# Command-line Options:
# 
#  --root DIR       Defines the directory that contains the various
#                   $HOST.website subdirectories, each containing web content
#                   for a single virtual host.  If launched as root and if
#                   '--user USER' also appears on the command-line and if
#                   '--jail 0' is omitted, then the process runs in a chroot
#                   jail rooted at this directory and under the userid USER.
#                   This option is required for xinetd launch but defaults
#                   to '.' for a stand-alone web server. DIR should always
#                   be an absolute path, else child processes might misbehave.
# 
#  --port N         Run in standalone mode listening on TCP port N, or from
#  --port N1..N2    the first available TCP port in the range from N1 to N2.
# 
#  --tls-port M     If used in combination with --port N, the althttpd listens
#                   for incoming TLS connections on TCP port M (usually 443)
#                   and for ordinary unencrypted HTTP requests or port N
#                   (usually 80).  If both --port and --tls-port are specified
#                   but the --cert does not exist, then the --tls-port is
#                   silently ignored and the server operates non-TLS only.
# 
#  --user USER      Define the user under which the process should run if
#                   originally launched as root.  If this option is omitted,
#                   then the user and group of the owner of the --root
#                   directory is used.  The althttpd process will always drop
#                   root privileges or else abort with an error, before
#                   reading a single byte of HTTP request content.
# 
#  --logfile FILE   Append a single-line, CSV-format, log file entry to FILE
#                   for each HTTP request.  FILE should be a full pathname.
#                   The FILE name is interpreted inside the chroot jail.  The
#                   FILE name is expanded using strftime() if it contains
#                   at least one '%' and is not too long.
# 
#  --cert FILE      The TLS certificate, the 'fullchain.pem' file.
# 
#  --pkey FILE      The TLS private key, the 'privkey.pem' file.  May be
#                   omitted if the --cert file is the concatenation of
#                   the fullchain.pem and the privkey.pem.
# 
#  --certdir DIR    This is shorthand for the common case of a Let's Encrypt
#                   cert held in DIR.  It means the same as:
#                   "--cert DIR/fullchain.pem --pkey DIR/privkey.pem"
# 
#  --ipshun DIR     If the remote IP address is also the name of a file
#                   in DIR that has size N bytes and where either N is zero
#                   or the m-time of the file is less than N time-units ago
#                   then that IP address is being shunned and no requests
#                   are processed.  The time-unit is a compile-time option
#                   (BANISH_TIME) that defaults to 300 seconds.  If this
#                   happens, the client gets a 503 Service Unavailable
#                   reply. Furthermore, althttpd will create ip-shunning
#                   files following a 404 Not Found error if the request
#                   URI is an obvious hack attempt.  The ip-shunning file
#                   will also be created if a CGI returns status code 418.
# 
#  --https BOOLEAN  Indicates that input is coming over SSL and is being
#                   decoded upstream, perhaps by stunnel. This option
#                   does *not* activate built-in TLS support.  Use --cert
#                   for that.
# 
#  --page NAME      Come up in stand-alone mode, and then try to launch a
#                   web-browser pointing to the NAME document after the
#                   listening socket has been created.  This option
#                   implies --loopback and '--port 8080..8100'.
# 
#  --popup          Launch a stand-alone web server to use for testing.
#                   This option implies '--port 8080..8100'.  This option
#                   is similar to '--page NAME' except that it does not
#                   try to launch a web-browser and does not force the
#                   connection into --loopback mode.  Use this when
#                   running a test web-server on a remote host via ssh.
# 
#  --loopback       Only accept loop-back TCP connections (connections
#                   originating from the same host).  This is the
#                   default if --root is omitted.
# 
#  --jail BOOLEAN   Indicates whether or not to form a chroot jail if
#                   initially run as root.  The default is true, so the only
#                   useful variant of this option is '--jail 0' which prevents
#                   the formation of the chroot jail.
# 
#  --max-child N    Do not run more than N child processes at once in
#                   standalone-mode (when althttpd is itself listening for
#                   incoming connections and starting a new child process to
#                   deal with each connection).
# 
#  --max-age SEC    The value for 'Cache-Control: max-age=%d'.  Defaults to
#                   120 seconds.
# 
#  --max-cpu SEC    Maximum number of seconds of CPU time allowed per
#                   HTTP connection.  Default 30 (build option:
#                   -DMAX_CPU=integer). 0 means no limit.
# 
#  --debug BOOLEAN  Disables input timeouts.  This is useful for debugging
#                   when inputs are being typed in manually.
# 
#  --enable-sab     Add new lines to the HTTP reply header that are
#                   prerequisites for SharedArrayBuffer.  These are the lines:
#                     Cross-Origin-Embedder-Policy: require-corp
#                     Cross-Origin-Opener-Policy: same-origin
# 
# 
# Command-line options can take either one or two initial '-' characters.
# So '--debug' and '-debug' mean the same thing, for example.
#
ALTHTTPD_OPTS=""
