[UE] 403 forbidden when running pihole and freshrss on lighttpd
Added by davidb9966 about 1 month ago
Hello, I am running a small raspberry pi zero w locally and I want to run Pi-hole and FreshRSS together using lighttpd. Pi-hole is working correctly by going to http://[pi_ip]/admin, however FreshRSS appears to show 403 Forbidden when going to http://[pi_ip]:2000. I don't know why, I am looking for help to resolve 403 forbidden message
~ curl localhost:2000 <?xml version="1.0" encoding="iso-8859-1"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>403 Forbidden</title> </head> <body> <h1>403 Forbidden</h1> </body> </html> ~ lighttpd -v lighttpd/1.4.59 (ssl) - a light and fast webserver ~ uname -a Linux raspberrypi 6.1.21+ #1642 Mon Apr 3 17:19:14 BST 2023 armv6l GNU/Linux ~ cat /etc/os-release PRETTY_NAME="Raspbian GNU/Linux 11 (bullseye)" NAME="Raspbian GNU/Linux" VERSION_ID="11" VERSION="11 (bullseye)" VERSION_CODENAME=bullseye ID=raspbian ID_LIKE=debian HOME_URL="http://www.raspbian.org/" SUPPORT_URL="http://www.raspbian.org/RaspbianForums" BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
~ lighttpd -tt -f /etc/lighttpd/lighttpd.conf 2023-10-21 15:57:51: configfile.c.2274) server.upload-dirs doesn't exist: /var/cache/lighttpd/uploads ~ lighttpd -p -f /etc/lighttpd/lighttpd.conf OUTPUT: https://paste.lighttpd.net/JC#TX1sme8q2FueXNrAvwuRcVWG
FILE CONFIGURATION:
ls -la /etc/lighttpd/conf-enabled/
drwxr-xr-x 2 root root 4096 Oct 21 14:50 . drwxr-xr-x 4 root root 4096 Oct 21 14:48 .. lrwxrwxrwx 1 root root 32 Aug 16 13:28 05-setenv.conf -> ../conf-available/05-setenv.conf lrwxrwxrwx 1 root root 35 Aug 16 13:28 10-accesslog.conf -> ../conf-available/10-accesslog.conf lrwxrwxrwx 1 root root 33 Aug 16 13:28 10-fastcgi.conf -> ../conf-available/10-fastcgi.conf lrwxrwxrwx 1 root root 38 Aug 16 13:28 15-pihole-admin.conf -> ../conf-available/15-pihole-admin.conf lrwxrwxrwx 1 root root 38 Aug 16 13:24 99-unconfigured.conf -> ../conf-available/99-unconfigured.conf -rw-r--r-- 1 root root 109 Oct 21 14:50 external.conf
cat /etc/lighttpd/conf-enabled/external.conf
# FreshRSS config $SERVER["socket"] == ":2000" { server.document-root = "/var/www/html/freshrss" } ~ cat /etc/lighttpd/lighttpd.conf server.modules = ( "mod_indexfile", "mod_access", "mod_alias", "mod_redirect", ) server.document-root = "/var/www/html" server.upload-dirs = ( "/var/cache/lighttpd/uploads" ) server.errorlog = "/var/log/lighttpd/error.log" server.pid-file = "/run/lighttpd.pid" server.username = "www-data" server.groupname = "www-data" server.port = 80 # features #https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_feature-flagsDetails server.feature-flags += ("server.h2proto" => "enable") server.feature-flags += ("server.h2c" => "enable") server.feature-flags += ("server.graceful-shutdown-timeout" => 5) #server.feature-flags += ("server.graceful-restart-bg" => "enable") # strict parsing and normalization of URL for consistency and security # https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails # (might need to explicitly set "url-path-2f-decode" = "disable" # if a specific application is encoding URLs inside url-path) server.http-parseopts = ( "header-strict" => "enable",# default "host-strict" => "enable",# default "host-normalize" => "enable",# default "url-normalize-unreserved"=> "enable",# recommended highly "url-normalize-required" => "enable",# recommended "url-ctrls-reject" => "enable",# recommended "url-path-2f-decode" => "enable",# recommended highly (unless breaks app) #"url-path-2f-reject" => "enable", "url-path-dotseg-remove" => "enable",# recommended highly (unless breaks app) #"url-path-dotseg-reject" => "enable", #"url-query-20-plus" => "enable",# consistency in query string ) index-file.names = ( "index.php", "index.html" ) url.access-deny = ( "~", ".inc" ) static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) # default listening port for IPv6 falls back to the IPv4 port include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port include_shell "/usr/share/lighttpd/create-mime.conf.pl" include "/etc/lighttpd/conf-enabled/*.conf" #server.compat-module-load = "disable" server.modules += ( "mod_dirlisting", "mod_staticfile", )
ls -la /var/www/html
drwxrwxr-x 3 www-data www-data 4096 Oct 21 13:01 . drwxr-xr-x 3 root root 4096 Aug 16 13:23 .. drwxr-xr-x 7 root root 4096 Aug 16 13:23 admin lrwxrwxrwx 1 root root 19 Oct 21 13:01 freshrss -> /home/pi/FreshRSS/p -rw-r--r-- 1 root root 3388 Aug 16 13:24 index.lighttpd.html
ls -la /home/pi/FreshRSS/p
drwxrwxrwx 6 www-data www-data 4096 Oct 21 12:44 . drwxrwxrwx 14 www-data www-data 4096 Oct 21 14:02 .. drwxrwxrwx 2 www-data www-data 4096 Oct 21 12:44 api -rwxrwxrwx 1 www-data www-data 3507 Oct 21 12:44 ext.php -rwxrwxrwx 1 www-data www-data 18102 Oct 21 12:44 favicon.ico -rwxrwxrwx 1 www-data www-data 1703 Oct 21 12:44 f.php -rwxrwxrwx 1 www-data www-data 1349 Oct 21 12:44 .htaccess drwxrwxrwx 2 www-data www-data 4096 Oct 21 12:44 i -rwxrwxrwx 1 www-data www-data 789 Oct 21 12:44 index.html -rwxrwxrwx 1 www-data www-data 206 Oct 21 12:44 index.php -rwxrwxrwx 1 www-data www-data 26 Oct 21 12:44 robots.txt drwxrwxrwx 3 www-data www-data 4096 Oct 21 12:44 scripts drwxrwxrwx 16 www-data www-data 4096 Oct 21 12:44 themes -rwxrwxrwx 1 www-data www-data 1725 Oct 21 12:44 Web.config
As you can see the above files and folders have correct user assigned with all permissions but it is still forbidden
Not sure if this is correct forum, please let me know otherwise!
Replies (11)
RE: 403 forbidden when running pihole and freshrss on lighttpd - Added by gstrauss about 1 month ago
Since you have configured lighttpd as users www-data
, that user must have access to the entire directory path /home/pi/FreshRSS/p
/home/pi
is probably owned by a different user and probably does not allow others access. /home/pi/FreshRSS
might have different ownership, too.
You can use chmod o+x
to grant permission for www-data
(other) to traverse those directories, but it would be better to place FreshRSS outside a home directory for which the lighttpd user does not have access.
RE: 403 forbidden when running pihole and freshrss on lighttpd - Added by davidb9966 about 1 month ago
gstrauss wrote in RE: 403 forbidden when running pihole and freshrss on lig...:
Since you have configured lighttpd as users
www-data
, that user must have access to the entire directory path/home/pi/FreshRSS/p
/home/pi
is probably owned by a different user and probably does not allow others access./home/pi/FreshRSS
might have different ownership, too.
You can usechmod o+x
to grant permission forwww-data
(other) to traverse those directories, but it would be better to place FreshRSS outside a home directory for which the lighttpd user does not have access.
