Project

General

Profile

[UE] 403 forbidden when running pihole and freshrss on lighttpd

Added by davidb9966 8 months ago

Hello, I am running a small raspberry pi zero w locally and I want to run Pi-hole and FreshRSS together using lighttpd. Pi-hole is working correctly by going to http://[pi_ip]/admin, however FreshRSS appears to show 403 Forbidden when going to http://[pi_ip]:2000. I don't know why, I am looking for help to resolve 403 forbidden message

~ curl localhost:2000
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
  <title>403 Forbidden</title>
 </head>
 <body>
  <h1>403 Forbidden</h1>
 </body>
</html>

~ lighttpd -v
lighttpd/1.4.59 (ssl) - a light and fast webserver

~ uname -a
Linux raspberrypi 6.1.21+ #1642 Mon Apr  3 17:19:14 BST 2023 armv6l GNU/Linux

~ cat /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 11 (bullseye)" 
NAME="Raspbian GNU/Linux" 
VERSION_ID="11" 
VERSION="11 (bullseye)" 
VERSION_CODENAME=bullseye
ID=raspbian
ID_LIKE=debian
HOME_URL="http://www.raspbian.org/" 
SUPPORT_URL="http://www.raspbian.org/RaspbianForums" 
BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs" 
~ lighttpd -tt -f /etc/lighttpd/lighttpd.conf
2023-10-21 15:57:51: configfile.c.2274) server.upload-dirs doesn't exist: /var/cache/lighttpd/uploads

~ lighttpd -p -f /etc/lighttpd/lighttpd.conf
OUTPUT: https://paste.lighttpd.net/JC#TX1sme8q2FueXNrAvwuRcVWG

FILE CONFIGURATION:

ls -la /etc/lighttpd/conf-enabled/

drwxr-xr-x 2 root root 4096 Oct 21 14:50 .
drwxr-xr-x 4 root root 4096 Oct 21 14:48 ..
lrwxrwxrwx 1 root root   32 Aug 16 13:28 05-setenv.conf -> ../conf-available/05-setenv.conf
lrwxrwxrwx 1 root root   35 Aug 16 13:28 10-accesslog.conf -> ../conf-available/10-accesslog.conf
lrwxrwxrwx 1 root root   33 Aug 16 13:28 10-fastcgi.conf -> ../conf-available/10-fastcgi.conf
lrwxrwxrwx 1 root root   38 Aug 16 13:28 15-pihole-admin.conf -> ../conf-available/15-pihole-admin.conf
lrwxrwxrwx 1 root root   38 Aug 16 13:24 99-unconfigured.conf -> ../conf-available/99-unconfigured.conf
-rw-r--r-- 1 root root  109 Oct 21 14:50 external.conf

cat /etc/lighttpd/conf-enabled/external.conf

# FreshRSS config

$SERVER["socket"] == ":2000" {
    server.document-root     = "/var/www/html/freshrss" 
}

~ cat /etc/lighttpd/lighttpd.conf
server.modules = (
        "mod_indexfile",
        "mod_access",
        "mod_alias",
        "mod_redirect",
)

server.document-root        = "/var/www/html" 
server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
server.errorlog             = "/var/log/lighttpd/error.log" 
server.pid-file             = "/run/lighttpd.pid" 
server.username             = "www-data" 
server.groupname            = "www-data" 
server.port                 = 80

# features
#https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_feature-flagsDetails
server.feature-flags       += ("server.h2proto" => "enable")
server.feature-flags       += ("server.h2c"     => "enable")
server.feature-flags       += ("server.graceful-shutdown-timeout" => 5)
#server.feature-flags       += ("server.graceful-restart-bg" => "enable")

