-
Notifications
You must be signed in to change notification settings - Fork 267
/
yaws.conf.5
813 lines (634 loc) · 25.1 KB
/
yaws.conf.5
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
.TH YAWS.CONF "5" "" "" "User Commands"
.SH NAME
/etc/yaws/yaws.conf \- Configuration file for the yaws webserver
.SH DESCRIPTION
.\" Add any additional description here
.PP
Yaws is fast lightweight webserver. It reads a configuration file called
yaws.conf to control its operations. The configuration contains two distinct
parts a global part which affects all the virtual hosts and a server part
where options for each virtual host is supplied.
.SH GLOBAL PART
.TP
\fBlogdir = Directory\fR
All yaws logs will be written to files in this directory. There are several
different log files written by yaws.
.br
\fBreport.log\fR - this is a text file that contains all error logger
printouts from yaws.
.br
\fBHost.access\fR - for each virtual host served by yaws, a file Host.access
will be written which contains an access log in Common Log Format.
.br
\fBtrace.http\fR - this file contains the HTTP trace if that is enabled
.br
\fBauth.log\fR - If configured, all http auth related messages
goes here.
.br
\fBtrace.traffic\fR - this file contains the traffic trace if that is enabled
The default value for logdir is "."
.TP
\fB ebin_dir = Directory\fR
This directive adds Directory to the erlang search path. It is possible to
have several of these command in the configuration file. The default value
is "yaws_dir"/examples/ebin
.TP
\fB id = String\fR
It is possible run multiple yaws servers on the same machine. We use the
id of a yaws server to control it using the different ctl commands such
as:
.nf
# /usr/local/bin/yaws --id foobar --stop
.fi
To stop the Yaws server with id "foobar". Each Yaws server will write
its internals data into a file called $HOME/.yaws/yaws/ID where ID the
identity of the server. Yaws also creates a file called
${VARDIR}/run/yaws/ctl-${ID} which contain the portnumber where the server is
listening for control commands. The default id is "default"
.TP
\fB include_dir = Directory\fR
This directive adds Directory to the path of directories where the erlang
compiler seraches for include files. We need to use this if we want to
include .hrl files in our yaws erlang code. The default value is
"yaws_dir"/examples/include.
.TP
\fB max_num_cached_files = Integer\fR
Yaws will cache small files such as commonly accessed GIF images in RAM.
This directive sets a maximum number on the number of cached files.
The default value is 400.
.TP
\fB max_num_cached_bytes = Integer\fR
This directive controls the total amount of RAM which can maximally be
used for cached RAM files. The default value is 1000000, 1 megabyte.
.TP
\fB max_size_cached_file = Integer\fR
This directive sets a maximum size on the files that are RAM cached by yaws.
The default value i 8000, 8 kBytes.
.TP
\fB cache_refresh_secs = Integer\fR
The RAM cache is used to serve pages that sit in the cache. An entry sits in
cache at most cache_refresh_secs number of seconds. The default is 30. This means that when the content is updated under the docroot, that change doesn't show
until 30 seconds have passed. While developing a yaws site,
it may be convenient to set this value to 0. If the debug flag (-d) is passed
to the yaws start script, this value is automatically set to 0.
.TP
\fBtrace = false | traffic | http\fR
This enables traffic or http tracing. Tracing is also possible to enable with
a command line flag to yaws. Default is false.
.TP
\fB auth_log = true | false\fR
Enable or disable the auth log. Default is true.
.TP
\fB max_connections = nolimit | <int>\fR
Set this value to control the maximum number of connections
from HTTP clients into the server. This is implemented by closing
the last socket if the limit threshold is reached.
.TP
\fB log_wrap_size = Integer\fR
The logs written by yaws are all wrap logs, the default value at the
size where they wrap around and the original gets renamed to File.old
is 1000000, 1 megabyte. This value can changed.
If we set the value to \fI0\fR the logs will never wrap. If we want to use
Yaws in combination with a more traditional log wrapper such as
logrotate, set the size to \fI0\fR and Yaws will reopen the logfiles
once they have be renamed/removed.