That is interesting, I wasn't aware it needs to have access to entire directory path from root! However it still doesn't like it with 403 forbidden.
I moved FreshRSS folder (https://github.com/FreshRSS/FreshRSS/tree/edge) to root and changed the symlink
~ pwd && ls -la / total 72 drwxr-xr-x 19 root root 4096 Oct 21 16:31 . drwxr-xr-x 19 root root 4096 Oct 21 16:31 .. lrwxrwxrwx 1 root root 7 May 3 01:04 bin -> usr/bin drwxr-xr-x 4 root root 4096 Jan 1 1970 boot drwxr-xr-x 16 root root 3820 Oct 16 16:11 dev drwxr-xr-x 90 root root 4096 Oct 21 12:33 etc drwxrwxrwx 14 www-data www-data 4096 Oct 21 14:02 FreshRSS drwxr-xr-x 3 root root 4096 May 3 01:07 home lrwxrwxrwx 1 root root 7 May 3 01:04 lib -> usr/lib drwx------ 2 root root 16384 May 3 01:25 lost+found drwxr-xr-x 2 root root 4096 May 3 01:04 media drwxr-xr-x 2 root root 4096 May 3 01:04 mnt drwxr-xr-x 3 root root 4096 Aug 16 13:28 opt dr-xr-xr-x 151 root root 0 Jan 1 1970 proc drwx------ 3 root root 4096 Aug 16 13:34 root drwxr-xr-x 27 root root 880 Oct 21 16:33 run lrwxrwxrwx 1 root root 8 May 3 01:04 sbin -> usr/sbin drwxr-xr-x 2 root root 4096 May 3 01:04 srv dr-xr-xr-x 12 root root 0 Jan 1 1970 sys drwxrwxrwt 10 root root 4096 Oct 21 16:33 tmp drwxr-xr-x 11 root root 4096 May 3 01:04 usr drwxr-xr-x 12 root root 4096 Aug 16 13:23 var
~ ls -la /var/www/html total 16 drwxrwxr-x 3 www-data www-data 4096 Oct 21 16:32 . drwxr-xr-x 3 root root 4096 Aug 16 13:23 .. drwxr-xr-x 7 root root 4096 Aug 16 13:23 admin lrwxrwxrwx 1 root root 11 Oct 21 16:32 freshrss -> /FreshRSS/p -rw-r--r-- 1 root root 3388 Aug 16 13:24 index.lighttpd.html
RE: 403 forbidden when running pihole and freshrss on lighttpd - Added by gstrauss about 1 month ago
That is interesting, I wasn't aware it needs to have access to entire directory path from root!
That's standard behavior on Unix filesystems. Most people do not realize the insecure default behavior on Windows (especially on shared network filesystems).
However it still doesn't like it with 403 forbidden.
I moved FreshRSS folder (https://github.com/FreshRSS/FreshRSS/tree/edge) to root and changed the symlink
This is very, very, very likely a permissions error on your part.
You can configure lighttpd.conf with debugging Configuration: Debug Variables
Also, (my preference), you can strace
the lighttpd executable, make your web request, and see where the error occurs (likely EPERM
on open(...)
)
RE: 403 forbidden when running pihole and freshrss on lighttpd - Added by gstrauss about 1 month ago
curl localhost:2000
Maybe try accessing a full URL to a file?
curl http://localhost:2000/index.html
assuming there is /FreshRSS/p/index.html
lighttpd does not enable mod_indexfile or mod_dirlisting by default. You need to enable them in lighttpd.conf if you want to use them.
RE: 403 forbidden when running pihole and freshrss on lighttpd - Added by davidb9966 about 1 month ago
gstrauss wrote in RE: 403 forbidden when running pihole and freshrss on lig...:
That is interesting, I wasn't aware it needs to have access to entire directory path from root!
That's standard behavior on Unix filesystems. Most people do not realize the insecure default behavior on Windows (especially on shared network filesystems).
However it still doesn't like it with 403 forbidden.
