Skip to content
This repository
Fetching contributors…

Cannot retrieve contributors at this time

file 1499 lines (1216 sloc) 51.678 kb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 1423 1424 1425 1426 1427 1428 1429 1430 1431 1432 1433 1434 1435 1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 1456 1457 1458 1459 1460 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 1471 1472 1473 1474 1475 1476 1477 1478 1479 1480 1481 1482 1483 1484 1485 1486 1487 1488 1489 1490 1491 1492 1493 1494 1495 1496 1497 1498 1499
.TH YAWS.CONF "5" "" "" "User Commands" -*- nroff -*-
.SH NAME
/etc/yaws/yaws.conf \- Configuration file for the Yaws web server
.SH DESCRIPTION
.\" Add any additional description here
.PP
Yaws is fast lightweight web server. It reads a configuration file called
yaws.conf to control its operations. The configuration contains two distinct
parts a global part which affects all the virtual hosts and a server part where
options for each virtual host is supplied.

.SH GLOBAL PART

.TP
\fBlogdir = [+]Directory\fR
All Yaws logs will be written to files in this directory. If specified with
\fB+\fR, Yaws will attempt to create the directory if it does not exist. There
are several different log files written by Yaws:

\fBreport.log\fR - this is a text file that contains all error logger printouts
from Yaws.

\fB<Host>.access\fR - for each virtual host served by Yaws, a file <Host>.access
will be written which contains an access log in Common Log Format. (See
http://en.wikipedia.org/wiki/Common_Log_Format for more details on Common Log
Format.)

\fB<Host>.auth\fR - for each virtual host served by Yaws, a file <Host>.auth
will be written which contains all http auth related messages.

\fBtrace_<YYYYMMDD_hhmmss>\fR - Trace files are written in this subdirectory,
suffixed by the creation date.

.RS 12
\fBtrace.<Pid>.http\fR - this file contains the HTTP trace if that is enabled,
where <Pid> is the process id handling the TCP connection.

\fBtrace.<Pid>.traffic\fR - this file contains the traffic trace if that is
enabled, where <Pid> is the process id handling the TCP connection.
.RE

.IP
Note that <Host>.access and <Host>.auth files will be used only if the directive
\fBlogger_mod\fR is not set or set to yaws_log. The default value for logdir is
\fI"."\fR

.TP
\fBebin_dir = Directory\fR
This directive adds Directory to the Erlang search path. It is possible to have
several of these commands in the configuration file. The default value is
\fI"yaws_dir"/examples/ebin\fR

.TP
\fBsrc_dir = Directory\fR
This directive defines a Directory as a \fIsource\fR directory. Yaws will
compile all erlang modules found in this directory and all its
subdirectories. The compilation occurs when the configuration is loaded or
reloaded. The \fBinclude_dir\fR directives are used to search for includes
files. Multiple \fBsrc_dir\fR directives may be used. There is no such directory
configured by default.


.TP
\fBid = String\fR
It is possible run multiple Yaws servers on the same machine. We use the id of a
Yaws server to control it using the different control commands such as:

.nf
  # /usr/local/bin/yaws --id foobar --stop
.fi

To stop the Yaws server with id "foobar". Each Yaws server will write its
internals data into a file called $HOME/.yaws/yaws/ID where ID is the identity
of the server. Yaws also creates a file called $HOME/.yaws/yaws/ID/CTL
which contain the port number where the server is listening for control
commands. The default id is \fI"default"\fR.

.TP
\fBserver_signature = String\fR
This directive sets the "Server: " output header to the custom value. The
default value is \fI"yaws/%VSN%, Yet Another Web Server"\fR.

.TP
\fBinclude_dir = Directory\fR
This directive adds Directory to the path of directories where the Erlang
compiler searches for include files. We need to use this if we want to
include .hrl files in our Yaws Erlang code. It is possible to have several of
these commands in the configuration file. The default value is
\fI"yaws_dir"/examples/include\fR.

.TP
\fBmax_num_cached_files = Integer\fR
Yaws will cache small files such as commonly accessed GIF images in RAM. This
directive sets a maximum number on the number of cached files. The default
value is \fI400\fR.

.TP
\fBmax_num_cached_bytes = Integer\fR
This directive controls the total amount of RAM which can maximally be used for
cached RAM files. The default value is \fI1000000\fR, 1 megabyte.

.TP
\fBmax_size_cached_file = Integer\fR
This directive sets a maximum size on the files that are RAM cached by Yaws.
The default value is \fI8000\fR, 8 kBytes.

.TP
\fBcache_refresh_secs = Integer\fR
The RAM cache is used to serve pages that sit in the cache. An entry sits in
cache at most cache_refresh_secs number of seconds. The default is
\fI30\fR. This means that when the content is updated under the docroot, that
change doesn't show until 30 seconds have passed. While developing a Yaws site,
it may be convenient to set this value to 0. If the debug flag (-d) is passed to
the Yaws start script, this value is automatically set to 0.

.TP
\fBtrace = false | traffic | http\fR
This enables traffic or http tracing. Tracing is also possible to enable with a
command line flag to Yaws. Default is \fIfalse\fR.

.TP
\fBuse_old_ssl = true | false\fR
This re-enables the old OTP SSL implementation. By default we use the new SSL
implementation.

.TP
\fBauth_log = true | false\fR
\fBDeprecated and ignored. Now, this target must be set in server part.\fR

.TP
\fBmax_connections = nolimit | Integer\fR
Set this value to control the maximum number of connections from HTTP clients
into the server. This is implemented by closing the last socket if the limit
threshold is reached.

.TP
\fBkeepalive_maxuses = nolimit | Integer\fR
Normally, Yaws does not restrict the number of times a connection is kept alive
using keepalive. Setting this parameter to an integer X will ensure that
connections are closed once they have been used X times. This can be a useful
to guard against long running connections collecting too much garbage in the
Erlang VM.

.TP
\fBprocess_options = undefined | Proplist\fR
Set process spawn options for client acceptor processes. Options must be
specified as a quoted string of either the atom \fIundefined\fR or as a proplist
of valid process options. The supported options are \fIfullsweep_after\fR,
\fImin_heap_size\fR, and \fImin_bin_vheap_size\fR, each taking an associated
integer value. Other process options are ignored. The proplist may also be
empty. See \fBerlang:spawn_opt/4\fR for details on these options.

.TP
\fBlarge_file_chunk_size = Integer\fR
Set the chunk size used by Yaws to send large files when sendfile is not
supported or disabled. The default value is \fI10240\fR.

