/etc/yaws/yaws.conf \- Configuration file for the Yaws web server

.PP

Yaws is fast lightweight web server. It reads a configuration file called

yaws.conf to control its operations. The configuration contains two distinct

parts a global part which affects all the virtual hosts and a server part where

options for each virtual host is supplied.

.TP

All Yaws logs will be written to files in this directory. There are several

different log files written by Yaws:

\fBreport.log\fR - this is a text file that contains all error logger printouts

from Yaws.

\fB<Host>.access\fR - for each virtual host served by Yaws, a file <Host>.access

will be written which contains an access log in Common Log Format. (See

http://en.wikipedia.org/wiki/Common_Log_Format for more details on Common Log

Format.)

\fB<Host>.auth\fR - for each virtual host served by Yaws, a file <Host>.auth

will be written which contains all http auth related messages.

\fBtrace_<YYYYMMDD_hhmmss>\fR - Trace files are written in this subdirectory,

suffixed by the creation date.

.RS 12

\fBtrace.<Pid>.http\fR - this file contains the HTTP trace if that is enabled,

where <Pid> is the process id handling the TCP connection.

\fBtrace.<Pid>.traffic\fR - this file contains the traffic trace if that is

enabled, where <Pid> is the process id handling the TCP connection.

.RE

.IP

Note that <Host>.access and <Host>.auth files will be used only if the directive

\fBlogger_mod\fR is not set or set to yaws_log. The default value for logdir is

.TP

This directive adds Directory to the Erlang search path. It is possible to have

several of these commands in the configuration file. The default value is

.TP

It is possible run multiple Yaws servers on the same machine. We use the id of a

Yaws server to control it using the different control commands such as:

.nf

# /usr/local/bin/yaws --id foobar --stop

.fi

To stop the Yaws server with id "foobar". Each Yaws server will write its

internals data into a file called $HOME/.yaws/yaws/ID where ID is the identity

of the server. Yaws also creates a file called ${VARDIR}/run/yaws/ctl-${ID}

which contain the port number where the server is listening for control

commands. The default id is \fI"default"\fR.

.TP

This directive sets the "Server: " output header to the custom value. The

default value is \fI"yaws/%VSN%, Yet Another Web Server"\fR.

.TP

This directive adds Directory to the path of directories where the Erlang

compiler searches for include files. We need to use this if we want to

include .hrl files in our Yaws Erlang code. It is possible to have several of

these commands in the configuration file. The default value is

\fI"yaws_dir"/examples/include\fR.

.TP

Yaws will cache small files such as commonly accessed GIF images in RAM. This

directive sets a maximum number on the number of cached files. The default

value is \fI400\fR.

.TP

This directive controls the total amount of RAM which can maximally be used for

cached RAM files. The default value is \fI1000000\fR, 1 megabyte.

.TP

This directive sets a maximum size on the files that are RAM cached by Yaws.

The default value is \fI8000\fR, 8 kBytes.

.TP

The RAM cache is used to serve pages that sit in the cache. An entry sits in

cache at most cache_refresh_secs number of seconds. The default is

\fI30\fR. This means that when the content is updated under the docroot, that

change doesn't show until 30 seconds have passed. While developing a Yaws site,

it may be convenient to set this value to 0. If the debug flag (-d) is passed to

the Yaws start script, this value is automatically set to 0.

.TP

This enables traffic or http tracing. Tracing is also possible to enable with a

command line flag to Yaws. Default is \fIfalse\fR.

.TP

This re-enables the old OTP SSL implementation. By default we use the new SSL

implementation.

.TP

\fBDeprecated and ignored. Now, this target must be set in server part.\fR

.TP

Set this value to control the maximum number of connections from HTTP clients

into the server. This is implemented by closing the last socket if the limit

threshold is reached.

.TP

Normally, Yaws does not restrict the number of times a connection is kept alive

using keepalive. Setting this parameter to an integer X will ensure that

connections are closed once they have been used X times. This can be a useful

to guard against long running connections collecting too much garbage in the

Erlang VM.