I moved FreshRSS folder (https://github.com/FreshRSS/FreshRSS/tree/edge) to root and changed the symlinkThis is very, very, very likely a permissions error on your part.
You can configure lighttpd.conf with debugging Configuration: Debug Variables
Also, (my preference), you can
strace
the lighttpd executable, make your web request, and see where the error occurs (likelyEPERM
onopen(...)
)
Hello :)
I have added debug variables here and performed web request:
sudo cat /etc/lighttpd/lighttpd.conf
server.modules = ( "mod_indexfile", "mod_access", "mod_alias", "mod_redirect", ) server.document-root = "/var/www/html" server.upload-dirs = ( "/var/cache/lighttpd/uploads" ) server.errorlog = "/var/log/lighttpd/error.log" server.pid-file = "/run/lighttpd.pid" server.username = "www-data" server.groupname = "www-data" server.port = 80 debug.log-request-handling = "enable" debug.log-request-header = "enable" debug.log-response-header = "enable" debug.log-file-not-found = "enable" debug.log-condition-handling = "enable" # features #https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_feature-flagsDetails server.feature-flags += ("server.h2proto" => "enable") server.feature-flags += ("server.h2c" => "enable") server.feature-flags += ("server.graceful-shutdown-timeout" => 5) #server.feature-flags += ("server.graceful-restart-bg" => "enable") # strict parsing and normalization of URL for consistency and security # https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails # (might need to explicitly set "url-path-2f-decode" = "disable" # if a specific application is encoding URLs inside url-path) server.http-parseopts = ( "header-strict" => "enable",# default "host-strict" => "enable",# default "host-normalize" => "enable",# default "url-normalize-unreserved"=> "enable",# recommended highly "url-normalize-required" => "enable",# recommended "url-ctrls-reject" => "enable",# recommended "url-path-2f-decode" => "enable",# recommended highly (unless breaks app) #"url-path-2f-reject" => "enable", "url-path-dotseg-remove" => "enable",# recommended highly (unless breaks app) #"url-path-dotseg-reject" => "enable", #"url-query-20-plus" => "enable",# consistency in query string ) index-file.names = ( "index.php", "index.html" ) url.access-deny = ( "~", ".inc" ) static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) # default listening port for IPv6 falls back to the IPv4 port include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port include_shell "/usr/share/lighttpd/create-mime.conf.pl" include "/etc/lighttpd/conf-enabled/*.conf" #server.compat-module-load = "disable" server.modules += ( "mod_dirlisting", "mod_staticfile", )
The error file is empty all the time so it doesn't write there at all
sudo ls -lta /var/log/lighttpd/
