mirror of
https://github.com/pi-hole/pi-hole
synced 2025-01-18 20:10:56 +00:00
5c17e41cf1
"$network" on a systemd-driven OS leads to "After=network-online.target" in the generated systemd unit. This target is no guarantee that all network interfaces have been fully configured, as it depends on the related network services types, but at least it reduces the risk that those have not fully finished their job when pihole-FTL starts. If this is the case, certain issues can occur: - https://github.com/pi-hole/pi-hole/issues/2924 - https://discourse.pi-hole.net/t/have-to-pihole-restartdns-after-reboot/28772 Runtime files are now consistently created in "/run" instead of "/var/run". The second is a symlink to the first for backwards compatibility but on none-ancient distro versions one should use "/run", systemd even prints a warnings if service files use "/var/run". The service file used "/run" and "/var/run" both, in cases for the same files/directories before, which does not directly cause issues currently, due to the symlink, but is inconsistent at best. Signed-off-by: MichaIng <micha@dietpi.com>
86 lines
3.4 KiB
Plaintext
86 lines
3.4 KiB
Plaintext
# Pi-hole: A black hole for Internet advertisements
|
|
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
|
|
# Network-wide ad blocking via your own hardware.
|
|
#
|
|
# Lighttpd config for Pi-hole
|
|
#
|
|
# This file is copyright under the latest version of the EUPL.
|
|
# Please see LICENSE file for your rights under this license.
|
|
|
|
###############################################################################
|
|
# FILE AUTOMATICALLY OVERWRITTEN BY PI-HOLE INSTALL/UPDATE PROCEDURE. #
|
|
# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
|
|
# #
|
|
# CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE: #
|
|
# /etc/lighttpd/external.conf #
|
|
###############################################################################
|
|
|
|
server.modules = (
|
|
"mod_access",
|
|
"mod_accesslog",
|
|
"mod_auth",
|
|
"mod_expire",
|
|
"mod_compress",
|
|
"mod_redirect",
|
|
"mod_setenv",
|
|
"mod_rewrite"
|
|
)
|
|
|
|
server.document-root = "/var/www/html"
|
|
server.error-handler-404 = "/pihole/index.php"
|
|
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
|
|
server.errorlog = "/var/log/lighttpd/error.log"
|
|
server.pid-file = "/run/lighttpd.pid"
|
|
server.username = "www-data"
|
|
server.groupname = "www-data"
|
|
server.port = 80
|
|
accesslog.filename = "/var/log/lighttpd/access.log"
|
|
accesslog.format = "%{%s}t|%V|%r|%s|%b"
|
|
|
|
index-file.names = ( "index.php", "index.html", "index.lighttpd.html" )
|
|
url.access-deny = ( "~", ".inc", ".md", ".yml", ".ini" )
|
|
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
|
|
|
|
compress.cache-dir = "/var/cache/lighttpd/compress/"
|
|
compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )
|
|
|
|
mimetype.assign = ( ".png" => "image/png",
|
|
".jpg" => "image/jpeg",
|
|
".jpeg" => "image/jpeg",
|
|
".html" => "text/html",
|
|
".css" => "text/css; charset=utf-8",
|
|
".js" => "application/javascript; charset=utf-8",
|
|
".json" => "application/json",
|
|
".txt" => "text/plain",
|
|
".svg" => "image/svg+xml" )
|
|
|
|
# default listening port for IPv6 falls back to the IPv4 port
|
|
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
|
|
|
|
# Prevent Lighttpd from enabling Let's Encrypt SSL for every blocked domain
|
|
#include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
|
|
include_shell "find /etc/lighttpd/conf-enabled -name '*.conf' -a ! -name 'letsencrypt.conf' -printf 'include \"%p\"\n' 2>/dev/null"
|
|
|
|
# If the URL starts with /admin, it is the Web interface
|
|
$HTTP["url"] =~ "^/admin/" {
|
|
# Create a response header for debugging using curl -I
|
|
setenv.add-response-header = (
|
|
"X-Pi-hole" => "The Pi-hole Web interface is working!",
|
|
"X-Frame-Options" => "DENY"
|
|
)
|
|
|
|
$HTTP["url"] =~ ".ttf$" {
|
|
# Allow Block Page access to local fonts
|
|
setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" )
|
|
}
|
|
}
|
|
|
|
# Block . files from being served, such as .git, .github, .gitignore
|
|
$HTTP["url"] =~ "^/admin/\.(.*)" {
|
|
url.access-deny = ("")
|
|
}
|
|
|
|
# Add user chosen options held in external file
|
|
# This uses include_shell instead of an include wildcard for compatibility
|
|
include_shell "cat external.conf 2>/dev/null"
|