mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-30 10:39:04 +00:00
98c86e2970
We add an 'httpauth' section type that contains the options: prefix: What virtual or real URL is being protected username: The username for the Basic Auth dialogue password: Hashed (crypt()) or plaintext password for the Basic Auth dialogue httpauth section names are given included as list items to the instances to which they are to be applied. Further any existing httpd.conf file (really whatever is configured in the instance, but default of /etc/httpd.conf) is appended to the per-instance httpd.conf Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
133 lines
3.7 KiB
Plaintext
133 lines
3.7 KiB
Plaintext
# Server configuration
|
|
config uhttpd main
|
|
|
|
# HTTP listen addresses, multiple allowed
|
|
list listen_http 0.0.0.0:80
|
|
list listen_http [::]:80
|
|
|
|
# HTTPS listen addresses, multiple allowed
|
|
list listen_https 0.0.0.0:443
|
|
list listen_https [::]:443
|
|
|
|
# Redirect HTTP requests to HTTPS if possible
|
|
option redirect_https 1
|
|
|
|
# Server document root
|
|
option home /www
|
|
|
|
# Reject requests from RFC1918 IP addresses
|
|
# directed to the servers public IP(s).
|
|
# This is a DNS rebinding countermeasure.
|
|
option rfc1918_filter 1
|
|
|
|
# Maximum number of concurrent requests.
|
|
# If this number is exceeded, further requests are
|
|
# queued until the number of running requests drops
|
|
# below the limit again.
|
|
option max_requests 3
|
|
|
|
# Maximum number of concurrent connections.
|
|
# If this number is exceeded, further TCP connection
|
|
# attempts are queued until the number of active
|
|
# connections drops below the limit again.
|
|
option max_connections 100
|
|
|
|
# Certificate and private key for HTTPS.
|
|
# If no listen_https addresses are given,
|
|
# the key options are ignored.
|
|
option cert /etc/uhttpd.crt
|
|
option key /etc/uhttpd.key
|
|
|
|
# CGI url prefix, will be searched in docroot.
|
|
# Default is /cgi-bin
|
|
option cgi_prefix /cgi-bin
|
|
|
|
# List of extension->interpreter mappings.
|
|
# Files with an associated interpreter can
|
|
# be called outside of the CGI prefix and do
|
|
# not need to be executable.
|
|
# list interpreter ".php=/usr/bin/php-cgi"
|
|
# list interpreter ".cgi=/usr/bin/perl"
|
|
|
|
# Lua url prefix and handler script.
|
|
# Lua support is disabled if no prefix given.
|
|
# option lua_prefix /luci
|
|
# option lua_handler /usr/lib/lua/luci/sgi/uhttpd.lua
|
|
|
|
# Specify the ubus-rpc prefix and socket path.
|
|
# option ubus_prefix /ubus
|
|
# option ubus_socket /var/run/ubus.sock
|
|
|
|
# CGI/Lua timeout, if the called script does not
|
|
# write data within the given amount of seconds,
|
|
# the server will terminate the request with
|
|
# 504 Gateway Timeout response.
|
|
option script_timeout 60
|
|
|
|
# Network timeout, if the current connection is
|
|
# blocked for the specified amount of seconds,
|
|
# the server will terminate the associated
|
|
# request process.
|
|
option network_timeout 30
|
|
|
|
# HTTP Keep-Alive, specifies the timeout for persistent
|
|
# HTTP/1.1 connections. Setting this to 0 will disable
|
|
# persistent HTTP connections.
|
|
option http_keepalive 20
|
|
|
|
# TCP Keep-Alive, send periodic keep-alive probes
|
|
# over established connections to detect dead peers.
|
|
# The value is given in seconds to specify the
|
|
# interval between subsequent probes.
|
|
# Setting this to 0 will disable TCP keep-alive.
|
|
option tcp_keepalive 1
|
|
|
|
# Basic auth realm, defaults to local hostname
|
|
# option realm Lede
|
|
|
|
# Configuration file in busybox httpd format
|
|
# option config /etc/httpd.conf
|
|
|
|
# Do not follow symlinks that point outside of the
|
|
# home directory.
|
|
# option no_symlinks 0
|
|
|
|
# Do not produce directory listings but send 403
|
|
# instead if a client requests an url pointing to
|
|
# a directory without any index file.
|
|
# option no_dirlists 0
|
|
|
|
# Do not authenticate any ubus-rpc requests against
|
|
# the ubus session/access procedure.
|
|
# This is dangerous and should be always left off
|
|
# except for development and debug purposes!
|
|
# option no_ubusauth 0
|
|
|
|
# For this instance of uhttpd use the listed httpauth
|
|
# sections to require Basic auth to the specified
|
|
# resources.
|
|
# list httpauth prefix_user
|
|
|
|
|
|
# Defaults for automatic certificate and key generation
|
|
config cert defaults
|
|
|
|
# Validity time
|
|
option days 730
|
|
|
|
# RSA key size
|
|
option bits 2048
|
|
|
|
# Location
|
|
option country ZZ
|
|
option state Somewhere
|
|
option location Unknown
|
|
|
|
# Common name
|
|
option commonname '%D'
|
|
|
|
# config httpauth prefix_user
|
|
# option prefix /protected/url/path
|
|
# option username user
|
|
# option password 'plaintext_or_md5_or_$p$user_for_system_user'
|