# strict parsing and normalization of URL for consistency and security
# https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails
# (might need to explicitly set "url-path-2f-decode" = "disable" 
#  if a specific application is encoding URLs inside url-path)
server.http-parseopts = (
  "header-strict"           => "enable",# default
  "host-strict"             => "enable",# default
  "host-normalize"          => "enable",# default
  "url-normalize-unreserved"=> "enable",# recommended highly
  "url-normalize-required"  => "enable",# recommended
  "url-ctrls-reject"        => "enable",# recommended
  "url-path-2f-decode"      => "enable",# recommended highly (unless breaks app)
 #"url-path-2f-reject"      => "enable",
  "url-path-dotseg-remove"  => "enable",# recommended highly (unless breaks app)
 #"url-path-dotseg-reject"  => "enable",
 #"url-query-20-plus"       => "enable",# consistency in query string
)

index-file.names            = ( "index.php", "index.html" )
url.access-deny             = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.conf.pl" 
include "/etc/lighttpd/conf-enabled/*.conf" 

#server.compat-module-load   = "disable" 
server.modules += (
        "mod_dirlisting",
        "mod_staticfile",
)

ls -la /var/www/html

drwxrwxr-x 3 www-data www-data 4096 Oct 21 13:01 .
drwxr-xr-x 3 root     root     4096 Aug 16 13:23 ..
drwxr-xr-x 7 root     root     4096 Aug 16 13:23 admin
lrwxrwxrwx 1 root     root       19 Oct 21 13:01 freshrss -> /home/pi/FreshRSS/p
-rw-r--r-- 1 root     root     3388 Aug 16 13:24 index.lighttpd.html

ls -la /home/pi/FreshRSS/p

drwxrwxrwx  6 www-data www-data  4096 Oct 21 12:44 .
drwxrwxrwx 14 www-data www-data  4096 Oct 21 14:02 ..
drwxrwxrwx  2 www-data www-data  4096 Oct 21 12:44 api
-rwxrwxrwx  1 www-data www-data  3507 Oct 21 12:44 ext.php
-rwxrwxrwx  1 www-data www-data 18102 Oct 21 12:44 favicon.ico
-rwxrwxrwx  1 www-data www-data  1703 Oct 21 12:44 f.php
-rwxrwxrwx  1 www-data www-data  1349 Oct 21 12:44 .htaccess
drwxrwxrwx  2 www-data www-data  4096 Oct 21 12:44 i
-rwxrwxrwx  1 www-data www-data   789 Oct 21 12:44 index.html
-rwxrwxrwx  1 www-data www-data   206 Oct 21 12:44 index.php
-rwxrwxrwx  1 www-data www-data    26 Oct 21 12:44 robots.txt
drwxrwxrwx  3 www-data www-data  4096 Oct 21 12:44 scripts
drwxrwxrwx 16 www-data www-data  4096 Oct 21 12:44 themes
-rwxrwxrwx  1 www-data www-data  1725 Oct 21 12:44 Web.config

As you can see the above files and folders have correct user assigned with all permissions but it is still forbidden

Not sure if this is correct forum, please let me know otherwise!


Replies (11)

RE: 403 forbidden when running pihole and freshrss on lighttpd - Added by gstrauss 8 months ago

Since you have configured lighttpd as users www-data, that user must have access to the entire directory path /home/pi/FreshRSS/p

/home/pi is probably owned by a different user and probably does not allow others access. /home/pi/FreshRSS might have different ownership, too.
You can use chmod o+x to grant permission for www-data (other) to traverse those directories, but it would be better to place FreshRSS outside a home directory for which the lighttpd user does not have access.

RE: 403 forbidden when running pihole and freshrss on lighttpd - Added by davidb9966 8 months ago

gstrauss wrote in RE: 403 forbidden when running pihole and freshrss on lig...:

Since you have configured lighttpd as users www-data, that user must have access to the entire directory path /home/pi/FreshRSS/p

/home/pi is probably owned by a different user and probably does not allow others access. /home/pi/FreshRSS might have different ownership, too.
You can use chmod o+x to grant permission for www-data (other) to traverse those directories, but it would be better to place FreshRSS outside a home directory for which the lighttpd user does not have access.

