友链
导航
These are the good times in your life,
so put on a smile and it'll be alright
友链
导航
TO READ: http://www.aslibra.com/blog/go.php/category/lighttpd/
server.reject-expect-100-with-417 = "disable"
lighttpd 配置的语法
option | NAME = VALUE |
merge | NAME += VALUE |
NAME | modulename.key |
VALUE | ( <string> | <integer> | <boolean> | <array> | VALUE [ + VALUE ]*) |
<string> | “text” |
<integer> | digit* |
<boolean> | ( "enable" | "disable" ) |
<array> | “(” [ <string> “⇒” ] <value> [, [ <string> “⇒” ] <value> ]* “)” |
INCLUDE | “include” VALUE |
INCLUDE_SHELL | “include_shell” STRING_VALUE |
lighttpd 最讨厌的地方就是 option 不可覆盖, 不是 duplicate 就是 has to
# default document-root server.document-root = "/var/www/example.org/pages/" # TCP port server.port = 80 # selecting modules server.modules = ( "mod_access", "mod_rewrite" ) # variables, computed when config is read. var.mymodule = "foo" server.modules += ( "mod_" + var.mymodule ) # var.PID is initialised to the pid of lighttpd before config is parsed # include, relative to dirname of main config file include "mime.types.conf" # read configuration from output of a command include_shell "/usr/local/bin/confmimetype /etc/mime.types"
<field> <operator> <value> { ... <field> <operator> <value> { ... nesting: match only when parent match } } else <field> <operator> <value> { ... the "else if" block }
where <field> is one of one of the following:
Field name | Description |
---|---|
$HTTP[“cookie”] | match on cookie |
$HTTP[“host”] | match on host |
$HTTP[“useragent”] | match on useragent |
$HTTP[“referer”] | match on referer |
$HTTP[“url”] | match on url. If there are nested blocks, this must be the most inner block. |
$HTTP[“querystring”] | match on querystring, eg, after the ? in this type url: index.php?module=images.. |
$HTTP[“remoteip”] | match on the remote IP or a remote Network (Warning: doesn't work with IPv6 enabled) |
$HTTP[“request-method”] | (Introduced in version 1.4.19) match on the request method. |
$HTTP[“scheme”] | (Introduced in version 1.4.19) match on the scheme used by the incoming connection. This is either “http” or “https”. |
$HTTP[“language”] | (Introduced in version 1.4.21) match on the Accept-Language header. |
$SERVER[“socket”] | match on socket. Value must be on the format “ip:port”, where ip is an IP address(optional) and port a port number. Only equal match (=![]() |
$PHYSICAL[“path”] | (Introduced in version 1.5.0) - match on the mapped physical path of the file / cgi script to be served. |
$PHYSICAL[“existing-path”] | (Introduced in version 1.5.0) - match on the mapped physical path of the file / cgi script to be served only if such a file exists on the local filesystem. |
<operator> is one of:
Operator | Value |
---|---|
== | string equal match |
!= | string not equal match |
=~ | perl style regular expression match |
!~ | perl style regular expression not match |
and <value> is either a quoted (“”) literal string or regular expression.
# disable directory-listings for /download/* dir-listing.activate = "enable" $HTTP["url"] =~ "^/download/" { dir-listing.activate = "disable" } # handle virtual hosting # map all domains of a top-level-domain to a single document-root $HTTP["host"] =~ "(^|\.)example\.org$" { server.document-root = "/var/www/htdocs/example.org/pages/" } # multiple sockets $SERVER["socket"] == "127.0.0.1:81" { server.document-root = "..." } $SERVER["socket"] == "127.0.0.1:443" { ssl.pemfile = "/var/www/certs/localhost.pem" ssl.engine = "enable" server.document-root = "/var/www/htdocs/secure.example.org/pages/" } # deny access for all googlebot $HTTP["useragent"] =~ "Google" { url.access-deny = ( "" ) } # deny access for all image stealers (anti-hotlinking for images) $HTTP["referer"] !~ "^($|http://www\.example\.org)" { url.access-deny = ( ".jpg", ".jpeg", ".png" ) } # deny the access to www.example.org to all user which # are not in the 10.0.0.0/8 network $HTTP["host"] == "www.example.org" { $HTTP["remoteip"] != "10.0.0.0/8" { url.access-deny = ( "" ) } } # Allow only 200.19.1.5 and 210.45.2.7 to # have access to www.example.org/admin/ $HTTP["host"] == "www.example.org" { #!~ is a perl style regular expression not match $HTTP["remoteip"] !~ "^(200\.19\.1\.5|210\.45\.2\.7)$" { $HTTP["url"] =~ "^/admin/" { url.access-deny = ( "" ) } } }
试用 “-t” or “-p” 可测试配置.
