mirror of https://github.com/pi-hole/pi-hole
commit
a27f1f17de
@ -0,0 +1,77 @@
|
||||
# Pi-hole: A black hole for Internet advertisements
|
||||
# (c) 2015, 2016 by Jacob Salmela
|
||||
# Network-wide ad blocking via your Raspberry Pi
|
||||
# http://pi-hole.net
|
||||
# lighttpd config for Pi-hole
|
||||
#
|
||||
# Pi-hole is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
server.modules = (
|
||||
"mod_access",
|
||||
"mod_fastcgi",
|
||||
"mod_accesslog",
|
||||
"mod_expire",
|
||||
"mod_compress",
|
||||
"mod_redirect",
|
||||
"mod_setenv",
|
||||
"mod_rewrite"
|
||||
)
|
||||
|
||||
server.document-root = "/var/www/html"
|
||||
server.error-handler-404 = "pihole/index.html"
|
||||
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
|
||||
server.errorlog = "/var/log/lighttpd/error.log"
|
||||
server.pid-file = "/var/run/lighttpd.pid"
|
||||
server.username = "lighttpd"
|
||||
server.groupname = "lighttpd"
|
||||
server.port = 80
|
||||
accesslog.filename = "/var/log/lighttpd/access.log"
|
||||
accesslog.format = "%{%s}t|%V|%r|%s|%b"
|
||||
|
||||
|
||||
index-file.names = ( "index.php", "index.html", "index.lighttpd.html" )
|
||||
url.access-deny = ( "~", ".inc" )
|
||||
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
|
||||
|
||||
compress.cache-dir = "/var/cache/lighttpd/compress/"
|
||||
compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )
|
||||
|
||||
mimetype.assign = ( ".png" => "image/png",
|
||||
".jpg" => "image/jpeg",
|
||||
".jpeg" => "image/jpeg",
|
||||
".html" => "text/html",
|
||||
".css" => "text/css; charset=utf-8",
|
||||
".js" => "application/javascript",
|
||||
".json" => "application/json",
|
||||
".txt" => "text/plain" )
|
||||
|
||||
# default listening port for IPv6 falls back to the IPv4 port
|
||||
#include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
|
||||
#include_shell "/usr/share/lighttpd/create-mime.assign.pl"
|
||||
#include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
|
||||
|
||||
fastcgi.server = ( ".php" =>
|
||||
( "localhost" =>
|
||||
(
|
||||
"socket" => "/tmp/php-fastcgi.socket",
|
||||
"bin-path" => "/usr/bin/php-cgi"
|
||||
)
|
||||
)
|
||||
)
|
||||
|
||||
# If the URL starts with /admin, it is the Web interface
|
||||
$HTTP["url"] =~ "^/admin/" {
|
||||
# Create a response header for debugging using curl -I
|
||||
setenv.add-response-header = ( "X-Pi-hole" => "The Pi-hole Web interface is working!" )
|
||||
}
|
||||
|
||||
# If the URL does not start with /admin, then it is a query for an ad domain
|
||||
$HTTP["url"] =~ "^(?!/admin)/.*" {
|
||||
# Create a response header for debugging using curl -I
|
||||
setenv.add-response-header = ( "X-Pi-hole" => "A black hole for Internet advertisements." )
|
||||
# rewrite only js requests
|
||||
url.rewrite = ("(.*).js" => "pihole/index.js")
|
||||
}
|
@ -0,0 +1,87 @@
|
||||
module pihole 1.0;
|
||||
|
||||
require {
|
||||
type var_log_t;
|
||||
type unconfined_t;
|
||||
type init_t;
|
||||
type auditd_t;
|
||||
type syslogd_t;
|
||||
type NetworkManager_t;
|
||||
type mdadm_t;
|
||||
type tuned_t;
|
||||
type avahi_t;
|
||||
type irqbalance_t;
|
||||
type system_dbusd_t;
|
||||
type kernel_t;
|
||||
type httpd_sys_script_t;
|
||||
type systemd_logind_t;
|
||||
type httpd_t;
|
||||
type policykit_t;
|
||||
type dnsmasq_t;
|
||||
type udev_t;
|
||||
type postfix_pickup_t;
|
||||
type sshd_t;
|
||||
type crond_t;
|
||||
type getty_t;
|
||||
type lvm_t;
|
||||
type postfix_qmgr_t;
|
||||
