[Solved] Cannot maked 1.4.47 to work
Added by HenrikHolst over 5 years ago
Hi,
I have a working setup with 1.4.45 which completely fails when upgraded to 1.4.47.Just to check everything I added
debug.log-request-handling = "enable" debug.log-ssl-noise = "enable"
To lighttpd..conf (and yes I did add mod_openssl to the modules list).
But even after every attempt there is not a single line logged to /var/log/lighttpd/error.log:
2017-10-27 12:32:03: (server.c.1525) server started (lighttpd/1.4.47) 2017-10-27 12:33:12: (server.c.2118) server stopped by UID = 0 PID = 1
Even a telnet fails:
root@xxx:~# telnet 127.0.0.1 80 Trying 127.0.0.1... telnet: Unable to connect to remote host: Connection refused root@xxx:~# telnet 127.0.0.1 443 Trying 127.0.0.1... telnet: Unable to connect to remote host: Connection refused
Which tells me that the server isn't even listening to network traffic. However a netstat told me that it atleast was listening:
root@xxx:~# netstat -antp | grep light tcp6 0 0 :::80 :::* LISTEN 17474/lighttpd tcp6 0 0 :::443 :::* LISTEN 17474/lighttpd
Recompiling 1.4.45 just to make sure that it's not my dev machine that have created a borked build and it works right away, retry with 1.4.47 and I cannot make a single connection again.
Both are configured the same way on compile with:
./configure --prefix=/usr --includedir=/include --mandir=/share/man --infodir=/share/info --sysconfdir=/etc --localstatedir=/var --libexecdir=/lib/lighttpd --disable-dependency-tracking --srcdir=. --libdir=/usr/lib/lighttpd --with-openssl --with-pcre --with-bzip2 --with-zlib --with-lua=lua5.1 --with-attr --with-fam
Replies (8)
RE: Cannot maked 1.4.47 to work - Added by stbuehler over 5 years ago
Hm. Looks like IPv4 got lost; maybe you can compare with the output of netstat from 1.4.45.
RE: Cannot maked 1.4.47 to work - Added by HenrikHolst over 5 years ago
It's identical:
root@fileserver:~# netstat -antp | grep light tcp6 0 0 :::80 :::* LISTEN 18518/lighttpd tcp6 0 0 :::443 :::* LISTEN 18518/lighttpd
Note that is is on a dual stack machine that serves woth IPv4 and IPv6 traffic so it receives IPv4 data via the IPv6 stack (forgot to mention that in the first post). So an active IPv4 connection to it looks like this:
root@fileserver:~# netstat -antp | grep light tcp6 0 0 :::80 :::* LISTEN 18518/lighttpd tcp6 0 0 :::443 :::* LISTEN 18518/lighttpd tcp6 0 0 195.242.143.117:443 213.115.115.81:43763 ETABLERAD 18518/lighttpd tcp6 0 53813 195.242.143.117:443 213.174.79.240:30737 ETABLERAD 18518/lighttpd tcp6 0 0 195.242.143.117:443 213.115.115.81:22435 ETABLERAD 18518/lighttpd tcp6 0 0 195.242.143.117:443 213.115.115.81:55597 ETABLERAD 18518/lighttpd tcp6 0 0 195.242.143.117:443 213.115.115.81:45661 ETABLERAD 18518/lighttpd tcp6 0 0 195.242.143.117:443 213.115.115.81:4863 ETABLERAD 18518/lighttpd tcp6 0 0 195.242.143.117:443 213.115.115.81:37745 ETABLERAD 18518/lighttpd tcp6 0 0 195.242.143.117:443 213.174.79.240:30738 ETABLERAD 18518/lighttpd
RE: Cannot maked 1.4.47 to work - Added by avij over 5 years ago
Seeing your lighttpd.conf might be helpful.
RE: Cannot maked 1.4.47 to work - Added by HenrikHolst over 5 years ago
Here you go.
| lighttpd.conf (3.96 KB) lighttpd.conf | config file |
RE: Cannot maked 1.4.47 to work - Added by stbuehler over 5 years ago
server.set-v6only is on by default; before this was ignored when server.bind was empty, and this check used host == NULL to indicate this. This check might be broken now, so as a workaround you could try disabling server.set-v6only.
RE: Cannot maked 1.4.47 to work - Added by HenrikHolst over 5 years ago
Thanks! That made it work again.
So the long-term solution is to use server.bind and bind to both ipv4 and ipv6 interfaces?
RE: Cannot maked 1.4.47 to work - Added by gstrauss over 5 years ago
Thanks for the pointer, @stbuehler. It appears that this was broken back in Jun in 5248b46c
@HenrikHolst, yes, the long-term solution is to be explicit which IPv4 or IPv6 addresses are to be bound, even if wildcard addresses.
I'll post a patch here in a bit.
RE: Cannot maked 1.4.47 to work - Added by gstrauss over 5 years ago
This should apply to 1.4.47 with some fuzz.
--- a/src/network.c
+++ b/src/network.c
@@ -146,6 +129,7 @@ static int network_server_init(server *srv, buffer *host_token, size_t sidx, int
specific_config *s = srv->config_storage[sidx];
socklen_t addr_len = sizeof(sock_addr);
sock_addr addr;
+ int set_v6only = 0;
#ifdef __WIN32
int err;
@@ -197,6 +181,17 @@ static int network_server_init(server *srv, buffer *host_token, size_t sidx, int
} else if (0 != network_host_parse_addr(srv, &addr, &addr_len, host_token, s->use_ipv6)) {
return -1;
}
+
+ #ifdef HAVE_IPV6
+ if (*host != '\0' && AF_INET6 == addr.plain.sa_family) {
+ if (s->set_v6only) {
+ set_v6only = 1;
+ } else {
+ log_error_write(srv, __FILE__, __LINE__, "s", "warning: server.set-v6only will be removed soon, update your config to have different sockets for ipv4 and ipv6");
+ }
+ }
+ #endif
+
network_host_normalize_addr_str(host_token, &addr);
host = host_token->ptr;
@@ -286,17 +281,12 @@ static int network_server_init(server *srv, buffer *host_token, size_t sidx, int
}
#ifdef HAVE_IPV6
- if (AF_INET6 == srv_socket->addr.plain.sa_family
- && host != NULL) {
- if (s->set_v6only) {
+ if (set_v6only && -1 == stdin_fd) {
int val = 1;
if (-1 == setsockopt(srv_socket->fd, IPPROTO_IPV6, IPV6_V6ONLY, &val, sizeof(val))) {
log_error_write(srv, __FILE__, __LINE__, "ss", "setsockopt(IPV6_V6ONLY) failed:", strerror(errno));
return -1;
}
- } else {
- log_error_write(srv, __FILE__, __LINE__, "s", "warning: server.set-v6only will be removed soon, update your config to have different sockets for ipv4 and ipv6");
- }
}
#endif