That is interesting, I wasn't aware it needs to have access to entire directory path from root! However it still doesn't like it with 403 forbidden.

I moved FreshRSS folder (https://github.com/FreshRSS/FreshRSS/tree/edge) to root and changed the symlink

~ pwd && ls -la
/
total 72
drwxr-xr-x  19 root     root      4096 Oct 21 16:31 .
drwxr-xr-x  19 root     root      4096 Oct 21 16:31 ..
lrwxrwxrwx   1 root     root         7 May  3 01:04 bin -> usr/bin
drwxr-xr-x   4 root     root      4096 Jan  1  1970 boot
drwxr-xr-x  16 root     root      3820 Oct 16 16:11 dev
drwxr-xr-x  90 root     root      4096 Oct 21 12:33 etc
drwxrwxrwx  14 www-data www-data  4096 Oct 21 14:02 FreshRSS
drwxr-xr-x   3 root     root      4096 May  3 01:07 home
lrwxrwxrwx   1 root     root         7 May  3 01:04 lib -> usr/lib
drwx------   2 root     root     16384 May  3 01:25 lost+found
drwxr-xr-x   2 root     root      4096 May  3 01:04 media
drwxr-xr-x   2 root     root      4096 May  3 01:04 mnt
drwxr-xr-x   3 root     root      4096 Aug 16 13:28 opt
dr-xr-xr-x 151 root     root         0 Jan  1  1970 proc
drwx------   3 root     root      4096 Aug 16 13:34 root
drwxr-xr-x  27 root     root       880 Oct 21 16:33 run
lrwxrwxrwx   1 root     root         8 May  3 01:04 sbin -> usr/sbin
drwxr-xr-x   2 root     root      4096 May  3 01:04 srv
dr-xr-xr-x  12 root     root         0 Jan  1  1970 sys
drwxrwxrwt  10 root     root      4096 Oct 21 16:33 tmp
drwxr-xr-x  11 root     root      4096 May  3 01:04 usr
drwxr-xr-x  12 root     root      4096 Aug 16 13:23 var
~ ls -la /var/www/html
total 16
drwxrwxr-x 3 www-data www-data 4096 Oct 21 16:32 .
drwxr-xr-x 3 root     root     4096 Aug 16 13:23 ..
drwxr-xr-x 7 root     root     4096 Aug 16 13:23 admin
lrwxrwxrwx 1 root     root       11 Oct 21 16:32 freshrss -> /FreshRSS/p
-rw-r--r-- 1 root     root     3388 Aug 16 13:24 index.lighttpd.html

RE: 403 forbidden when running pihole and freshrss on lighttpd - Added by gstrauss 8 months ago

That is interesting, I wasn't aware it needs to have access to entire directory path from root!

That's standard behavior on Unix filesystems. Most people do not realize the insecure default behavior on Windows (especially on shared network filesystems).

However it still doesn't like it with 403 forbidden.
I moved FreshRSS folder (https://github.com/FreshRSS/FreshRSS/tree/edge) to root and changed the symlink

This is very, very, very likely a permissions error on your part.

You can configure lighttpd.conf with debugging Configuration: Debug Variables

Also, (my preference), you can strace the lighttpd executable, make your web request, and see where the error occurs (likely EPERM on open(...))

RE: 403 forbidden when running pihole and freshrss on lighttpd - Added by gstrauss 8 months ago

curl localhost:2000

Maybe try accessing a full URL to a file?

curl http://localhost:2000/index.html assuming there is /FreshRSS/p/index.html

lighttpd does not enable mod_indexfile or mod_dirlisting by default. You need to enable them in lighttpd.conf if you want to use them.

RE: 403 forbidden when running pihole and freshrss on lighttpd - Added by davidb9966 8 months ago

gstrauss wrote in RE: 403 forbidden when running pihole and freshrss on lig...:

That is interesting, I wasn't aware it needs to have access to entire directory path from root!

That's standard behavior on Unix filesystems. Most people do not realize the insecure default behavior on Windows (especially on shared network filesystems).