.TP
\fBlog_resolve_hostname = true | false\fR
By default the client host IP is not resolved in the access logs.
.TP
\fBfail_on_bind_err = true | false\fR
Fail completely or not if yaws fails to bind a listen socket
Default is true.
.TP
\fBenable_soap = true | false\fR
If true, a soap server will be started at startup of Yaws.
Default is false.
.TP
\fBsoap_srv_mods = [ListOfModuleSetting] \fR
If enable_soap is true, a startup yaws will invoke \fIyaws_soap_srv:setup()\fR
to setup modules set here.
ModuleSetting is either a triad like \fI<Mod, HandlerFunc, WsdlFile>\fR
or a quadruple form like \fI<Mod, HandlerFunc, WsdlFile, Prefix>\fR which
specifies the \fIprefix\fR. A \fIprefix\fR will be used as argument of
\fIyaws_soap_lib:initModel()\fR and then be used as a XML namespace prefix.
Note, the \fIWsdlFile\fR here should be an absloute-path file
in local file systems.
For example, we can specify
soap_srv_mods=<Mod1, HandlerFunc, WsdlFile1><Mod2, HandlerFunc, WsdlFile2, SpecifiedPrefix>...
.TP
\fBphp_exe_path = Path\fR
The name of (and possibly path to) the php executable used to
interpret php scripts (if allowed). Default is
\fIphp_exe_path = php-cgi\fR.
.TP
\fB copy_error_log = true | false\fR
Enable or disable copying of the error log. When we run in
embedded mode, there may very well be some other systems process
that is responsible for writing the errorlog to a file whereas
when we run in normal standalone mode, we typically want the
erlang errorlog written to a report.log file.
Default value is true.
.TP
\fBrunmod = ModuleName \fR
At startup yaws will invoke \fIModuleName:start()\fR in a separate
process. It is possible to have several runmods.
This is useful if we want to reuse the yaws startup shell script
for our own application.
.TP
\fB pick_first_virthost_on_nomatch = true | false \fR
When Yaws gets a request, it extracts the Host: header from the
client request to choose a virtual server amongst all servers
with the same IP/Port pair.
This configuration parameter decides whether yaws should pick the
first (as defined in the yaws.conf file) if no name match or not.
In real live hosting scenarios we typically want this to be false
whereas in testing/development scenarios it may be convenient to
set it to true. Default is true.
.TP
\fB use_fdsrv = true | false \fR
This feature makes it possible to bind to ports < 1024 even when
we're not running as root. It requires the Jungerl package called fd_server
to be properly installed. The feature doesn't work with SSL. Default is false.
The use of fdsrv is not encouraged, see
http://yaws.hyber.org/privbind.yaws
.TP
\fB subconfig = File \fR
Load specified config file.
.TP
\fB subconfigdir = Directory \fR
Load all config file in specified directory.
.SH SERVER PART
Yaws can virthost several webservers on the same ip address as well
as several webservers on different ip addresses. This includes SSL servers.
.pp
Each virtual host is defined within a matching pair of \fB<server ServerName>\fR
and \fB</server>\fR. The ServerName will be the name of the webserver.
.pp
The following directives are allowed inside a server definition.
.TP
\fBport = Port \fR
This makes the server listen on Port. Default is 8000.
.TP
\fBlisten = IpAddress\fR
This makes the server listen on IpAddress
When virthosting several servers on the same ip/port address, if the
browser doesn't send a Host: field, yaws will pick the \fIfirst\fR
server specified in the config file.
If the specified ip address is 0.0.0.0 yaws will listen on all local IP
addresses on the specified port. Default is 0.0.0.0.
.TP
\fBlisten_backlog = Integer\fR
This sets the TCP listen backlog for the server to define the maximum
length the queue of pending connections may grow to. The default is
the same as the default provided by \fIgen_tcp:listen/2\fR, which is 5.
.TP
\fBrhost = Host[:Port] \fR
This forces all local redirects issued by the server to go to Host.
This is useful when yaws listens to a port which is different from
the port that the user connects to. For example, running yaws as a
non-privileged user makes it impossible to listen to port 80, since
that port can only be opened by a privileged user. Instead yaws
listens to a high port number port, 8000, and iptables are used to
redirect traffic to port 80 to port 8000 (most NAT:ing firewalls
will also do this for you).
