Project

General

Profile

[Solved] help with rewrite

Added by jello about 1 month ago

Hello,

I'm running lighttpd 1.4.59 on Debian GNU/Linux 11 (bullseye) and trying to set up kanboard. I have php-fpm set up for other things running on this machine, and have put the kanboard files in /usr/share/kanaboard, so I added the following to my lighttpd config:

$HTTP["url"] =~ "^/kanboard/" {
    alias.url += ( "/kanboard/" => "/usr/share/kanboard/" )
    index-file.names += ( "index.php" )
}

However, while this seems to work at first glance, I cannot retrieve any of the static assets within this path; for example going to https://myserver.example.org/kanboard/favicon.ico just returns the login page -- as if I went to /kanboard/index.php.

Any ideas?


Replies (4)

RE: help with rewrite - Added by jello about 1 month ago

The files are, of course, in /usr/share/kanboard/, not kanaboard.

RE: help with rewrite - Added by jello about 1 month ago

jello wrote:

However, while this seems to work at first glance, I cannot retrieve any of the static assets within this path; for example going to https://myserver.example.org/kanboard/favicon.ico just returns the login page -- as if I went to /kanboard/index.php.

To be more precise, upon further digging, I seem to get a 302 redirect to Location: /kanboard/?controller=AuthController&action=login. Not really sure how/why that is happening.

I'm attaching my full config here.

RE: help with rewrite - Added by gstrauss about 1 month ago

        url.rewrite-once = (
            "^/kanboard/assets/.+"       => "/kanboard/$0",
            "^/kanboard/favicon\.png$"   => "/kanboard/$0",
            "^/kanboard(/[^\?]*)(\?.*)?" => "/kanboard/index.php$2",
        )

Some of those are probably not doing what you think they are doing.
"^/kanboard/assets/.+" => "/kanboard/$0" rewrites /kanboard/assets/foo to /kanboard/kanboard/assets/foo
"^/kanboard/favicon\.png$" => "/kanboard/$0" rewrites /kanboard/favicon.png to /kanboard/kanboard/favicon.png
Did you mean favicon.ico instead of favicon.png?
If you do not want those to be rewritten, the special target => "" says "don't rewrite this URL, and do not process further rewrite rules"
"^/kanboard/(?:assets/|favicon\.ico$)" => ""

For "^/kanboard(/[^\?]*)(\?.*)?" => "/kanboard/index.php$2" if you want to match everything that remains and pass the query string to index.php, this is more direct:
"" => "/kanboard/index.php${qsa}" since the url.rewrite-once rules are alread inside a $HTTP["url"] =~ "^/kanboard/" condition.

Your rewrite rules might also be simplified to a single rule with url.rewrite-if-not-file
url.rewrite-if-not-file = ("" => "/kanboard/index.php${qsa}") since the url.rewrite-once rules are alread inside a $HTTP["url"] =~ "^/kanboard/" condition.


Other comments on your config:

The repetition of index.php is redundant.
index-file.names = ("index.php", "index.html", "index.php")
and index-file.names is probably not even necessary with url.rewrite-if-not-file = ("" => "/kanboard/index.php${qsa}")

Better TLS config:

    ssl.openssl.ssl-conf-cmd       = (
        "MinProtocol"  => "TLSv1.2",  # lighttpd default
        "Options"      => "-ServerPreference",
        "CipherString" => "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384",
    )
    # not needed; better CipherString defined above
    #ssl.cipher-list                = "HIGH" 
    # should use fullchain.pem and omit ssl.ca-file
    #ssl.pemfile                    = "/etc/letsencrypt/live/example.org/cert.pem" 
    ssl.pemfile                    = "/etc/letsencrypt/live/example.org/fullchain.pem" 
    ssl.privkey                    = "/etc/letsencrypt/live/example.org/privkey.pem" 
    #ssl.ca-file                    = "/etc/letsencrypt/live/example.org/chain.pem" 
    ssl.stapling-file              = "/var/cache/lighttpd/ocsp.der" 
    # not needed with modern TLS libraries unless you have some obscure requirement
    #ssl.dh-file                    = "/etc/ssl/example.org/dhparams.pem" 

RE: help with rewrite - Added by jello about 1 month ago

Thanks for the assistance and the SSL critique! I ended up using the following:

$HTTP["url"] =~ "^/kanboard/" {
    alias.url += ( "/kanboard/" => "/usr/share/kanboard/" )
    index-file.names += ( "index.php" )
    url.rewrite-once = (
        "^/kanboard/assets/.+" => "",
        "^/kanboard/favicon\..*$" => "",
        "" => "/kanboard/index.php${qsa}",
    )
}

--Joe

    (1-4/4)