However it still doesn't like it with 403 forbidden.
I moved FreshRSS folder (https://github.com/FreshRSS/FreshRSS/tree/edge) to root and changed the symlink

This is very, very, very likely a permissions error on your part.

You can configure lighttpd.conf with debugging Configuration: Debug Variables

Also, (my preference), you can strace the lighttpd executable, make your web request, and see where the error occurs (likely EPERM on open(...))

Hello :)

I have added debug variables here and performed web request:

sudo cat /etc/lighttpd/lighttpd.conf

server.modules = (
        "mod_indexfile",
        "mod_access",
        "mod_alias",
        "mod_redirect",
)

server.document-root        = "/var/www/html" 
server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
server.errorlog             = "/var/log/lighttpd/error.log" 
server.pid-file             = "/run/lighttpd.pid" 
server.username             = "www-data" 
server.groupname            = "www-data" 
server.port                 = 80

debug.log-request-handling = "enable" 
debug.log-request-header = "enable" 
debug.log-response-header = "enable" 
debug.log-file-not-found = "enable" 
debug.log-condition-handling = "enable" 

# features
#https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_feature-flagsDetails
server.feature-flags       += ("server.h2proto" => "enable")
server.feature-flags       += ("server.h2c"     => "enable")
server.feature-flags       += ("server.graceful-shutdown-timeout" => 5)
#server.feature-flags       += ("server.graceful-restart-bg" => "enable")

# strict parsing and normalization of URL for consistency and security
# https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails
# (might need to explicitly set "url-path-2f-decode" = "disable" 
#  if a specific application is encoding URLs inside url-path)
server.http-parseopts = (
  "header-strict"           => "enable",# default
  "host-strict"             => "enable",# default
  "host-normalize"          => "enable",# default
  "url-normalize-unreserved"=> "enable",# recommended highly
  "url-normalize-required"  => "enable",# recommended
  "url-ctrls-reject"        => "enable",# recommended
  "url-path-2f-decode"      => "enable",# recommended highly (unless breaks app)
 #"url-path-2f-reject"      => "enable",
  "url-path-dotseg-remove"  => "enable",# recommended highly (unless breaks app)
 #"url-path-dotseg-reject"  => "enable",
 #"url-query-20-plus"       => "enable",# consistency in query string
)

index-file.names            = ( "index.php", "index.html" )
url.access-deny             = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.conf.pl" 
include "/etc/lighttpd/conf-enabled/*.conf" 

#server.compat-module-load   = "disable" 
server.modules += (
        "mod_dirlisting",
        "mod_staticfile",
)

The error file is empty all the time so it doesn't write there at all
sudo ls -lta /var/log/lighttpd/

total 2084
-rw-r--r-- 1 www-data www-data 1179246 Oct 21 17:05 access-pihole.log
-rw-r--r-- 1 www-data www-data  834946 Oct 21 17:05 error-pihole.log
-rw-r--r-- 1 www-data www-data   26045 Oct 21 17:03 access.log
drwxr-xr-x 8 root     root        4096 Oct 17 00:01 ..
drwxr-x--- 2 www-data www-data    4096 Oct 17 00:01 .
-rw-r--r-- 1 www-data www-data    1922 Oct 16 12:30 access-pihole.log.1
-rw-r--r-- 1 www-data www-data      72 Oct  8 00:00 error-pihole.log.1
-rw-r--r-- 1 www-data www-data      87 Oct  1 00:00 error-pihole.log.2.gz
-rw-r--r-- 1 www-data www-data      88 Sep 24 00:01 error-pihole.log.3.gz
-rw-r--r-- 1 www-data www-data     565 Sep 18 19:45 access-pihole.log.2.gz
-rw-r--r-- 1 www-data www-data     133 Sep 18 19:40 error-pihole.log.4.gz
-rw-r--r-- 1 www-data www-data     560 Sep 16 01:28 access-pihole.log.3.gz
-rw-r--r-- 1 www-data www-data     148 Sep 16 00:00 error-pihole.log.5.gz
-rw-r--r-- 1 www-data www-data     560 Sep 11 23:45 access-pihole.log.4.gz
-rw-r--r-- 1 www-data www-data     145 Sep  9 00:00 error-pihole.log.6.gz
-rw-r--r-- 1 www-data www-data    1412 Sep  8 13:43 access-pihole.log.5.gz
-rw-r--r-- 1 www-data www-data     107 Sep  2 00:00 error-pihole.log.7.gz
-rw-r--r-- 1 www-data www-data     396 Sep  1 17:33 access-pihole.log.6.gz
-rw-r--r-- 1 www-data www-data      87 Aug 20 00:00 error-pihole.log.8.gz
-rw-r--r-- 1 www-data www-data       0 Aug 20 00:00 error.log
-rw-r--r-- 1 www-data www-data    1582 Aug 16 18:55 access-pihole.log.7.gz
-rw-r--r-- 1 www-data www-data     127 Aug 16 13:38 error-pihole.log.9.gz
-rw-r--r-- 1 www-data www-data     139 Aug 16 13:28 error.log.1