.TP
\fBlarge_file_sendfile = erlang | yaws | disable\fR
Set the version of sendfile method to use to send large files (if supported):

\fBerlang\fR - use \fIfile:sendfile/5\fR, if supported.

\fByaws\fR - use Yaws sendfile linked-in driver, if supported.

\fBdisable\fR - do not use any sendfile method, but \fIgen_tcp:send/2\fR.

The default value is \fIyaws\fR.

.TP
\fBacceptor_pool_size = Integer\fR
Set the size of the pool of cached acceptor processes. The specified value must
be greater than or equal to 0. The default value is \fI8\fR. Specifying a value
of 0 effectively disables the process pool.

.TP
\fBlog_wrap_size = Integer\fR
The logs written by Yaws are all wrap logs, the default value at the size where
they wrap around and the original gets renamed to File.old is \fI1000000\fR, 1
megabyte. This value can be changed.
.br
If we set the value to 0 the logs will never wrap. If we want to use Yaws in
combination with a more traditional log wrapper such as logrotate, set the size
to 0 and Yaws will reopen the logfiles once they have be renamed/removed.

.TP
\fBlog_resolve_hostname = true | false\fR
By default the client host IP is not resolved in the access logs.


.TP
\fBfail_on_bind_err = true | false\fR
Fail completely or not if Yaws fails to bind a listen socket Default is
\fItrue\fR.

.TP
\fBenable_soap = true | false\fR
If true, a soap server will be started at startup of Yaws. Default is
\fIfalse\fR.

.TP
\fBsoap_srv_mods = ListOfModuleSetting\fR
If enable_soap is true, a startup Yaws will invoke \fIyaws_soap_srv:setup()\fR
to setup modules set here. ModuleSetting is either a triad like \fI<Mod,
HandlerFunc, WsdlFile>\fR or a quadruple form like \fI<Mod, HandlerFunc,
WsdlFile, Prefix>\fR which specifies the \fIprefix\fR. A \fIprefix\fR will be
used as argument of \fIyaws_soap_lib:initModel()\fR and then be used as a XML
namespace prefix. Note, the \fIWsdlFile\fR here should be an absolute-path file
in local file systems.

For example, we can specify

.nf
  soap_srv_mods=<Mod1, Handler, Wsdl1> <Mod2, Handler, Wsdl2, Prefix> ...
.fi

.TP
\fBphp_exe_path = Path\fR
\fBthis target is deprecated and useless. use 'php_handler' target in server
part instead.\fR
.br
The name of (and possibly path to) the php executable used to interpret php
scripts (if allowed). Default is \fIphp_exe_path = php-cgi\fR.

.TP
\fBcopy_error_log = true | false\fR
Enable or disable copying of the error log. When we run in embedded mode, there
may very well be some other systems process that is responsible for writing the
errorlog to a file whereas when we run in normal standalone mode, we typically
want the Erlang errorlog written to a report.log file. Default value is
\fItrue\fR.

.TP
\fBysession_mod = Module\fR
Allows to specify a different Yaws session storage mechanism instead of an ETS
table. One of the drawbacks of the default yaws_session_server implementation is
that server side cookies are lost when the server restarts. Specifying a
different module here will pass all writes/read operations to this module (it
must implements appropriate callbacks).

.TP
\fBrunmod = ModuleName\fR
At startup Yaws will invoke \fIModuleName:start()\fR in a separate process. It
is possible to have several runmods. This is useful if we want to reuse the
Yaws startup shell script for our own application.

.TP
\fBpick_first_virthost_on_nomatch = true | false\fR
When Yaws gets a request, it extracts the Host: header from the client request
to choose a virtual server amongst all servers with the same IP/Port pair. This
configuration parameter decides whether Yaws should pick the first (as defined
in the yaws.conf file) if no name match or not. In real live hosting scenarios
we typically want this to be false whereas in testing/development scenarios it
may be convenient to set it to true. Default is \fItrue\fR.

.TP
\fBkeepalive_timeout = TimeInMilliseconds | infinity\fR
If the HTTP session will be kept alive (i.e., not immediately closed) it will
close after keepalive_timeout milliseconds unless a new request is received in
that time. The default value is \fI30000\fR. The value \fIinfinity\fR is legal
but not recommended.


.TP
\fBsubconfig = File\fR
Load specified config file. Absolute paths or relative ones to the configuration
location are allowed. Unix-style wildcard strings can be used to include several
files at once. See \fIfilelib:wildcard/1\fR for details. Hidden files, starting
by a dot, will be ignored. For example:

.nf
  subconfig = /etc/yaws/global.conf
  subconfig = /etc/yaws/vhosts/*.conf
.fi

Or, relatively to the configuration localtion:

.nf
  subconfig = global.conf
  subconfig = vhosts/*.conf
.fi

\fBWARNING: because of a bug in filelib:wildcard/2, wildcard strings are
forbidden for R15B03 and previous.\fR


.TP
\fBsubconfigdir = Directory\fR
Load all config files found in the specified directory. The given Directory can
be an absolute path or relative to the configuration location. Hidden files,
starting by a dot, will be ignored.

.TP
\fBx_forwarded_for_log_proxy_whitelist = ListOfUpstreamProxyServerIps\fR
\fBthis target is deprecated and will be ignored.\fR

.TP
\fBdefault_type = MimeType\fR
Defines the default MIME type to be used where Yaws cannot determine it by its
MIME types mappings. Default is \fItext/plain\fR.

.TP
\fBdefault_charset = Charset\fR
Defines the default charset to be added when a response content-type is
\fItext/*\fR. By default, no charset is added.

.TP
\fBmime_types_file = File\fR
Overrides the default \fImime.types\fR file included with Yaws. This file must
use the following format:

.nf
  # Lines beginning with a '#' or a whitespace are ignored
  # blank lines are also ignored
  <MIME type> <space separated file extensions>
.fi

The default file is located at \fI${PREFIX}/lib/yaws/priv/mime.types\fR. You
should not edit this file because it may be replaced when you upgrade your
server.

.TP
\fBadd_types = ListOfTypes\fR
Specifies one or more mappings between MIME types and file extensions. More than
one extension can be assigned to a MIME type. \fIListOfTypes\fR is defined as
follows:

.nf
  add_types = <MimeType1, Ext> <MimeType2, Ext1 Ext2 ...> ...
.fi

The mappings defined using this directive will overload all other
definitions. If a file extension is defined several times, only the last one is
kept. Multiple \fBadd_types\fR directives may be used.