$ lighttpd -t -f lighttpd.conf # -p Print the parsed configuration file in its internal form and exit. # -t Test the configuration file for syntax errors and exit. # -t 和 -p 效果类似
在/etc/lighttpd/
下,有conf-available
、conf-enabled
目录和lighttpd.conf
文件。可将新的配置写在conf-available
目录中,2位数字说明加载顺序,并在conf-enabled
中ln -s
。
server.modules = ( "mod_rewrite", "mod_redirect", "mod_alias", "mod_access", "mod_auth", "mod_status", "mod_simple_vhost", "mod_evhost", "mod_userdir", "mod_secdownload", "mod_fastcgi", "mod_proxy", "mod_cgi", "mod_ssi", "mod_compress", "mod_usertrack", "mod_expire", "mod_rrdtool", "mod_accesslog" ) server.document-root = "/var/www/servers/www.example.org/pages/" server.port = 80 server.username = "www" server.groupname = "www" mimetype.assign = ( ".html" => "text/html", ".txt" => "text/plain", ".jpg" => "image/jpeg", ".png" => "image/png" ) static-file.exclude-extensions = ( ".fcgi", ".php", ".rb", "~", ".inc" ) index-file.names = ( "index.html" ) $HTTP["host"] == "www2.example.org" { server.document-root = "/var/www/servers/www2.example.org/pages/" $HTTP["url"] =~ "^/download/" { dir-listing.activate = "enable" } }
The order of the modules is important1):
语法:
<field> <operator> <value> { ... <field> <operator> <value> { ... nesting: match only when parent match } } else <field> <operator> <value> { ... the "else if" block }
使用 var.foo = “bar”
可声明变量, 其他地方就能用 foo
或 var.foo
使用变量.
即 setting a server wide configuration inside a included-file from conditionals. 方法是使用 global {…}
server.modules = () $HTTP["host"] == "www.example.org" { include "incl-php.conf" }
global { # <=== ATTENTION! server.modules += ("mod_fastcgi") static-file.exclude-extensions += (".php") } fastcgi.server = "..."
deny access to files.
url.access-deny = ( "~", ".inc")
我倾向在 accesslog 默认格式上加 %T: time used in seconds, 以检测请求处理耗时, 而位置可以在 %b: bytes sent for the body 旁边.
accesslog.format = "%h %V %u %t \"%r\" %>s %T %b \"%{Referer}i\" \"%{User-Agent}i\""
$ awk '{print $10, $7}' access.log | sort -n | tail 31 /lims/!equipments?st=60 31 /lims/!equipments?st=60 31 /lims/!equipments?st=60 31 /lims/!equipments?st=60 31 /lims/!equipments?st=60 31 /lims/!equipments?st=60 31 /lims/!equipments?st=60 31 /lims/!equipments?st=60 32 /lims/!equipments?st=60 #s addr
修改后 lighttpd reload & 需要手动 logrotate: logrotate –force /etc/logrotate.d/lighttpd
.
增加环境变量和 HTTP 请求/回复头
setenv.add-environment = ( "TRAC_ENV" => "lighttpd", "RAILS_ENV" => "production" )
setenv.add-response-header = ( "Content-Encoding" => "gzip" )
setenv.add-request-header = ( "X-Proxy" => server.name )
The alias module is used to specify a special document-root for a given url-subset.The alias module is used to specify a special document-root for a given url-subset.
# 第一处 alias.url = ( "/cgi-bin/" => "/var/www/servers/www.example.org/cgi-bin/" ) # 其他 alias.url += ( "/content" => "/var/www/servers/www.somecontent.org/" )
The redirect module is used to specify redirects for a set of URLs.
在系统升级/维护时, 可使用 mod_redirect 将所有访问转至 under construction
页面, 而不停止 lighttpd
url.redirect = ( "^/show/([0-9]+)/([0-9]+)$" => "http://www.example.org/show.php?isdn=$1&page$2", "^/get/([0-9]+)/([0-9]+)$" => "http://www.example.org/get.php?isdn=$1&page$2" ) # make an external redirect # from any www.host (with www.) to the host (without www.) $HTTP["host"] =~ "^www\.(.*)$" { url.redirect = ( "^/(.*)" => "http://%1/$1" ) }
internal redirects, url rewrite.
url rewriting does not work within a $HTTP[“url”] conditional.