Using Strace I cannot see anything useful
sudo strace -p $(pidof lighttpd)

strace: Process 19420 attached
clock_gettime64(CLOCK_REALTIME_COARSE, {tv_sec=1697904074, tv_nsec=305153003}) = 0
wait4(19430, 0xbef62bd0, WNOHANG, NULL) = 0
epoll_wait(10, [], 1025, 1000)          = 0
clock_gettime64(CLOCK_REALTIME_COARSE, {tv_sec=1697904075, tv_nsec=305146871}) = 0
wait4(19430, 0xbef62bd0, WNOHANG, NULL) = 0
epoll_wait(10, [], 1025, 1000)          = 0
clock_gettime64(CLOCK_REALTIME_COARSE, {tv_sec=1697904076, tv_nsec=305140740}) = 0
wait4(19430, 0xbef62bd0, WNOHANG, NULL) = 0
epoll_wait(10, [{EPOLLIN, {u32=25295576, u64=108835330299394776}}], 1025, 1000) = 1
accept4(6, {sa_family=AF_INET, sin_port=htons(52108), sin_addr=inet_addr("192.168.1.129")}, [112->16], SOCK_CLOEXEC|SOCK_NONBLOCK) = 11
read(11, 0x18c1188, 8191)               = -1 EAGAIN (Resource temporarily unavailable)
epoll_ctl(10, EPOLL_CTL_ADD, 11, {EPOLLIN|EPOLLERR|EPOLLHUP|EPOLLRDHUP, {u32=25945112, u64=1886074784441368}}) = 0
accept4(6, 0xbef62b8c, [112], SOCK_CLOEXEC|SOCK_NONBLOCK) = -1 EAGAIN (Resource temporarily unavailable)
clock_gettime64(CLOCK_REALTIME_COARSE, {tv_sec=1697904077, tv_nsec=85135958}) = 0
wait4(19430, 0xbef62bd0, WNOHANG, NULL) = 0
epoll_wait(10, [{EPOLLIN, {u32=25945112, u64=1886074784441368}}], 1025, 1000) = 1
read(11, "GET / HTTP/1.1\r\nHost: 192.168.1."..., 8191) = 406
write(7, "2023-10-21 17:01:17: connections"..., 494) = 494
write(7, "2023-10-21 17:01:17: response.c."..., 51) = 51
write(7, "2023-10-21 17:01:17: configfile-"..., 77) = 77
write(7, "2023-10-21 17:01:17: configfile-"..., 84) = 84
write(7, "2023-10-21 17:01:17: configfile-"..., 115) = 115
write(7, "2023-10-21 17:01:17: configfile-"..., 77) = 77
write(7, "2023-10-21 17:01:17: configfile-"..., 97) = 97
write(7, "2023-10-21 17:01:17: configfile-"..., 116) = 116
write(7, "2023-10-21 17:01:17: response.c."..., 59) = 59
write(7, "2023-10-21 17:01:17: response.c."..., 57) = 57
write(7, "2023-10-21 17:01:17: response.c."..., 60) = 60
write(7, "2023-10-21 17:01:17: response.c."..., 74) = 74
write(7, "2023-10-21 17:01:17: response.c."..., 57) = 57
write(7, "2023-10-21 17:01:17: response.c."..., 56) = 56
write(7, "2023-10-21 17:01:17: configfile-"..., 77) = 77
write(7, "2023-10-21 17:01:17: configfile-"..., 90) = 90
write(7, "2023-10-21 17:01:17: configfile-"..., 113) = 113
write(7, "2023-10-21 17:01:17: configfile-"..., 148) = 148
write(7, "2023-10-21 17:01:17: mod_access."..., 72) = 72
write(7, "2023-10-21 17:01:17: configfile-"..., 77) = 77
write(7, "2023-10-21 17:01:17: configfile-"..., 88) = 88
write(7, "2023-10-21 17:01:17: configfile-"..., 113) = 113
write(7, "2023-10-21 17:01:17: configfile-"..., 82) = 82
write(7, "2023-10-21 17:01:17: configfile-"..., 113) = 113
write(7, "2023-10-21 17:01:17: configfile-"..., 77) = 77
write(7, "2023-10-21 17:01:17: configfile-"..., 90) = 90
write(7, "2023-10-21 17:01:17: configfile-"..., 96) = 96
write(7, "2023-10-21 17:01:17: configfile-"..., 115) = 115
write(7, "2023-10-21 17:01:17: configfile-"..., 139) = 139
write(7, "2023-10-21 17:01:17: configfile-"..., 77) = 77