.TP
\fBadd_charsets = ListOfCharsets\fR
Specifies one or more mappings between charsets and file extensions. More than
one extension can be assigned to a charset. \fIListOfCharsets\fR is defined as
follows:

.nf
  add_charsets = <Charset1, Ext> <Charset2, Ext1 Ext2 ...> ...
.fi

The mappings defined using this directive will overload all other
definitions. If a file extension is defined several times, only the last one is
kept. Multiple \fBadd_charsets\fR directives may be used.


.SH SERVER PART
Yaws can virthost several web servers on the same IP address as well as several
web servers on different IP addresses. This includes SSL servers.
.PP
Each virtual host is defined within a matching pair of \fB<server ServerName>\fR
and \fB</server>\fR. The ServerName will be the name of the webserver.

.PP
The following directives are allowed inside a server definition.
.TP
\fBport = Port\fR
This makes the server listen on Port. Default is \fI8000\fR.
.TP
\fBlisten = IpAddress\fR
This makes the server listen on IpAddress. When virthosting several servers on
the same ip/port address, if the browser doesn't send a Host: field, Yaws will
pick the \fIfirst\fR server specified in the config file. If the specified IP
address is 0.0.0.0 Yaws will listen on all local IP addresses on the specified
port. Default is \fI127.0.0.1\fR. Multiple \fBlisten\fR directives may be used to
specify several addresses to listen on.

.TP
\fBlisten_backlog = Integer\fR
This sets the TCP listen backlog for the server to define the maximum length the
queue of pending connections may grow to. The default is 1024.

.TP
\fB<listen_opts> ... </listen_opts>\fR
Defines extra options to be set on the listen socket and, by inheritance, on
accepted sockets. See \fIinet:setopts/2\fR for details. Supported options are:

\fBbuffer = Integer\fR (default: same as \fIinet:setopts/2\fR)

\fBdelay_send = true | false \fR (default: same as \fIinet:setopts/2\fR)

\fBlinger = Integer | false \fR (default: same as \fIinet:setopts/2\fR)

\fBnodelay = true | false \fR (default: same as \fIinet:setopts/2\fR)

\fBpriority = Integer\fR (default: same as \fIinet:setopts/2\fR)

\fBsndbuf = Integer\fR (default: same as \fIinet:setopts/2\fR)

\fBrecbuf = Integer\fR (default: same as \fIinet:setopts/2\fR)

\fBsend_timeout = Integer | infinity\fR (default: same as \fIinet:setopts/2\fR)

\fBsend_timeout_close = true | false \fR (default: same as \fIinet:setopts/2\fR)
.RE

.TP
\fBserver_signature = String\fR
This directive sets the "Server: " output header to the custom value and
overloads the global one for this virtual server.


.TP
\fBrhost = Host[:Port]\fR
This forces all local redirects issued by the server to go to Host. This is
useful when Yaws listens to a port which is different from the port that the
user connects to. For example, running Yaws as a non-privileged user makes it
impossible to listen to port 80, since that port can only be opened by a
privileged user. Instead Yaws listens to a high port number port, 8000, and
iptables are used to redirect traffic to port 80 to port 8000 (most NAT:ing
firewalls will also do this for you).

.TP
\fBrmethod = http | https\fR
This forces all local redirects issued by the server to use this method. This is
useful when an SSL off-loader, or stunnel, is used in front of Yaws.

.TP
\fBauth_log = true | false\fR
Enable or disable the auth log for this virtual server. Default is \fItrue\fR.

.TP
\fBaccess_log = true | false\fR
Setting this directive to false turns of traffic logging for this virtual
server. The default value is \fItrue\fR.

.TP
\fBlogger_mod = Module\fR
It is possible to set a special module that handles access and auth logging. The
default is to log all web server traffic to <Host>.access and <Host>.auth files
in the configured or default logdir.
.br
This module must implement the behaviour \fIyaws_logger\fR. Default value is
\fIyaws_log\fR.

The following functions should be exported:

\fBModule:open_log(ServerName, Type, LogDir)\fR
.RS 12
When Yaws is started, this function is called for this virtual server. If the
initialization is successful, the function must return \fI{true,State}\fR and if
an error occurred, it must return \fIfalse\fR.
.RE

.IP
\fBModule:close_log(ServerName, Type, State)\fR
.RS 12
This function is called for this virtual server when Yaws is stopped.
.RE

.IP
\fBModule:wrap_log(ServerName, Type, State, LogWrapSize)\fR
.RS 12
This function is used to rotate log files. It is regularly called by Yaws and
must return the possibly updated internal NewState.
.RE

.IP
\fBModule:write_log(ServerName, Type, State, Infos)\fR
.RS 12
When it needs to log a message, Yaws will call this function. The parameter
Infos is \fI{Ip,Req,InHdrs,OutHdrs,Time}\fR for an access log and
\fI{Ip,Path,Item}\fR for an auth log, where:

\fBIp\fR - IP address of the accessing client (as a tuple).

\fBReq\fR - the HTTP method, URI path, and HTTP version of the request (as a
#http_request{} record).

\fBInHdrs\fR - the HTTP headers which were received from the WWW client (as a
#headers{} record).

\fBOutHdrs\fR - the HTTP headers sent to the WWW client (as a #outh{} record)

\fBPath\fR - the URI path of the request (as a string).

\fBItem\fR - the result of an authentication request. May be \fI{ok,User}\fR,
\fI403\fR or \fI{401,Realm}\fR.

\fBTime\fR - The time taken to serve the request, in microseconds.
.RE

.IP
For all of these callbacks, \fBServerName\fR is the virtual server's name,
\fIType\fR is the atom access or auth and \fIState\fR is the internal state of
the logger.

.TP
\fBshaper = Module\fR
Defines a module to control access to this virtual server. Access can be
controlled based on the IP address of the client. It is also possible to
throttles HTTP requests based on the client's download rate. This module must
implement the behaviour \fIyaws_shaper\fR.

There is no such module configured by default.

.TP
\fBdir_listings = true | true_nozip | false\fR
Setting this directive to false disallows the automatic dir listing feature of
Yaws. A status code 403 Forbidden will be sent. Set to true_nozip to avoid the
auto-generated all.zip entries. Default is \fIfalse\fR.