.TP

Set process spawn options for client acceptor processes. Options must be

specified as a quoted string of either the atom \fIundefined\fR or as a proplist

of valid process options. The supported options are \fIfullsweep_after\fR,

\fImin_heap_size\fR, and \fImin_bin_vheap_size\fR, each taking an associated

integer value. Other process options are ignored. The proplist may also be

empty. See \fBerlang:spawn_opt/4\fR for details on these options.

.TP

Set the size of the pool of cached acceptor processes. The specified value must

be greater than or equal to 0. The default value is \fI8\fR. Specifying a value

of 0 effectively disables the process pool.

.TP

The logs written by Yaws are all wrap logs, the default value at the size where

they wrap around and the original gets renamed to File.old is \fI1000000\fR, 1

megabyte. This value can be changed.

.br

If we set the value to 0 the logs will never wrap. If we want to use Yaws in

combination with a more traditional log wrapper such as logrotate, set the size

to 0 and Yaws will reopen the logfiles once they have be renamed/removed.

.TP

By default the client host IP is not resolved in the access logs.

.TP

Fail completely or not if Yaws fails to bind a listen socket Default is

\fItrue\fR.

.TP

If true, a soap server will be started at startup of Yaws. Default is

\fIfalse\fR.

.TP

If enable_soap is true, a startup Yaws will invoke \fIyaws_soap_srv:setup()\fR

to setup modules set here. ModuleSetting is either a triad like \fI<Mod,

HandlerFunc, WsdlFile>\fR or a quadruple form like \fI<Mod, HandlerFunc,

WsdlFile, Prefix>\fR which specifies the \fIprefix\fR. A \fIprefix\fR will be

used as argument of \fIyaws_soap_lib:initModel()\fR and then be used as a XML

namespace prefix. Note, the \fIWsdlFile\fR here should be an absolute-path file

in local file systems.

For example, we can specify

.nf

soap_srv_mods=<Mod1, Handler, Wsdl1> <Mod2, Handler, Wsdl2, Prefix> ...

.fi

.TP

\fBthis target is deprecated and useless. use 'php_handler' target in server

part instead.\fR

.br

The name of (and possibly path to) the php executable used to interpret php

scripts (if allowed). Default is \fIphp_exe_path = php-cgi\fR.

.TP

Enable or disable copying of the error log. When we run in embedded mode, there

may very well be some other systems process that is responsible for writing the

errorlog to a file whereas when we run in normal standalone mode, we typically

want the Erlang errorlog written to a report.log file. Default value is

\fItrue\fR.

.TP

Allows to specify a different Yaws session storage mechanism instead of an ETS

table. One of the drawbacks of the default yaws_session_server implementation is

that server side cookies are lost when the server restarts. Specifying a

different module here will pass all writes/read operations to this module (it

must implements appropriate callbacks).

.TP

At startup Yaws will invoke \fIModuleName:start()\fR in a separate process. It

is possible to have several runmods. This is useful if we want to reuse the

Yaws startup shell script for our own application.

.TP

When Yaws gets a request, it extracts the Host: header from the client request

to choose a virtual server amongst all servers with the same IP/Port pair. This

configuration parameter decides whether Yaws should pick the first (as defined

in the yaws.conf file) if no name match or not. In real live hosting scenarios

we typically want this to be false whereas in testing/development scenarios it

may be convenient to set it to true. Default is \fItrue\fR.

.TP

If the HTTP session will be kept alive (i.e., not immediately closed) it will

close after keepalive_timeout milliseconds unless a new request is received in

that time. The default value is \fI30000\fR. The value \fIinfinity\fR is legal

but not recommended.

.TP

Load specified config file.

.TP

Load all config file in specified directory.

.TP

\fBthis target is deprecated and will be ignored.\fR

.TP

Defines the default MIME type to be used where Yaws cannot determine it by its

MIME types mappings. Default is \fItext/plain\fR.

