########################################################################
# Sample configuration file for NaviServer
########################################################################
# All default variables in "defaultConfig" can be overloaded by:
#
# 1) Setting these variables explicitly in this file after
# "ns_configure_variables" (highest precedence)
#
# 2) Setting these variables as environment variables with the "nsd_"
# prefix (suitable for e.g. docker setups). The lookup for
# environment variables happens in "ns_configure_variables".
#
# 3) Alter/override the variables in the "defaultConfig"
# (lowest precedence)
#
# Some comments:
# "ipaddress":
# specify an IPv4 or IPv6 address, or a blank separated
# list of such addresses
# "httpport":
# might be as well a list of ports, when listening on
# multiple ports
# "nscpport":
# when nonempty, load the nscp module and listen
# on the specified port
# "home":
# the root directory, containng the subdirecturies
# "pages", "logs", "lib", "bin", "tcl", ....
#
dict set defaultConfig ipaddress 0.0.0.0
dict set defaultConfig httpport 80
dict set defaultConfig httpsport 443
dict set defaultConfig nscpport ""
dict set defaultConfig home [file dirname [file dirname [info nameofexecutable]]]
dict set defaultConfig hostname localhost
dict set defaultConfig pagedir {$home/pages}
dict set defaultConfig logdir {$home/logs}
dict set defaultConfig certificate {$home/etc/certificates/eurotcl2024.magma-soft.at.pem}
dict set defaultConfig vhostcertificates {$home/etc/certificates}
dict set defaultConfig serverprettyname "EuroTcl2024 NaviServer Demo Instance"
dict set defaultConfig reverseproxymode false
dict set defaultConfig trustedservers ""
#
# For all potential variables defined by the dict "defaultConfig",
# allow environment variables such as "nsd_httpport" or
# "nsd_ipaddress" to override local values.
#
source [file dirname [ns_info nsd]]/../tcl/init.tcl
ns_configure_variables "nsd_" $defaultConfig
set max_file_upload_size 20mb
set max_file_upload_duration 5m
#---------------------------------------------------------------------
# Set headers that should be included in every response from the
# server.
#
set http_extraheaders {
X-Frame-Options "SAMEORIGIN"
X-Content-Type-Options "nosniff"
X-XSS-Protection "1; mode=block"
Referrer-Policy "strict-origin"
}
set https_extraheaders {
Strict-Transport-Security "max-age=31536000; includeSubDomains"
}
append https_extraheaders $http_extraheaders
########################################################################
# Global settings (for all servers)
########################################################################
ns_section ns/parameters {
#
# General server settings
#
ns_param home $home
ns_param tcllibrary tcl
#ns_param pidfile ${home}/logs/nsd.pid
# Parameter for controlling caching via ns_cache. Potential values
# are "full" or "none", future versions might allow as well
# "cluster". The value of "none" makes ns_cache operations to
# no-ops, this is a very conservative value for clusters.
#
# ns_param cachingmode "none" ;# default: "full"
#ns_param progressminsize 1MB ;# default: 0
#ns_param listenbacklog 256 ;# default: 32; backlog for ns_socket commands
# Reject output operations on already closed or detached connections (e.g. subsequent ns_return statements)
#ns_param rejectalreadyclosedconn false;# default: true
#
# Tcl settings
#
#ns_param tclinitlock true ;# default: false
#ns_param concurrentinterpcreate false ;# default: true
#ns_param mutexlocktrace true ;# default false; print durations of long mutex calls to stderr
#
# Log settings (systemlog aka error.log)
#
ns_param serverlog $logdir/error.log
#ns_param logdebug true ;# default: false
#ns_param logroll false ;# default: true
#ns_param logrollfmt %Y-%m-%d ;# format appended to log filename
#ns_param logsec false ;# add timestamps in second resolution (default: true)
#ns_param logusec true ;# add timestamps in microsecond (usec) resolution (default: false)
#ns_param logusecdiff true ;# add timestamp diffs since in microsecond (usec) resolution (default: false)
#ns_param logthread false ;# add thread-info the log file lines (default: true)
#ns_param sanitizelogfiles 1 ;# default: 2; 0: none, 1: full, 2: human-friendly
#
# Encoding settings
#
# ns_param OutputCharset utf-8
# ns_param URLCharset utf-8
ns_param formfallbackcharset iso8859-1 ;# retry with this charset in case of failures
#
# Jobs setting
#
ns_param jobsperthread 1000 ;# default: 0
#ns_param jobtimeout 0s ;# default: 5m
ns_param joblogminduration 100s ;# default: 1s
ns_param schedsperthread 10 ;# default: 0
#ns_param schedlogminduration 2s ;# print warnings when scheduled job takes longer than that
#ns_param dbcloseonexit off ;# default: off; from nsdb
# configure SMTP module
ns_param smtphost "localhost"
ns_param smtpport 25
ns_param smtptimeout 60
ns_param smtplogmode false
ns_param smtpmsgid false
ns_param smtpmsgidhostname ""
ns_param smtpencodingmode false
ns_param smtpencoding "utf-8"
ns_param smtpauthmode ""
ns_param smtpauthuser ""
ns_param smtpauthpassword ""
