1 |
# Boa v0.94 configuration file |
2 |
# File format has not changed from 0.93 |
3 |
# File format has changed little from 0.92 |
4 |
# version changes are noted in the comments |
5 |
# |
6 |
# The Boa configuration file is parsed with a lex/yacc or flex/bison |
7 |
# generated parser. If it reports an error, the line number will be |
8 |
# provided; it should be easy to spot. The syntax of each of these |
9 |
# rules is very simple, and they can occur in any order. Where possible |
10 |
# these directives mimic those of NCSA httpd 1.3; I saw no reason to |
11 |
# introduce gratuitous differences. |
12 |
|
13 |
# $Id: boa.conf,v 1.1.1.1 2002/09/21 13:53:12 nmav Exp $ |
14 |
|
15 |
# The "ServerRoot" is not in this configuration file. It can be compiled |
16 |
# into the server (see defines.h) or specified on the command line with |
17 |
# the -c option, for example: |
18 |
# |
19 |
# boa -c /usr/local/boa |
20 |
|
21 |
# number of threads to spawn |
22 |
Threads 4 |
23 |
|
24 |
# maximum connections (per thread) |
25 |
#MaxConnections 0 |
26 |
|
27 |
|
28 |
# Port: The port Boa runs on. The default port for http servers is 80. |
29 |
# If it is less than 1024, the server must be started as root. |
30 |
|
31 |
Port 80 |
32 |
|
33 |
# Listen: the Internet address to bind(2) to. If you leave it out, |
34 |
# it takes the behavior before 0.93.17.2, which is to bind to all |
35 |
# addresses (INADDR_ANY). You only get one "Listen" directive, |
36 |
# if you want service on multiple IP addresses, you have three choices: |
37 |
# 1. Run boa without a "Listen" directive |
38 |
# a. All addresses are treated the same; makes sense if the addresses |
39 |
# are localhost, ppp, and eth0. |
40 |
# b. Use the VirtualHost directive below to point requests to different |
41 |
# files. Should be good for a very large number of addresses (web |
42 |
# hosting clients). |
43 |
# 2. Run one copy of boa per IP address, each has its own configuration |
44 |
# with a "Listen" directive. No big deal up to a few tens of addresses. |
45 |
# Nice separation between clients. |
46 |
# The name you provide gets run through inet_aton(3), so you have to use dotted |
47 |
# quad notation. This configuration is too important to trust some DNS. |
48 |
|
49 |
#Listen 192.68.0.5 |
50 |
|
51 |
# User: The name or UID the server should run as. |
52 |
# Group: The group name or GID the server should run as. |
53 |
|
54 |
User nobody |
55 |
Group nogroup |
56 |
|
57 |
# ServerAdmin: The email address where server problems should be sent. |
58 |
# Note: this is not currently used, except as an environment variable |
59 |
# for CGIs. |
60 |
|
61 |
#ServerAdmin root@localhost |
62 |
|
63 |
# ErrorLog: The location of the error log file. If this does not start |
64 |
# with /, it is considered relative to the server root. |
65 |
# Set to /dev/null if you don't want errors logged. |
66 |
# If unset, defaults to /dev/stderr |
67 |
|
68 |
ErrorLog /var/log/boa/error_log |
69 |
# Please NOTE: Sending the logs to a pipe ('|'), as shown below, |
70 |
# is somewhat experimental and might fail under heavy load. |
71 |
# "Usual libc implementations of printf will stall the whole |
72 |
# process if the receiving end of a pipe stops reading." |
73 |
#ErrorLog "|/usr/sbin/cronolog --symlink=/var/log/boa/error_log /var/log/boa/error-%Y%m%d.log" |
74 |
|
75 |
# AccessLog: The location of the access log file. If this does not |
76 |
# start with /, it is considered relative to the server root. |
77 |
# Comment out or set to /dev/null (less effective) to disable |
78 |
# Access logging. |
79 |
|