write(7, "2023-10-21 17:01:17: configfile-"..., 140) = 140
write(7, "2023-10-21 17:01:17: configfile-"..., 90) = 90
write(7, "2023-10-21 17:01:17: configfile-"..., 113) = 113
write(7, "2023-10-21 17:01:17: configfile-"..., 167) = 167
write(7, "2023-10-21 17:01:17: configfile-"..., 212) = 212
write(7, "2023-10-21 17:01:17: response.c."..., 56) = 56
write(7, "2023-10-21 17:01:17: response.c."..., 64) = 64
write(7, "2023-10-21 17:01:17: response.c."..., 54) = 54
write(7, "2023-10-21 17:01:17: response.c."..., 80) = 80
write(7, "2023-10-21 17:01:17: response.c."..., 55) = 55
write(7, "2023-10-21 17:01:17: response.c."..., 64) = 64
write(7, "2023-10-21 17:01:17: response.c."..., 54) = 54
write(7, "2023-10-21 17:01:17: response.c."..., 65) = 65
write(7, "2023-10-21 17:01:17: response.c."..., 60) = 60
write(7, "2023-10-21 17:01:17: response.c."..., 64) = 64
write(7, "2023-10-21 17:01:17: response.c."..., 64) = 64
write(7, "2023-10-21 17:01:17: response.c."..., 54) = 54
write(7, "2023-10-21 17:01:17: response.c."..., 65) = 65
write(7, "2023-10-21 17:01:17: response.c."..., 63) = 63
write(7, "2023-10-21 17:01:17: response.c."..., 65) = 65
stat64("/FreshRSS/p/", {st_mode=S_IFDIR|0777, st_size=4096, ...}) = 0
write(7, "2023-10-21 17:01:17: response.c."..., 60) = 60
write(7, "2023-10-21 17:01:17: response.c."..., 65) = 65
write(7, "2023-10-21 17:01:17: response.c."..., 54) = 54
write(7, "2023-10-21 17:01:17: response.c."..., 59) = 59
write(7, "2023-10-21 17:01:17: mod_indexfi"..., 78) = 78
write(7, "2023-10-21 17:01:17: mod_indexfi"..., 58) = 58
stat64("/FreshRSS/p/index.php", {st_mode=S_IFREG|0777, st_size=206, ...}) = 0
write(7, "2023-10-21 17:01:17: mod_access."..., 72) = 72
write(7, "2023-10-21 17:01:17: mod_staticf"..., 100) = 100
write(7, "2023-10-21 17:01:17: response.c."..., 202) = 202
writev(11, [{iov_base="HTTP/1.1 403 Forbidden\r\nContent-"..., iov_len=134}, {iov_base="<?xml version=\"1.0\" encoding=\"is"..., iov_len=341}], 2) = 475
write(8, "192.168.1.129 192.168.1.206:2000"..., 176) = 176
read(11, 0x18c1188, 8191)               = -1 EAGAIN (Resource temporarily unavailable)
clock_gettime64(CLOCK_REALTIME_COARSE, {tv_sec=1697904077, tv_nsec=185135345}) = 0
epoll_wait(10, [], 1025, 1000)          = 0
clock_gettime64(CLOCK_REALTIME_COARSE, {tv_sec=1697904078, tv_nsec=195129155}) = 0
wait4(19430, 0xbef62bd0, WNOHANG, NULL) = 0
epoll_wait(10, [], 1025, 1000)          = 0
clock_gettime64(CLOCK_REALTIME_COARSE, {tv_sec=1697904079, tv_nsec=205122967}) = 0
wait4(19430, 0xbef62bd0, WNOHANG, NULL) = 0
epoll_wait(10, [], 1025, 1000)          = 0
clock_gettime64(CLOCK_REALTIME_COARSE, {tv_sec=1697904080, tv_nsec=205116840}) = 0
wait4(19430, 0xbef62bd0, WNOHANG, NULL) = 0
epoll_wait(10, [], 1025, 1000)          = 0
clock_gettime64(CLOCK_REALTIME_COARSE, {tv_sec=1697904081, tv_nsec=205110715}) = 0
wait4(19430, 0xbef62bd0, WNOHANG, NULL) = 0
epoll_wait(10, [], 1025, 1000)          = 0
clock_gettime64(CLOCK_REALTIME_COARSE, {tv_sec=1697904082, tv_nsec=215104530}) = 0
wait4(19430, 0xbef62bd0, WNOHANG, NULL) = 0
epoll_wait(10, ^Cstrace: Process 19420 detached
 <detached ...>

