Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
O
OpnSense
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kulya
OpnSense
Commits
41d30cb5
Commit
41d30cb5
authored
9 years ago
by
Ad Schellevis
Committed by
Franco Fichtner
9 years ago
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
(captiveportal, new) example http config for CP zone
(cherry picked from commit
89c05ee2
)
parent
90ecd9fd
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
193 additions
and
0 deletions
+193
-0
lighttpd-zone.conf
...rvice/templates/OPNsense/Captiveportal/lighttpd-zone.conf
+193
-0
No files found.
src/opnsense/service/templates/OPNsense/Captiveportal/lighttpd-zone.conf
0 → 100644
View file @
41d30cb5
#######################################################
### Captive portal lighttpd.conf BEGIN
#######################################################
#
#### modules to load
server
.
modules
= (
"mod_expire"
,
"mod_auth"
,
"mod_redirect"
,
"mod_access"
,
"mod_evasive"
,
"mod_compress"
,
"mod_status"
,
"mod_rewrite"
,
"mod_proxy"
,
"mod_setenv"
,
"mod_extforward"
)
#### performance options (aggressive timeouts)
server
.
max
-
keep
-
alive
-
requests
=
6
server
.
max
-
keep
-
alive
-
idle
=
15
server
.
max
-
read
-
idle
=
15
server
.
max
-
write
-
idle
=
15
## number of child worker processes to spawn (0 for lightly loaded sites)
# server.max-worker = 0
## number of file descriptors (leave off for lighty loaded sites)
# server.max-fds = 512
## maximum concurrent connections the server will accept (1/2 of server.max-fds)
# server.max-connections = 256
## single client connection bandwidth limit in kilobytes (0=unlimited)
connection
.
kbytes
-
per
-
second
=
0
## global server bandwidth limit in kilobytes (0=unlimited)
server
.
kbytes
-
per
-
second
=
0
#### bind to interface (default: all interfaces)
server
.
bind
=
"0.0.0.0"
#### bind to port
server
.
port
=
8000
##
#url.rewrite-once = ( "(.*)" => "/index.html?redirurl=$1" )
$
HTTP
[
"host"
] !~
"(.*10\.211\.55\.100:8000.*)"
{
$
HTTP
[
"host"
] =~
"([^:/]+)"
{
url
.
redirect
= (
"^(.*)$"
=>
"https://10.211.55.100:8000/index.html?zone=test&redirurl=%1$1"
)
}
}
## redirect http traffic to https
$
SERVER
[
"socket"
] ==
":9000"
{
$
HTTP
[
"host"
] =~
"([^:/]+)"
{
url
.
redirect
= (
"^(.*)$"
=>
"https://10.211.55.100:8000/index.html?zone=test&redirurl=%1$1"
)
}
}
$
SERVER
[
"socket"
] ==
"[::]:9000"
{
$
HTTP
[
"host"
] =~
"([^:/]+)"
{
url
.
redirect
= (
"(.*)"
=>
"https://10.211.55.100:8000/index.html?zone=test&redirurl=%1$1"
)
}
}
proxy
.
server
= (
"/api/captiveportal/access/"
=> (
(
"host"
=>
"127.0.0.1"
,
"port"
=>
8999
)
)
)
extforward
.
headers
= (
"X-Real-Ip"
)
server
.
upload
-
dirs
= (
"/tmp/"
)
setenv
.
add
-
response
-
header
= (
"Cache-Control"
=>
"no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
)
etag
.
use
-
inode
=
"disable"
etag
.
use
-
mtime
=
"disable"
etag
.
use
-
size
=
"disable"
#### run daemon as uid (default: don't care)
server
.
username
=
"www"
#### run daemon as gid (default: don't care)
server
.
groupname
=
"www"
#### set the pid file (newsyslog)
server
.
pid
-
file
=
"/var/run/lighttpd.pid"
#### name the server daemon publicly displays
server
.
tag
=
"lighttpd"
#### static document-root
server
.
document
-
root
=
"/htdocs/"
#### chroot() to captive portal zone directory
server
.
