Article

各种 Web 服务器的样板配置「Lighttpd」

Lighttpd 服务器配置

安全性,速度,合规性和灵活性 - 所有这些是描述 Lighttpd 的,这是一个快速的网络服务器,它重新定义效率; 因为它是为高性能环境而设计和优化的。与其他传统的 Web 服务器相比,内存占用量较小,有效管理 cpu 负载和高级功能集(FastCGI,SCGI,Auth,Output-Compression,URL 重写等)lighttpd 是每台服务器负载的理想解决方案。并且它是经过修订的 BSD 许可的开放源代码许可。

安装 lighttpd

sudo apt-get install lighttpd   #安装lighttpd

基本命令和配置路径

  • 修改配置文件
vi /etc/lighttpd/lighttpd.conf
  • 重新载入配置文件
sudo service lighttpd reload
  • 重启系统
sudo /etc/init.d/lighttpd restart
  • 配置文件路径
/etc/lighttpd/lighttpd.conf
  • 模块配置文件路径
/etc/lighttpd/modules.conf
  • 各功能模块配置文件路径
/etc/lighttpd/conf.d/
  • 虚拟主机配置文件位置
/etc/lighttpd/vhosts.d/

配置文件样板

H5bp 推荐配置文件

# Lighttpd Server Configs | MIT License
# https://github.com/h5bp/server-configs-lighttpd

# http://redmine.lighttpd.net/projects/lighttpd/wiki

# Run as an unprivileged user
server.username = "www"
server.groupname = "www"

# Help the rc.scripts
server.pid-file = "/var/run/lighttpd/lighttpd.pid"

# A static document-root. For virtual hosting take a look at the
# mod_simple_vhost module.
server.document-root = "/var/www/sites/go/here/"

# Avoid revealing the server name and version number
server.tag = ""

# Disable directory listing
server.dir-listing = "disable"

# Modules to load
# at least mod_access and mod_accesslog should be loaded
# mod_expire should go above mod_compress (and mod_fcgi if you use it)
# otherwise expire headers will not be applied to compressed documents.
server.modules = (
    "mod_access",
    "mod_accesslog",
    "mod_redirect",
    "mod_expire",
    "mod_compress",
    "mod_setenv"
)

# Sent Response Headers
# opt-in to the future - remove meta tag from page
setenv.add-response-header = ( "X-UA-Compatible" => "IE=edge" )

# File uploads
# Make sure this folder exists and is writable to server.username
server.upload-dirs = ( "/tmp/lighttpd/uploads" )

# Where to send error-messages to
server.errorlog = "/var/log/lighttpd/error.log"

# Accesslog module
accesslog.filename = "/var/log/lighttpd/access.log"

# Compression
# Make sure this folder exists and is writable to server.username
compress.cache-dir = "/tmp/lighttpd/compress/"
compress.filetype = (
    "application/atom+xml",
    "application/javascript",
    "application/json",
    "application/ld+json",
    "application/manifest+json",
    "application/rdf+xml",
    "application/rss+xml",
    "application/schema+json",
    "application/vnd.geo+json",
    "application/vnd.ms-fontobject",
    "application/x-font-ttf",
    "application/x-javascript",
    "application/x-web-app-manifest+json",
    "application/xhtml+xml",
    "application/xml",
    "font/eot",
    "font/opentype",
    "image/bmp",
    "image/svg+xml",
    "image/vnd.microsoft.icon",
    "image/x-icon",
    "text/cache-manifest",
    "text/css",
    "text/html",
    "text/javascript",
    "text/plain",
    "text/vcard",
    "text/vnd.rim.location.xloc",
    "text/vtt",
    "text/x-component",
    "text/x-cross-domain-policy",
    "text/xml",
)

# Files to check for if .../ is requested
index-file.names = (
    "index.html",
    "index.htm",
)

# Set the event-handler (read the performance section in the manual)
# server.event-handler = "freebsd-kqueue" # needed on OS X


