[RTFM] www only gets 404, without gets proper redirection to https
Added by Slartibartfast about 1 year ago
Aloha,
Latest hand built version of Lighttpd
lighttpd/1.4.68 (ssl) - a light and fast webserver 1.4.68
on Linode shared processor.
Running Description: Ubuntu 22.04.1 LTS
Lighttpd.conf
var.log_root = "/var/log/lighttpd"
var.server_root = "/var/www"
var.state_dir = "/run"
var.home_dir = "/var/lib/lighttpd"
var.conf_dir = "/etc/lighttpd"
var.vhosts_dir = server_root + "/html/"
var.cache_dir = "/var/cache/lighttpd"
var.socket_dir = home_dir + "/sockets"
include conf_dir + "/modules.conf"
server.username = "www-data"
server.groupname = "www-data"
server.document-root = server_root + "/htdocs"
ssl.privkey = "/var/www/html/glutawhat.com/certs/privkey.pem"
ssl.pemfile = "/var/www/html/glutawhat.com/certs/fullchain.pem"
ssl.engine = "enable"
server.port = 443
server.pid-file = state_dir + "/lighttpd.pid"
server.errorlog = log_root + "/error.log"
include conf_dir + "/conf.d/access_log.conf"
include conf_dir + "/conf.d/debug.conf"
server.max-fds = 16384
index-file.names += (
"index.xhtml", "index.html", "index.htm", "default.htm", "index.php"
)
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".scgi" )
include conf_dir + "/conf.d/mime.conf"
include conf_dir + "/conf.d/dirlisting.conf"
$HTTP["scheme"] == "http" {
$HTTP["host"] =~ "(.*)(:[0-9]+|)$" {
## %1 contains hostname without port
url.redirect = (".*" => "https://%1$0")
}
}
$SERVER["socket"] == "[::]:443" {
ssl.engine = "enable"
server.use-ipv6 = "enable"
}
$SERVER["socket"] == "*:80" {ssl.engine = "enable"}
$SERVER["socket"] == "[::]:80" {
ssl.engine = "enable"
server.use-ipv6 = "enable"
}
#$HTTP["host"] == "www.glutawhat.com:443" {
# ssl.privkey = "/var/www/html/glutawhat.com/certs/privkey.pem"
# ssl.pemfile = "/var/www/html/glutawhat.com/certs/fullchain.pem"
# server.document-root = "var/www/html/glutawhat.com/htdocs"
#}
#$HTTP["host"] == "*.glutawhat.net" {
# ssl.privkey = "/var/www/html/glutawhat.net/certs/privkey.pem"
# ssl.pemfile = "/var/www/html/glutawhat.net/certs/fullchain.pem"
#}
#$HTTP["host"] == "*.glutacose.com" {
# ssl.privkey = "/var/www/html/glutacose.com/certs/privkey.pem"
# ssl.pemfile = "/var/www/html/glutacose.com/certs/fullchain.pem"
#}
#$HTTP["host"] == "*.glutaque.com" {
# ssl.privkey = "/var/www/html/glutaque.com/certs/privkey.pem"
# ssl.pemfile = "/var/www/html/glutaque.com/certs/fullchain.pem"
#}
#$HTTP["host"] == "*.alohapedicabs.com" {
# ssl.privkey = "/var/www/html/alohapedicabs.com/certs/privkey.pem"
# ssl.pemfile = "/var/www/html/alohapedicabs.com/certs/fullchain.pem"
#}}
#$SERVER["socket"] == "[::]:443" {
# ssl.engine = "enable"
# }
include conf_dir + "/vhosts.d/*.conf"
I originally tried to keep stepping back till it worked right and there are TLS issues as well thus the blanked out sections for vhost since I can't get the SNI to work. But first simplicity dictates getting the base to work, not the debased.
The Vhosts.d directory with glutwhat.conf as follows:
$HTTP["host"] =~ "www.glutwhat.com" {
var.server_name = "glutawhat.com"
server.name = "www.glutawhat.com"
server.document-root = vhosts_dir + "/www/html/" + server_name + "/htdocs"
}
I've tried all the different configuration I can from various wiki pages and else where on the web, with and without wild cards (.*)|!
#!$#$#W$~!~ is all I end up doing at the machine. Getting the ipV6 to work is another parallel issue thus the enables for that. (entering the IPv6 gets me a denied access all together.)