}
#
# When running behind a reverse proxy, use the following parameters
#
ns_section ns/parameters/reverseproxymode {
#
# Is the server running behind a reverse proxy server?
#
ns_param enabled $reverseproxymode
#
# When defining "trustedservers", the X-Forwarded-For header field
# is only accepted in requests received from one of the specified
# servers. The list of servers can be provided by using IP
# addresses or CIDR masks. Additionally, the processing mode of
# the contents of the X-Forwarded-For contents switches to
# right-to-left, skipping trusted servers. So, the dangerof
# obtaining spoofed addresses can be reduced.
#
ns_param trustedservers $trustedservers
#
# Optionally, non-public entries in the content of X-Forwarded-For
# can be ignored. These are not useful for e.g. geo-location
# analysis.
#
#ns_param skipnonpublic false
}
ns_section ns/threads {
ns_param stacksize 512kB
}
ns_section ns/mimetypes {
ns_param default text/plain
ns_param noextension text/plain
}
ns_section ns/fastpath {
#ns_param cache false ;# default: false
#ns_param cachemaxsize 10MB ;# default: 10MB
#ns_param cachemaxentry 8kB ;# default: 8kB
#ns_param mmap false ;# default: false
ns_param gzip_static true ;# check for static gzip; default: false
ns_param gzip_refresh true ;# refresh stale .gz files on the fly using ::ns_gzipfile
ns_param gzip_cmd "/usr/bin/gzip -9" ;# use for re-compressing
ns_param brotli_static true ;# check for static brotli files; default: false
ns_param brotli_refresh true ;# refresh stale .br files on the fly using ::ns_brotlifile
ns_param brotli_cmd "/usr/bin/brotli -f -Z" ;# use for re-compressing
#ns_param brotli_cmd "/opt/local/bin/brotli -f -Z" ;# use for re-compressing (macOS + ports)
}
ns_section ns/servers {
ns_param naviserver $serverprettyname
ns_param http "HTTP to HTTPS redirect server"
ns_param default "EuroTcl2004 Naviserver Demo"
ns_param wordpress "Wordpress with FastCGI on Naviserver"
ns_param django "Django with revproxy on Naviserver"
ns_param rails "Ruby on Rails with revproxy on Naviserver"
ns_param etherpad "NodeJS/Etherpad with revproxy via Unix domain sockets on Naviserver"