.TP

Defines the default charset to be added when a response content-type is

\fItext/*\fR. By default, no charset is added.

.TP

Overrides the default \fImime.types\fR file included with Yaws. This file must

use the following format:

.nf

# Lines beginning with a '#' or a whitespace are ignored

# blank lines are also ignored

<MIME type> <space separated file extensions>

.fi

The default file is located at \fI${PREFIX}/lib/yaws/priv/mime.types\fR. You

should not edit this file because it may be replaced when you upgrade your

server.

.TP

Specifies one or more mappings between MIME types and file extensions. More than

one extension can be assigned to a MIME type. \fIListOfTypes\fR is defined as

follows:

.nf

add_types = <MimeType1, Ext> <MimeType2, Ext1 Ext2 ...> ...

.fi

The mappings defined using this directive will overload all other

definitions. If a file extension is defined several times, only the last one is

kept. Multiple \fBadd_types\fR directives may be used.

.TP

Specifies one or more mappings between charsets and file extensions. More than

one extension can be assigned to a charset. \fIListOfCharsets\fR is defined as

follows:

.nf

add_charsets = <Charset1, Ext> <Charset2, Ext1 Ext2 ...> ...

.fi

The mappings defined using this directive will overload all other

definitions. If a file extension is defined several times, only the last one is

kept. Multiple \fBadd_charsets\fR directives may be used.

Yaws can virthost several web servers on the same IP address as well as several

web servers on different IP addresses. This includes SSL servers.

.PP

Each virtual host is defined within a matching pair of \fB<server ServerName>\fR

and \fB</server>\fR. The ServerName will be the name of the webserver.

.PP

The following directives are allowed inside a server definition.

.TP

This makes the server listen on Port. Default is \fI8000\fR.

.TP

This makes the server listen on IpAddress. When virthosting several servers on

the same ip/port address, if the browser doesn't send a Host: field, Yaws will

pick the \fIfirst\fR server specified in the config file. If the specified IP

address is 0.0.0.0 Yaws will listen on all local IP addresses on the specified

port. Default is \fI127.0.0.1\fR. Multiple \fBlisten\fR directives may be used to

specify several addresses to listen on.

.TP

This sets the TCP listen backlog for the server to define the maximum length the

queue of pending connections may grow to. The default is the same as the default

provided by \fIgen_tcp:listen/2\fR, which is 5.

.TP

This directive sets the "Server: " output header to the custom value and

overloads the global one for this virtual server.

.TP

This forces all local redirects issued by the server to go to Host. This is

useful when Yaws listens to a port which is different from the port that the

user connects to. For example, running Yaws as a non-privileged user makes it

impossible to listen to port 80, since that port can only be opened by a

privileged user. Instead Yaws listens to a high port number port, 8000, and

iptables are used to redirect traffic to port 80 to port 8000 (most NAT:ing

firewalls will also do this for you).

.TP

This forces all local redirects issued by the server to use this method. This is

useful when an SSL off-loader, or stunnel, is used in front of Yaws.

.TP

Enable or disable the auth log for this virtual server. Default is \fItrue\fR.

.TP

Setting this directive to false turns of traffic logging for this virtual

server. The default value is \fItrue\fR.

.TP

It is possible to set a special module that handles access and auth logging. The

default is to log all web server traffic to <Host>.access and <Host>.auth files

in the configured or default logdir.

.br

This module must implement the behaviour \fIyaws_logger\fR. Default value is

\fIyaws_log\fR.

The following functions should be exported:

\fBModule:open_log(ServerName, Type, LogDir)\fR

.RS 12

When Yaws is started, this function is called for this virtual server. If the

initialization is successful, the function must return \fI{true,State}\fR and if

an error occurred, it must return \fIfalse\fR.

.RE

.IP

\fBModule:close_log(ServerName, Type, State)\fR

.RS 12

This function is called for this virtual server when Yaws is stopped.

.RE

.IP

\fBModule:wrap_log(ServerName, Type, State, LogWrapSize)\fR

.RS 12

This function is used to rotate log files. It is regularly called by Yaws and

must return the possibly updated internal NewState.