So basically just want
www. to work since most phone browsers, Chrome anyway, automatically insert it if the the website is just typed in (and it is an easy to remember website so I presume a lot of quick typing instead of searching for the link.) I've been testing the website with friends etc. and have to always make a specific link HTTPS://glutwhat.com/ so they won't be scared away by their browser saying it is unsecured or getting the 404.
Replies (13)
RE: www only gets 404, without gets proper redirection to https - Added by gstrauss about 1 year ago
I've tried all the different configuration I can from various wiki pages and else where on the web,
There is documentation on this site (https://wiki.lighttpd.net/) that I think you missed.
You wrote:
$HTTP["scheme"] == "http" {
$HTTP["host"] =~ "(.*)(:[0-9]+|)$" {
## %1 contains hostname without port
url.redirect = (".*" => "https://%1$0")
}
}
The doc on this site (https://wiki.lighttpd.net/) has some very explicit examples at HowToRedirectHttpToHttps, though if you need to remove the port number, you may still need to do some of what you are doing above to get the authority without port.
$HTTP["host"] =~ "(.*)(:[0-9]+|)?$" adds a ? so that the regex matches even when an explicit port is not provided, as is the default with most clients when sending http to port 80 and sending https to port 443.The documentation for mod_redirect has examples for redirecting to or from
www.
The doc on this site (https://wiki.lighttpd.net/) for server.use-ipv6 suggest not using it.
Note: You can bind it to IPv6 sockets freely without enabling this option.
Did you try not specifying that?
$HTTP["host"] =~ "www.glutwhat.com" {
Why are you using =~ instead of ==?$HTTP["host"] == "www.glutwhat.com" {
$HTTP["host"] == "*.glutawhat.net" is invalid syntax for what you want. == is for an exact match. =~ is for a regex.$HTTP["host"] =~ "\.glutawhat\.net$" might be what you want to try.With modern lighttpd, that suffix match could also be
$HTTP["host"] =$ ".glutawhat.net"RE: www only gets 404, without gets proper redirection to https - Added by Slartibartfast about 1 year ago
=~ is just remnants from the ##$%%!!@#$ wildcard attempts. So check your docs. (note after correcting the tilde nothing change for the WWW.glutwhat.com attempts.)
As for the redirect it works wonderful. Even the 404 error is under the HTTPS blessing.
I agree with the IPv6 "enable" statement it isn't needed since it didn't work either way. I just added it today to distract myself from the basic fact that the WWW still doesn't work. The server won't launch with it set in global if anybody wants to know before trying an all IPv6 server.(but makes me wonder where the random traffic, 3 or 4 times a day, comes from since the server stats show activity in that bandwidth.)
As noted the the redirect is any port, but the syntax page doesn't spread any light on it since it independently written(I don't recall any (0-9) variables on that page). But since I have the default server port already set to 443 it may or may not actually be redirecting I haven't tried it with the default port set to 80. (hehe the note about "without port" was copied from the page and pasted into the config file and I missed deleting it.)
The mod_redirect page is well written, a nice snippet about many peoples insistence on using WWW, but as noted it isn't just quick typers but browsers that will insert it.
I haven't actually checked the cache files, but I presume it is dumped with every
systemctl stop
A littler more about the hand built latest version since Ubuntu and Linodes repositories originally only had version 1.4.63 I believe it was, and I don't really like the idea of splice the SSL pem files into one. I just kept adding the various libraries and prerequisites, and ran the Make again and again, and it all eventually was happy. (I included the openssl in the build as well.) I just apt uninstalled the 1.4.63 or whatever prior to the build, and it left all the previous config files in place. So I was thinking if the Cache files or PID files where also still there if they might influence a newer version, but seems like a long stretch (I replaced the config files in etc/lighttpd, but not any of those.) (A notable difference in the latest version is the inclusion of vhosts.d directory the default directories (which had to manually added since there wasn't any batch files included for the doc file) for the repository version didn't include such just conf-enabled and conf-available modules directories(which I never removed.)
RE: www only gets 404, without gets proper redirection to https - Added by Slartibartfast about 1 year ago
Setting default port 80 didn't do anything either.
RE: www only gets 404, without gets proper redirection to https - Added by gstrauss about 1 year ago
Your post is all over the place and hard to follow. I don't actually understand what is precisely not working for you because you use a vague "it is not working" without specifying to what "it" refers.