}
#
# Global network modules (for all servers)
#
if {[info exists httpport] && $httpport ne ""} {
#
# We have an "httpport" configured, so configure this module.
#
ns_section ns/modules {
ns_param http nssock
}
ns_section ns/module/http {
ns_param defaultserver http
ns_param port $httpport
ns_param address $ipaddress ;# Space separated list of IP addresses
#ns_param hostname [ns_info hostname]
#ns_param backlog 1024 ;# default: 256; backlog for listen operations
#ns_param acceptsize 10 ;# default: value of "backlog"; max number of accepted (but unqueued) requests
#ns_param sockacceptlog 3 ;# ns/param sockacceptlog; report, when one accept operation
;# receives more than this threshold number of sockets
#ns_param closewait 0s ;# default: 2s; timeout for close on socket
#ns_param keepwait 5s ;# 5s, timeout for keep-alive
#ns_param maxqueuesize 1024 ;# default: 1024; maximum size of the queue
#ns_param readahead 1MB ;# default: 16384; size of readahead for requests
#ns_param maxupload 1MB ;# default: 0, when specified, spool uploads larger than this value to a temp file
ns_param maxinput $max_file_upload_size ;# Maximum file size for uploads
ns_param recvwait $max_file_upload_duration ;# 30s, timeout for receive operations
#ns_param keepalivemaxuploadsize 0.5MB ;# 0, don't allow keep-alive for upload content larger than this
#ns_param keepalivemaxdownloadsize 1MB ;# 0, don't allow keep-alive for download content larger than this
#
# Spooling Threads
#
ns_param writerthreads 1 ;# default: 0, number of writer threads
#ns_param writersize 1KB ;# default: 1MB, use writer threads for files larger than this value
#ns_param writerbufsize 16kB ;# default: 8kB, buffer size for writer threads
#ns_param writerstreaming true ;# false; activate writer for streaming HTML output (e.g. ns_writer)
#ns_param spoolerthreads 1 ;# default: 0; number of upload spooler threads
#ns_param driverthreads 2 ;# default: 1, number of driver threads (requires support of SO_REUSEPORT)
#
# TCP tuning
#
#ns_param nodelay false ;# true; deactivate TCP_NODELAY if Nagle algorithm is wanted
#ns_param deferaccept true ;# false, Performance optimization
}
#
# Define, which "host" (as supplied by the "host:" header field)
# accepted over this driver should be associated with which
# server. This parameter is for virtual servers. Here we have just
# the "default" server and we register the $hostname and the
# $address (in case, the server is addressed via its IP address).
# The variable "hostname" can contain multiple host names (domain
# names) which are all registered for the server "default".
#
### Capture all HTTP request by the redirect server
ns_section ns/module/http/servers {
foreach domainname $hostname {
ns_param http $domainname
}
ns_param http [ns_info hostname]
foreach address $ipaddress {
ns_param http $address
}
}
}
ns_log notice "HTTPSPORT=[info exists httpsport]"
if {[info exists httpsport] && $httpsport ne ""} {
#
# We have an "httpsport" configured, so configure this module.
#
#
# We have an "httpsport" configured, so load and configure the
# module "nsssl" as a global server module with the name "https".
#
ns_log notice "HTTPSPORT=[info exists httpsport] => <$httpsport>"
ns_section ns/modules {
ns_param https nsssl
}
ns_section ns/module/https {
ns_param defaultserver default
ns_param port $httpsport
ns_param address $ipaddress
#ns_param hostname [ns_info hostname]
#ns_param backlog 1024 ;# default: 256; backlog for listen operations
#ns_param acceptsize 10 ;# default: value of "backlog"; max number of accepted (but unqueued) requests
#ns_param sockacceptlog 3 ;# ns/param sockacceptlog; report, when one accept operation
;# receives more than this threshold number of sockets
#ns_param closewait 0s ;# default: 2s; timeout for close on socket
#ns_param keepwait 5s ;# 5s, timeout for keep-alive
#ns_param maxqueuesize 1024 ;# default: 1024; maximum size of the queue
#ns_param readahead 1MB ;# default: 16384; size of readahead for requests
#ns_param maxupload 1MB ;# default: 0, when specified, spool uploads larger than this value to a temp file
ns_param maxinput $max_file_upload_size ;# Maximum file size for uploads
ns_param recvwait $max_file_upload_duration ;# 30s, timeout for receive operations
#ns_param keepalivemaxuploadsize 0.5MB ;# 0, don't allow keep-alive for upload content larger than this
#ns_param keepalivemaxdownloadsize 1MB ;# 0, don't allow keep-alive for download content larger than this
#
# Spooling Threads
#
ns_param writerthreads 1 ;# default: 0, number of writer threads
#ns_param writersize 1KB ;# default: 1MB, use writer threads for files larger than this value
#ns_param writerbufsize 16kB ;# default: 8kB, buffer size for writer threads
#ns_param writerstreaming true ;# false; activate writer for streaming HTML output (e.g. ns_writer)
#ns_param spoolerthreads 1 ;# default: 0; number of upload spooler threads
#ns_param driverthreads 2 ;# default: 1, number of driver threads (requires support of SO_REUSEPORT)
#
# TCP tuning
#
#ns_param nodelay false ;# true; deactivate TCP_NODELAY if Nagle algorithm is wanted
#ns_param deferaccept true ;# false, Performance optimization
#
# SSL/TLS parameters
#
ns_param ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305"
#ns_param ciphersuites "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"
ns_param protocols "!SSLv2:!SSLv3:!TLSv1.0:!TLSv1.1"
ns_param certificate $certificate
ns_param vhostcertificates $vhostcertificates ;# directory for vhost certificates of the default server