.RE

.IP

\fBModule:write_log(ServerName, Type, State, Infos)\fR

.RS 12

When it needs to log a message, Yaws will call this function. The parameter

Infos is \fI{Ip,Req,InHdrs,OutHdrs,Time}\fR for an access log and

\fI{Ip,Path,Item}\fR for an auth log, where:

\fBIp\fR - IP address of the accessing client (as a tuple).

\fBReq\fR - the HTTP method, URI path, and HTTP version of the request (as a

#http_request{} record).

\fBInHdrs\fR - the HTTP headers which were received from the WWW client (as a

#headers{} record).

\fBOutHdrs\fR - the HTTP headers sent to the WWW client (as a #outh{} record)

\fBPath\fR - the URI path of the request (as a string).

\fBItem\fR - the result of an authentication request. May be \fI{ok,User}\fR,

\fI403\fR or \fI{401,Realm}\fR.

\fBTime\fR - The time taken to serve the request, in microseconds.

.RE

.IP

For all of these callbacks, \fBServerName\fR is the virtual server's name,

\fIType\fR is the atom access or auth and \fIState\fR is the internal state of

the logger.

.TP

Defines a module to control access to this virtual server. Access can be

controlled based on the IP address of the client. It is also possible to

throttles HTTP requests based on the client's download rate. This module must

implement the behaviour \fIyaws_shaper\fR.

There is no such module configured by default.

.TP

Setting this directive to false disallows the automatic dir listing feature of

Yaws. A status code 403 Forbidden will be sent. Set to true_nozip to avoid the

auto-generated all.zip entries. Default is \fIfalse\fR.

.TP

Add additional CGI or FastCGI variables. For example:

.nf

<extra_cgi_vars dir='/path/to/some/scripts'>

var = val

\&...

</extra_cgi_vars>

.fi

.TP

Turns on/off statistics gathering for a virtual server. Default is \fIfalse\fR.

.TP

The hostname and TCP port number of a FastCGI application server. The TCP port

number is not optional. There is no default value.

.TP

Enable or disable tracing of FastCGI protocol messages as info log

messages. Disabled by default.

.TP

Enable or disable logging of application error messages (output to stderr and

non-zero exit value). Disabled by default.

.TP

Turns on or off deflate compression for a server. Default is \fIfalse\fR.

.TP

This begins and ends the deflate compression configuration for this server. The

following items are allowed within a matching pair of <deflate> and </deflate>

delimiters.

\fBmin_compress_size = nolimit | Integer\fR

.RS 12

Defines the smallest response size that will be compressed. If nolimit is not

used, the specified value must be strictly positive. The default value is

\fInolimit\fR.

.RE

.IP

\fBcompress_level = none | default | best_compression | best_speed | 0..9\fR

.RS 12

Defines the compression level to be used. 0 (none), gives no compression at all,

1 (best_speed) gives best speed and 9 (best_compression) gives best

compression. The default value is \fIdefault\fR.

.RE

.IP

\fBwindow_size = 9..15\fR

.RS 12

Specifies the zlib compression window size. It should be in the range 9 through

15. Larger values of this parameter result in better compression at the expense

of memory usage. The default value is \fI15\fR.

.RE

.IP

\fBmem_level = 1..9\fR

.RS 12

Specifies how much memory should be allocated for the internal compression

state. \fImem_level=1\fR uses minimum memory but is slow and reduces compression

ratio; \fImem_level=9\fR uses maximum memory for optimal speed. The default

value is \fI8\fR.

.RE

.IP

\fBstrategy = default | filtered | huffman_only\fR

.RS 12

This parameter is used to tune the compression algorithm. See \fBzlib(3erl)\fR

for more details on the \fIstrategy\fR parameter. The default value is

\fIdefault\fR.

.RE

.IP

\fBuse_gzip_static = true | false\fR

.RS 12

If true, Yaws will try to serve precompressed versions of static files. It will

look for precompressed files in the same location as original files that end in

".gz". Only files that do not fit in the cache are concerned. The default value

is \fIfalse\fR.

