server.modules = (
    "mod_redirect",
    "mod_cgi",
    "mod_proxy",
    "mod_openssl",
    "mod_authn_file",
)

server.username = "www-data"
server.groupname = "dialout"

server.port = 80
server.document-root = "/usrdata/simpleadmin/www"
index-file.names = ( "index.html" )

auth.backend = "htpasswd"
auth.backend.htpasswd.userfile = "/opt/etc/.htpasswd"

$SERVER["socket"] == "0.0.0.0:443" {
    ssl.engine = "enable"
    ssl.privkey= "/usrdata/simpleadmin/server.key"
    ssl.pemfile= "/usrdata/simpleadmin/server.crt"
    ssl.acme-tls-1 = "/etc/simpleadmin/dehydrated/tls-alpn-01"
    ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1.2") # (lighttpd 1.4.56 default; recommended to accept only TLSv1.2 and TLSv1.3)
    auth.require = ( "/" => (
      "method" => "basic",
      "realm" => "Authorized users only",
      "require" => "valid-user"
      )
    )
}

# Redirect everything to https
$HTTP["scheme"] == "http" {
    url.redirect = ("" => "https://${url.authority}${url.path}${qsa}")
}

# Anything in /cgi-bin will be run as a script
$HTTP["url"] =~ "/cgi-bin/" {
    cgi.assign = ( "" => "" )
}

# Handle proxy to ttyd if it's running
$HTTP["url"] =~ "(^/console)" {
  proxy.header = ("map-urlpath" => ( "/console" => "/" ), "upgrade" => "enable" )
  proxy.server  = ( "" => ("" => ( "host" => "127.0.0.1", "port" => 8080 )))
}