RE: 403 forbidden when running pihole and freshrss on lighttpd - Added by davidb9966 8 months ago

gstrauss wrote in RE: 403 forbidden when running pihole and freshrss on lig...:

curl localhost:2000

Maybe try accessing a full URL to a file?

curl http://localhost:2000/index.html assuming there is /FreshRSS/p/index.html

lighttpd does not enable mod_indexfile or mod_dirlisting by default. You need to enable them in lighttpd.conf if you want to use them.

192.168.1.206 is raspberry IP

Hitting http://192.168.1.206:2000/index.html from laptop browser, the URL changes to http://192.168.1.206:2000/i/ and then it just shows 403 forbidden.
Running curl http://192.168.1.206:2000/index.html from laptop command prompt we are getting the HTML document, probably because web browser is reading the index.PHP instead rather than the index.html

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-GB" lang="en-GB">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="initial-scale=1.0" />
<meta http-equiv="Refresh" content="0; url=i/" />
<title>FreshRSS</title>
<link rel="stylesheet" href="themes/p.css" />
<link rel="shortcut icon" type="image/x-icon" sizes="16x16 64x64" href="favicon.ico" />
<link rel="icon msapplication-TileImage apple-touch-icon" type="image/png" sizes="256x256" href="themes/icons/favicon-256.png" />
<meta name="msapplication-TileColor" content="#FFF" />
<meta name="robots" content="noindex" />
</head>

<body>
<h1><a href="i/">FreshRSS</a></h1>
<p><a href="i/"><img class="logo" width="25%" src="themes/icons/icon.svg" alt="⊚" loading="lazy" /></a></p>
</body>
</html>

