= BASE PATH¶
Set the base directory for relative file/path names in configuration file. If you use a relative path name (like eg.
.) for base_path, then we use the location of the LiveConfig executable as start point.
Specify the name of the license file. This file should only be readable by the user under which liveconfig runs. For more informations see liveconfig.key(5).
Specify the name of the logfile. That file (or the directory where the file has to be created) must be writeable by the user under which liveconfig runs. If a log file already exists, it must not be a special file (eg. symbolic link, pipe, …). When setting
log_file to the value
syslog, all log output is sent to the system logger syslog(3).
= emerg | alert | crit | err | warning | notice | info | debug¶
Set the level when messages will be logged.
Specify the name of the PID file. That file (or the directory where the file has to be created) must be writeable by the user under which liveconfig runs. The PID file is used to store the process ID of the actual running liveconfig process.
Set the path name where the resource files are stored in.
Set the path name where LiveConfig’s additional libraries (eg. database drivers) are located.
Set the path name where LiveConfig’s scripts & utilities (eg. Lua scripts, logsplit utility) are located.
Set the system user to switch to for all unprivileged operations (like the frontend webserver, querying system statistics, etc.). If not defined, the user id -1 will be used. LiveConfig must be started as root user in order to switch to a lesser privileged user. If started as non-root user, LiveConfig will continue to run as that user.
If this option is set, LiveConfig uses the defined proxy server for outbound HTTP(S) connections. The URL must have the format
The following options are for configuring the database access for LiveConfig:
Specify the database driver to use. Supported values are:
mysql to connect to a MySQL or MariaDB database
sqlite to use a local SQLite database (file-based)
[MySQL] Set the database server name to connect to.
[MySQL, SQLite] Set the database name to be used. For SQLite, this specifies the filename of the database.
[MySQL] Specify the user name for database login.
[MySQL] Specify the password for database login.
Options for the database connection. Supported values:
port=PORT [MySQL] allow port configuration for TCP connections (default: 3306)
socket=SOCKET [MySQL] allow selection of socket file for local connections (default is depending on
[client] setting in
/tmp/mysql.sock - but in most cases
/var/lib/mysqld/mysqld.sock is correct).
no-secure-auth [MySQL] allow the old (deprecated and insecure) connection method from MySQL before 4.1.1.
synchronous=0|1|2 [SQLite] corresponds calling “PRAGMA synchronous=0|1|2;” (default: 1)
journal_mode=DELETE|TRUNCATE|PERSIST|MEMORY|WAL|OFF [SQLite] corresponds calling
PRAGMA journal=...; (default:
HTTP specific options are:
Set the network address to listen for incoming HTTP connections. Optionally, a port may be specified. Both IPv4 and IPv6 addresses are allowed. If the address
* is specified, LiveConfig will listen on any IPv4 and any IPv6 address (
:: will only listen on IPv6 interfaces,
0.0.0.0 only on IPv4 interfaces!). Examples for valid addresses are:
listen on any IPv4 address and any IPv6 address at port 8888
listen on any IPv6 address at port 8888
listen on any IPv4 address at default port 8080
listen on any IPv6 address at default port 8080
listen only at IPv4 address
http_socket command may be used multiple times to open multiple ports.
Same as http_socket, except that a port for incoming HTTPS connections (SSL) is opened. The SSL certificate is loaded from the file specified with
http_ssl_certificate. The default port for SSL connections is 8443.
= LOG FILE¶
Set the log file for HTTP requests. The log file format is the same as the combined log format from Apache httpd webserver.
Directory for static files (eg. customer logos, APS icons, …). Must be writable by the LiveConfig user.
Set the read timeout for HTTP requests to TIMEOUT seconds.
Set the HTTP keep-alive timeout to TIMEOUT seconds.
Set the maximum number of HTTP keep-alive requests to MAX_REQUESTS.
Limit the maximum number of concurrent HTTP connections to MAX_CONNECTIONS.
Specify the file containing both the SSL certificate and SSL private key (PEM encoded) - see SSL Configuration.
= STATUS URI DESTINATION¶
Redirect requests for URI to DESTINATION using HTTP status STATUS. Valid values for STATUS are 301 (moved permanently) and 302 (moved temporarily). All URIs must contain a leading slash. Redirections and rewrites (see below) have the highest priority when parsing a request, so any URI may be redirected. The URI must be matched exactly, it is not possible to redirect all requests with a certain prefix.
Usually you want to define a default redirection to the login page like this:
http_redirect = 301 / /liveconfig/login
You can also redirect requests to any other website:
http_redirect = 301 / http://www.example.test/customer-login/
= URI DESTINATION¶
Rewrite requests for URI to DESTINATION without HTTP redirects. All URIs must contain a leading slash; rewriting URIs to external destinations is not possible. Redirections and rewrites have the highest priority when parsing a request, so any URI may be rewritten. The URI must be matched exactly, it is not possible to rewrite all requests with a certain prefix.
Often you may want a “robots.txt” file directly accessible:
http_rewrite = /robots.txt /res/m/liveconfig/robots.txt
Use HOSTNAME as canonical host name for the LiveConfig web interface.
http_canonical_host is defined and a user connects to LiveConfig using a differing host name, he can be redirected to the URL configured here.
= STATUS URL¶
If a plain HTTP request (via a http_socket) arrives, redirect to the defined URL.
Enable HTTP Strict Transport Security (HSTS) for SSL connections. The value defined with TIME defines how long a client is forced to use secure connections only (recommended: 31536000 seconds = 12 months). The default setting is 0 (off).
When LiveConfig is run behind a reverse proxy, you can configure the IP addresses where proxy requests come from. This is required for
http_proxy_ip_header to get the “real” client IP address.
Defines the name of the HTTP header containing the IP address of the “real” client when a reverse proxy is used. This field is usually named
X-Real-IP and must contain a single IP address. To avoid spoofing, the IP address from this field will only be used if the connection originates from an IP address listed in
When LiveConfig is running behind a reverse proxy, you can configure the “public” URL (of the proxy server) with this option. Sometimes LiveConfig needs to create a full URL (eg. for the link to reset a password, which is sent by e-mail). Because LiveConfig doesn’t know the external URL, it must be explicitly configured in these cases. Please type the URL without a trailing slash.
http_proxy_url = https://controlpanel.example.org
The LiveConfig Client Protocol (LCCP) is used for communication between a LiveConfig server and a LiveConfig client (requires a Business License on the LiveConfig server).
The LCCP specific options are:
Set the network address to listen for incoming LCCP connections. Optionally, a port may be specified. Both IPv4 and IPv6 addresses are allowed. Examples for valid addresses are:
listen on any IPv4 and IPv6 address at port 7888
listen on any IPv4 address at default port 788
listen on any IPv4 and IPv6 address at default port 788
listen only at IPv4 address 184.108.40.206 (port 788)
The lccp_socket command may be used multiple times to open multiple ports. You only need to define a LCCP socket if you have at least one LiveConfig client which should connect to this server instance.