Move lighttpd files to simpleadmin

-Set admin as the username -Gave sshd it's own function
2024-04-13 00:43:52 -04:00
parent 47ebc2a5ab
commit 9579e75ab3
3 changed files with 45 additions and 42 deletions
--- a/simpleadmin/lighttpd.conf
+++ b/simpleadmin/lighttpd.conf
@@ -0,0 +1,47 @@
+server.modules = (
+    "mod_redirect",
+    "mod_cgi",
+    "mod_proxy",
+    "mod_openssl",
+    "mod_authn_file",
+)
+
+server.username = "nobody"
+server.groupname = "dialout"
+
+server.port = 80
+server.document-root = "/usrdata/simpleadmin/www"
+index-file.names = ( "index.html" )
+
+auth.backend = "htpasswd"
+auth.backend.htpasswd.userfile = "/usrdata/simpleadmin/.htpasswd"
+
+$SERVER["socket"] == "0.0.0.0:443" {
+    ssl.engine = "enable"
+    ssl.privkey= "/usrdata/simpleadmin/server.key"
+    ssl.pemfile= "/usrdata/simpleadmin/server.crt"
+    ssl.acme-tls-1 = "/etc/simpleadmin/dehydrated/tls-alpn-01"
+    ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1.2") # (lighttpd 1.4.56 default; recommended to accept only TLSv1.2 and TLSv1.3)
+    auth.require = ( "/" => (
+      "method" => "basic",
+      "realm" => "Authorized users only",
+      "require" => "valid-user"
+      )
+    )
+}
+
+# Redirect everything to https
+$HTTP["scheme"] == "http" {
+    url.redirect = ("" => "https://${url.authority}${url.path}${qsa}")
+}
+
+# Anything in /cgi-bin will be run as a script
+$HTTP["url"] =~ "/cgi-bin/" {
+    cgi.assign = ( "" => "" )
+}
+
+# Handle proxy to ttyd if it's running
+$HTTP["url"] =~ "(^/console)" {
+  proxy.header = ("map-urlpath" => ( "/console" => "/" ), "upgrade" => "enable" )
+  proxy.server  = ( "" => ("" => ( "host" => "127.0.0.1", "port" => 8080 )))
+}