# Serve resources with the proper media types (f.k.a. MIME types).
# https://www.iana.org/assignments/media-types/media-types.xhtml

mimetype.assign = (

  # Data interchange

    ".atom"          =>  "application/atom+xml",
    ".geojson"       =>  "application/vnd.geo+json",
    ".json"          =>  "application/json",
    ".jsonld"        =>  "application/ld+json",
    ".map"           =>  "application/json",
    ".rdf"           =>  "application/xml",
    ".rss"           =>  "application/rss+xml",
    ".topojson"      =>  "application/json",
    ".xml"           =>  "application/xml",


  # JavaScript

    # Normalize to standard type.
    # https://tools.ietf.org/html/rfc4329#section-7.2

    ".js"            =>  "application/javascript",


  # Manifest files

    ".webapp"        =>  "application/x-web-app-manifest+json",
    ".appcache"      =>  "text/cache-manifest",
    ".webmanifest"   =>  "application/manifest+json",


  # Media files

    ".avi"           =>  "video/x-msvideo",
    ".bmp"           =>  "image/bmp",
    ".f4a"           =>  "audio/mp4",
    ".f4b"           =>  "audio/mp4",
    ".f4p"           =>  "video/mp4",
    ".f4v"           =>  "video/mp4",
    ".flv"           =>  "video/x-flv",
    ".gif"           =>  "image/gif",
    ".jpeg"          =>  "image/jpeg",
    ".jpg"           =>  "image/jpeg",
    ".m4a"           =>  "audio/mp4",
    ".m4v"           =>  "video/mp4",
    ".mov"           =>  "video/quicktime",
    ".mp3"           =>  "audio/mpeg",
    ".mp4"           =>  "video/mp4",
    ".mpeg"          =>  "video/mpeg",
    ".mpg"           =>  "video/mpeg",
    ".oga"           =>  "audio/ogg",
    ".ogg"           =>  "audio/ogg",
    ".ogv"           =>  "video/ogg",
    ".opus"          =>  "audio/ogg",
    ".png"           =>  "image/png",
    ".svg"           =>  "image/svg+xml",
    ".svgz"          =>  "image/svg+xml",
    ".wav"           =>  "audio/x-wav",
    ".wax"           =>  "audio/x-ms-wax",
    ".webm"          =>  "video/webm",
    ".webp"          =>  "image/webp",
    ".wma"           =>  "audio/x-ms-wma",
    ".wmv"           =>  "video/x-ms-wmv",
    ".xbm"           =>  "image/x-xbitmap",


    # Serving `.ico` image files with a different media type
    # prevents Internet Explorer from displaying then as images:
    # https://github.com/h5bp/html5-boilerplate/commit/37b5fec090d00f38de64b591bcddcb205aadf8ee

    ".cur"           =>  "image/x-icon",
    ".ico"           =>  "image/x-icon",


  # Web fonts

    ".woff"          =>  "application/font-woff",
    ".woff2"         =>  "application/font-woff2",
    ".eot"           =>  "application/vnd.ms-fontobject",

    # Browsers usually ignore the font media types and simply sniff
    # the bytes to figure out the font type.
    # https://mimesniff.spec.whatwg.org/#matching-a-font-type-pattern
    #
    # However, Blink and WebKit based browsers will show a warning
    # in the console if the following font types are served with any
    # other media types.