.TP
\fBrscheme = http | https \fR
This forces all local redirects issued by the server to use this
method. This is useful when an SSL off-loader, or stunnel, is used in
front of yaws.
.TP
\fBaccess_log = true | false\fR
Setting this directive to false turns of traffic logging for this
virtual server. The default value is true.
.TP
\fBdir_listings = true | true_nozip | false\fR
Setting this directive to false disallows the automatic
dir listing feature of Yaws. A status code 403 Forbidden will be sent.
Set to true_nozip to avoid the auto-generated all.zip entries. Default is false.
.TP
\fBextra_cgi_vars = .....\fR
Add additional CGI or FastCGI variables. For example:
.nf
<extra_cgi_vars dir='/path/to/some/scripts'>
var = val
...
</extra_cgi_vars>
.fi
.TP
\fBstatistics = true | false\fR
Turns on/off statistics gathering for a virtual server. Default is false.
.TP
\fBfcgi_app_server = Host:Port \fR
The hostname and TCP port number of the FastCGI aplication server.
The TCP port number is not optional.
There is no default value.
.TP
\fBfcgi_trace_protocol = true | false \fR
Enable or disable tracing of FastCGI protocol messages as info
log messages.
Disabled by default.
.TP
\fBfcgi_log_app_error = true | false \fR
Enable or disable logging of application error messages: output
to stderr and non-zero exit value.
Disabled by default.
.TP
\fBdeflate = true | false\fR
Turns on or off deflate compression for a server. Default is false.
.TP
\fB docroot = Directory ...\fR
This makes the server serve all its content from Directory.
It is possible to pass a space separated list of directories as
docroot. If this is the case, the various directories will be searched in
order for the requested file. This also works with the ssi
and yssi constructs where the full list of directories will be searched
for files to ssi/yssi include.
.TP
\fBpartial_post_size = Integer\fR
When a yaws file receives large POSTs, the amount of data received
in each chunk is determined by the this parameter.
The deafult value is 10240.
.TP
\fBdav = true | false\fR
Turns on the DAV protocol for this server. The dav support
in yaws is highly limited. If dav is turned on, .yaws processing
of .yaws pages is turned off. Default is false.
.TP
\fBtilde_expand = true|false \fR
If this value is set to false yaws will never
do tilde expansion. The default is false. tilde_expansion is the
mechanism whereby a URL on the form http://www.foo.com/~username
is changed into a request where the docroot for that
particular request is set to the directory ~username/public_html/
Default is false.
.TP
\fBallowed_scripts = [ListOfSuffixes]\fR
The allowed script types for this server. Recognized are `yaws',
`cgi', `fcgi', `php'. Default is \fIallowed_scripts = [yaws,php,cgi,fcgi]\fR.
Note: for fcgi scripts, the FastCGI application server is only
called if a local file with the .fcgi extension exists. However,
the contents of the local .fcgi file are ignored.
.TP
\fBtilde_allowed_scripts = [ListOfSuffixes]\fR
The allowed script types for this server when executing files in
a users public_html folder Recognized are `yaws',
`cgi', `fcgi', `php'. Default is \fItilde_allowed_scripts = []\fR.
.TP
\fBappmods = [ListOfModuleNames]\fR
If any the names in ListOfModuleNames appear as components in the
path for a request, the path request parsing will terminate and
that module will be called. There is also an alternate syntax for
specifying the appmods if we don't want our internal erlang module
names to be exposed in the URL paths.
We can specify
appmods = <Path1, Module1> <Path2, Modules2> ...
Assume for example that we have
the URL http://www.hyber.org/myapp/foo/bar/baz?user=joe
while we have the module foo defined as an appmod, the
function foo:out(Arg) will be invoked
instead of searching the filesystems below the point foo.
The Arg argument will have the missing path part supplied in its
appmoddata field.
It is also possible to exclude certain directories from appmod
processing. This is particulaly interesting for '/' appmods.