total 2084 -rw-r--r-- 1 www-data www-data 1179246 Oct 21 17:05 access-pihole.log -rw-r--r-- 1 www-data www-data 834946 Oct 21 17:05 error-pihole.log -rw-r--r-- 1 www-data www-data 26045 Oct 21 17:03 access.log drwxr-xr-x 8 root root 4096 Oct 17 00:01 .. drwxr-x--- 2 www-data www-data 4096 Oct 17 00:01 . -rw-r--r-- 1 www-data www-data 1922 Oct 16 12:30 access-pihole.log.1 -rw-r--r-- 1 www-data www-data 72 Oct 8 00:00 error-pihole.log.1 -rw-r--r-- 1 www-data www-data 87 Oct 1 00:00 error-pihole.log.2.gz -rw-r--r-- 1 www-data www-data 88 Sep 24 00:01 error-pihole.log.3.gz -rw-r--r-- 1 www-data www-data 565 Sep 18 19:45 access-pihole.log.2.gz -rw-r--r-- 1 www-data www-data 133 Sep 18 19:40 error-pihole.log.4.gz -rw-r--r-- 1 www-data www-data 560 Sep 16 01:28 access-pihole.log.3.gz -rw-r--r-- 1 www-data www-data 148 Sep 16 00:00 error-pihole.log.5.gz -rw-r--r-- 1 www-data www-data 560 Sep 11 23:45 access-pihole.log.4.gz -rw-r--r-- 1 www-data www-data 145 Sep 9 00:00 error-pihole.log.6.gz -rw-r--r-- 1 www-data www-data 1412 Sep 8 13:43 access-pihole.log.5.gz -rw-r--r-- 1 www-data www-data 107 Sep 2 00:00 error-pihole.log.7.gz -rw-r--r-- 1 www-data www-data 396 Sep 1 17:33 access-pihole.log.6.gz -rw-r--r-- 1 www-data www-data 87 Aug 20 00:00 error-pihole.log.8.gz -rw-r--r-- 1 www-data www-data 0 Aug 20 00:00 error.log -rw-r--r-- 1 www-data www-data 1582 Aug 16 18:55 access-pihole.log.7.gz -rw-r--r-- 1 www-data www-data 127 Aug 16 13:38 error-pihole.log.9.gz -rw-r--r-- 1 www-data www-data 139 Aug 16 13:28 error.log.1
Using Strace I cannot see anything useful
sudo strace -p $(pidof lighttpd)
strace: Process 19420 attached clock_gettime64(CLOCK_REALTIME_COARSE, {tv_sec=1697904074, tv_nsec=305153003}) = 0 wait4(19430, 0xbef62bd0, WNOHANG, NULL) = 0 epoll_wait(10, [], 1025, 1000) = 0 clock_gettime64(CLOCK_REALTIME_COARSE, {tv_sec=1697904075, tv_nsec=305146871}) = 0 wait4(19430, 0xbef62bd0, WNOHANG, NULL) = 0 epoll_wait(10, [], 1025, 1000) = 0 clock_gettime64(CLOCK_REALTIME_COARSE, {tv_sec=1697904076, tv_nsec=305140740}) = 0 wait4(19430, 0xbef62bd0, WNOHANG, NULL) = 0 epoll_wait(10, [{EPOLLIN, {u32=25295576, u64=108835330299394776}}], 1025, 1000) = 1 accept4(6, {sa_family=AF_INET, sin_port=htons(52108), sin_addr=inet_addr("192.168.1.129")}, [112->16], SOCK_CLOEXEC|SOCK_NONBLOCK) = 11 read(11, 0x18c1188, 8191) = -1 EAGAIN (Resource temporarily unavailable) epoll_ctl(10, EPOLL_CTL_ADD, 11, {EPOLLIN|EPOLLERR|EPOLLHUP|EPOLLRDHUP, {u32=25945112, u64=1886074784441368}}) = 0 accept4(6, 0xbef62b8c, [112], SOCK_CLOEXEC|SOCK_NONBLOCK) = -1 EAGAIN (Resource temporarily unavailable) clock_gettime64(CLOCK_REALTIME_COARSE, {tv_sec=1697904077, tv_nsec=85135958}) = 0 wait4(19430, 0xbef62bd0, WNOHANG, NULL) = 0 epoll_wait(10, [{EPOLLIN, {u32=25945112, u64=1886074784441368}}], 1025, 1000) = 1 read(11, "GET / HTTP/1.1\r\nHost: 192.168.1."