ns_param verify 0
ns_param extraheaders $https_extraheaders
ns_param OCSPstapling on ;# off; activate OCSP stapling
# ns_param OCSPstaplingVerbose on ;# off; make OCSP stapling more verbose
}
#
# Define, which "host" (as supplied by the "host:" header field)
# accepted over this driver should be associated with which
# server. This parameter is for virtual servers. Here we have just
# the "default" server and we register the $hostname and the
# $address (in case, the server is addressed via its IP address).
# The variable "hostname" can contain multiple host names (domain
# names) which are all registered for the server "default".
#
ns_section ns/module/https/servers {
### The first FQDN is used as default
ns_param default eurotcl2024.magma-soft.at
ns_param naviserver naviserver.magma-soft.at
ns_param wordpress wordpress.magma-soft.at
ns_param django django.magma-soft.at
ns_param rails rails.magma-soft.at
ns_param etherpad etherpad.magma-soft.at
foreach domainname $hostname {
ns_param default $domainname
}
ns_param default [ns_info hostname]
foreach address $ipaddress {
ns_param default $address
}
}
}
#
# The following section defines, which hostnames map to which
# server. In our case for example, the host "localhost" is mapped to
# the nsd server named "default".
#
#!!ns_section ns/module/http/servers {
#!! ns_param default localhost
#!! ns_param default [ns_info hostname]
#!!}
########################################################################
# Settings for the "naviserver" server
########################################################################
ns_section ns/server/naviserver {
ns_param enabletclpages true ;# default: false
#ns_param filterrwlocks false ;# default: true
ns_param checkmodifiedsince false ;# default: true, check modified-since before returning files from cache. Disable for speedup
ns_param connsperthread 1000 ;# default: 0; number of connections (requests) handled per thread
ns_param minthreads 5 ;# default: 1; minimal number of connection threads
ns_param maxthreads 100 ;# default: 10; maximal number of connection threads
#ns_param maxconnections 100 ;# default: 100; number of allocated connection structures
ns_param rejectoverrun true ;# default: false; send 503 when thread pool queue overruns
#ns_param threadtimeout 2m ;# default: 2m; timeout for idle connection threads
#ns_param concurrentcreatethreshold 100 ;# default: 80; perform concurrent creates when queue is fully beyond this percentage
;# 100 is a conservative value, disabling concurrent creates
#ns_param connectionratelimit 200 ;# 0; limit rate per connection to this amount (KB/s); 0 means unlimited
#ns_param poolratelimit 200 ;# 0; limit rate for pool to this amount (KB/s); 0 means unlimited
# Extra server-specific response header fields
#ns_param extraheaders {Referrer-Policy "strict-origin"}
}
ns_section ns/server/naviserver/modules {
if {$nscpport ne ""} {ns_param nscp nscp}
ns_param nslog nslog
ns_param nscgi nscgi
}
ns_section ns/server/naviserver/module/https {
ns_param certificate $vhostcertificates/naviserver.magma-soft.at.pem
ns_param port $httpsport
}
ns_section ns/server/naviserver/fastpath {
ns_param pagedir $pagedir
#ns_param serverdir ""
#ns_param directoryfile "index.adp index.tcl index.html index.htm"
#ns_param directoryadp dir.adp
#ns_param directoryproc _ns_dirlist
ns_param directorylisting fancy ;# default: simple; parameter for _ns_dirlist
#ns_param hidedotfiles true ;# default: false; parameter for _ns_dirlist
}
ns_section ns/server/naviserver/vhost {
#ns_param enabled false
#ns_param hostprefix ""
#ns_param hosthashlevel 0
#ns_param stripport true
#ns_param stripwww true
}
ns_section ns/server/naviserver/adp {
ns_param map "/*.adp"
#ns_param enableexpire false ;# default: false; set "Expires: now" on all ADP's
#ns_param enabledebug true ;# default: false
#ns_param enabletclpages true ;# default: false
#ns_param singlescript false ;# default: false; collapse Tcl blocks to a single Tcl script