If you need to handle uppercase WWW then you either need to include that case, or use a case-insensitive regex. The answer is fix your regex.
If your certificate for www.foo.com does not include server alternative name (SAN) for foo.com, then the client will get a certificate error during TLS negotiation, before an actual HTTP request -- which is encrypted and sent after TLS negotation -- on which lighttpd processes redirect rules.
RE: www only gets 404, without gets proper redirection to https - Added by gstrauss about 1 year ago
I agree with the IPv6 "enable" statement it isn't needed since it didn't work either way. I just added it today to distract myself from the basic fact that the WWW still doesn't work. The server won't launch with it set in global if anybody wants to know before trying an all IPv6 server.
That suggests that you don't know how to read the error message that lighttpd gives. Try starting lighttpd from a shell instead of systemctl, or learn how to use systemctl to see the logs (man journalctl). My guess is that your system does not have IPv6 addresses and that lighttpd fails to bind to the invalid address to which you instructed lighttpd to bind.
RE: www only gets 404, without gets proper redirection to https - Added by gstrauss about 1 year ago
I don't really like the idea of splice the SSL pem files into one.
lighttpd has supported ssl.privkey since lighttpd 1.4.53. That includes lighttpd 1.4.63.
I haven't actually checked the cache files, but I presume it is dumped with every
systemctl stop
Nope. You presume poorly. Would it have been so difficult to have checked that assumption before posting?
RE: www only gets 404, without gets proper redirection to https - Added by Slartibartfast about 1 year ago
I just added:
$HTTP["host"] =~ "^www\.(.*)$" {
url.redirect = ( "" => "https://%1${url.path}${qsa}" )
}
to the lighttpd.conf file from the redirect page, since it says it is suppose to redirect to the basic domain, but I am sure I tried it before.
One thing that is not specified for most of the snippets of config is where they are suppose to be, lighttpd.conf or vhosts.d/example.conf. I presume from looking at more complete examples in forum etc. ["host"] is suppose to be under a ["socket"] but the only place there is socket is the main config file. so that is where I added it.
RE: www only gets 404, without gets proper redirection to https - Added by Slartibartfast about 1 year ago
The subject is written at the top and reposted with each entry, RE: www only.... It being the subject, subject is none other than it. All caps is just to highlight the main subject, which is it. (to paraphrase Mojo Jojo)
RE: www only gets 404, without gets proper redirection to https - Added by gstrauss about 1 year ago
One thing that is not specified for most of the snippets of config is where they are suppose to be, lighttpd.conf or vhosts.d/example.conf. I presume from looking at more complete examples in forum etc. ["host"] is suppose to be under a ["socket"] but the only place there is socket is the main config file. so that is where I added it.
Nope. Again, poor assumption. The doc doesn't tell you $HTTP["host"] has to be any specific place because $HTTP["host"] doesn't have to be any specific place.
If you put $HTTP["host"] inside $SERVER["socket"], then that $HTTP["host"] condition is only valid when that $SERVER["socket"] condition is true. I get the impression that you are having trouble understanding "scope" of nested conditions. There is an explicit example in the documentation: Docs_Configuration (Have you noticed a theme that I am demonstrating to you that you haven't tried hard enough to understand the documentation, and you instead have been making incorrect assumptions? I have noticed.)
You should read the documentation more carefully and be more methodical about what you try. I suggest making one small change at a time and then testing it.
RE: www only gets 404, without gets proper redirection to https - Added by Slartibartfast about 1 year ago
Pounding on the keyboard adding thinking your adding to Shakespear's works and knit picking is not useful behavior. Mean condescending language is promoting your product in a very negative Light and not apt to be install ed. Document pounding is not teaching or helping anyone.
So your own gratification of trying to put others down to make your self look smart isn't very smart. And you are quite right about the order of operations is not specifically outlined in the documentation. Just the modules are mentioned to be ordered in a specific order to make sure things load in the right order.
Anyway I'll figure it out without any help from here.
RE: www only gets 404, without gets proper redirection to https - Added by gstrauss about 1 year ago
Get over yourself. You're not acting as smart as you think you are.
Those who read the documentation and have questions that demonstrate they made an effort typically get more help and in doing so also help improve the documentation.
Those who act entitled get treated like entitled brats.
RE: www only gets 404, without gets proper redirection to https - Added by Slartibartfast about 1 year ago
Thus you prove my point yet again about unfriendly support.