.TP
\fBextra_cgi_vars = .....\fR
Add additional CGI or FastCGI variables. For example:

.nf
  <extra_cgi_vars dir='/path/to/some/scripts'>
    var = val
    \&...
  </extra_cgi_vars>
.fi

.TP
\fBstatistics = true | false\fR
Turns on/off statistics gathering for a virtual server. Default is \fIfalse\fR.

.TP
\fBfcgi_app_server = Host:Port\fR
The hostname and TCP port number of a FastCGI application server.
To specify an IPv6 address, put it inside square brackets (ex:
"[::1]:9000"). The TCP port number is not optional. There is no default
value.

.TP
\fBfcgi_trace_protocol = true | false\fR
Enable or disable tracing of FastCGI protocol messages as info log
messages. Disabled by default.

.TP
\fBfcgi_log_app_error = true | false\fR
Enable or disable logging of application error messages (output to stderr and
non-zero exit value). Disabled by default.

.TP
\fBdeflate = true | false\fR
Turns on or off deflate compression for a server. Default is \fIfalse\fR.


.TP
\fB<deflate> ... </deflate>\fR
This begins and ends the deflate compression configuration for this server. The
following items are allowed within a matching pair of <deflate> and </deflate>
delimiters.

\fBmin_compress_size = nolimit | Integer\fR
.RS 12
Defines the smallest response size that will be compressed. If nolimit is not
used, the specified value must be strictly positive. The default value is
\fInolimit\fR.
.RE

.IP
\fBcompress_level = none | default | best_compression | best_speed | 0..9\fR
.RS 12
Defines the compression level to be used. 0 (none), gives no compression at all,
1 (best_speed) gives best speed and 9 (best_compression) gives best
compression. The default value is \fIdefault\fR.
.RE

.IP
\fBwindow_size = 9..15\fR
.RS 12
Specifies the zlib compression window size. It should be in the range 9 through
15. Larger values of this parameter result in better compression at the expense
of memory usage. The default value is \fI15\fR.
.RE

.IP
\fBmem_level = 1..9\fR
.RS 12
Specifies how much memory should be allocated for the internal compression
state. \fImem_level=1\fR uses minimum memory but is slow and reduces compression
ratio; \fImem_level=9\fR uses maximum memory for optimal speed. The default
value is \fI8\fR.
.RE

.IP
\fBstrategy = default | filtered | huffman_only\fR
.RS 12
This parameter is used to tune the compression algorithm. See \fBzlib(3erl)\fR
for more details on the \fIstrategy\fR parameter. The default value is
\fIdefault\fR.
.RE

.IP
\fBuse_gzip_static = true | false\fR
.RS 12
If true, Yaws will try to serve precompressed versions of static files. It will
look for precompressed files in the same location as original files that end in
".gz". Only files that do not fit in the cache are concerned. The default value
is \fIfalse\fR.
.RE

.IP
\fBmime_types = ListOfTypes | defaults | all\fR
.RS 12
Restricts the deflate compression to particular MIME types. The special value
\fIall\fR enable it for all types (It is a synonym of `*/*'). MIME types into
\fIListOfTypes\fR must have the form `type/subtype' or `type/*' (indicating all
subtypes of that type). Here is an example:

.nf
  mime_types = default image/*
  mime_types = application/xml application/xhtml+xml application/rss+xml
.fi

By default, following MIME types are compressed (if
\fBdeflate\fR is set to true): \fItext/*, application/rtf, application/msword,
application/pdf, application/x-dvi, application/javascript,
application/x-javascript\fR. Multiple \fBmime_types\fR directive can be used.
.RE

.TP
\fBdocroot = Directory ...\fR
This makes the server serve all its content from Directory.
.br
It is possible to pass a space-separated list of directories as docroot. If this
is the case, the various directories will be searched in order for the requested
file. This also works with the ssi and yssi constructs where the full list of
directories will be searched for files to ssi/yssi include. Multiple docroot
directives can be used. You need at least one valid docroot, invalid docroots
are skipped with their associated auth structures.

.TP
\fBauth_skip_docroot = true | false\fR
If true, the docroot will not be searched for \fI.yaws_auth\fR files. This is
useful when the docroot is quite large and the time to search it is prohibitive
when Yaws starts up. Defaults to \fIfalse\fR.

.TP
\fBpartial_post_size = Integer | nolimit\fR
When a Yaws file receives large POSTs, the amount of data received in each chunk
is determined by the this parameter. The default value is \fI10240\fR. Setting
it to nolimit is potentially dangerous.


.TP
\fBdav = true | false\fR
Turns on the DAV protocol for this server. The dav support in Yaws is highly
limited. If dav is turned on, .yaws processing of .yaws pages is turned
off. Default is \fIfalse\fR. The socket read timeout is supplied by the
keepalive_timeout setting. If the read is not done within the timeout, the POST
will fail.

.TP
\fBtilde_expand = true|false\fR
If this value is set to false Yaws will never do tilde expansion. The default is
\fIfalse\fR. tilde_expansion is the mechanism whereby a URL on the form
http://www.foo.com/~username is changed into a request where the docroot for
that particular request is set to the directory ~username/public_html/.

.TP
\fBallowed_scripts = ListOfSuffixes\fR
The allowed script types for this server. Recognized are `yaws', `cgi', `fcgi',
`php'. Default is \fIallowed_scripts = yaws php cgi fcgi\fR.

Note: for fcgi scripts, the FastCGI application server is only called if a local
file with the .fcgi extension exists. However, the contents of the local .fcgi
file are ignored.

.TP
\fBtilde_allowed_scripts = ListOfSuffixes\fR
The allowed script types for this server when executing files in a users
public_html folder Recognized are `yaws', `cgi', `fcgi', `php'. Default is
\fItilde_allowed_scripts =\fR i.e. empty

.TP
\fBindex_files = ListOfResources\fR
This directive sets the list of resources to look for, when a directory is
requested by the client. If the last entry begins with a `/', and none of the
earlier resources are found, Yaws will perform a redirect to this uri.
Default is \fIindex_files = index.yaws index.html index.php\fR.

.TP
\fBappmods = ListOfModuleNames\fR
If any the names in ListOfModuleNames appear as components in the path for a
request, the path request parsing will terminate and that module will be
called. There is also an alternate syntax for specifying the appmods if we don't
want our internal erlang module names to be exposed in the URL paths. We can
specify

.nf
  appmods = <Path1, Module1> <Path2, Modules2> ...
.fi

Assume for example that we have the URL
http://www.hyber.org/myapp/foo/bar/baz?user=joe while we have the module foo
defined as an appmod, the function foo:out(Arg) will be invoked instead of
searching the filesystems below the point foo.
.br
The Arg argument will have the missing path part supplied in its appmoddata
field.