#ns_param cache false ;# default: false; enable ADP caching
#ns_param cachesize 5MB
#ns_param bufsize 1MB
}
ns_section ns/server/naviserver/tcl {
ns_param nsvbuckets 16 ;# default: 8
ns_param nsvrwlocks false ;# default: true
ns_param library modules/tcl
#
# Example for initcmds (to be executed, when this server is fully initialized).
#
#ns_param initcmds {
# ns_log notice "=== Hello World === server: [ns_info server] running"
#}
}
ns_section ns/server/naviserver/module/nscgi {
ns_param map "GET /cgi-bin $home/cgi-bin"
ns_param map "POST /cgi-bin $home/cgi-bin"
ns_param interps CGIinterps
#ns_param allowstaticresources true ;# default false; serve static resources from cgi directories
}
ns_section ns/interps/CGIinterps {
ns_param .pl "/opt/local/bin/perl"
ns_param .sh "/bin/bash"
}
ns_section ns/server/naviserver/module/nslog {
ns_param file $logdir/naviserver_access.log
#ns_param rolllog true ;# default: true; should server log files automatically
#ns_param rollonsignal false ;# default: false; perform roll on a sighup
#ns_param rollhour 0 ;# default: 0; specify at which hour to roll
ns_param maxbackup 7 ;# default: 10; max number of backup log files
#ns_param rollfmt %Y-%m-%d-%H:%M ;# format appended to log filename
#ns_param logpartialtimes true ;# default: false
#ns_param logreqtime true ;# default: false; include time to service the request
ns_param logthreadname true ;# default: false; include thread name for linking with error.log
ns_param masklogaddr true ;# false, mask IP address in log file for GDPR (like anonip IP anonymizer)
ns_param maskipv4 255.255.255.0 ;# mask for IPv4 addresses
ns_param maskipv6 ff:ff:ff:ff:: ;# mask for IPv6 addresses
}
ns_section ns/server/naviserver/module/nscp {
ns_param port $nscpport
#ns_param address 0.0.0.0
}
ns_section ns/server/naviserver/module/nscp/users {
ns_param user "::"
}
set ::env(RANDFILE) $home/.rnd
set ::env(HOME) $home
set ::env(LANG) en_US.UTF-8
#
# For debugging, you might activate one of the following flags
#
#ns_logctl severity Debug(ns:driver) on
#ns_logctl severity Debug(request) on
#ns_logctl severity Debug(task) on
#ns_logctl severity Debug(sql) on
#ns_logctl severity Debug(nsset) on
### Specific pagedir, also used for Let's Encrypt authentication
ns_section ns/server/http/fastpath {
ns_param pagedir http
ns_param serverdir /var/www
ns_param directoryproc ns_returnnotfound
}
ns_section ns/server/http/module/nslog {
ns_param file $logdir/http.log
ns_param extendedheaders Host
}
### Redirect all http requests but .well-known to https
ns_section ns/server/http/tcl {
ns_param initcmds {
ns_register_fastpath GET /.well-known/*
ns_register_proc GET /* {
set host [ns_conn host [ns_config ns/module/https demo]]
set port [ns_config ns/module/https port]
set url https://$host:$port[ns_conn url]
set q [ns_conn query]
if {$q ne ""} {append url ?$q}
ns_log notice "http redirect to $url"
ns_returnmoved $url
}
}
ns_log notice http redirect server loaded
}
### Demo server for:
# - mass virtual hosting
# - php via CGI
# - php via FastCGI
#
ns_section ns/server/default/fastpath {
ns_param pagedir ""
ns_param serverdir /var/www
ns_param directoryproc ns_returnnotfound
ns_param directoryfile {index.html index.php}
}
ns_section ns/server/default/modules {
ns_param nslog nslog
ns_param nscgi nscgi
}
ns_section ns/server/default/modules/nslog {
ns_param file $logdir/access.log
ns_param extendedheaders Host
}
### Map any Host: header and port to a different directory
ns_section ns/server/default/tcl {
ns_param initcmds {
namespace eval ::https {
proc serverroot {args} {
ns_log debug [info level 0]
set rootDir [ns_server serverdir]
set vHostDir default
if {[ns_conn isconnected]} {