..., 8191) = 406 write(7, "2023-10-21 17:01:17: connections"..., 494) = 494 write(7, "2023-10-21 17:01:17: response.c."..., 51) = 51 write(7, "2023-10-21 17:01:17: configfile-"..., 77) = 77 write(7, "2023-10-21 17:01:17: configfile-"..., 84) = 84 write(7, "2023-10-21 17:01:17: configfile-"..., 115) = 115 write(7, "2023-10-21 17:01:17: configfile-"..., 77) = 77 write(7, "2023-10-21 17:01:17: configfile-"..., 97) = 97 write(7, "2023-10-21 17:01:17: configfile-"..., 116) = 116 write(7, "2023-10-21 17:01:17: response.c."..., 59) = 59 write(7, "2023-10-21 17:01:17: response.c."..., 57) = 57 write(7, "2023-10-21 17:01:17: response.c."..., 60) = 60 write(7, "2023-10-21 17:01:17: response.c."..., 74) = 74 write(7, "2023-10-21 17:01:17: response.c."..., 57) = 57 write(7, "2023-10-21 17:01:17: response.c."..., 56) = 56 write(7, "2023-10-21 17:01:17: configfile-"..., 77) = 77 write(7, "2023-10-21 17:01:17: configfile-"..., 90) = 90 write(7, "2023-10-21 17:01:17: configfile-"..., 113) = 113 write(7, "2023-10-21 17:01:17: configfile-"..., 148) = 148 write(7, "2023-10-21 17:01:17: mod_access."..., 72) = 72 write(7, "2023-10-21 17:01:17: configfile-"..., 77) = 77 write(7, "2023-10-21 17:01:17: configfile-"..., 88) = 88 write(7, "2023-10-21 17:01:17: configfile-"..., 113) = 113 write(7, "2023-10-21 17:01:17: configfile-"..., 82) = 82 write(7, "2023-10-21 17:01:17: configfile-"..., 113) = 113 write(7, "2023-10-21 17:01:17: configfile-"..., 77) = 77 write(7, "2023-10-21 17:01:17: configfile-"..., 90) = 90 write(7, "2023-10-21 17:01:17: configfile-"..., 96) = 96 write(7, "2023-10-21 17:01:17: configfile-"..., 115) = 115 write(7, "2023-10-21 17:01:17: configfile-"..., 139) = 139 write(7, "2023-10-21 17:01:17: configfile-"..., 77) = 77 write(7, "2023-10-21 17:01:17: configfile-"..., 140) = 140 write(7, "2023-10-21 17:01:17: configfile-"..., 90) = 90 write(7, "2023-10-21 17:01:17: configfile-"..., 113) = 113 write(7, "2023-10-21 17:01:17: configfile-"..., 167) = 167 write(7, "2023-10-21 17:01:17: configfile-"..., 212) = 212 write(7, "2023-10-21 17:01:17: response.c."..., 56) = 56 write(7, "2023-10-21 17:01:17: response.c."..., 64) = 64 write(7, "2023-10-21 17:01:17: response.c."..., 54) = 54 write(7, "2023-10-21 17:01:17: response.c."..., 80) = 80 write(7, "2023-10-21 17:01:17: response.c."..., 55) = 55 write(7, "2023-10-21 17:01:17: response.c."..., 64) = 64 write(7, "2023-10-21 17:01:17: response.c."..., 54) = 54 write(7, "2023-10-21 17:01:17: response.c."..., 65) = 65 write(7, "2023-10-21 17:01:17: response.c."..., 60) = 60 write(7, "2023-10-21 17:01:17: response.c."..., 64) = 64 write(7, "2023-10-21 17:01:17: response.c."