aboutsummaryrefslogtreecommitdiffstats
path: root/community/althttpd/althttpd.confd
diff options
context:
space:
mode:
Diffstat (limited to 'community/althttpd/althttpd.confd')
-rw-r--r--community/althttpd/althttpd.confd69
1 files changed, 56 insertions, 13 deletions
diff --git a/community/althttpd/althttpd.confd b/community/althttpd/althttpd.confd
index 154f98c8888..639f224017d 100644
--- a/community/althttpd/althttpd.confd
+++ b/community/althttpd/althttpd.confd
@@ -1,15 +1,17 @@
#** Command-line Options:
#**
#** --root DIR Defines the directory that contains the various
-#** $HOST.website subdirectories, each containing web content
+#** $HOST.website subdirectories, each containing web content
#** for a single virtual host. If launched as root and if
#** "--user USER" also appears on the command-line and if
#** "--jail 0" is omitted, then the process runs in a chroot
#** jail rooted at this directory and under the userid USER.
#** This option is required for xinetd launch but defaults
-#** to "." for a stand-alone web server.
+#** to "." for a stand-alone web server. DIR should always
+#** be an absolute path, else child processes might misbehave.
#**
-#** --port N Run in standalone mode listening on TCP port N
+#** --port N Run in standalone mode listening on TCP port N, or from
+#** --port N1..N2 the first available TCP port in the range from N1 to N2.
#**
#** --user USER Define the user under which the process should run if
#** originally launched as root. This process will refuse to
@@ -23,15 +25,44 @@
#** FILE name is expanded using strftime() if it contains
#** at least one '%' and is not too long.
#**
-#** --https Indicates that input is coming over SSL and is being
-#** decoded upstream, perhaps by stunnel. (This program
-#** only understands plaintext.)
+#** --ipshun DIR If the remote IP address is also the name of a file
+#** in DIR that has size N bytes and where either N is zero
+#** or the m-time of the file is less than N time-units ago
+#** then that IP address is being shunned and no requests
+#** are processed. The time-unit is a compile-time option
+#** (BANISH_TIME) that defaults to 300 seconds. If this
+#** happens, the client gets a 503 Service Unavailable
+#** reply. Furthermore, althttpd will create ip-shunning
+#** files following a 404 Not Found error if the request
+#** URI is an obvious hack attempt. The ip-shunning file
+#** will also be created if a CGI returns status code 418.
+#**
+#** --https BOOLEAN Indicates that input is coming over SSL and is being
+#** decoded upstream, perhaps by stunnel. This option
+#** does *not* activate built-in TLS support. Use --cert
+#** for that.
+#**
+#** --page NAME Come up in stand-alone mode, and then try to launch a
+#** web-browser pointing to the NAME document after the
+#** listening socket has been created. This option
+#** implies --loopback and "--port 8080..8100".
+#**
+#** --popup Launch a stand-alone web server to use for testing.
+#** This option implies "--port 8080..8100". This option
+#** is similar to "--page NAME" except that it does not
+#** try to launch a web-browser and does not force the
+#** connection into --loopback mode. Use this when
+#** running a test web-server on a remote host via ssh.
+#**
+#** --loopback Only accept loop-back TCP connections (connections
+#** originating from the same host). This is the
+#** default if --root is omitted.
#**
#** --family ipv4 Only accept input from IPV4 or IPV6, respectively.
#** --family ipv6 These options are only meaningful if althttpd is run
#** as a stand-alone server.
#**
-#** --jail BOOLEAN Indicates whether or not to form a chroot jail if
+#** --jail BOOLEAN Indicates whether or not to form a chroot jail if
#** initially run as root. The default is true, so the only
#** useful variant of this option is "--jail 0" which prevents
#** the formation of the chroot jail.
@@ -40,12 +71,24 @@
#** 120 seconds.
#**
#** --max-cpu SEC Maximum number of seconds of CPU time allowed per
-#** HTTP connection. Default 30. 0 means no limit.
+#** HTTP connection. Default 30 (build option:
+#** -DMAX_CPU=integer). 0 means no limit.
+#**
+#** --debug BOOLEAN Disables input timeouts. This is useful for debugging
+#** when inputs are being typed in manually.
+#**
+#** --enable-sab Add new lines to the HTTP reply header that are
+#** prerequisites for SharedArrayBuffer. These are the lines:
+#** Cross-Origin-Embedder-Policy: require-corp
+#** Cross-Origin-Opener-Policy: same-origin
+#**
+#**
+#** Additional command-line options available when compiling with ENABLE_TLS:
+#**
+#** --cert FILE The TLS certificate, the "fullchain.pem" file
#**
-#** --debug Disables input timeouts. This is useful for debugging
-#** when inputs is being typed in manually.
+#** --pkey FILE The TLS private key, the "privkey.pem" file. May be
+#** omitted if the --cert file is the concatenation of
+#** the fullchain.pem and the privkey.pem.
#**
-#** Command-line options can take either one or two initial "-" characters.
-#** So "--debug" and "-debug" mean the same thing, for example.
-
ALTHTTPD_OPTS=""