new file mode 100644
@@ -0,0 +1,26 @@
+#
+# Copyright (c) Siemens AG, 2025
+#
+# Authors:
+# Quirin Gylstorff <quirin.gylstorff@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+#
+require recipes-initramfs/dracut-module/dracut-module.inc
+
+DEBIAN_DEPENDS:append = ",lighttpd"
+SRC_URI += "file://install.sh \
+ file://lighttpd.conf \
+ file://lighttpd.service \
+ file://sysuser-lighttpd.conf \
+ "
+DRACUT_REQUIRED_BINARIES = "lighttpd"
+DRACUT_MODULE_DEPENDENCIES = "systemd-network-management"
+
+do_install[cleandirs] += "${D}/usr/lib/sysusers.d/"
+do_install:append() {
+ install -m 666 ${WORKDIR}/lighttpd.conf ${DRACUT_MODULE_PATH}
+ install -m 666 ${WORKDIR}/lighttpd.service ${DRACUT_MODULE_PATH}
+ install -m 666 ${WORKDIR}/sysuser-lighttpd.conf ${D}/usr/lib/sysusers.d/lighttpd.conf
+}
+
new file mode 100644
@@ -0,0 +1,21 @@
+install() {
+ inst_binary /usr/sbin/lighttpd
+ inst_binary /usr/sbin/lighttpd-angel
+ inst_binary /usr/sbin/lighttpd-disable-mod
+ inst_binary /usr/sbin/lighttpd-enable-mod
+ inst_multiple -o /usr/lib/lighttpd/*.so
+ inst_multiple -o /usr/share/lighttpd/*
+ inst_simple "${moddir}/lighttpd.service" "$systemdsystemunitdir/lighttpd.service"
+ mkdir -p -m 0700 "$initdir/etc/lighttpd/"
+ mkdir -p -m 0700 "$initdir/var/cache/lighttpd/compress"
+ mkdir -p -m 0700 "$initdir/var/cache/lighttpd/uploads"
+ mkdir -p -m 0700 "$initdir/var/log/lighttpd/"
+ mkdir -p -m 0755 "$initdir/var/www/html"
+ /usr/bin/install -m 0644 /usr/share/lighttpd/index.html "$initdir/var/www/html/index.html"
+ touch "$moddir"/error.log
+ /usr/bin/install -m 0644 "$moddir"/error.log "$initdir/var/log/lighttpd/error.log"
+ chown -R www-data:www-data "$initdir/var/log/lighttpd/"
+ inst_simple "${moddir}/lighttpd.conf" /etc/lighttpd/lighttpd.conf
+ inst_sysusers lighttpd.conf
+ systemctl -q --root "$initdir" enable lighttpd
+}
new file mode 100644
@@ -0,0 +1,52 @@
+server.modules = (
+ "mod_indexfile",
+ "mod_access",
+ "mod_alias",
+ "mod_redirect",
+)
+
+server.document-root = "/var/www/html"
+server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
+server.errorlog = "/var/log/lighttpd/error.log"
+server.pid-file = "/run/lighttpd.pid"
+server.username = "www-data"
+server.groupname = "www-data"
+server.port = 80
+
+# features
+#https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_feature-flagsDetails
+server.feature-flags += ("server.h2proto" => "enable")
+server.feature-flags += ("server.h2c" => "enable")
+server.feature-flags += ("server.graceful-shutdown-timeout" => 5)
+#server.feature-flags += ("server.graceful-restart-bg" => "enable")
+
+# strict parsing and normalization of URL for consistency and security
+# https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails
+# (might need to explicitly set "url-path-2f-decode" = "disable"
+# if a specific application is encoding URLs inside url-path)
+server.http-parseopts = (
+ "header-strict" => "enable",# default
+ "host-strict" => "enable",# default
+ "host-normalize" => "enable",# default
+ "url-normalize-unreserved"=> "enable",# recommended highly
+ "url-normalize-required" => "enable",# recommended
+ "url-ctrls-reject" => "enable",# recommended
+ "url-path-2f-decode" => "enable",# recommended highly (unless breaks app)
+ #"url-path-2f-reject" => "enable",
+ "url-path-dotseg-remove" => "enable",# recommended highly (unless breaks app)
+ #"url-path-dotseg-reject" => "enable",
+ #"url-query-20-plus" => "enable",# consistency in query string
+)
+
+index-file.names = ( "index.php", "index.html" )
+url.access-deny = ( "~", ".inc" )
+static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
+
+# default listening port for IPv6 falls back to the IPv4 port
+include "/etc/lighttpd/conf-enabled/*.conf"
+
+#server.compat-module-load = "disable"
+server.modules += (
+ "mod_dirlisting",
+ "mod_staticfile",
+)
new file mode 100644
@@ -0,0 +1,13 @@
+[Unit]
+Description=Lighttpd Daemon
+DefaultDependencies=no
+
+[Service]
+Type=simple
+PIDFile=/run/lighttpd.pid
+ExecStartPre=/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf
+ExecStart=/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf
+ExecReload=/bin/kill -USR1 $MAINPID
+Restart=on-failure
+[Install]
+WantedBy=sysinit.target
new file mode 100644
@@ -0,0 +1,3 @@
+g www-data - -
+u www-data - - /var/www /usr/sbin/nologin
+
@@ -14,4 +14,7 @@ INITRAMFS_PREINSTALL += " \
# Recipes that should be installed into the initramfs build rootfs.
INITRAMFS_INSTALL += " \
+ dracut-example-lighttpd \
"
+
+DRACUT_EXTRA_MODULES += "example-lighttpd"