    ".otf"           =>  "font/opentype",
    ".ttc"           =>  "application/x-font-ttf",
    ".ttf"           =>  "application/x-font-ttf",


  # Other

    ".bbaw"         =>  "application/x-bb-appworld",
    ".bz2"          =>  "application/x-bzip",
    ".conf"         =>  "text/plain",
    ".crx"          =>  "application/x-chrome-extension",
    ".css"          =>  "text/css",
    ".gz"           =>  "application/x-gzip",
    ".htc"          =>  "text/x-component",
    ".htm"          =>  "text/html",
    ".html"         =>  "text/html",
    ".jar"          =>  "application/x-java-archive",
    ".log"          =>  "text/plain",
    ".oex"          =>  "application/x-opera-extension",
    ".pac"          =>  "application/x-ns-proxy-autoconfig",
    ".pdf"          =>  "application/pdf",
    ".ps"           =>  "application/postscript",
    ".qt"           =>  "video/quicktime",
    ".safariextz"   =>  "application/octet-stream",
    ".sig"          =>  "application/pgp-signature",
    ".spl"          =>  "application/futuresplash",
    ".swf"          =>  "application/x-shockwave-flash",
    ".tar"          =>  "application/x-tar",
    ".tar.bz2"      =>  "application/x-bzip-compressed-tar",
    ".tar.gz"       =>  "application/x-tgz",
    ".tbz"          =>  "application/x-bzip-compressed-tar",
    ".text"         =>  "text/plain",
    ".tgz"          =>  "application/x-tgz",
    ".torrent"      =>  "application/x-bittorrent",
    ".txt"          =>  "text/plain",
    ".vcard"        =>  "text/vcard",
    ".vcf"          =>  "text/vcard",
    ".vtt"          =>  "text/vtt",
    ".xloc"         =>  "text/vnd.rim.location.xloc",
    ".xpi"          =>  "application/x-xpinstall",
    ".xpm"          =>  "image/x-xpixmap",
    ".xwd"          =>  "image/x-xwindowdump",
    ".zip"          =>  "application/zip",


  # Default MIME type

    ""              =>      "application/octet-stream"

)

# Block access to backup and source files.
url.access-deny = ( "~", ".inc" )

$HTTP["url"] =~ "\.pdf$" {
    server.range-requests = "disable"
}

# Extensions that should not be handle via static-file transfer.
# .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

# Bind to all IPs, or change to a specific IP.
server.bind = "0.0.0.0"

# Expires headers (for better cache control)
# The following expires headers are set pretty far in the future. If you don't
# control versioning with filename-based cache busting, consider lowering the
# cache time for resources like CSS and JS to something like 1 week.

# CSS
$HTTP["url"] =~ ".css" {
    expire.url = ( "" => "access plus 1 years" )
}

# Data interchange
$HTTP["url"] =~ ".(json|xml)" {
    expire.url = ( "" => "access plus 0 seconds" )
}

# Favicon
$HTTP["url"] =~ ".ico" {
    expire.url = ( "" => "access plus 7 days" )
}

# HTML components (HTCs)
$HTTP["url"] =~ ".htc" {
    expire.url = ( "" => "access plus 1 months" )
}

# HTML
$HTTP["url"] =~ ".html" {
    expire.url = ( "" => "access plus 0 seconds" )
}

# JavaScript
$HTTP["url"] =~ ".js" {
    expire.url = ( "" => "access plus 1 years" )
}

# Manifest files
$HTTP["url"] =~ ".(appcache|manifest|webapp)" {
    expire.url = ( "" => "access plus 0 seconds" )
}

$HTTP["url"] =~ ".webmanifest" {
    expire.url = ( "" => "access plus 1 week" )
}

# Media
$HTTP["url"] =~ ".(gif|jpg|jpeg|png|m4a|f4a|f4b|oga|ogg|webm)" {
    expire.url = ( "" => "access plus 1 months" )
}

# Web feeds
$HTTP["url"] =~ ".(atom|rss)" {
    expire.url = ( "" => "access plus 1 hours" )
}

# Web fonts
$HTTP["url"] =~ ".(eot|otf|svg|svgz|ttf|ttc|woff)" {
    expire.url = ( "" => "access plus 1 months" )
}

# Default
expire.url = ( "" => "access plus 1 months" )

官方配置文件样板

Sample Configuration File

其他服务器配置样本

「Apache」 「IIS」 「Lighttpd」 「Nginx」