..., 64) = 64 write(7, "2023-10-21 17:01:17: response.c."..., 54) = 54 write(7, "2023-10-21 17:01:17: response.c."..., 65) = 65 write(7, "2023-10-21 17:01:17: response.c."..., 63) = 63 write(7, "2023-10-21 17:01:17: response.c."..., 65) = 65 stat64("/FreshRSS/p/", {st_mode=S_IFDIR|0777, st_size=4096, ...}) = 0 write(7, "2023-10-21 17:01:17: response.c."..., 60) = 60 write(7, "2023-10-21 17:01:17: response.c."..., 65) = 65 write(7, "2023-10-21 17:01:17: response.c."..., 54) = 54 write(7, "2023-10-21 17:01:17: response.c."..., 59) = 59 write(7, "2023-10-21 17:01:17: mod_indexfi"..., 78) = 78 write(7, "2023-10-21 17:01:17: mod_indexfi"..., 58) = 58 stat64("/FreshRSS/p/index.php", {st_mode=S_IFREG|0777, st_size=206, ...}) = 0 write(7, "2023-10-21 17:01:17: mod_access."..., 72) = 72 write(7, "2023-10-21 17:01:17: mod_staticf"..., 100) = 100 write(7, "2023-10-21 17:01:17: response.c."..., 202) = 202 writev(11, [{iov_base="HTTP/1.1 403 Forbidden\r\nContent-"..., iov_len=134}, {iov_base="<?xml version=\"1.0\" encoding=\"is"..., iov_len=341}], 2) = 475 write(8, "192.168.1.129 192.168.1.206:2000"..., 176) = 176 read(11, 0x18c1188, 8191) = -1 EAGAIN (Resource temporarily unavailable) clock_gettime64(CLOCK_REALTIME_COARSE, {tv_sec=1697904077, tv_nsec=185135345}) = 0 epoll_wait(10, [], 1025, 1000) = 0 clock_gettime64(CLOCK_REALTIME_COARSE, {tv_sec=1697904078, tv_nsec=195129155}) = 0 wait4(19430, 0xbef62bd0, WNOHANG, NULL) = 0 epoll_wait(10, [], 1025, 1000) = 0 clock_gettime64(CLOCK_REALTIME_COARSE, {tv_sec=1697904079, tv_nsec=205122967}) = 0 wait4(19430, 0xbef62bd0, WNOHANG, NULL) = 0 epoll_wait(10, [], 1025, 1000) = 0 clock_gettime64(CLOCK_REALTIME_COARSE, {tv_sec=1697904080, tv_nsec=205116840}) = 0 wait4(19430, 0xbef62bd0, WNOHANG, NULL) = 0 epoll_wait(10, [], 1025, 1000) = 0 clock_gettime64(CLOCK_REALTIME_COARSE, {tv_sec=1697904081, tv_nsec=205110715}) = 0 wait4(19430, 0xbef62bd0, WNOHANG, NULL) = 0 epoll_wait(10, [], 1025, 1000) = 0 clock_gettime64(CLOCK_REALTIME_COARSE, {tv_sec=1697904082, tv_nsec=215104530}) = 0 wait4(19430, 0xbef62bd0, WNOHANG, NULL) = 0 epoll_wait(10, ^Cstrace: Process 19420 detached <detached ...>
RE: 403 forbidden when running pihole and freshrss on lighttpd - Added by davidb9966 about 1 month ago
gstrauss wrote in RE: 403 forbidden when running pihole and freshrss on lig...:
curl localhost:2000
Maybe try accessing a full URL to a file?
curl http://localhost:2000/index.html
assuming there is/FreshRSS/p/index.html
lighttpd does not enable mod_indexfile or mod_dirlisting by default. You need to enable them in lighttpd.conf if you want to use them.
192.168.1.206 is raspberry IP
Hitting http://192.168.1.206:2000/index.html from laptop browser, the URL changes to http://192.168.1.206:2000/i/ and then it just shows 403 forbidden.
