I think it is almost there. When I try index.html only a blank page is displayed. I placed an index.html and a phpinfo.php file in the the home folder and they both open correctly. I am looking for an example file, but guess that it is created by the index.php file.
i added the code you provided into the appropriate host block and it is partially working. I cannot reach the blocked files, so that seems to work, although other settings are also probably providing protection.
I tried to add my lighttpd file as an attachment (renamed to lighttpdconf.txt) but it would not load. It is in line below. There are quite a few modules loaded. Being new to lighttpd, I do not yet know what everything does.
When everything is working, I would be delighted to provide an example config file.
server.modules = (
"mod_indexfile",
"mod_access",
"mod_accesslog",
"mod_fastcgi",
"mod_alias",
"mod_auth",
"mod_rewrite",
"mod_redirect",
"mod_openssl",
"mod_compress",
"mod_dirlisting",
"mod_staticfile",
)
# All virtual hosts are in /home/mypath/HTML/
# HTTP defaults
server.document-root = "/home/mypath/HTML/mydomain/"
server.upload-dirs = ( "/var/cache/lighttpd/uploads/" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 80
server.bind = "192.168.1.10"
#HTTPS settings
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.ca-file = "/etc/letsencrypt/live/mydomain/fullchain.pem"
ssl.pemfile = "/etc/letsencrypt/live/mydomain/combined.pem"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
# Direct to main domain and then each subdomain
$HTTP["host"] =~ "mydomain" {
server.document-root = "/home/mypath/HTML/wondercms"
url.rewrite-once = (
"^/([^.?]*)$" => "/index.php?page=$1"
)
$HTTP["querystring"] == "database.js" {
url.access-deny = ("")
}
$HTTP["querystring"] == "cache.json" {
url.access-deny = ("")
}
}
$HTTP["host"] =~ "backup.mydomain" {
server.document-root = "/home/mypath/HTML/BackUp/"
}
$HTTP["host"] =~ "kodi.mydomain" {
server.document-root = "/home/mypath/HTML/Kodi/"
}
$HTTP["host"] =~ "nextcloud.mydomain" {
server.document-root = "/home/mypath/HTML/NextCloud/"
}
}
# strict parsing and normalization of URL for consistency and security
#
https://redmine.lighttpd.net/projects/l ... ptsDetails
# (might need to explicitly set "url-path-2f-decode" = "disable"
# if a specific application is encoding URLs inside url-path)
server.http-parseopts = (
"header-strict" => "enable",# default
"host-strict" => "enable",# default
"host-normalize" => "enable",# default
"url-normalize-unreserved"=> "enable",# recommended highly
"url-normalize-required" => "enable",# recommended
"url-ctrls-reject" => "enable",# recommended
"url-path-2f-decode" => "enable",# recommended highly (unless breaks app)
#"url-path-2f-reject" => "enable",
"url-path-dotseg-remove" => "enable",# recommended highly (unless breaks app)
#"url-path-dotseg-reject" => "enable",
"url-query-20-plus" => "enable",# consistency in query string
)
index-file.names = ( "index.html", "index.php" )
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".pl", ".fcgi", ".rb", "~" )
compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )
#Do not use below as it clashes with include-shell below
#mimetype.assign += (
# ".html" => "text/html",
# ".txt" => "text/plain",
# ".jpg" => "image/jpg",
# ".png" => "image/png",
#)
# default listening port for IPv6 falls back to the IPv4 port
## Use ipv6 if available
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.conf.pl"
include "/etc/lighttpd/conf-enabled/*.conf"
fastcgi.server = ( ".php" => ((
"bin-path" => "/usr/bin/php-cgi",
"socket" => "/tmp/php.socket"
)))