It is also possible to exclude certain directories from appmod processing. This
is particulaly interesting for '/' appmods. Here is an example:

.nf
  appmods = </, myapp exclude_paths icons js top/static>
.fi

The above configuration will invoke the 'myapp' erlang module on everything
except any file found in directories, 'icons', 'js' and 'top/static' relative to
the docroot.

.TP
\fBdispatchmod = DispatchModule\fR
Set \fIDispatchModule\fR as a server-specific request dispatching
module. Yaws expects \fIDispatchModule\fR to export a \fIdispatch/1\fR
function. When it receives a request, Yaws passes an \fI#arg{}\fR record to
the dispatch module's \fIdispatch/1\fR function, which returns one of the
following atom results:

.RS 12
\fBdone\fR - this indicates the dispatch module handled the request itself
and already sent the response, and Yaws should resume watching for new
requests on the connection

\fBclosed\fR - same as \fIdone\fR but the \fIDispatchModule\fR also closed
the connection

\fBcontinue\fR - the dispatch module has decided not to handle the request,
and instead wants Yaws to perform its regular request dispatching
.RE

.IP
Note that when \fIDispatchModule\fR handles a request itself, Yaws does not
support tracing, increment statistics counters or allow traffic shaping for
that request. It does however still keep track of maximum keepalive uses on
the connection.

.TP
\fBerrormod_404 = Module\fR
It is possible to set a special module that handles 404 Not Found messages. The
function \fIModule:out404(Arg, GC, SC)\fR will be invoked. The arguments are

.RS 12
\fBArg\fR - a #arg{} record

\fBGC\fR - a #gconf{} record (defined in yaws.hrl)

\fBSC\fR - a #sconf{} record (defined in yaws.hrl)
.RE

.IP
The function can and must do the same things that a normal \fIout/1\fR does.

.TP
\fBerrormod_401 = Module\fR
It is possible to set a special module that handles 401 Unauthorized
messages. This can for example be used to display a login page instead. The
function \fIModule:out401(Arg, Auth, Realm)\fR will be invoked. The arguments
are

.RS 12
\fBArg\fR - a #arg{} record

\fBAuth\fR - a #auth{} record

\fBRealm\fR - a string
.RE

.IP
The function can and must do the same things that a normal \fIout/1\fR does.

.TP
\fBerrormod_crash = Module\fR
It is possible to set a special module that handles the HTML generation of
server crash messages. The default is to display the entire formated crash
message in the browser. This is good for debugging but not in production.
.br
The function \fIModule:crashmsg(Arg, SC, Str)\fR will be called. The \fIStr\fR
is the real crash message formated as a string.
.br
The function must return, \fI{content,MimeType,Cont}\fR or \fI{html, Str}\fR or
\fI{ehtml, Term}\fR. That data will be shipped to the client.

.TP
\fBexpires = ListOfExpires\fR
Controls the setting of the \fIExpires\fR HTTP header and the \fImax-age\fR
directive of the \fICache-Control\fR HTTP header in server responses for
specific MIME types. The expiration date can set to be relative to either the
time the source file was last modified, or to the time of the client
access. ListOfExpires is defined as follows:

.nf
  expires = <MimeType1, access+Seconds> <MimeType2, modify+Seconds> ...
.fi

These HTTP headers are an instruction to the client about the document's
validity and persistence. If cached, the document may be fetched from the cache
rather than from the source until this time has passed. After that, the cache
copy is considered "expired" and invalid, and a new copy must be obtained from
the source. Here is an example:

.nf
  expires = <image/gif, access+2592000> <image/png, access+2592000>
  expires = <image/jpeg, access+2592000> <text/css, access+2592000>
.fi

.TP
\fBarg_rewrite_mod = Module\fR
It is possible to install a module that rewrites all the Arg #arg{} records at
an early stage in the Yaws server. This can be used to do various things such
as checking a cookie, rewriting paths etc.
.br
The module \fIyaws_vdir\fR can be used in case you want to serve static content
that is not located in your docroot. See the example at the bottom of this man
page for how to use the \fIopaque\fR + \fIvdir\fR elements to instruct the
\fIyaws_vdir\fR module what paths to rewrite.

.TP
\fBstart_mod = Module\fR
Defines a user provided callback module. At startup of the server,
Module:start/1 will be called. The #sconf{} record (defined in yaws.hrl) will
be used as the input argument. This makes it possible for a user application to
synchronize the startup with the Yaws server as well as getting hold of user
specific configuration data, see the explanation for the <opaque> context.

.TP
\fBrevproxy = Prefix Url [intercept_mod Module]\fR
Make Yaws a reverse proxy. \fIPrefix\fR is a path inside our own docroot
and \fIUrl\fB argument is a URL pointing to a website we want to "mount"
under the \fIPrefix\fR path. This example:

.nf
  revproxy = /tmp/foo http://yaws.hyber.org
.fi

makes the hyber website appear under \fI/tmp/foo\fR.

It is possible to have multiple reverse proxies inside the same server.

You can optionally configure an interception module for each reverse proxy,
allowing your application to examine and modify requests and HTTP headers
as they pass through the proxy from client to backend server and also
examine and modify responses and HTTP headers as they return from the
backend server through the proxy to the client.

You specify an interception module by including the optional
\fIintercept_mod\fR keyword followed by \fIModule\fR, which should be the
name of your interception module.

An interception module is expected to export two functions:
\fIrewrite_request/2\fR and \fIrewrite_response/2\fR. The two arguments
passed to \fIrewrite_request/2\fR function are a \fI#http_request{}\fR record
and a \fI#headers{}\fR record, whereas \fIrewrite_response/2\fR function
takes a \fI#http_response{}\fR record and also a \fI#headers{}\fR record. You
can find definitions for these record types in the \fIyaws_api.hrl\fR
header file. Each function can examine each record instance and can either
return each original instance or can return a modified copy of each
instance in its response. The \fIrewrite_request/2\fR function should
return a tuple of the following form:

.nf
  \fI{ok, #http_request{}, #headers{}}\fR
.fi

and the \fIrewrite_response/2\fR function should similarly return a tuple
of the following form:

.nf
  \fI{ok, #http_response{}, #headers{}}\fR
.fi

A \fI#headers{}\fR record can easily be manipulated in an interceptor using
the functions listed below:

.nf
  \fIyaws_api:set_header/2\fR, \fIyaws_api:set_header/3\fR
  \fIyaws_api:get_header/2\fR, \fIyaws_api:get_header/3\fR
  \fIyaws_api:delete_header/2\fR
.fi

Any failures in your interception module's functions will result in HTTP
status code 500, indicating an internal server error.

.TP
\fBfwdproxy = true|false\fR
Make Yaws a forward proxy. By enabling this option you can use Yaws as a proxy
for outgoing web traffic, typically by configuring the proxy settings in a
web-browser to explicitly target Yaws as its proxy server.

.TP
\fBservername = Name\fR
If we're virthosting several servers and want to force a server to match
specific Host: headers we can do this with the "servername" directive. This name
doesn't necessarily have to be the same as the the name inside <server Name> in
certain NAT scenarios. Rarely used feature.

.TP
\fBserveralias = ListOfNames\fR

This directive sets the alternate names for a virtual host. A server alias may
contain wildcards:
.RS 12
 '*' matches any sequence of zero or more characters
 '?' matches one character unless that character is a period ('.')
.RE
.IP
Multiple \fBserveralias\fR directives may be used. Here is an example:

.nf
  <server server.domain.com>
    serveralias = server server2.domain.com server2
    serveralias = *.server.domain.com *.server?.domain.com
    ...
  </server>
.fi


.TP
\fBphp_handler = <Type, Spec>\fR
Set handler to interpret .php files. It can be one of the following definitions:

\fBphp_handler = <cgi, Filename>\fR - The name of (and possibly path to) the php
executable used to interpret php scripts (if allowed).

\fBphp_handler = <fcgi, Host:Port>\fR - Use the specified fastcgi server to
interpret .php files (if allowed).

.RS 12
Yaws does not start the PHP interpreter in fastcgi mode for you. To run PHP in
fastcgi mode, call it with the -b option. For example:

.nf
  php5-cgi -b '127.0.0.1:54321'
.fi

This starts a php5 in fastcgi mode listening on the local network interface. To
make use of this PHP server from Yaws, specify:

.nf
  php_handler = <fcgi, 127.0.0.1:54321>
.fi

If you need to specify an IPv6 address, use square brackets:

.nf
  php_handler = <fcgi, [::1]:54321>
.fi

The PHP interpreter needs read access to the files it is to serve. Thus, if you
run it in a different security context than Yaws itself, make sure it has access
to the .php files.
.br
Please note that anyone who is able to connect to the php fastcgi server
directly can use it to read any file to which it has read access. You should
consider this when setting up a system with several mutually untrusted instances
of php.
.RE

.IP
\fBphp_handler = <extern, Module:Function | Node:Module:Function>\fR - Use an
external handler, possibly on another node, to interpret .php files (if
allowed).

.RS 12
To interpret a .php file, the function \fIModule:Function(Arg)\fR will be
invoked (Evaluated inside a rpc call if a \fINode\fR is specified), where Arg is
a #arg{} record.
.br
The function must do the same things that a normal out/1 does.
.RE

.IP
Default value is \fI<cgi, "/usr/bin/php-cgi">\fR.

.TP
\fBphpfcgi = Host:Port\fR
\fBthis target is deprecated. use 'php_handler' target in server part
instead.\fR
.br
Use this directive is same as: php_handler = <fcgi, Host:Port>.

.TP
\fBdefault_type = MimeType\fR
Overloads the global \fBdefault_type\fR value for this virtual server.
.TP
\fBdefault_charset = Charset\fR
Overloads the global \fBdefault_charset\fR value for this virtual server.

.TP
\fBmime_types_file = File\fR
Overloads the global \fBmime_type_file\fR value for this virtual
server. Mappings defined in \fIFile\fR will not overload those defined by
\fBadd_types\fR directives in the global part.

.TP
\fBadd_types = ListOfTypes\fR
Overloads the global \fBadd_types\fR values for this virtual server. If a
mapping is defined in the global part and redefined in a server part using this
directive, then it is replaced. Else it is kept.

.TP
\fBadd_charsets = ListOfCharsets\fR
Overloads the global \fBadd_charsets\fR values for this virtual server. If a
mapping is defined in the global part and redefined in a server part using this
directive, then it is replaced. Else it is kept.

.TP
\fBnslookup_pref = [inet | inet6]\fR
For fcgi servers and revproxy URLs, define the name resolution
preference. For example, to perform only IPv4 name resolution, use
[inet]. To do both IPv4 and IPv6 but try IPv6 first, use [inet6, inet].
Default value is [inet].

.TP
\fB<ssl> ... </ssl>\fR
This begins and ends an SSL configuration for this server. It's possible to
virthost several SSL servers on the same IP given that they all share the same
certificate configuration. In general it is complicated to virthost several SSL
servers on the same IP address since the certificate is typically bound to a
domainname in the common name part of the certificate. One solution (the only?)
to this problem is to have a certificate with multiple subjectAltNames. See
http://wiki.cacert.org/VhostTaskForce#Interoperability_Test

\fBkeyfile = File\fR
.RS 12
Specifies which file contains the private key for the certificate. If not
specified then the certificate file will be used.
.RE

.IP
\fBcertfile = File\fR
.RS 12
Specifies which file contains the certificate for the server.
.RE

.IP
\fBcacertfile = File\fR
.RS 12
A file containing trusted certificates to use during client authentication and
to use when attempting to build the server certificate chain. The list is also
used in the list of acceptable client CAs passed to the client when a
certificate is requested.
.RE

.IP
\fBverify = 0 | 1 | 2 | verify_none | verify_peer\fR
.RS 12
Specifies the level of verification the server does on client certs. 0 means
that the server will not ask for a cert (verify_none), 1 means that the server
will ask the client for a cert but not fail if the client does not supply a
client cert (verify_peer, fail_if_no_peer_cert = false), 2 means that the server
requires the client to supply a client cert (verify_peer, fail_if_no_peer_cert =
true).

Setting verify_none means that the x509 validation will be skipped (no
certificate request is sent to the client), verify_peer means that a certificate
request is sent to the client (x509 validation is performed.

You might want to use fail_if_no_peer_cert in combination with verify_peer.
.RE

.IP
\fBfail_if_no_peer_cert = true | false\fR
.RS 12
If verify is set to verify_peer and set to true the connection will fail if the
client does not send a certificate (i.e. an empty certificate). If set to false
the server will fail only if an invalid certificate is supplied (an empty
certificate is considered valid).
.RE

.IP
\fBdepth = Int\fR
.RS 12
Specifies the depth of certificate chains the server is prepared to follow when
verifying client certs. For the OTP new SSL implementation it is also used to
specify how far the server, i.e. we, shall follow the SSL certificates we
present to the clients. Hence, using self-signed certs, we typically need to set
this to 0.
.RE

.IP
\fBpassword = String\fR
.RS 12
String If the private key is encrypted on disc, this password is the 3Dee key to
decrypt it.
.RE

.IP
\fBciphers = String\fR
.RS 12
This string specifies the SSL cipher string. The syntax of the SSL cipher string
is an erlang term compliant with the output of ssl:cipher_suites().
.nf

ciphers = "[{dhe_rsa,aes_256_cbc,sha}, \\
            {dhe_dss,aes_256_cbc,sha}]"
.fi
.RE

.IP
\fBsecure_renegotiate = true | false\fR
.RS 12
Specifies if to reject renegotiation attempt that does not live up to RFC
5746. By default \fBsecure_renegotiate\fR is set to false i.e. secure
renegotiation will be used if possible but it will fallback to unsecure
renegotiation if the peer does not support RFC 5746.
.RE

.TP
\fB<redirect> ... </redirect>\fR
Defines a redirect mapping. The following items are allowed within a matching
pair of <redirect> and </redirect> delimiters.

We can have a series of redirect rules in one of formats below:

.nf
  Path = URL
  Path = code
  Path = code URL
.fi

\fBPath\fR must be an url-decoded path beginning with a slash. \fBURL\fR may be
either a relative URL (a path beginning with a slash), or an absolute URL. In
the first case, the \fIscheme:hostname:port\fR of the current server will be
added. All accesses to \fBPath\fR will be redirected to \fBURL/Path\fR (or
\fBscheme:hostname:port/URL/Path\fR if \fBURL\fR is relative). \fBURL\fR must be
url-encoded. Note that the original path is appended to the redirected URL.

For example, assume we have the following redirect configuration:

.nf
  <redirect>
    /foo = http://www.mysite.org/zapp
    /bar = /tomato.html
  </redirect>
.fi

Assuming this config resides on a site called http://abc.com, we have the
following redirects:

.nf
  http://abc.com/foo -> http://www.mysite.org/zapp/foo
  http://abc.com/foo/test -> http://www.mysite.org/zapp/foo/test
  http://abc.com/bar -> http://abc.com/tomato.html/bar
  http://abc.com/bar/x/y/z -> http://abc.com/tomato.html/bar/x/y/z
.fi

By default, Yaws will perform a 302 redirect. The HTTP status code can be
changed using the \fBcode\fR parameter. Note that the status code must be known
by Yaws.
.RS
.IP \[bu] 3
For 3xx status codes, the \fBURL\fR parameter must be present and will be used
to build the new location.
.IP \[bu]
For other status codes (1xx, 2xx, 4xx and 5xx), it can be omitted. In the
absence of \fBURL\fR, Yaws will return a generic response with the specified
status code.
.IP \[bu]
Otherwise, the \fBURL\fR parameter must be a relative URL and will be
used to customize the response.
.RE

.RS 7
Sometimes we do not want to have the original path appended to the redirected
path. To get that behaviour we specify the config with '==' instead of '='.

.nf
  <redirect>
    /foo == http://www.mysite.org/zapp
    /bar = /tomato.html
  </redirect>
.fi

Now a request for http://abc.com/foo/x/y/z simply gets redirected to
http://www.mysite.org/zapp. This is typically used when we simply want a static
redirect at some place in the docroot.

When we specify a relative URL as the target for the redirect, the redirect
will be to the current http(s) server.
.RE

.TP
\fB<auth> ... </auth>\fR
Defines an auth structure. The following items are allowed within a matching
pair of <auth> and </auth> delimiters.

\fBdocroot = Docroot \fR
.RS 12
If a docroot is defined, this auth structure will be tested only for requests in
the specified docroot. No docroot configured means all docroots. If two auth
structures are defined, one with a docroot and one with no docroot, the first of
both overrides the second one for requests in the configured docroot.
.RE

.IP
\fBdir = Dir\fR
.RS 12
Makes Dir to be controlled by WWW-authenticate headers. In order for a user to
have access to WWW-Authenticate controlled directory, the user must supply a
password. The Dir must be specified relative to the docroot. Multiple dir can
be used. If no dir is set, the default value, \fI"/"\fR, will be used.
.RE

.IP
\fBrealm = Realm\fR
.RS 12
In the directory defined here, the WWW-Authenticate Realm is set to this value.
.RE

.IP
\fBauthmod = AuthMod\fR
.RS 12
If an auth module is defined then AuthMod:auth(Arg, Auth) will be called for all
access to the directory. The auth/2 function should return one of: true, false,
{false, Realm}, {appmod, Mod}. If {appmod, Mod} is returned then a call to
Mod:out401(Arg, Auth, Realm) will be used to deliver the content. If
errormod_401 is defined, the call to Mod will be ignored. (Mod:out(Arg) is
deprecated).

This can, for example, be used to implement cookie authentication. The auth()
callback would check if a valid cookie header is present, if not it would return
{appmod, ?MODULE} and the out401/1 function in the same module would return
{redirect_local, "/login.html"}.
.RE

.IP
\fBuser = User:Password\fR
.RS 12
Inside this directory, the user User has access if the user supplies the
password Password in the popup dialogue presented by the browser. We can
obviously have several of these value inside a single <auth> </auth> pair.

The usage of User:Password in the actual config file is deprecated as of release
1.51. It is preferred to have the users in a file called \fI.yaws_auth\fR in the
actual directory. The .yaws_auth file has to be file parseable by
\fIfile:consult/1\fR

Each row of the file must contain terms on the form

.nf
    {User, Password}.
.fi

Where both User and Password should be strings. The .yaws_auth file mechanism is
recursive. Thus any subdirectories to Dir are automatically also protected.

The .yaws_auth file is never visible in a dir listing
.RE

.IP
\fBpam service = \fIpam-service\fR\fR
.RS 12
If the item \fBpam\fR is part of the auth structure, Yaws will also try to
authenticate the user using "pam" using the pam \fIservice\fR indicated. Usual
services are typically found under /etc/pam.d. Usual values are "system-auth"
etc.

pam authentication is performed by an Erlang port program which is typically
installed as suid root by the Yaws install script.
.RE

.IP
\fBallow = all | ListOfHost\fR
.RS 12
The \fIallow\fR directive affects which hosts can access an area of the
server. Access can be controlled by IP address or IP address range. If all is
specified, then all hosts are allowed access, subject to the configuration of
the \fIdeny\fR and \fIorder\fR directives. To allow only particular hosts or
groups of hosts to access the server, the host can be specified in any of the
following formats:

\fBA full IP address\fR
.nf
  allow = 10.1.2.3
  allow = 192.168.1.104, 192.168.1.205
.fi

\fBA network/netmask pair\fR
.nf
  allow = 10.1.0.0/255.255.0.0
.fi


\fBA network/nnn CIDR specification\fR
.nf
  allow = 10.1.0.0/16
.fi
.RE

.IP
\fBdeny = all | ListOfHost\fR
.RS 12
This directive allows access to the server to be restricted based on IP
address. The arguments for the \fIdeny\fR directive are identical to the
arguments for the \fIallow\fR directive.
.RE

.IP
\fBorder = Ordering\fR
.RS 12
The \fIorder\fR directive, along with \fIallow\fR and \fIdeny\fR directives,
controls a three-pass access control system. The first pass processes either all
\fIallow\fR or all \fIdeny\fR directives, as specified by the \fIorder\fR
directive. The second pass parses the rest of the directives (\fIdeny\fR or
\fIallow\fR). The third pass applies to all requests which do not match either
of the first two.

Ordering is one of (Default value is \fIdeny,allow\fR):

.TP
\fBallow,deny\fR
First, all \fIallow\fR directives are evaluated; at least one must match, or the
request is rejected. Next, \fIdeny\fR directives are evaluated. If any matches,
the request is rejected. Last, any requests which do not match an \fIallow\fR or
a \fIdeny\fR directive are denied by default.

.TP
\fBdeny,allow\fR
First, all \fIdeny\fR directives are evaluated; if any matched, the request is
denied unless it also matches an \fIallow\fR directive. Any requests which do
not match any \fIallow\fR or \fIdeny\fR directives are permitted.
.RE

.TP
\fB<opaque> ... </opaque>\fR
This begins and ends an opaque configuration context for this server, where 'Key
= Value' directives can be specified. These directives are ignored by Yaws
(hence the name opaque), but can be accessed as a list of tuples
\fI{Key,Value}\fR stored in the #sconf.opaque record entry. See also the
description of the \fIstart_mod\fR directive.

This mechanism can be used to pass data from a surrounding application into the
individual .yaws pages.




.SH EXAMPLES

The following example defines a single server on port 80.

.nf
    logdir = /var/log/yaws
    <server www.mydomain.org>
        port = 80
        listen = 192.168.128.31
        docroot = /var/yaws/www
    </server>
.fi

.PP
And this example shows a similar setup but two web servers on the same IP
address.

.nf
    logdir = /var/log/yaws
    <server www.mydomain.org>
        port = 80
        listen = 192.168.128.31
        docroot = /var/yaws/www
    </server>

    <server www.funky.org>
        port = 80
        listen = 192.168.128.31
        docroot = /var/yaws/www_funky_org
    </server>
.fi

.PP
An example with www-authenticate and no access logging at all.

.nf
    logdir = /var/log/yaws
    <server www.mydomain.org>
        port = 80
        listen = 192.168.128.31
        docroot = /var/yaws/www
        access_log = false
        <auth>
            dir = secret/dir1
            realm = foobar
            user = jonny:verysecretpwd
            user = benny:thequestion
            user = ronny:havinganamethatendswithy
       </auth>
    </server>
.fi


.PP
An example specifying a user defined module to be called at startup, as well as
some user specific configuration.

.nf
    <server www.funky.org>
        port = 80
        listen = 192.168.128.31
        docroot = /var/yaws/www_funky_org
        start_mod = btt
        <opaque>
                mydbdir = /tmp
                mylogdir = /tmp/log
        </opaque>
    </server>
.fi


.PP
An example specifying the GSSAPI/SPNEGO module (authmod_gssapi) to be used for
authentication. This module requires egssapi version 0.1~pre2 or later available
at http://www.hem.za.org/egssapi/.

The Kerberos5 keytab is specified as 'keytab = File' directive in opaque. This
keytab should contain the keys of the HTTP service
principal, 'HTTP/www.funky.org' in this example.

.nf
    <server www.funky.org>
        port = 80
        listen = 192.168.128.31
        docroot = /var/yaws/www_funky_org
        start_mod = authmod_gssapi
        <auth>
                authmod = authmod_gssapi
                dir = secret/dir1
        </auth>
        <opaque>
                keytab = /etc/yaws/http.keytab
        </opaque>
    </server>
.fi


.PP
And finally a slightly more complex example with two servers on the same IP, and
one SSL server on a different IP.

When there are more than one server on the same IP, and they have different
names the server must be able to choose one of them if the client doesn't send a
Host: header. Yaws will choose the first one defined in the conf file.

.nf
    logdir = /var/log/yaws
    max_num_cached_files = 8000
    max_num_cached_bytes = 6000000

    <server www.mydomain.org>
        port = 80
        listen = 192.168.128.31
        docroot = /var/yaws/www
    </server>

    <server www.funky.org>
        port = 80
        listen = 192.168.128.31
        docroot = /var/yaws/www_funky_org
    </server>

    <server www.funky.org>
        port = 443
        listen = 192.168.128.32
        docroot = /var/yaws/www_funky_org
        <ssl>
           keyfile = /etc/funky.key
           certfile = /etc/funky.cert
           password = gazonk
        </ssl>
    </server>
.fi


.PP
Finally an example with virtual directories, vdirs.

.nf
    <server server.domain>
        port = 80
        listen = 192.168.128.31
        docroot = /var/yaws/www
        arg_rewrite_mod = yaws_vdir
        <opaque>
            vdir = "/virtual1/ /usr/local/somewhere/notrelated/to/main/docroot"
            vdir = "/myapp/ /some/other/path can include/spaces"
            vdir = "/icons/ /usr/local/www/yaws/icons"
        </opaque>
    </server>
.fi

.PP
The first defined vdir can then be accessed at or under
http://server.domain/virtual1/ or http://server.domain/virtual1



.SH AUTHOR
Written by Claes Wikstrom
.SH "SEE ALSO"
.BR yaws (1)
.BR erl (1)
Something went wrong with that request. Please try again.