Here is an example:
appmods = </, myapp exclude_paths icons js top/static>
The above configuration will invoke the 'myapp' erlang module on everything
except any file found in directories, 'icons', 'js' and 'top/static'
relative to the docroot.
.TP
\fBerrormod_404 = Module\fR
It is possible to set a special module that handles 404 Not Found messages.
The function \fIModule:out404(Arg, GC, SC)\fR will be invoked. The arguments are
Arg is a #arg{} record
GC is a #gconf{} record (defined in yaws.hrl)
SC is a #sconf{} record (defined in yaws.hrl)
The function can and must do the same things that a normal \fIout/1\fR does.
.TP
\fBerrormod_401 = Module\fR
It is possible to set a special module that handles
401 Unauthorized messages. This can for example be used
to display a login page instead.
The function \fIModule:out401(Arg)\fR will
be invoked. The arguments are
Arg is a #arg{} record
The function can and must do the same things that a normal \fIout/1\fR does.
.TP
\fBerrormod_crash = Module\fR
It is possible to set a special module that handles
the HTML generation of server crash messages. The default
is to display the entire formated crash message in the
browser. This is good for debugging but not in production.
The function \fIModule:crashmsg(Arg, SC, Str)\fR will be
called. The \fIStr\fR is the real crash message formated as a string.
The function must return, \fI{content,MimeType,Cont}\fR or
\fI{html, Str}\fR or \fI{ehtml, Term}\fR. That data will be shipped
to the client.
.TP
\fBarg_rewrite_mod = Module\fR
It is possible to install a module that rewrites all the
Arg #arg{} records at an early stage in the yaws server.
This can be used to do various things such as checking a cookie,
rewriting paths etc.
.TP
\fBstart_mod = Module\fR
Defines a user provided callback module.
At startup of the server, Module:start/1 will be called.
The #sconf{} record (defined in yaws.hrl) will be used
as the input argument. This makes it possible for a user
application to syncronize the startup with the yaws server
as well as getting hold of user specific configuration data,
see the explanation for the <opaque> context.
.TP
\fBrevproxy = Prefix Url\fR
Make yaws a reverse proxy. The Prefix is a path inside our own docroot
and the Url argument is an url pointing to a website we want to "mount"
under the path which is Prefix.
Example: revproxy = /tmp/foo http://yaws.hyber.org
Makes the hyber website appear under /tmp/foo
It is possible to have multiple reverse proxies inside the same server.
WARNING, this feature is yet not in production quality.
.TP
\fBfwdproxy = true|false \fR
Make yaws a forward proxy. By enabling this option you can use yaws
as a proxy for outgoing web traffic, typically by configuring the proxy
settings in a web-browser to explicitly target yaws as its proxy server.
WARNING, this feature is yet not in production quality.
.TP
\fBservername = Name\fR
If we're virthosting everal servers and want to force a server
to match specific Host: headers we can do this with the "servername"
directive. This name doesn't necessarily have to be the same as the
the name inside <server Name> in certain NAT scenarios. Rarely used feature.
.TP
\fB <ssl> .... </ssl> \fR
This begins and ends an SSL configuration for this server.
It's possible to virthost several SSL servers on the same IP
given that they all share the same certificate configuration.
In general it is complicated to virthost several SSL servers on
the same IP address since the certificate is typically
bound to a domainname in the common name part of the certificate.
One solution (the only?) to this problem is to have a certificate
with multiple subjectAltNames. See
http://wiki.cacert.org/VhostTaskForce#Interoperability_Test
.TP
\fB keyfile = File\fR
Specifies which file contains the private key for the certificate.
If not specified then the certificate file will be used.
.TP
\fB certfile = File\fR
Specifies which file contains the certificate for the server.
.TP
\fB cacertfile = File\fR
A file containing trusted certificates to use during client authentication
and to use when attempting to build the server certificate chain.
The list is also used in the list of acceptable client CAs passed to
the client when a certificate is requested.
.TP
\fB verify = 1 | 2 | 3\fR
Specifies the level of verification the server does on client certs.
1 means nothing, 2 means the the server will ask the client for a cert but
not fail if the client doesn't supply a client cert, 3 means that the server
requires the client to supply a client cert.