set host [ns_conn host]
ns_log debug "serverroot <$args>" \
server '[ns_info server]' \
host '$host' \
rootdir '$rootDir'
if {$host ne ""} {
set port [ns_config ns/module/https port]
set dir $host:$port
if {[::file isdirectory $rootDir/$dir]} {
set vHostDir $dir
} else {
ns_log debug "... $rootDir/$dir does not exist, using default"
}
}
}
set rootDir $rootDir/$vHostDir
ns_log debug "... final rootdir '$rootDir'"
return $rootDir
}
#ns_logctl severity debug on
ns_serverrootproc [namespace current]::serverroot
ns_log notice ns_serverrootproc installed
#ns_logctl severity Debug(cgi) on
}
}
}
### PHP via standard CGI protocol
ns_section ns/interps/php {
ns_param .php /usr/bin/php-cgi
}
ns_section ns/environment/php {
ns_param GREETING "Hello EuroTcl2024"
}
ns_section ns/server/default/module/nscgi {
ns_param map {GET *.php}
ns_param Interps php
ns_param environment php
}
### PHP via FastCGI, showcase: Wordpress
ns_section ns/server/wordpress/module/https {
ns_param certificate $vhostcertificates/wordpress.magma-soft.at.pem
ns_param port $httpsport
}
ns_section ns/server/wordpress/fastpath {
ns_param pagedir www
ns_param serverdir /srv/wordpress
ns_param directoryproc ns_returnnotfound
ns_param directoryfile index.php
}
ns_section ns/interps/wordpress {
ns_param .php /srv/wordpress/cgi.fcgi
}
ns_section ns/server/wordpress/modules {
ns_param nscgi nscgi
}
ns_section ns/server/wordpress/module/nscgi {
ns_param map {GET *.php}
ns_param map {POST *.php}
ns_param Interps wordpress
}
### Python/Django via revproxy
ns_section ns/server/django/module/https {
ns_param certificate $vhostcertificates/django.magma-soft.at.pem
ns_param port $httpsport
}
ns_section ns/server/django/fastpath {
ns_param pagedir www
ns_param serverdir /srv/django
ns_param directoryproc ns_returnnotfound
ns_param directoryfile index.html
}
ns_section ns/server/django/tcl {
ns_param initcmds {
ns_register_fastpath GET /static/*
}
}
ns_section ns/server/django/modules {
ns_param revproxy tcl
}
ns_section ns/server/django/module/revproxy {
ns_param backendconnection ns_http
ns_param filters {
ns_register_proc GET /* ::revproxy::upstream proc -target http://127.0.0.1:7032/
ns_register_proc POST /* ::revproxy::upstream proc -target http://127.0.0.1:7032/
}
}
### Ruby on Rails via revproxy
ns_section ns/server/rails/module/https {
ns_param certificate $vhostcertificates/rails.magma-soft.at.pem
ns_param port $httpsport
}
ns_section ns/server/rails/fastpath {
ns_param pagedir www
ns_param serverdir /srv/rails
ns_param directoryproc ns_returnnotfound
ns_param directoryfile index.html
}
ns_section ns/server/rails/modules {
ns_param revproxy tcl
}
ns_section ns/server/rails/module/revproxy {
ns_param filters {
ns_register_filter preauth GET /* ::revproxy::upstream -target http://127.0.0.1:59232/
ns_register_filter preauth POST /* ::revproxy::upstream -target http://127.0.0.1:59232/
}
}
### nodejs app Etherpad via revproxy and unix domain socket
ns_section ns/server/etherpad/module/https {
ns_param certificate $vhostcertificates/etherpad.magma-soft.at.pem
ns_param port $httpsport
}
ns_section ns/server/etherpad/fastpath {
ns_param pagedir www
ns_param serverdir /srv/etherpad
ns_param directoryproc ns_returnnotfound
ns_param directoryfile index.html
}
ns_section ns/server/etherpad/modules {
ns_param revproxy tcl
}
ns_section ns/server/etherpad/module/revproxy {
ns_param filters {
ns_register_filter preauth GET /* ::revproxy::upstream -target unix:/srv/etherpad/root/etherpad.socket|http://etherpad.magma-soft.at/
ns_register_filter preauth POST /* ::revproxy::upstream -target unix:/srv/etherpad/root/etherpad.socket|http://etherpad.magma-soft.at/
}
}