-
Notifications
You must be signed in to change notification settings - Fork 3
/
lighttpd_custom.conf
30 lines (26 loc) · 1.1 KB
/
lighttpd_custom.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# Modern configuration from
# https://ssl-config.mozilla.org/
# Last verified: 22 October 2022
server.port = 443
# Port 80 is disabled, but this doesn't hurt...
$HTTP["scheme"] == "http" {
url.redirect = ("" => "https://${url.authority}${url.path}${qsa}")
}
$HTTP["scheme"] == "https" {
# HTTP Strict Transport Security (63072000 seconds)
setenv.add-response-header = (
"Strict-Transport-Security" => "max-age=63072000"
)
setenv.add-environment = (
"HTTPS" => "on"
)
}
# lighttpd 1.4.56 and later will inherit ssl.* from the global scope if
# $SERVER["socket"] contains ssl.engine = "enable" and no other ssl.* options
# (to avoid having to repeat ssl.* directives in both ":443" and "[::]:443")
$SERVER["socket"] == ":443" { ssl.engine = "enable" }
$SERVER["socket"] == "[::]:443" { ssl.engine = "enable" }
ssl.privkey = "/etc/lighttpd/certs/domain.example.com/domain.example.com.key"
ssl.pemfile = "/etc/lighttpd/certs/domain.example.com/fullchain.cer"
ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1.3")
ssl.openssl.ssl-conf-cmd += ("Options" => "-ServerPreference")