.TP
\fB depth = Int\fR
Specifies the depth of certificate chains the server is prepared to follow
when verifying client certs.
.TP
\fB password = String\fR
String If the private key is encrypted on disc, this password is the
3des key to decrypt it.
.TP
\fB ciphers = String\fR
This string specifies the ssl cipher string. The syntax of the ssl cipher
string is a little horrible sublanguage of its own. It is documented in the
ssl man page for "ciphers".
.TP
\fB </ssl> \fR
Ends an SSL definition
.TP
\fB<redirect> ... </redirect>\fR
Defines a redirect mapping. The following items are allowed
within a matching pair of <redirect> and </redirect> delimiters.
We can have a series of
\fB Path = URL\fR or
\fB Path = file\fR
All accesses to Path will be redirected to URL/Path or alternatively
to scheme:host:port/file/Path if a file is used. Note that the original
path is appended to the redirected url. So if we for example have:
.nf
<redirect>
/foo = http://www.mysite.org/zapp
/bar = /tomato.html
</redirect>
.fi
Asumming this config resides on a site called http://abc.com,
We have the following redirects:
http://abc.com/foo -> http://www.mysite.org/zapp/foo
http://abc.com/foo/test -> http://www.mysite.org/zapp/foo/test
http://abc.com/bar -> http://abc.com/bar
http://abc.com/bar/x/y/z -> http://abc.com/bar/x/y/z
Sometimes we do not want to have the original path
appended to the redirected path. To get that behaviour we
specify the config with '==' instead of '='.
<redirect>
/foo == http://www.mysite.org/zapp
/bar = /tomato.html
</redirect>
Now a request for http://abc.com/foo/x/y/z simply gets redirected
to http://www.mysite.org/zapp. This is typically used when we simply
want a static redirect at some place in the docroot.
When we specify a file as target for the redirect, the redir will
be to the current http(s) server.
.TP
\fB<auth> ... </auth>\fR
Defines an auth structure. The following items are allowed
within a matching pair of <auth> and </auth> delimiters.
.TP
\fBdir = Dir\fR
Makes Dir to be controlled bu WWW-authenticate headers. In order for
a user to have access to WWW-Authenticate controled directory, the user
must supply a password. The Dir must be specified relative to the docroot.
.TP
\fBrealm = Realm\fR
In the directory defined here, the WWW-Authenticate Realm is set to
this value.
.TP
\fBauthmod = AuthMod\fR
If an auth module is defined then AuthMod:auth(Arg, Auth) will
be called for all access to the directory. The auth/2 function
should return one of: true, false, {false, Realm}, {appmod, Mod}.
If {appmod, Mod} is returned then a call to Mod:out(Arg) will
be used to deliver the content.
This can, for example, be used to implement cookie authentication.
The auth() callback would check if a valid cookie header is present,
if not it would return {appmod, ?MODULE} and the out/1 function
in the same module would return {redirect_local, "/login.html"}.
.TP
\fBuser = User:Password\fR
Inside this directory, the user User has access if the user supplies
the password Password in the popup dialogue presented by the browser.
We can obviously have several of these value inside a single <auth> </auth>
pair.
The usage of User:Password in the actual config file is deprecated
as of release 1.51. It is prefered to have the users in a file called
\fI.yaws_auth\fR in the actual directory. The .yaws_auth file has to be
file parseable by \fIfile:consult/1\fR
Each row of the file must contain terms on the form
.nf
{User, Password}.
.fi
Where both User and Password should be strings.
The .yaws_auth file mechanism is not (yet) recursive. Thus
any subdirectories to Dir are not automatically also protected.
The .yaws_auth file is never visible in a dir listing
.TP
\fBpam service = \fIpam-service\fR \fR
If the item \fBpam\fR is part of the auth structure,
Yaws will also try to authenticate the user using "pam" using
the pam \fIservice\fR indicated. Usual services are typically found
under /etc/pam.d. Usual values are "system-auth" etc.
pam authentication is performed by an Erlang port program which is
typically installed as suid root by the yaws install script.
