####################################################################### # @(#)(CAcert) $Id: ocsp.cacert.conf,v 1.2 2015/10/08 19:32:47 root Exp $ ####################################################################### var.log_root = "/var/log/lighttpd" var.server_root = "/srv/www" var.state_dir = "/var/run" var.home_dir = "/var/lib/lighttpd" var.conf_dir = "/etc/lighttpd" server.username = "lighttpd" server.groupname = "lighttpd" server.core-files = "disable" server.document-root = server_root + "/htdocs" server.tag = "lighttpd" server.pid-file = state_dir + "/lighttpd.pid" server.errorlog-use-syslog = "enable" server.modules += ( "mod_accesslog" ) accesslog.filename = log_root + "/access.log" accesslog.format = "%h %l %u %t \"%r\" %b %>s \"%{User-Agent}i\" \"%{Referer}i\"" server.modules += ( "mod_proxy" ) server.max-fds = 1024 server.max-connections = 512 # proxy on ipv6 for port 80 $SERVER["socket"] == "[2001:7b8:616:163::103]:80" { proxy.server = ( ""=> ( ( "host" => "127.0.0.1", "port" => "2560" ) ) ) } # proxy on ipv6 for port 2560 $SERVER["socket"] == "[2001:7b8:616:163::103]:2560" { proxy.server = ( ""=> ( ( "host" => "127.0.0.1", "port" => "2560" ) ) ) } # proxy on ipv4 for SSL $SERVER["socket"] == "172.16.3.103:443" { ssl.engine = "enable" ssl.pemfile = "/etc/lighttpd/ssl/ocsp.cacert.org.pem" ssl.use-sslv3 = "disable" ssl.cipher-list = "kEECDH:kEDH:AESGCM:ALL:!3DES!RC4:!LOW:!EXP:!MD5:!aNULL:!eNULL" ssl.honor-cipher-order = "enable" ssl.ca-file = "/etc/lighttpd/ssl/class3.crt" proxy.server = ( ""=> ( ( "host" => "127.0.0.1", "port" => "2560" ) ) ) } # proxy on ipv6 for SSL $SERVER["socket"] == "[2001:7b8:616:163::103]:443" { ssl.engine = "enable" ssl.pemfile = "/etc/lighttpd/ssl/ocsp.cacert.org.pem" ssl.use-sslv3 = "disable" ssl.cipher-list = "kEECDH:kEDH:AESGCM:ALL:!3DES!RC4:!LOW:!EXP:!MD5:!aNULL:!eNULL" ssl.honor-cipher-order = "enable" ssl.ca-file = "/etc/lighttpd/ssl/class3.crt" proxy.server = ( ""=> ( ( "host" => "127.0.0.1", "port" => "2560" ) ) ) }