.RE

.IP

\fBmime_types = ListOfTypes | defaults | all\fR

.RS 12

Restricts the deflate compression to particular MIME types. The special value

\fIall\fR enable it for all types (It is a synonym of `*/*'). MIME types into

\fIListOfTypes\fR must have the form `type/subtype' or `type/*' (indicating all

subtypes of that type). Here is an example:

.nf

mime_types = default image/*

mime_types = application/xml application/xhtml+xml application/rss+xml

.fi

By default, following MIME types are compressed (if

\fBdeflate\fR is set to true): \fItext/*, application/rtf, application/msword,

application/pdf, application/x-dvi, application/javascript,

application/x-javascript\fR. Multiple \fBmime_types\fR directive can be used.

.RE

.TP

This makes the server serve all its content from Directory.

.br

It is possible to pass a space-separated list of directories as docroot. If this

is the case, the various directories will be searched in order for the requested

file. This also works with the ssi and yssi constructs where the full list of

directories will be searched for files to ssi/yssi include. Multiple docroot

directives can be used. You need at least one valid docroot, invalid docroots

are skipped with their associated auth structures.

.TP

If true, the docroot will not be searched for \fI.yaws_auth\fR files. This is

useful when the docroot is quite large and the time to search it is prohibitive

when Yaws starts up. Defaults to \fIfalse\fR.

.TP

When a Yaws file receives large POSTs, the amount of data received in each chunk

is determined by the this parameter. The default value is \fI10240\fR.

.TP

Turns on the DAV protocol for this server. The dav support in Yaws is highly

limited. If dav is turned on, .yaws processing of .yaws pages is turned

off. Default is \fIfalse\fR. Setting it to nolimit is potentially

dangerous. The socket read timeout is supplied by the keepalive_timeout setting.

If the read is not done within the timeout, the POST will fail.

.TP

If this value is set to false Yaws will never do tilde expansion. The default is

\fIfalse\fR. tilde_expansion is the mechanism whereby a URL on the form

http://www.foo.com/~username is changed into a request where the docroot for

that particular request is set to the directory ~username/public_html/.

.TP

The allowed script types for this server. Recognized are `yaws', `cgi', `fcgi',

`php'. Default is \fIallowed_scripts = yaws php cgi fcgi\fR.

Note: for fcgi scripts, the FastCGI application server is only called if a local

file with the .fcgi extension exists. However, the contents of the local .fcgi

file are ignored.

.TP

The allowed script types for this server when executing files in a users

public_html folder Recognized are `yaws', `cgi', `fcgi', `php'. Default is

\fItilde_allowed_scripts =\fR i.e. empty

.TP

This directive sets the list of resources to look for, when a directory is

requested by the client. If the last entry begins with a `/', and none of the

earlier resources are found, Yaws will perform a redirect to this uri.

Default is \fIindex_files = index.yaws index.html index.php\fR.

.TP

If any the names in ListOfModuleNames appear as components in the path for a

request, the path request parsing will terminate and that module will be

called. There is also an alternate syntax for specifying the appmods if we don't

want our internal erlang module names to be exposed in the URL paths. We can

specify

.nf

appmods = <Path1, Module1> <Path2, Modules2> ...

.fi

Assume for example that we have the URL

http://www.hyber.org/myapp/foo/bar/baz?user=joe while we have the module foo

defined as an appmod, the function foo:out(Arg) will be invoked instead of

searching the filesystems below the point foo.

.br

The Arg argument will have the missing path part supplied in its appmoddata

field.

It is also possible to exclude certain directories from appmod processing. This

is particulaly interesting for '/' appmods. Here is an example:

.nf

appmods = </, myapp exclude_paths icons js top/static>

.fi

The above configuration will invoke the 'myapp' erlang module on everything

except any file found in directories, 'icons', 'js' and 'top/static' relative to

the docroot.

.TP

Set \fIDispatchModule\fR as a server-specific request dispatching

module. Yaws expects \fIDispatchModule\fR to export a \fIdispatch/1\fR

function. When it receives a request, Yaws passes an \fI#arg{}\fR record to

the dispatch module's \fIdispatch/1\fR function, which returns one of the

following atom results:

.RS 12

\fBdone\fR - this indicates the dispatch module handled the request itself

and already sent the response, and Yaws should resume watching for new

requests on the connection

\fBclosed\fR - same as \fIdone\fR but the \fIDispatchModule\fR also closed

the connection

\fBcontinue\fR - the dispatch module has decided not to handle the request,

and instead wants Yaws to perform its regular request dispatching

.RE

.IP

Note that when \fIDispatchModule\fR handles a request itself, Yaws does not

support tracing, increment statistics counters or allow traffic shaping for

that request. It does however still keep track of maximum keepalive uses on

the connection.

.TP

It is possible to set a special module that handles 404 Not Found messages. The

function \fIModule:out404(Arg, GC, SC)\fR will be invoked. The arguments are

.RS 12

\fBArg\fR - a #arg{} record

\fBGC\fR - a #gconf{} record (defined in yaws.hrl)

\fBSC\fR - a #sconf{} record (defined in yaws.hrl)

.RE

.IP

The function can and must do the same things that a normal \fIout/1\fR does.

.TP

It is possible to set a special module that handles 401 Unauthorized

messages. This can for example be used to display a login page instead. The

function \fIModule:out401(Arg, Auth, Realm)\fR will be invoked. The arguments

are

.RS 12

\fBArg\fR - a #arg{} record

\fBAuth\fR - a #auth{} record

\fBRealm\fR - a string

.RE

.IP

The function can and must do the same things that a normal \fIout/1\fR does.

.TP

It is possible to set a special module that handles the HTML generation of

server crash messages. The default is to display the entire formated crash

message in the browser. This is good for debugging but not in production.

.br

The function \fIModule:crashmsg(Arg, SC, Str)\fR will be called. The \fIStr\fR

is the real crash message formated as a string.

.br

The function must return, \fI{content,MimeType,Cont}\fR or \fI{html, Str}\fR or

\fI{ehtml, Term}\fR. That data will be shipped to the client.

.TP

Controls the setting of the \fIExpires\fR HTTP header and the \fImax-age\fR

directive of the \fICache-Control\fR HTTP header in server responses for

specific MIME types. The expiration date can set to be relative to either the

time the source file was last modified, or to the time of the client

access. ListOfExpires is defined as follows:

.nf

expires = <MimeType1, access+Seconds> <MimeType2, modify+Seconds> ...

.fi

These HTTP headers are an instruction to the client about the document's

validity and persistence. If cached, the document may be fetched from the cache

rather than from the source until this time has passed. After that, the cache

copy is considered "expired" and invalid, and a new copy must be obtained from

the source. Here is an example:

.nf

expires = <image/gif, access+2592000> <image/png, access+2592000>

expires = <image/jpeg, access+2592000> <text/css, access+2592000>

.fi

.TP

It is possible to install a module that rewrites all the Arg #arg{} records at

an early stage in the Yaws server. This can be used to do various things such

as checking a cookie, rewriting paths etc.

.br

The module \fIyaws_vdir\fR can be used in case you want to serve static content

that is not located in your docroot. See the example at the bottom of this man

page for how to use the \fIopaque\fR + \fIvdir\fR elements to instruct the

\fIyaws_vdir\fR module what paths to rewrite.

.TP

Defines a user provided callback module. At startup of the server,

Module:start/1 will be called. The #sconf{} record (defined in yaws.hrl) will

be used as the input argument. This makes it possible for a user application to

synchronize the startup with the Yaws server as well as getting hold of user

specific configuration data, see the explanation for the <opaque> context.

