re$0") } } $HTTP["scheme"] == "https" { $SERVER["socket"] == ":443" { ssl.engine = "enable" ssl.pemfile = "/etc/letsencrypt/live/jack.fuz.re/fullchain.pem" ssl.privkey = "/etc/letsencrypt/live/jack.fuz.re/privkey.pem" } } } $HTTP["host"] == "riot.fuz.re" { server.document-root = "/var/www/fuz.re/riot/site" $HTTP["scheme"] == "http" { $HTTP["url"] !~ "^/.well-known/acme-challenge/" { url.redirect = (".*" => "https://riot.fuz.re$0") } } $HTTP["scheme"] == "https" { alias.url = ( "/rc" => "/var/www/fuz.re/riot/rc" ) $SERVER["socket"] == ":443" { ssl.engine = "enable" ssl.pemfile = "/etc/letsencrypt/live/riot.fuz.re/fullchain.pem" ssl.privkey = "/etc/letsencrypt/live/riot.fuz.re/privkey.pem" } } } $HTTP["host"] == "matrix.fuz.re" { server.document-root = "/var/www/fuz.re/matrix/site" $HTTP["scheme"] == "http" { $HTTP["url"] !~ "^/.well-known/acme-challenge/" { url.redirect = (".*" => "https://matrix.fuz.re$0") } } $SERVER["socket"] == ":443" { ssl.engine = "enable" ssl.pemfile = "/etc/letsencrypt/live/matrix.fuz.re/fullchain.pem" ssl.privkey = "/etc/letsencrypt/live/matrix.fuz.re/privkey.pem" proxy.server = ( "" => (( "host" => "127.0.0.1", "port" => 8008 ))) proxy.header = ( "map-host-request" => ( "-" => "matrix.fuz.re"), "map-host-response" => ("-" => "-")) } $SERVER["socket"] == ":8448" { ssl.engine = "enable" ssl.pemfile = "/etc/letsencrypt/live/matrix.fuz.re/fullchain.pem" ssl.privkey = "/etc/letsencrypt/live/matrix.fuz.re/privkey.pem" proxy.server = ( "" => (( "host" => "127.0.0.1", "port" => 8008 ))) proxy.header = ( "map-host-request" => ( "-" => "matrix.fuz.re"), "map-host-response" => ("-" => "-")) } } $HTTP["host"] == "mumble.fuz.re" { $HTTP["scheme"] == "http" { server.document-root = "/var/www/fuz.re/mumble/site" $HTTP["url"] !~ "^/.well-known/acme-challenge/" { url.redirect = (".*" => "https://mumble.fuz.re$0") } } $SERVER["socket"] == ":443" { ssl.engine = "enable" ssl.pemfile = "/etc/letsencrypt/live/mumble.fuz.re/fullchain.pem" ssl.privkey = "/etc/letsencrypt/live/mumble.fuz.re/privkey.pem" url.redirect-code = 302 # it's a workaround for retarded lighttpd unable to handle websockets, hence a temp 302 redirection -- Lomanic 20200606 url.redirect = (".*" => "https://mumble.fuz.re:64737$0") } } $HTTP["host"] == "presence.fuz.re" { # added by Lomanic 20200606 $HTTP["scheme"] == "http" { server.document-root = "/var/www/fuz.re/presence/site" $HTTP["url"] !~ "^/.well-known/acme-challenge/" { url.redirect = (".*" => "https://${url.authority}${url.path}${qsa}") } } $SERVER["socket"] == ":443" { ssl.engine = "enable" proxy.server = ( "" => (("host" => "127.0.0.1", "port" => 3000)) ) #ssl.ca-file = "/etc/letsencrypt/live/presence.fuz.re/chain.pem" #ssl.pemfile = "/etc/lighttpd/certs/presence.fuz.re.pem" ssl.pemfile = "/etc/letsencrypt/live/presence.fuz.re/fullchain.pem" ssl.privkey = "/etc/letsencrypt/live/presence.fuz.re/privkey.pem" } } $HTTP["host"] == "spaceapi.fuz.re" { # added by Lomanic 20201017 $HTTP["scheme"] == "http" { server.document-root = "/var/www/fuz.re/spaceapi/site" $HTTP["url"] !~ "^/.well-known/acme-challenge/" { url.redirect = (".*" => "https://${url.authority}${url.path}${qsa}") } } $SERVER["socket"] == ":443" { ssl.engine = "enable" proxy.server = ( "" => (("host" => "127.0.0.1", "port" => 3001)) ) ssl.pemfile = "/etc/letsencrypt/live/spaceapi.fuz.re/fullchain.pem" ssl.privkey = "/etc/letsencrypt/live/spaceapi.fuz.re/privkey.pem" } } $HTTP["host"] == "sonic.fuz.re" { server.document-root = "/var/www/sonic.fuz.re/" } ### Mailman ### $HTTP["host"] == "liste.fuz.re" { server.document-root = "/var/www/fuz.re/liste/site" $HTTP["scheme"] == "http" { $HTTP["url"] !~ "^/.well-known/acme-challenge/" { url.redirect = (".*" => "https://liste.fuz.re$0") } } $SERVER["socket"] == ":443" { ssl.engine = "enable" #ssl.ca-file = "/etc/letsencrypt/live/liste.fuz.re/chain.pem" #ssl.pemfile = "/etc/letsencrypt/live/liste.fuz.re/combined.pem" ssl.pemfile = "/etc/letsencrypt/live/liste.fuz.re/fullchain.pem" ssl.privkey = "/etc/letsencrypt/live/liste.fuz.re/privkey.pem" } alias.url = ( "/mailman/" => "/usr/lib/cgi-bin/mailman/", "/cgi-bin/mailman/" => "/usr/lib/cgi-bin/mailman/", "/images/mailman/" => "/usr/share/images/mailman/", #"/pipermail/" => "/var/lib/mailman/archives/public/" ) cgi.assign = ( "/admin" => "", "/admindb" => "", "/confirm" => "", "/create" => "", "/edithtml" => "", "/listinfo" => "", "/options" => "", "/private" => "", "/rmlist" => "", "/roster" => "", "/subscribe" => "") } ## Datapaulette - Pas hébérgé ici non plus $HTTP["host"] =~ "www.datapaulette.org" { url.redirect = (".*" => "http://datapaulette.org") } $HTTP["host"] =~ "datapaulette.org" { server.error-handler-404 = "/index.php" server.document-root = "/var/www/datapaulette.org/dp-wp" # $SERVER["socket"] == ":443" { # ssl.engine = "enable" # ssl.ca-file = "/etc/letsencrypt/live/datapaulette.org/fullchain.pem" # ssl.pemfile = "/etc/lighttpd/certs/datapaulette.org.pem" # } #url.rewrite = ( # "^/(.*)\.(.+)$" => "$0", # ###"^/(wp-admin|wp-includes|wp-content|gallery2)/(.*)" => "$0", # "^/(.+)/?$" => "/index.php/$1" #) } ### WOOTDEVICES.IO - https à activer après copie des certs $HTTP["host"] == "wootdevices.io" { server.document-root = "/var/www/wootdevices.io/site/" # $SERVER["socket"] == ":443" { # ssl.engine = "enable" # ssl.ca-file = "/etc/letsencrypt/live/wootdevices.io/fullchain.pem" # ssl.pemfile = "/etc/lighttpd/certs/wootdevices.io.pem" # } }