80 |
AccessLog /var/log/boa/access_log |
81 |
# Please NOTE: Sending the logs to a pipe ('|'), as shown below, |
82 |
# is somewhat experimental and might fail under heavy load. |
83 |
# "Usual libc implementations of printf will stall the whole |
84 |
# process if the receiving end of a pipe stops reading." |
85 |
#AccessLog "|/usr/sbin/cronolog --symlink=/var/log/boa/access_log /var/log/boa/access-%Y%m%d.log" |
86 |
|
87 |
# UseLocaltime: Logical switch. Uncomment to use localtime |
88 |
# instead of UTC time |
89 |
#UseLocaltime |
90 |
|
91 |
# VerboseCGILogs: this is just a logical switch. |
92 |
# It simply notes the start and stop times of cgis in the error log |
93 |
# Comment out to disable. |
94 |
|
95 |
#VerboseCGILogs |
96 |
|
97 |
# ServerName: the name of this server that should be sent back to |
98 |
# clients if different than that returned by gethostname + gethostbyname |
99 |
|
100 |
#ServerName www.your.org.here |
101 |
|
102 |
# VirtualHost: a logical switch. |
103 |
# Comment out to disable. |
104 |
# Given DocumentRoot /var/www, requests on interface 'A' or IP 'IP-A' |
105 |
# become /var/www/IP-A. |
106 |
# Example: http://localhost/ becomes /var/www/127.0.0.1 |
107 |
# |
108 |
# Not used until version 0.93.17.2. This "feature" also breaks commonlog |
109 |
# output rules, it prepends the interface number to each access_log line. |
110 |
# You are expected to fix that problem with a postprocessing script. |
111 |
|
112 |
#VirtualHost |
113 |
|
114 |
# DocumentRoot: The root directory of the HTML documents. |
115 |
# Comment out to disable server non user files. |
116 |
|
117 |
DocumentRoot /var/www |
118 |
|
119 |
# UserDir: The name of the directory which is appended onto a user's home |
120 |
# directory if a ~user request is recieved. |
121 |
|
122 |
UserDir public_html |
123 |
|
124 |
# DirectoryIndex: Name of the file to use as a pre-written HTML |
125 |
# directory index. Please MAKE AND USE THESE FILES. On the |
126 |
# fly creation of directory indexes can be _slow_. |
127 |
# Comment out to always use DirectoryMaker |
128 |
|
129 |
DirectoryIndex index.html |
130 |
|
131 |
# DirectoryMaker: Name of program used to create a directory listing. |
132 |
# Comment out to disable directory listings. If both this and |
133 |
# DirectoryIndex are commented out, accessing a directory will give |
134 |
# an error (though accessing files in the directory are still ok). |
135 |
|
136 |
DirectoryMaker /usr/lib/boa/boa_indexer |
137 |
|
138 |
# DirectoryCache: If DirectoryIndex doesn't exist, and DirectoryMaker |
139 |
# has been commented out, the the on-the-fly indexing of Boa can be used |
140 |
# to generate indexes of directories. Be warned that the output is |
141 |
# extremely minimal and can cause delays when slow disks are used. |
142 |
# Note: The DirectoryCache must be writable by the same user/group that |
143 |
# Boa runs as. |
144 |
|
145 |
# DirectoryCache /var/spool/boa/dircache |
146 |
|
147 |
# KeepAliveMax: Number of KeepAlive requests to allow per connection |
148 |
# Comment out, or set to 0 to disable keepalive processing |
149 |
|
150 |
KeepAliveMax 1000 |
151 |
|
152 |
# KeepAliveTimeout: seconds to wait before keepalive connection times out |
153 |
|
154 |
KeepAliveTimeout 10 |
155 |
|
156 |
# MimeTypes: This is the file that is used to generate mime type pairs |
157 |
# and Content-Type fields for boa. |
158 |
# Set to /dev/null if you do not want to load a mime types file. |
159 |
# Do *not* comment out (better use AddType!) |
160 |
|
161 |
MimeTypes /etc/mime.types |
162 |
|
163 |
