mirror of
https://github.com/stefanocasazza/ULib.git
synced 2025-09-28 19:05:55 +08:00
187 lines
9.8 KiB
INI
187 lines
9.8 KiB
INI
# ----------------------------------------------------------------------------------------------------------------------------------------
|
|
# userver - configuration parameters
|
|
# ----------------------------------------------------------------------------------------------------------------------------------------
|
|
# ENABLE_IPV6 flag to indicate use of ipv6
|
|
# SERVER host name or ip address for the listening socket
|
|
# PORT port number for the listening socket
|
|
# SOCKET_NAME file name for the listening socket
|
|
# IP_ADDRESS public ip address of host for the interface connected to the Internet (autodetected if not specified)
|
|
# ALLOWED_IP list of comma separated client address for IP-based access control (IPADDR[/MASK])
|
|
#
|
|
# ENABLE_RFC1918_FILTER reject request from private IP to public server address
|
|
# ALLOWED_IP_PRIVATE list of comma separated client private address for IP-based access control (IPADDR[/MASK]) for public server
|
|
#
|
|
# LISTEN_BACKLOG max number of ready to be delivered connections to accept()
|
|
# USE_TCP_OPTIMIZATION flag indicating the use of TCP/IP options to optimize data transmission (NODELAY, DEFER_ACCEPT, QUICKACK)
|
|
# SET_REALTIME_PRIORITY flag indicating that the preforked processes will be scheduled under the real-time policies SCHED_FIFO
|
|
#
|
|
# PID_FILE write pid on file indicated
|
|
# WELCOME_MSG message of welcome to send initially to client
|
|
# RUN_AS_USER downgrade security to that user account
|
|
# DOCUMENT_ROOT The directory out of which you will serve your documents
|
|
#
|
|
# LOG_FILE locations for file log
|
|
# LOG_FILE_SZ memory size for file log
|
|
# LOG_MSG_SIZE limit length of print network message to LOG_MSG_SIZE chars (default 128)
|
|
#
|
|
# PLUGIN list of plugins to load, a flexible way to add specific functionality to the server
|
|
# PLUGIN_DIR directory of plugins to load
|
|
#
|
|
# REQ_TIMEOUT timeout for request from client
|
|
# MAX_KEEP_ALIVE Specifies the maximum number of requests that can be served through a Keep-Alive (Persistent) session.
|
|
# (Value <= 1 will disable Keep-Alive)
|
|
#
|
|
# DH_FILE DH param
|
|
# CERT_FILE certificate of server
|
|
# KEY_FILE private key of server
|
|
# PASSWORD password for private key of server
|
|
# CA_FILE locations of trusted CA certificates used in the verification
|
|
# CA_PATH locations of trusted CA certificates used in the verification
|
|
#
|
|
# VERIFY_MODE mode of verification (SSL_VERIFY_NONE=0, SSL_VERIFY_PEER=1, SSL_VERIFY_FAIL_IF_NO_PEER_CERT=2, SSL_VERIFY_CLIENT_ONCE=4)
|
|
# ----------------------------------------------------------------------------------------------------------------------------------------
|
|
# how to verify peer certificates. The possible values of this setting are:
|
|
#
|
|
# SSL_VERIFY_NONE - do not verify anything
|
|
# SSL_VERIFY_PEER - verify the peer certificate, if one is presented
|
|
# SSL_VERIFY_FAIL_IF_NO_PEER_CERT - require a peer certificate, fail if one is not presented
|
|
#
|
|
# SSL/TLS servers will usually set VERIFY_MODE to SSL_VERIFY_NONE.
|
|
# SSL/TLS clients will usually set VERIFY_MODE to SSL_VERIFY_FAIL_IF_NO_PEER_CERT.
|
|
# ----------------------------------------------------------------------------------------------------------------------------------------
|
|
#
|
|
# PREFORK_CHILD number of child server processes created at startup ( 0 - serialize, no forking
|
|
# 1 - classic, forking after accept client)
|
|
# >1 - pool of process serialize plus monitoring process)
|
|
# ----------------------------------------------------------------------------------------------------------------------------------------
|
|
|
|
userver {
|
|
|
|
PID_FILE /var/run/userver-firenze_tcp.pid
|
|
RUN_AS_USER unirel
|
|
DOCUMENT_ROOT ~/wi-auth/www
|
|
|
|
LOG_FILE /var/log/userver-firenze_tcp.log
|
|
# LOG_FILE_SZ 1M
|
|
LOG_MSG_SIZE -1
|
|
|
|
PLUGIN "proxy ssi http"
|
|
|
|
REQ_TIMEOUT 5
|
|
|
|
PREFORK_CHILD 6
|
|
}
|
|
|
|
# ------------------------------------------------------------------------------------------------------------------------------------------
|
|
# http - plugin parameters
|
|
# ------------------------------------------------------------------------------------------------------------------------------------------
