ShaarliGo/static/app/99-lighttpd-shaarligo.conf

### ShaarliGo begin
var.shaarli_go_path_0 = "/<url path to, but excluding shaarligo.cgi>/"         # change as needed, keep leading and trailing slash

# Setup
#
# 1. edit above var.shaarli_go_path_0 = ...,
# 2. put this file into /etc/lighttpd/conf-available/
# 3. $ sudo /usr/sbin/lighty-enable-mod lighttpd-shaarligo
# 4. $ sudo service lighttpd force-reload
# 5. drop shaarligo.cgi in filesystem location matching shaarli_go_path_0
# 6. point browser to http://example.com/.../shaarligo.cgi

# In case you have simple_vhost enabled, put this config into server.conf
# inside your vhost directory.
#
# https://redmine.lighttpd.net/projects/1/wiki/TutorialConfiguration
# https://redmine.lighttpd.net/projects/1/wiki/docs_modsimplevhost

server.modules += ("mod_setenv")
# below is a workaround, if 'config_servers' can't be patched:
# $ sudo fgrep server.breakagelog /etc/lighttpd/config_servers
# echo "  server.breakagelog = \"$base/$VHOST/logs/error.log\""
# server.breakagelog = "/var/www/lighttpd/.../logs/error.log"
$HTTP["url"] =~ "^"+shaarli_go_path_0 {
  cgi.assign = ( "shaarligo.cgi" => "" ) # execute without interpreter
  server.error-handler-404 = shaarli_go_path_0 + "themes/current/404.html"

  url.redirect = (
    # start with ? to make the trailing slash of "^"+shaarli_go_path_0 optional:
    "^"+shaarli_go_path_0 + "?\?(..*)$" => "shaarligo.cgi?$1",   # probe & shaarli
    "^"+shaarli_go_path_0 + "shaarligo.cgi\?do=(rss|atom)$" => "../o/p/",   # I AM the feed
  )

  index-file.names = ( "index.html", "index.xml" )

  setenv.add-response-header += (
    # nice
    "X-Powered-By" => "http://purl.mro.name/ShaarliGo",
    # recommended
    # http://www.golem.de/news/content-security-policy-schutz-vor-cross-site-scripting-1306-99795.html
    # http://www.w3.org/TR/CSP/#example-policies
    "Content-Security-Policy" => "base-uri 'none'; form-action 'self'; frame-ancestors 'none'; default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'sha256-hGqewLn4csF93PEX/0TCk2jdnAytXBZFxFBzKt7wcgo='; connect-src 'self'; font-src 'self'; img-src data: 'self'; media-src 'none';",
    "Referrer-Policy" => "no-referrer",
    "X-Frame-Options" => "DENY",
    "X-Content-Type-Options" => "nosniff",
    "Strict-Transport-Security" => "max-age=15768000",
#    "Access-Control-Allow-Origin" => "*",
    # check results https://observatory.mozilla.org/analyze/l.mro.name
  )

  mimetype.assign = (
    ".css"  => "text/css; charset=utf-8",
    ".html" => "text/html; charset=utf-8",
    ".js"   => "text/javascript; charset=utf-8",
    ".json" => "application/json",
    ".png"  => "image/png",
    ".svg"  => "image/svg+xml",
    ".txt"  => "text/plain; charset=utf-8",
    ".xml"  => "text/xml; charset=utf-8",
    ".xslt" => "text/xsl; charset=utf-8", # a Chromism. https://stackoverflow.com/a/21604288
    ".woff"  => "application/font-woff",
    ".woff2"  => "application/font-woff",
  )

  compress.filetype = (
    "application/atom+xml; charset=utf-8",
    "application/json",
    "application/xslt+xml; charset=utf-8",
    "image/svg+xml",
    "text/css; charset=utf-8",
    "text/html; charset=utf-8",
    "text/javascript; charset=utf-8",
    "text/plain; charset=utf-8",
    "text/xml; charset=utf-8",
    "text/xsl; charset=utf-8",
  )

  $HTTP["url"] =~ "^"+shaarli_go_path_0+"themes/" { setenv.add-response-header += ( "Cache-Control" => "max-age=604800, public" ) } # 7 days
  $HTTP["url"] !~ "^"+shaarli_go_path_0+"themes/" { setenv.add-response-header += ( "Cache-Control" => "no-cache" ) }
}
$HTTP["url"] =~ "^"+shaarli_go_path_0 + "app/" { url.access-deny = ("") }
#### ShaarliGo end

$HTTP["url"] !~ "^/\.well-known/" {
  # handle http -> https redirects
  $HTTP["scheme"] == "http" {
    # capture vhost name with regex conditiona -> %0 in redirect pattern
    # must be the most inner block to the redirect rule
#    $HTTP["host"] =~ ".*" { url.redirect = (".*" => "https://%0$0") }
  }
}