%install
rm -rf $RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT{%{_lighttpddir}/{cgi-bin,html},/etc/{logrotate.d,rc.d/init.d,sysconfig,monit}} \
- $RPM_BUILD_ROOT%{_sysconfdir}/{conf,vhosts,webapps}.d \
+ $RPM_BUILD_ROOT%{_sysconfdir}/{{conf,vhosts,webapps}.d,ssl} \
$RPM_BUILD_ROOT{/var/log/{%{name},archive/%{name}},/var/run/%{name}} \
$RPM_BUILD_ROOT%{_datadir}/lighttpd/errordocs \
$RPM_BUILD_ROOT/var/lib/lighttpd \
%dir %attr(750,root,root) %{_sysconfdir}/conf.d
%dir %attr(750,root,root) %{_sysconfdir}/vhosts.d
%dir %attr(750,root,root) %{_sysconfdir}/webapps.d
+%dir %attr(700,root,root) %{_sysconfdir}/ssl
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}.conf
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/mime.types.conf
%attr(640,root,lighttpd) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/*.user
# (Should contain both the private key and the certificate)
## If you have a .crt and a .key file, cat them together into a single PEM file:
## $ cat lighttpd.key lighttpd.crt > lighttpd.pem
- ssl.pemfile = "/etc/lighttpd/server.pem"
+ ssl.pemfile = "/etc/lighttpd/ssl/server.pem"
# ssl.ca-file: path to the CA file for support of chained certificates
-# ssl.ca-file = "/etc/certs/ca-certificates.crt"
+# ssl.ca-file = "/etc/lighttpd/ssl/chain.pem"
# for DH/DHE ciphers, dhparam should be >= 2048-bit
-# ssl.dh-file = "/path/to/dhparam.pem"
+# ssl.dh-file = "/etc/lighttpd/ssl/dhparam.pem"
# ECDH/ECDHE ciphers curve strength (see `openssl ecparam -list_curves`)
# ssl.ec-curve = "secp384r1"
# Compression is by default off at compile-time, but use if needed