Running curl http://192.168.1.206:2000/index.php from laptop command prompt we are getting 403 forbidden too

RE: 403 forbidden when running pihole and freshrss on lighttpd - Added by gstrauss 8 months ago

stat64("/FreshRSS/p/index.php", {st_mode=S_IFREG|0777, st_size=206, ...}) = 0
write(7, "2023-10-21 17:01:17: mod_access."..., 72) = 72
write(7, "2023-10-21 17:01:17: mod_staticf"..., 100) = 100
write(7, "2023-10-21 17:01:17: response.c."..., 202) = 202
writev(11, [{iov_base="HTTP/1.1 403 Forbidden\r\nContent-"..., iov_len=134}, {iov_base="<?xml version=\"1.0\" encoding=\"is"..., iov_len=341}], 2) = 475

In your config, you have
index-file.names = ("index.php", "index.html", "index.lighttpd.html")
so accessing a directory will look for index.php, then index.html, then index.lighttpd.html

In your config, you have
static-file.exclude-extensions = (".php", ".pl", ".fcgi")
so lighttpd will give a 403 Forbidden if accessing index.php, since you have failed to configure anything else (e.g. mod_fastcgi or mod_cgi) to execute the .php and return the results.

fastcgi.server is configured for pi-hole under /admin, but not configured under $SERVER["socket"] == ":2000" { ... }

RE: 403 forbidden when running pihole and freshrss on lighttpd - Added by davidb9966 8 months ago

gstrauss wrote in RE: 403 forbidden when running pihole and freshrss on lig...:

[...]

In your config, you have
index-file.names = ("index.php", "index.html", "index.lighttpd.html")
so accessing a directory will look for index.php, then index.html, then index.lighttpd.html

In your config, you have
static-file.exclude-extensions = (".php", ".pl", ".fcgi")
so lighttpd will give a 403 Forbidden if accessing index.php, since you have failed to configure anything else (e.g. mod_fastcgi or mod_cgi) to execute the .php and return the results.

fastcgi.server is configured for pi-hole under /admin, but not configured under $SERVER["socket"] ":2000" { ... }

So the $SERVER["socket"] ":2000" { ... } is not enough?

If pi-hole is using mod_fastcgi, can we also have freshrss running alongside it? Is it as simple as a block of code to be added anywhere? It would be great to get some docs

RE: [UE] 403 forbidden when running pihole and freshrss on lighttpd - Added by gstrauss 8 months ago

I already gave you pointers to docs multiple times. Please try reading them. This is a site for lighttpd, not FreshRSS.

Like most computer programs, lighttpd does what it is configured to do, and does not read your mind.

Configure mod_fastcgi to execute your PHP and lighttpd will execute your PHP.
Do not configure lighttpd to execute your PHP and lighttpd will not execute your PHP.

RE: [UE] 403 forbidden when running pihole and freshrss on lighttpd - Added by gstrauss 8 months ago

If pi-hole is using mod_fastcgi, can we also have freshrss running alongside it?

Yes.

Is it as simple as a block of code to be added anywhere?

Configuration: File Syntax

This is on the front page of the wiki

RE: [UE] 403 forbidden when running pihole and freshrss on lighttpd - Added by davidb9966 8 months ago

gstrauss wrote in RE: [UE] 403 forbidden when running pihole and freshrss o...:

I already gave you pointers to docs multiple times. Please try reading them. This is a site for lighttpd, not FreshRSS.

Like most computer programs, lighttpd does what it is configured to do, and does not read your mind.

Configure mod_fastcgi to execute your PHP and lighttpd will execute your PHP.
Do not configure lighttpd to execute your PHP and lighttpd will not execute your PHP.

Thank you, and everyone who contributed. I just managed to do it!

As you said you have to configure fastcgi to start another server!

So what is happening is we are enabling 2 fastcgi servers to run, one for pihole and one for freshrss!

    (1-11/11)