#######################################################################
# @(#)(CAcert) $Id: crl.cacert.conf,v 1.3 2015/10/08 19:28:00 root Exp $
#######################################################################

var.log_root    = "/var/log/lighttpd"
var.server_root = "/srv/www"
var.state_dir   = "/var/run"
var.home_dir    = "/var/lib/lighttpd"
var.conf_dir    = "/etc/lighttpd"

var.cache_dir   = "/var/cache/lighttpd"
server.modules += ( "mod_compress" )
compress.cache-dir    = cache_dir + "/compress"
compress.filetype     = ("application/pkix-crl", "text/html")
compress.max-filesize = 0

server.username   = "lighttpd"
server.groupname  = "lighttpd"
server.core-files = "disable"

server.document-root  = server_root + "/htdocs"
server.follow-symlink = "enable"
index-file.names      = ( "index.html" )
server.tag            = "lighttpd"
server.pid-file       = state_dir + "/lighttpd.pid"

server.errorlog-use-syslog = "enable"

server.modules    += ( "mod_accesslog" )
accesslog.filename = log_root + "/access.log"
accesslog.format   = "%h %l %u %t \"%r\" %b %>s \"%{User-Agent}i\" \"%{Referer}i\""

server.event-handler     = "linux-sysepoll"
#server.network-backend  = "linux-sendfile"
server.network-backend   = "writev"
server.max-fds           = 1024
server.max-connections   = 512
server.stat-cache-engine = "simple"

mimetype.assign = (
   ".crl"  => "application/pkix-crl",
   ".html" => "text/html",
   ""      => "application/octet-stream",
)

# listen to ipv4
server.bind = "172.16.3.104"
server.port = "80"

#listen to ipv6
$SERVER["socket"] == "[2001:7b8:616:163::104]:80" {  }

# listen to ipv4 over SSL
$SERVER["socket"] == "172.16.3.104:443" {
   ssl.engine             = "enable"
   ssl.pemfile            = "/etc/lighttpd/ssl/crl.cacert.org.pem"
   ssl.use-sslv3          = "disable"
   ssl.cipher-list        = "kEECDH:kEDH:AESGCM:ALL:!3DES!RC4:!LOW:!EXP:!MD5:!aNULL:!eNULL"
   ssl.honor-cipher-order = "enable"
   ssl.ca-file            = "/etc/lighttpd/ssl/class3.crt"
}

# listen to ipv6 over SSL
$SERVER["socket"] == "[2001:7b8:616:163::104]:443" {
   ssl.engine             = "enable"
   ssl.pemfile            = "/etc/lighttpd/ssl/crl.cacert.org.pem"
   ssl.use-sslv3          = "disable"
   ssl.cipher-list        = "kEECDH:kEDH:AESGCM:ALL:!3DES!RC4:!LOW:!EXP:!MD5:!aNULL:!eNULL"
   ssl.honor-cipher-order = "enable"
   ssl.ca-file            = "/etc/lighttpd/ssl/class3.crt"
}