|
|
# ALIAS vector of URI redirection (request -> alias)
|
|
# REWRITE_RULE_NF vector of URI rewrite rule applied after checks that files do not exist (regex1 -> uri1 ...)
|
|
#
|
|
# MAINTENANCE_MODE to switch the site to a maintenance page only
|
|
#
|
|
# APACHE_LIKE_LOG file to write NCSA extended/combined log format: "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
|
|
#
|
|
# ENABLE_INOTIFY enable automatic update of document root image with inotify
|
|
# CACHE_FILE_MASK mask (DOS regexp) of pathfile that be cached in memory
|
|
#
|
|
# MIN_SIZE_FOR_SENDFILE for major size it is better to use sendfile() to serve static content
|
|
#
|
|
# VIRTUAL_HOST flag to activate practice of maintaining more than one server on one machine,
|
|
# as differentiated by their apparent hostname
|
|
# DIGEST_AUTHENTICATION flag authentication method (yes = digest, no = basic)
|
|
#
|
|
# ENABLE_CACHING_BY_PROXY_SERVERS enable caching by proxy servers (add Cache control: public directive)
|
|
#
|
|
# URI_PROTECTED_MASK mask (DOS regexp) of URI protected from prying eyes
|
|
# URI_PROTECTED_ALLOWED_IP list of comma separated client address for IP-based access control (IPADDR[/MASK]) for URI_PROTECTED_MASK
|
|
#
|
|
# URI_REQUEST_CERT_MASK mask (DOS regexp) of URI where client must comunicate a certificate in the SSL connection
|
|
# URI_REQUEST_STRICT_TRANSPORT_SECURITY_MASK mask (DOS regexp) of URI where use HTTP Strict Transport Security to force client to use only SSL
|
|
#
|
|
# SESSION_COOKIE_OPTION eventual params for session cookie (lifetime, path, domain, secure, HttpOnly)
|
|
# ------------------------------------------------------------------------------------------------------------------------------------------
|
|
# This directive gives greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks
|
|
# ------------------------------------------------------------------------------------------------------------------------------------------
|
|
# LIMIT_REQUEST_BODY restricts the total size of the HTTP request body sent from the client
|
|
# REQUEST_READ_TIMEOUT set timeout for receiving requests
|
|
# ------------------------------------------------------------------------------------------------------------------------------------------
|
|
|
|
http {
|
|
|
|
ALIAS [
|
|
/favicon.ico|/images/logo_fiwifi.png|/css/livevalidation.css|/js/livevalidation_standalone.compressed.js /nostat
|
|
]
|
|
|
|
APACHE_LIKE_LOG /var/log/httpd/access_log
|
|
|
|
# MAINTENANCE_MODE /ErrorDocument/down.html
|
|
|
|
CACHE_FILE_STORE webif.gz
|
|
|
|
CACHE_FILE_MASK "images/logo_fiwifi.png| \
|
|
10.30.1.111/index.shtml| \
|
|
10.30.1.111/css/layoutv1.css| \
|
|
wifi-aaa.comune.fi.it/js/*.js| \
|
|
wifi-aaa.comune.fi.it/css/*.css| \
|
|
wifi-aaa.comune.fi.it/index.shtml| \
|
|
wifi-aaa.comune.fi.it/images/*.png"
|
|
|
|
URI_PROTECTED_MASK /edit_ap
|
|
URI_REQUEST_STRICT_TRANSPORT_SECURITY_MASK /admin*
|
|
|
|
VIRTUAL_HOST yes
|
|
LIMIT_REQUEST_BODY 1M
|
|
REQUEST_READ_TIMEOUT 30
|
|
}
|
|
|
|
# -----------------------------------------------------------------------------------------------------
|
|
# ssi - plugin parameters
|
|
# -----------------------------------------------------------------------------------------------------
|
|
# ENVIRONMENT path of file configuration environment for SSI
|
|
#
|
|
# SSI_AUTOMATIC_ALIASING special SSI HTML file that is recognized automatically as alias of all
|
|
# uri request without suffix (generally cause navigation directory not working)
|
|
# -----------------------------------------------------------------------------------------------------
|
|
|
|
ssi {
|
|
|
|
ENVIRONMENT ~/wi-auth/etc/environment.conf
|
|
|
|
SSI_AUTOMATIC_ALIASING /index.shtml
|
|
}
|
|
|
|
# ---------------------------------------------------------------------------------------------------------------------------------
|
|
# proxy - plugin parameters
|
|
# ---------------------------------------------------------------------------------------------------------------------------------
|
|
# ERROR MESSAGE Allows you to tell clients about what type of error occurred
|
|
#
|
|
# URI uri trigger
|
|
# HOST name host client
|
|
# METHOD_NAME what type of HTTP method is considered (GET|HEAD|POST)
|
|
# CLIENT_CERTIFICATE yes if client must comunicate a certificate in the SSL connection
|
|
# REMOTE_ADDRESS_IP list of comma separated client address for IP-based control (IPADDR[/MASK]) for routing-like policy
|
|
#
|
|
# COMMAND command to execute
|
|
# ENVIRONMENT environment for command to execute
|
|
# RESPONSE_TYPE output type of the command (yes = response for client, no = request to server)
|
|
#
|
|
# PORT port of server for connection
|
|
# SERVER name of server for connection
|
|
#
|
|
# FOLLOW_REDIRECTS yes if manage to automatically follow redirects from server
|
|
# USER if manage to follow redirects, in response to a HTTP_UNAUTHORISED response from the HTTP server: user
|
|
# PASSWORD if manage to follow redirects, in response to a HTTP_UNAUTHORISED response from the HTTP server: password
|
|
# REPLACE_RESPONSE if NOT manage to follow redirects, vector of substitution string
|
|
# ---------------------------------------------------------------------------------------------------------------------------------
|
|
|
|
proxy {
|
|
|
|
Service_WEBIF {
|
|
|
|
METHOD_NAME GET
|
|
URI ^/cgi-bin/webif/(info|graph*|status|data).*.sh$
|
|
SERVER ~/wi-auth/client
|
|
}
|
|
}
|