# DefaultType: MIME type used if the file extension is unknown, or there |
164 |
# is no file extension. |
165 |
|
166 |
DefaultType text/plain |
167 |
|
168 |
# CGIPath: The value of the $PATH environment variable given to CGI progs. |
169 |
|
170 |
CGIPath /bin:/usr/bin:/usr/local/bin |
171 |
|
172 |
# SinglePostLimit: The maximum allowable number of bytes in |
173 |
# a single POST. Default is normally 1MB. |
174 |
|
175 |
# AddType: adds types without editing mime.types |
176 |
# Example: AddType type extension [extension ...] |
177 |
|
178 |
# Uncomment the next line if you want .cgi files to execute from anywhere |
179 |
#AddType application/x-httpd-cgi cgi |
180 |
|
181 |
# Redirect, Alias, and ScriptAlias all have the same semantics -- they |
182 |
# match the beginning of a request and take appropriate action. Use |
183 |
# Redirect for other servers, Alias for the same server, and ScriptAlias |
184 |
# to enable directories for script execution. |
185 |
|
186 |
# Redirect allows you to tell clients about documents which used to exist in |
187 |
# your server's namespace, but do not anymore. This allows you to tell the |
188 |
# clients where to look for the relocated document. |
189 |
# Example: Redirect /bar http://elsewhere/feh/bar |
190 |
|
191 |
# Aliases: Aliases one path to another. |
192 |
# Example: Alias /path1/bar /path2/foo |
193 |
|
194 |
Alias /doc /usr/doc |
195 |
|
196 |
# ScriptAlias: Maps a virtual path to a directory for serving scripts |
197 |
# Example: ScriptAlias /htbin/ /www/htbin/ |
198 |
|
199 |
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ |
200 |
|
201 |
# non zero enables SSL support |
202 |
# 1: only SSL support |
203 |
# 2: both SSL and non SSL ports |
204 |
SSL 2 |
205 |
|
206 |
# The port where the SSL server will listen on |
207 |
SSLPort 4443 |
208 |
|
209 |
# read the certificate from |
210 |
SSLCertificate cert.pem |
211 |
|
212 |
# read the private key from |
213 |
SSLKey key.pem |
214 |
|
215 |
# Number of sessions to cache. This is to support session resuming. |
216 |
# Set to 0 to disable. |
217 |
SSLSessionCache 40 |
218 |
|
219 |
# After this time (in seconds) has passed, the stored SSL sessions |
220 |
# will be expired, and will not be resumed. |
221 |
SSLSessionTimeout 3600 #one hour |
222 |
|
223 |
# Set the prime bits used in Diffie Hellman authentication. The parameters |
224 |
# are only generated if the DHE ciphersuites are enabled. |
225 |
# Value should be one of 768, 1024, 2048, 4096 |
226 |
SSLDHBits 768 |
227 |
|
228 |
# The period when the generated parameters are valid. After that period |
229 |
# boa will regenerate parameters. |
230 |
SSLParamsRefresh 172800 #two days |
231 |
|
232 |
# A comma separated list of the SSL ciphers. Valid selections are: |
233 |
# ARCFOUR-128, ARCFOUR-40, 3DES, AES |
234 |
# Note that ARCFOUR-40 is a weak algorithm. |
235 |
SSLCiphers "AES, 3DES, ARCFOUR-128, ARCFOUR-40" |
236 |
|
237 |
# A comma separated list of the SSL key exchange methods. Valid selections |
238 |
# are: RSA, DHE-RSA, DHE-DSS, RSA-EXPORT |
239 |
# Note that RSA-EXPORT is a weak algorithm. |
240 |
SSLKeyExchangeAlgorithms "RSA, RSA-EXPORT" |
241 |
|
242 |
# A comma separated list of the SSL MAC algorithms. Valid selections |
243 |
# are: MD5, SHA1 |
244 |
SSLMACAlgorithms "SHA1, MD5" |
245 |
|
246 |
# A comma separated list of the SSL compression methods. Valid selections |
247 |
# are: NULL |
248 |
SSLCompressionMethods "NULL" |
249 |
|
250 |
# A comma separated list of the SSL protocol versions. Valid selections |
251 |
# are: TLS1.0 and SSL3.0 |
252 |
SSLProtocols "TLS1.0, SSL3.0" |