Running curl http://192.168.1.206:2000/index.html from laptop command prompt we are getting the HTML document, probably because web browser is reading the index.PHP instead rather than the index.html
<!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-GB" lang="en-GB"> <head> <meta charset="UTF-8" /> <meta name="viewport" content="initial-scale=1.0" /> <meta http-equiv="Refresh" content="0; url=i/" /> <title>FreshRSS</title> <link rel="stylesheet" href="themes/p.css" /> <link rel="shortcut icon" type="image/x-icon" sizes="16x16 64x64" href="favicon.ico" /> <link rel="icon msapplication-TileImage apple-touch-icon" type="image/png" sizes="256x256" href="themes/icons/favicon-256.png" /> <meta name="msapplication-TileColor" content="#FFF" /> <meta name="robots" content="noindex" /> </head> <body> <h1><a href="i/">FreshRSS</a></h1> <p><a href="i/"><img class="logo" width="25%" src="themes/icons/icon.svg" alt="⊚" loading="lazy" /></a></p> </body> </html>
Running curl http://192.168.1.206:2000/index.php from laptop command prompt we are getting 403 forbidden too
RE: 403 forbidden when running pihole and freshrss on lighttpd - Added by gstrauss about 1 month ago
stat64("/FreshRSS/p/index.php", {st_mode=S_IFREG|0777, st_size=206, ...}) = 0 write(7, "2023-10-21 17:01:17: mod_access."..., 72) = 72 write(7, "2023-10-21 17:01:17: mod_staticf"..., 100) = 100 write(7, "2023-10-21 17:01:17: response.c."..., 202) = 202 writev(11, [{iov_base="HTTP/1.1 403 Forbidden\r\nContent-"..., iov_len=134}, {iov_base="<?xml version=\"1.0\" encoding=\"is"..., iov_len=341}], 2) = 475
In your config, you haveindex-file.names = ("index.php", "index.html", "index.lighttpd.html")
so accessing a directory will look for index.php, then index.html, then index.lighttpd.html
In your config, you havestatic-file.exclude-extensions = (".php", ".pl", ".fcgi")
so lighttpd will give a 403 Forbidden if accessing index.php, since you have failed to configure anything else (e.g. mod_fastcgi or mod_cgi) to execute the .php and return the results.
fastcgi.server
is configured for pi-hole under /admin
, but not configured under $SERVER["socket"] == ":2000" { ... }
RE: 403 forbidden when running pihole and freshrss on lighttpd - Added by davidb9966 about 1 month ago
gstrauss wrote in RE: 403 forbidden when running pihole and freshrss on lig...:
[...]
In your config, you have
index-file.names = ("index.php", "index.html", "index.lighttpd.html")
so accessing a directory will look for index.php, then index.html, then index.lighttpd.htmlIn your config, you have
static-file.exclude-extensions = (".php", ".pl", ".fcgi")
so lighttpd will give a 403 Forbidden if accessing index.php, since you have failed to configure anything else (e.g. mod_fastcgi or mod_cgi) to execute the .php and return the results.
fastcgi.server
is configured for pi-hole under/admin
, but not configured under$SERVER["socket"] ":2000" { ... }
So the $SERVER["socket"] ":2000" { ... }
is not enough?
If pi-hole is using mod_fastcgi, can we also have freshrss running alongside it? Is it as simple as a block of code to be added anywhere? It would be great to get some docs
RE: [UE] 403 forbidden when running pihole and freshrss on lighttpd - Added by gstrauss about 1 month ago
I already gave you pointers to docs multiple times. Please try reading them. This is a site for lighttpd, not FreshRSS.
Like most computer programs, lighttpd does what it is configured to do, and does not read your mind.
Configure mod_fastcgi to execute your PHP and lighttpd will execute your PHP.
Do not configure lighttpd to execute your PHP and lighttpd will not execute your PHP.
RE: [UE] 403 forbidden when running pihole and freshrss on lighttpd - Added by gstrauss about 1 month ago
If pi-hole is using mod_fastcgi, can we also have freshrss running alongside it?
Yes.
Is it as simple as a block of code to be added anywhere?
This is on the front page of the wiki
RE: [UE] 403 forbidden when running pihole and freshrss on lighttpd - Added by davidb9966 about 1 month ago
gstrauss wrote in RE: [UE] 403 forbidden when running pihole and freshrss o...:
I already gave you pointers to docs multiple times. Please try reading them. This is a site for lighttpd, not FreshRSS.
Like most computer programs, lighttpd does what it is configured to do, and does not read your mind.
Configure mod_fastcgi to execute your PHP and lighttpd will execute your PHP.
Do not configure lighttpd to execute your PHP and lighttpd will not execute your PHP.
Thank you, and everyone who contributed. I just managed to do it!
As you said you have to configure fastcgi to start another server!
So what is happening is we are enabling 2 fastcgi servers to run, one for pihole and one for freshrss!