chroot
=
"/var/captiveportal/zone1"
#### files to check for if .../ is requested
index
-
file
.
names
= (
"index.html"
)
#### disable auto index directory listings
dir
-
listing
.
activate
=
"disable"
### ssl.engine = "disable"
## ssl configuration
ssl
.
engine
=
"enable"
ssl
.
pemfile
=
"/var/etc/cert.pem"
ssl
.
use
-
sslv2
=
"disable"
ssl
.
cipher
-
list
=
"ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
#### compress module
compress
.
cache
-
dir
=
"/tmp/"
compress
.
filetype
= (
"text/plain"
,
"text/html"
,
"text/css"
,
"image/png"
)
#### expire module
expire
.
url
= (
""
=>
"access plus 6 hours"
)
#### error pages
server
.
errorfile
-
prefix
=
"/htdocs/errors/errorcode-"
#### mod_evasive
evasive
.
max
-
conns
-
per
-
ip
=
250
#### limit request method "POST" size in kilobytes (KB)
server
.
max
-
request
-
size
=
2
#### disable multi range requests
server
.
range
-
requests
=
"disable"
#### disable symlinks
server
.
follow
-
symlink
=
"disable"
#### ONLY serve files with all lowercase file names
server
.
force
-
lowercase
-
filenames
=
"disable"
#### mimetype mapping
mimetype
.
assign
= (
".pdf"
=>
"application/pdf"
,
".sig"
=>
"application/pgp-signature"
,
".spl"
=>
"application/futuresplash"
,
".class"
=>
"application/octet-stream"
,
".ps"
=>
"application/postscript"
,
".torrent"
=>
"application/x-bittorrent"
,
".dvi"
=>
"application/x-dvi"
,
".gz"
=>
"application/x-gzip"
,
".pac"
=>
"application/x-ns-proxy-autoconfig"
,
".swf"
=>
"application/x-shockwave-flash"
,
".tar.gz"
=>
"application/x-tgz"
,
".tgz"
=>
"application/x-tgz"
,
".tar"
=>
"application/x-tar"
,
".zip"
=>
"application/zip"
,
".mp3"
=>
"audio/mpeg"
,
".m3u"
=>
"audio/x-mpegurl"
,
".wma"
=>
"audio/x-ms-wma"
,
".wax"
=>
"audio/x-ms-wax"
,
".ogg"
=>
"application/ogg"
,
".wav"
=>
"audio/x-wav"
,
".gif"
=>
"image/gif"
,
".jpg"
=>
"image/jpeg"
,
".jpeg"
=>
"image/jpeg"
,
".png"
=>
"image/png"
,
".xbm"
=>
"image/x-xbitmap"
,
".xpm"
=>
"image/x-xpixmap"
,
".xwd"
=>
"image/x-xwindowdump"
,
".css"
=>
"text/css"
,
".html"
=>
"text/html"
,
".htm"
=>
"text/html"
,
".js"
=>
"text/javascript"
,
".asc"
=>
"text/plain"
,
".c"
=>
"text/plain"
,
".cpp"
=>
"text/plain"
,
".log"
=>
"text/plain"
,
".conf"
=>
"text/plain"
,
".text"
=>
"text/plain"
,
".txt"
=>
"text/plain"
,
".dtd"
=>
"text/xml"
,
".xml"
=>
"text/xml"
,
".mpeg"
=>
"video/mpeg"
,
".mpg"
=>
"video/mpeg"
,
".mov"
=>
"video/quicktime"
,
".qt"
=>
"video/quicktime"
,
".avi"
=>
"video/x-msvideo"
,
".asf"
=>
"video/x-ms-asf"
,
".asx"
=>
"video/x-ms-asf"
,
".wmv"
=>
"video/x-ms-wmv"
,
".bz2"
=>
"application/x-bzip"
,
".tbz"
=>
"application/x-bzip-compressed-tar"
,
".tar.bz2"
=>
"application/x-bzip-compressed-tar"
)
#
#######################################################
### Captive Portal lighttpd.conf END
#######################################################
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment