(* Configuration file for the "netplex" program. *) netplex { controller { max_level = "debug"; (* Log level *) logging { type = "stderr"; (* Log to stderr *) } }; service { name = "nethttpd"; protocol { (* This section creates the socket *) name = "http"; address { type = "internet"; bind = "0.0.0.0:4444"; }; (* address { type = "internet"; bind = "[::1]:4445"; (* IPv6 example *) } *) }; processor { (* This section specifies how to process data of the socket *) type = "nethttpd"; access_log = "debug"; (* or "off" or "enabled" *) suppress_broken_pipe = true; host { (* Think of Apache's "virtual hosts" *) pref_name = "localhost"; pref_port = 4444; names = "*:0"; (* Which requests are matched here: all *) uri { path = "/"; service { type = "file"; docroot = "/usr"; media_types_file = "/etc/mime.types"; enable_listings = true; } }; uri { path = "/adder"; (* This path is bound to the adder *) service { type = "dynamic"; handler = "adder"; } } }; tls { (* this is pretty good security: 112 bits minimum but with almost all clients 128 or 256 bits. Perfect forward secrecy is given priority over compatibility. (NB. 3DES-CBC is enabled for WinXP only. The strange part "-RSA:+RSA" removes RSA key exchange first and re-adds it as last choice, so that ECDHE and DHE have precedence.) Test your settings at ssllabs.com! *) algorithms = "%SERVER_PRECEDENCE:SECURE128:+SECURE192:+3DES-CBC:-RSA:+RSA"; dh_params { pkcs3_file = "dhparams"; (* This is a must-have for DHE *) }; x509 { trust { (* The certificate of the CA *) crt_file = "certs/x509-ca.pem"; }; key { (* The crt_file contains your certificate plus any intermediate certificates needed for the chain (in this order), but not the CA certificate. *) crt_file = "certs/x509-server.pem"; (* If the key is PEM-encoded it must not be password-protected (i.e. no "DEK-Info" line). We only support passwords for PKCS-8-encoded keys. *) key_file = "certs/x509-server-key.pem"; }; (* (* if you need a second certificate, e.g. for a second domain or for rolling over to a renewed certificate *) key { crt_file = "certs/x509-server2.pem"; key_file = "certs/x509-server2-key.pem"; }; *) }; }; }; workload_manager { type = "dynamic"; max_jobs_per_thread = 1; (* Everything else is senseless *) min_free_jobs_capacity = 1; max_free_jobs_capacity = 1; max_threads = 20; }; } }