type postfix_master_t;
|
||||
class dir { getattr search };
|
||||
class file { read open setattr };
|
||||
}
|
||||
|
||||
#============= dnsmasq_t ==============
|
||||
allow dnsmasq_t var_log_t:file { open setattr };
|
||||
|
||||
#============= httpd_t ==============
|
||||
allow httpd_t var_log_t:file { read open };
|
||||
|
||||
#============= httpd_sys_script_t (class: dir) ==============
|
||||
allow httpd_sys_script_t NetworkManager_t:dir { getattr search };
|
||||
allow httpd_sys_script_t auditd_t:dir { getattr search };
|
||||
allow httpd_sys_script_t avahi_t:dir { getattr search };
|
||||
allow httpd_sys_script_t crond_t:dir { getattr search };
|
||||
allow httpd_sys_script_t dnsmasq_t:dir { getattr search };
|
||||
allow httpd_sys_script_t getty_t:dir { getattr search };
|
||||
allow httpd_sys_script_t httpd_t:dir { getattr search };
|
||||
allow httpd_sys_script_t init_t:dir { getattr search };
|
||||
allow httpd_sys_script_t irqbalance_t:dir { getattr search };
|
||||
allow httpd_sys_script_t kernel_t:dir { getattr search };
|
||||
allow httpd_sys_script_t lvm_t:dir { getattr search };
|
||||
allow httpd_sys_script_t mdadm_t:dir { getattr search };
|
||||
allow httpd_sys_script_t policykit_t:dir { getattr search };
|
||||
allow httpd_sys_script_t postfix_master_t:dir { getattr search };
|
||||
allow httpd_sys_script_t postfix_pickup_t:dir { getattr search };
|
||||
allow httpd_sys_script_t postfix_qmgr_t:dir { getattr search };
|
||||
allow httpd_sys_script_t sshd_t:dir { getattr search };
|
||||
allow httpd_sys_script_t syslogd_t:dir { getattr search };
|
||||
allow httpd_sys_script_t system_dbusd_t:dir { getattr search };
|
||||
allow httpd_sys_script_t systemd_logind_t:dir { getattr search };
|
||||
allow httpd_sys_script_t tuned_t:dir { getattr search };
|
||||
allow httpd_sys_script_t udev_t:dir { getattr search };
|
||||
allow httpd_sys_script_t unconfined_t:dir { getattr search };
|
||||
|
||||
#============= httpd_sys_script_t (class: file) ==============
|
||||
allow httpd_sys_script_t NetworkManager_t:file { read open };
|
||||
allow httpd_sys_script_t auditd_t:file { read open };
|
||||
allow httpd_sys_script_t avahi_t:file { read open };
|
||||
allow httpd_sys_script_t crond_t:file { read open };
|
||||
allow httpd_sys_script_t dnsmasq_t:file { read open };
|
||||
allow httpd_sys_script_t getty_t:file { read open };
|
||||
allow httpd_sys_script_t httpd_t:file { read open };
|
||||
allow httpd_sys_script_t init_t:file { read open };
|
||||
allow httpd_sys_script_t irqbalance_t:file { read open };
|
||||
allow httpd_sys_script_t kernel_t:file { read open };
|
||||
allow httpd_sys_script_t lvm_t:file { read open };
|
||||
allow httpd_sys_script_t mdadm_t:file { read open };
|
||||
allow httpd_sys_script_t policykit_t:file { read open };
|
||||
allow httpd_sys_script_t postfix_master_t:file { read open };
|
||||
allow httpd_sys_script_t postfix_pickup_t:file { read open };
|
||||
allow httpd_sys_script_t postfix_qmgr_t:file { read open };
|
||||
allow httpd_sys_script_t sshd_t:file { read open };
|
||||
allow httpd_sys_script_t syslogd_t:file { read open };
|
||||
allow httpd_sys_script_t system_dbusd_t:file { read open };
|
||||
allow httpd_sys_script_t systemd_logind_t:file { read open };
|
||||
allow httpd_sys_script_t tuned_t:file { read open };
|
||||
allow httpd_sys_script_t udev_t:file { read open };
|
||||
allow httpd_sys_script_t unconfined_t:file { read open };
|
Loading…
Reference in new issue