up to eventum-3.0.9-73-g0d6904c

[packages/eventum.git] / eventum-lighttpd.conf
diff --git a/eventum-lighttpd.conf b/eventum-lighttpd.conf

index c99e44e6a5eabd9fbba4bca5b0da2414c822a310..3746b23828b01ca140f26db9413fb038c226371f 100644 (file)
--- a/eventum-lighttpd.conf
+++ b/eventum-lighttpd.conf
@@ -1,49 +1,66 @@
-# $Id$
  #
  # This config provides two kinds of configuration, for url based ("/eventum")
  # and vhost based ("http://eventum.example.org").
  #
  # To use one of the configurations uncomment the other.
  
-# running as alias, part 1
-#alias.url += (
-#      "/eventum" => "/usr/share/eventum/htdocs",
-#)
+# To redirect all http requests to https server:
+#$SERVER["socket"] == ":80" {
+#      $HTTP["host"] == "eventum.example.org" {
+#              server.name = "eventum.example.org"
+#              url.redirect = ( "^/(.*)" => "https://eventum.example.org/$1" )
+#      }
+#}
+
+# HTTP Strict Transport Security (HSTS) headers on https addresses
+#$SERVER["socket"] == ":443" {
+#      # HSTS (mod_setenv is required) (15768000 seconds = 6 months)
+#      setenv.add-response-header += ( "Strict-Transport-Security" => "max-age=15768000" )
  #}
  
+# running as alias, part 1
+alias.url += (
+       "/eventum" => "/usr/share/eventum/htdocs",
+)
+
  # running as separate vhost, part 1
-$HTTP["host"] == "eventum.delfi.lan" {
-    server.document-root = "/usr/share/eventum/htdocs",
-}
+#$HTTP["host"] == "eventum.example.org" {
+#      server.document-root = "/usr/share/eventum/htdocs",
+#}
  
  # running as alias, part 2
-#$HTTP["url"] =~ "/eventum/" {
+$HTTP["url"] =~ "^/eventum/" {
  # running as separate vhost, part 2
-$HTTP["host"] == "eventum.delfi.lan" {
-
-       # Make whole eventum password protected
-       auth.backend = "htpasswd"
-       auth.backend.htpasswd.userfile = "/etc/webapps/eventum/htpasswd"
-
-       # rss has it's own authorization
-       $HTTP["url"] !~ "/rss\.php$" {
-               auth.require += (
-                       "/" => (
-                               "method"  => "basic",
-                               "realm"   => "Eventum",
-                               "require" => "valid-user"
-                       )
-               )
-       }
+#$HTTP["host"] == "eventum.example.org" {
+
+#      # Make whole eventum password protected
+#      auth.backend = "htpasswd"
+#      auth.backend.htpasswd.userfile = "/etc/webapps/eventum/htpasswd"
+#
+#      # rss has it's own authorization
+#      $HTTP["url"] !~ "/rss\.php$" {
+#              auth.require += (
+#                      "/" => (
+#                              "method"  => "basic",
+#                              "realm"   => "Eventum",
+#                              "require" => "valid-user"
+#                      )
+#              )
+#      }
  
-       # for SCM integration
-       # Set here IP of host running CVS
+       # SCM integration. Set here IP of host running CVS, SVN, Git
         $HTTP["remoteip"] != "127.0.0.1" {
                 $HTTP["url"] =~ "/scm_ping\.php$" {
                         url.access-deny = ( "" )
                 }
         }
  
+       # IP Restrict XMLRPC
+       $HTTP["url"] =~ "/rpc/xmlrpc.php" {
+               $HTTP["remoteip"] !~ "127.0.0.1" {
+                       url.access-deny = ( "" )
+               }
+       }
  }
  
  # vim:ts=4