.TP

Make Yaws a reverse proxy. \fIPrefix\fR is a path inside our own docroot

and \fIUrl\fB argument is a URL pointing to a website we want to "mount"

under the \fIPrefix\fR path. This example:

.nf

revproxy = /tmp/foo http://yaws.hyber.org

.fi

makes the hyber website appear under \fI/tmp/foo\fR.

It is possible to have multiple reverse proxies inside the same server.

You can optionally configure an interception module for each reverse proxy,

allowing your application to examine and modify requests and HTTP headers

as they pass through the proxy from client to backend server and also

examine and modify responses and HTTP headers as they return from the

backend server through the proxy to the client.

You specify an interception module by including the optional

\fIintercept_mod\fR keyword followed by \fIModule\fR, which should be the

name of your interception module.

An interception module is expected to export two functions:

\fIrewrite_request/2\fR and \fIrewrite_response/2\fR. The two arguments

passed to \fIrewrite_request/2\fR function are a \fI#http_request{}\fR record

and a \fI#headers{}\fR record, whereas \fIrewrite_response/2\fR function

takes a \fI#http_response{}\fR record and also a \fI#headers{}\fR record. You

can find definitions for these record types in the \fIyaws_api.hrl\fR

header file. Each function can examine each record instance and can either

return each original instance or can return a modified copy of each

instance in its response. The \fIrewrite_request/2\fR function should

return a tuple of the following form:

.nf

\fI{ok, #http_request{}, #headers{}}\fR

.fi

and the \fIrewrite_response/2\fR function should similarly return a tuple

of the following form:

.nf

\fI{ok, #http_response{}, #headers{}}\fR

.fi

A \fI#headers{}\fR record can easily be manipulated in an interceptor using

the functions listed below:

.nf

\fIyaws_api:set_header/2\fR, \fIyaws_api:set_header/3\fR

\fIyaws_api:get_header/2\fR, \fIyaws_api:get_header/3\fR

\fIyaws_api:delete_header/2\fR

.fi

Any failures in your interception module's functions will result in HTTP

status code 500, indicating an internal server error.

.TP

Make Yaws a forward proxy. By enabling this option you can use Yaws as a proxy

for outgoing web traffic, typically by configuring the proxy settings in a

web-browser to explicitly target Yaws as its proxy server.

.TP

If we're virthosting everal servers and want to force a server to match specific

Host: headers we can do this with the "servername" directive. This name doesn't

necessarily have to be the same as the the name inside <server Name> in certain

NAT scenarios. Rarely used feature.

.TP

Set handler to interpret .php files. It can be one of the following definitions:

\fBphp_handler = <cgi, Filename>\fR - The name of (and possibly path to) the php

executable used to interpret php scripts (if allowed).

\fBphp_handler = <fcgi, Host:Port>\fR - Use the specified fastcgi server to

interpret .php files (if allowed).

.RS 12

Yaws does not start the PHP interpreter in fastcgi mode for you. To run PHP in

fastcgi mode, call it with the -b option. For example:

.nf

php5-cgi -b '127.0.0.1:54321'

.fi

This starts a php5 in fastcgi mode listening on the local network interface. To

make use of this PHP server from Yaws, specify:

.nf

php_handler = <fcgi, 127.0.0.1:54321>

.fi

The PHP interpreter needs read access to the files it is to serve. Thus, if you

run it in a different security context than Yaws itself, make sure it has access

to the .php files.

.br

Please note that anyone who is able to connect to the php fastcgi server

directly can use it to read any file to which it has read access. You should

consider this when setting up a system with several mutually untrusted instances

of php.

.RE

.IP

\fBphp_handler = <extern, Module:Function | Node:Module:Function>\fR - Use an

external handler, possibly on another node, to interpret .php files (if

allowed).

.RS 12

To interpret a .php file, the function \fIModule:Function(Arg)\fR will be

invoked (Evaluated inside a rpc call if a \fINode\fR is specified), where Arg is

a #arg{} record.

.br

The function must do the same things that a normal out/1 does.

.RE

.IP

Default value is \fI<cgi, "/usr/bin/php-cgi">\fR.

.TP

\fBthis target is deprecated. use 'php_handler' target in server part

.br

Use this directive is same as: php_handler = <fcgi, Host:Port>.

.TP

Overloads the global \fBdefault_type\fR value for this virtual server.

.TP

Overloads the global \fBdefault_charset\fR value for this virtual server.

.TP

Overloads the global \fBmime_type_file\fR value for this virtual

server. Mappings defined in \fIFile\fR will not overload those defined by

\fBadd_types\fR directives in the global part.

.TP

Overloads the global \fBadd_types\fR values for this virtual server. If a

mapping is defined in the global part and redefined in a server part using this

directive, then it is replaced. Else it is kept.

.TP

Overloads the global \fBadd_charsets\fR values for this virtual server. If a

mapping is defined in the global part and redefined in a server part using this

directive, then it is replaced. Else it is kept.

.TP

This begins and ends an SSL configuration for this server. It's possible to

virthost several SSL servers on the same IP given that they all share the same

certificate configuration. In general it is complicated to virthost several SSL

servers on the same IP address since the certificate is typically bound to a

domainname in the common name part of the certificate. One solution (the only?)

to this problem is to have a certificate with multiple subjectAltNames. See

http://wiki.cacert.org/VhostTaskForce#Interoperability_Test

\fBkeyfile = File\fR

.RS 12

Specifies which file contains the private key for the certificate. If not

specified then the certificate file will be used.

.RE

.IP

\fBcertfile = File\fR

.RS 12

Specifies which file contains the certificate for the server.

.RE

.IP

\fBcacertfile = File\fR

.RS 12

A file containing trusted certificates to use during client authentication and

to use when attempting to build the server certificate chain. The list is also

used in the list of acceptable client CAs passed to the client when a

certificate is requested.

.RE

.IP

\fBverify = 0 | 1 | 2 | verify_none | verify_peer\fR

.RS 12

Specifies the level of verification the server does on client certs. 0 means

that the server will not ask for a cert (verify_none), 1 means that the server

will ask the client for a cert but not fail if the client does not supply a

client cert (verify_peer, fail_if_no_peer_cert = false), 2 means that the server

requires the client to supply a client cert (verify_peer, fail_if_no_peer_cert =

true).

Setting verify_none means that the x509 validation will be skipped (no

certificate request is sent to the client), verify_peer means that a certificate

request is sent to the client (x509 validation is performed.

You might want to use fail_if_no_peer_cert in combination with verify_peer.

.RE

.IP

\fBfail_if_no_peer_cert = true | false\fR

.RS 12

If verify is set to verify_peer and set to true the connection will fail if the

client does not send a certificate (i.e. an empty certificate). If set to false

the server will fail only if an invalid certificate is supplied (an empty

certificate is considered valid).

.RE

.IP

\fBdepth = Int\fR

.RS 12

Specifies the depth of certificate chains the server is prepared to follow when

verifying client certs. For the OTP new SSL implementation it is also used to

specify how far the server, i.e. we, shall follow the SSL certificates we

present to the clients. Hence, using self-signed certs, we typically need to set

this to 0.

.RE

.IP

\fBpassword = String\fR

.RS 12

String If the private key is encrypted on disc, this password is the 3Dee key to

decrypt it.

.RE

.IP

\fBciphers = String\fR

.RS 12

This string specifies the SSL cipher string. The syntax of the SSL cipher string

is an erlang term compliant with the output of ssl:cipher_suites().

.nf

ciphers = "[{dhe_rsa,aes_256_cbc,sha}, \\

{dhe_dss,aes_256_cbc,sha}]"

.fi

.RE

.TP

Defines a redirect mapping. The following items are allowed within a matching

pair of <redirect> and </redirect> delimiters.

We can have a series of \fBPath = URL\fR or \fBPath = file\fR

All accesses to Path will be redirected to URL/Path or alternatively to

scheme:host:port/file/Path if a file is used. Note that the original path is

appended to the redirected url. So if we for example have: