# Server configuration config uhttpd main # HTTP listen addresses, multiple allowed list listen_http 0.0.0.0:80 list listen_http [::]:80 # HTTPS listen addresses, multiple allowed list listen_https 0.0.0.0:443 list listen_https [::]:443 # Redirect HTTP requests to HTTPS if possible option redirect_https 0 # Server document root option home /www # Reject requests from RFC1918 IP addresses # directed to the servers public IP(s). # This is a DNS rebinding countermeasure. option rfc1918_filter 1 # Maximum number of concurrent requests. # If this number is exceeded, further requests are # queued until the number of running requests drops # below the limit again. option max_requests 3 # Maximum number of concurrent connections. # If this number is exceeded, further TCP connection # attempts are queued until the number of active # connections drops below the limit again. option max_connections 100 # Certificate and private key for HTTPS. # If no listen_https addresses are given, # the key options are ignored. option cert /etc/uhttpd.crt option key /etc/uhttpd.key # CGI url prefix, will be searched in docroot. # Default is /cgi-bin option cgi_prefix /cgi-bin # List of extension->interpreter mappings. # Files with an associated interpreter can # be called outside of the CGI prefix and do # not need to be executable. # list interpreter ".php=/usr/bin/php-cgi" # list interpreter ".cgi=/usr/bin/perl" # List of prefix->Lua handler mappings. # Any request to an URL beneath the prefix # will be dispatched to the associated Lua # handler script. Lua support is disabled when # no handler mappings are specified. Lua prefix # matches have precedence over the CGI prefix. list lua_prefix "/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua" # Specify the ubus-rpc prefix and socket path. # option ubus_prefix /ubus # option ubus_socket /var/run/ubus/ubus.sock # CGI/Lua timeout, if the called script does not # write data within the given amount of seconds, # the server will terminate the request with # 504 Gateway Timeout response. option script_timeout 60 # Network timeout, if the current connection is # blocked for the specified amount of seconds, # the server will terminate the associated # request process. option network_timeout 30 # HTTP Keep-Alive, specifies the timeout for persistent # HTTP/1.1 connections. Setting this to 0 will disable # persistent HTTP connections. option http_keepalive 20 # TCP Keep-Alive, send periodic keep-alive probes # over established connections to detect dead peers. # The value is given in seconds to specify the # interval between subsequent probes. # Setting this to 0 will disable TCP keep-alive. option tcp_keepalive 1 # Basic auth realm, defaults to local hostname # option realm OpenWrt # Configuration file in busybox httpd format # option config /etc/httpd.conf # Do not follow symlinks that point outside of the # home directory. # option no_symlinks 0 # Do not produce directory listings but send 403 # instead if a client requests an url pointing to # a directory without any index file. # option no_dirlists 0 # Do not authenticate any ubus-rpc requests against # the ubus session/access procedure. # This is dangerous and should be always left off # except for development and debug purposes! # option no_ubusauth 0 # For this instance of uhttpd use the listed httpauth # sections to require Basic auth to the specified # resources. # list httpauth prefix_user # Defaults for automatic certificate and key generation config cert defaults # Validity time option days 730 # key type: rsa or ec option key_type ec # RSA key size option bits 2048 # EC curve name # Curve names vary between px5g-{wolfssl,mbedtls} and openssl # P-256 or P-384 are guaranteed to work option ec_curve P-256 # Location option country ZZ option state Somewhere option location Unknown # Common name option commonname '%D' # config httpauth prefix_user # option prefix /protected/url/path # option username user # option password 'plaintext_or_md5_or_$p$user_for_system_user'