.TP
\fB</auth>\fR
Ends an auth definition
.TP
\fB <opaque> .... </opaque> \fR
This begins and ends an opaque configuration context for this server,
where 'Key = Value' directives can be specified. These directives are
ignored by yaws (hence the name opaque), but can be accessed as a list
of tuples \fI{Key,Value}\fR stored in the #sconf.opaque record entry. See also
the description of the \fIstart_mod\fR directive.
This mechanism can be used to pass data from a surrounding application
into the individual .yaws pages.
.SH EXAMPLES
The following example defines a single server on port 80.
.nf
logdir = /var/log/yaws
<server www.mydomain.org>
port = 80
listen = 192.168.128.31
docroot = /var/yaws/www
</server>
.fi
.pp
And this example shows a similar setup but two webservers on the same ip address
.nf
logdir = /var/log/yaws
<server www.mydomain.org>
port = 80
listen = 192.168.128.31
docroot = /var/yaws/www
</server>
<server www.funky.org>
port = 80
listen = 192.168.128.31
docroot = /var/yaws/www_funky_org
</server>
.fi
.nf
An example with www-authenticate and no access logging at all.
logdir = /var/log/yaws
<server www.mydomain.org>
port = 80
listen = 192.168.128.31
docroot = /var/yaws/www
access_log = false
<auth>
dir = secret/dir1
realm = foobar
user = jonny:verysecretpwd
user = benny:thequestion
user = ronny:havinganamethatendswithy
</auth>
</server>
.fi
.nf
An example specifying a user defined module to be called
at startup, as well as some user specific configuration.
<server www.funky.org>
port = 80
listen = 192.168.128.31
docroot = /var/yaws/www_funky_org
start_mod = btt
<opaque>
mydbdir = /tmp
mylogdir = /tmp/log
</opaque>
</server>
.fi
An example specifying the GSSAPI/SPNEGO module (authmod_gssapi) to be
used for authentication. This module requires egssapi version 0.1~pre2
or later available at http://www.hem.za.org/egssapi/.
The Kerberos5 keytab is specified as 'keytab = File' directive in
opaque. This keytab should contain the keys of the HTTP service
principal, 'HTTP/www.funky.org' in this example.
.nf
<server www.funky.org>
port = 80
listen = 192.168.128.31
docroot = /var/yaws/www_funky_org
start_mod = authmod_gssapi
<auth>
authmod = authmod_gssapi
dir = secret/dir1
</auth>
<opaque>
keytab = /etc/yaws/http.keytab
</opaque>
</server>
.fi
And finally a sligthly more complex example
with two servers on the same ip, and one ssl server on a
different ip.
When there are more than one server on the same IP, and they have different
names the server must be able to choose one of them if the client
doesn't send a Host: header. yaws will choose the first one defined in the
conf file.
.nf
logdir = /var/log/yaws
max_num_cached_files = 8000
max_num_cached_bytes = 6000000
<server www.mydomain.org>
port = 80
listen = 192.168.128.31
docroot = /var/yaws/www
</server>
<server www.funky.org>
port = 80
listen = 192.168.128.31
docroot = /var/yaws/www_funky_org
</server>
<server www.funky.org>
port = 443
listen = 192.168.128.32
docroot = /var/yaws/www_funky_org
<ssl>
keyfile = /etc/funky.key
certfile = /etc/funky.cert
password = gazonk
</ssl>
</server>
.fi
Finally an example with virtual directories, vdirs.
.nf
<server server.domain>
port = 80
listen = 192.168.128.31
docroot = /var/yaws/www
arg_rewrite_mod = yaws_vdir
<opaque>
vdir = "/virtual1/ /usr/local/somewhere/notrelated/to/main/docroot"
vdir = "/myapp/ /some/other/path can include/spaces"
vdir = "/icons/ /usr/local/www/yaws/icons"
</opaque>
</server>
.fi
The first defined vdir can then be accessed at or under
http://server.domain/virtual1/ or http://server.domain/virtual1
.SH AUTHOR
Written by Claes Wikstrom
.SH "SEE ALSO"
.BR yaws (1)
.BR erl (1)