forked from troglobit/merecat
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmerecat.conf
138 lines (119 loc) · 4.4 KB
/
merecat.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
## /etc/merecat.conf -*-conf-unix-*-
## This is a sample configuration file for Merecat httpd
## For more help and more settings, see merecat.conf(5).
##
## what interface to bind to?
## (default is binding to any interface)
#hostname=www.example.org
## Port to listen to, overrides command line argument
## Defaults to 80, or 443 when enabling HTTPS
#port = 80
## Unpriviliged user to run as, usually nobody or www-data
#username = nobody
## Global .htpasswd (true) or local per-directory (false)
#global-passwd = false
## Chrooting is a security measure which means isolating the webserver's
## access to files only available from a the given directory. To access
## files outside the chroot the administrator can either copy or bind
## mount files and directories into the chroot.
#chroot = false
## Only useful if not chrooting
#check-symlinks = false
## Alt. charset=iso-8859-1
#charset = UTF-8
## Deflate (gzip) compression level: -1 .. 9
## -1: Default (zlib's reasonable default, currently 6)
## 0: Disabled
## 1: Best speed
## 9: Best compression
#compression-level = -1
## Webserver document root, or chroot
#directory = /var/www
## When chrooting, alt. document root inside chroot
## => /var/www/htdocs
#data-directory = /htdocs
## Skip dotfiles in dirlistings
#list-dotfiles = false
## Virtual hosting
## /var/www/cgi-bin/ <-- Shared CGI
## /var/www/git.example.com <-- git.example.com
## /var/www/ftp.example.com <-- ftp.example.com
#virtual-host = false
## Control the caching, in seconds, by setting the following header for
## all transactions. Depends heavily on the content you provide, and
## this global setting is disabled by default. It is recommended to
## instead set it per server location, e.g. for all image files.
##
## Cache-Control: max-age=SEC
##
## Min max-age value 0 (browser caching disabled)
## Max max-age value 31536000 (1 year)
##
#max-age = 0
## Some bots behave really badly and may overload your server. Often
## they cannot be blocked based on IP address, so the only means we are
## left with is User-Agent blocking. Use patterns like this:
#user-agent-deny = "**SemrushBot**|**MJ12bot**|**DotBot**|**PetalBot**"
## Enable HTTPS support. The certificate (public) and key (private) are
## required when enabling HTTPS support. The (min) protocol and cipher
## settings are optional and have sane built-in defaults, e.g. 'protocol'
## defaults to TLSv1.1. See ciphers(1) man page for possible values.
##
## Note: You may want to enable this on a per-server basis instead.
#ssl {
# protocol = "TLSv1.1"
# ciphers = "..."
# certfile = certs/cert.pem
# keyfile = private/key.pem
# dhfile = certs/dhparam.pem
#}
## The CGI module is a core part of Merecat httpd and is for security
## reasons disabled by default. Like other modules it uses pattern
## matching to trigger the CGI functionality:
## ? match a single char
## * matches any string excluding "/"
## ** matches any string including "/"
## separate multiple patterns with "|"
## Example: "**.sh|**.cgi"
##
## `limit` sets the max number of simultaneous CGI programs allowed.
##
## The below values are the default, so to enable CGI only `enabled`
## need to be set to 'true'.
#cgi "**.cgi|/cgi-bin/*" {
# enabled = false
# limit = 50
#}
## The PHP module is bolted on top of the CGI module, so the same limits
## apply also to PHP scripts. The below are the built-in defaults.
## Verify the path to the php-cgi binary for your system and expand on
## the pattern if you have, e.g. .php5 files.
#php "**.php*" {
# enabled = false
# cgi-path = "/usr/bin/php-cgi"
#}
## The SSI module, like PHP above, is built on top of the CGI module,
## and it also requires the Merecat SSI CGI script to be installed, the
## defaults are commented out below. The silent setting controls the
## default <!--#config errmsg="..." --> value.
#ssi "**.shtml" {
# enabled = false
# silent = false
# cgi-path = "cgi-bin/ssi"
#}
## Server specific settings, overrides certain global settings
## Notice the HTTP redirect from the default server to HTTPS.
#server default {
# port = 80
# redirect "/" {
# code = 301
# location = "https://$host$request_uri$args"
# }
#}
#server secure {
# port = 443
# ssl = on
# certfile = /etc/letsencrypt/live/example.com/fullchain.pem
# keyfile = /etc/letsencrypt/live/example.com/privkey.pem
# dhfile = certs/dhparam.pem
#}