通过 lua 脚本, allows you to do more complex URL rewrites and caching
lua 脚本虽然强大, 但由于 mod_magnet 由 lighttpd 执行, 会耗 lighttpd 的资源, 阻塞其他请求
$HTTP["host"] == "rails.example.com" { proxy.server += ( "" => ( ( "host" => "127.0.0.1", "port" => "3000" ) ) ) }
需注意, host 中不能用下划线 _
, 也许是 lighttpd 或 mod_proxy 的 bug, 带下划线的地址访问时 400 Bad Request.
CGI 要求每次请求都要 fork 一个 CGI 进程处理, fork 进程很耗资源, 尤其当 CGI 程序需要实时解释时.
解决方法一是使用编译好的 CGI 程序而不是脚本语言(这会影响编程的效率), 二是使用 FastCGI, 三是通过 mod_php 等 web server 模块让 CGI 程序在 server 内运行.
http://www.fastcgi.com FastCGI
FastCGI 像是一个常驻(long-live)型的 CGI,它可以一直执行着,只要激活后,不会每次都要花费时间去 fork 一次(这是 CGI 最为人诟病的 fork-and-execute 模式)。它还支持分布式的运算, 即 FastCGI 程序可以在网站服务器以外的主机上执行, 并且接受来自其它网站服务器来的请求。
http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ModFastCGI
( <extension> => ( [ <name> => ] ( # Be careful: lighty does *not* warn you if it doesn't know a specified option here (make sure you have no typos) "host" => <string> , "port" => <integer> , "socket" => <string>, # either socket or host+port "bin-path" => <string>, # optional "bin-environment" => <array>, # optional "bin-copy-environment" => <array>, # optional "mode" => <string>, # optional "docroot" => <string> , # optional if "mode" is not "authorizer" "check-local" => <string>, # optional "max-procs" => <integer>, # optional - when omitted, default is 4 "broken-scriptfilename" => <boolean>, # optional "fix-root-scriptname" => <boolean>, # optional, since 1.4.23 (option didn't work before 1.4.23) "disable-time" => <integer>, # optional "allow-x-send-file" => <boolean>, # optional "kill-signal" => <integer>, # optional, default is SIGTERM(15) (v1.4.14+) ), ( "host" => ... ) ) )
If bin-path is set:
## FastCGI programs have the same functionality as CGI programs, ## but are considerably faster through lower interpreter startup ## time and socketed communication ## ## Documentation: /usr/share/doc/lighttpd-doc/fastcgi.txt.gz ## http://www.lighttpd.net/documentation/fastcgi.html server.modules += ( "mod_fastcgi" ) ## Start an FastCGI server for php (needs the php5-cgi package) fastcgi.server = ( ".php" => (( "bin-path" => "/usr/bin/php-cgi", "socket" => "/tmp/php.socket", "max-procs" => 8, "idle-timeout" => 20, "bin-environment" => ( "PHP_FCGI_CHILDREN" => "10", "PHP_FCGI_MAX_REQUESTS" => "10000" ), "bin-copy-environment" => ( "PATH", "SHELL", "USER" ), "broken-scriptfilename" => "enable" )) )
以上配置可产生如下进程
$ pstree init───lighttpd───8*[php-cgi───10*[php-cgi]]
spawn-fcgi 折腾了一下午, 好像是可实现 PHP_FCGI_CHILDREN, 但 max-procs 怎么实现? 是要开多个进程使用多个端口么? 另外还有 PHP_FCGI_MAX_REQUESTS 怎么设置呢? spawn-fcgi 自 09 年至今已经没更新了.
后来看到这篇文章(早看到能省不少时间), php 5.3.3 已集成 php-fpm. 而 Ubuntu 10.04 LTS 以后 php 便是 5.3.3 了.
所以别在 spawn-fcgi 浪费时间了, 该看下 php-fpm.
— 2012/06/02 18:27
要清楚配置要随着系统性能设置改变
Since file descriptors are used for TCP/IP sockets, files and directories, a simple request for a PHP page might result in using 3 file descriptors:
As lighttpd is a single-threaded server, its main resource limit is the number of file descriptors, which is set to 1024 by default (on most systems).
超过限制后, 会产生 sockets disabled, connection limit reached 错误.
对于高负载站点, 可放宽此限制:
server.max-fds = 2048