Project

General

Profile

[Solved] Cannot maked 1.4.47 to work

Added by HenrikHolst almost 3 years ago

Hi,

I have a working setup with 1.4.45 which completely fails when upgraded to 1.4.47.

Just to check everything I added

debug.log-request-handling = "enable" 
debug.log-ssl-noise = "enable" 

To lighttpd..conf (and yes I did add mod_openssl to the modules list).

But even after every attempt there is not a single line logged to /var/log/lighttpd/error.log:

2017-10-27 12:32:03: (server.c.1525) server started (lighttpd/1.4.47) 
2017-10-27 12:33:12: (server.c.2118) server stopped by UID = 0 PID = 1 

Even a telnet fails:

root@xxx:~# telnet 127.0.0.1 80
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
root@xxx:~# telnet 127.0.0.1 443
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused

Which tells me that the server isn't even listening to network traffic. However a netstat told me that it atleast was listening:

root@xxx:~# netstat -antp | grep light
tcp6       0      0 :::80                   :::*                    LISTEN      17474/lighttpd  
tcp6       0      0 :::443                  :::*                    LISTEN      17474/lighttpd  

Recompiling 1.4.45 just to make sure that it's not my dev machine that have created a borked build and it works right away, retry with 1.4.47 and I cannot make a single connection again.

Both are configured the same way on compile with:

./configure --prefix=/usr --includedir=/include --mandir=/share/man --infodir=/share/info --sysconfdir=/etc --localstatedir=/var --libexecdir=/lib/lighttpd --disable-dependency-tracking --srcdir=. --libdir=/usr/lib/lighttpd --with-openssl --with-pcre --with-bzip2 --with-zlib --with-lua=lua5.1 --with-attr --with-fam


Replies (8)

RE: Cannot maked 1.4.47 to work - Added by stbuehler almost 3 years ago

Hm. Looks like IPv4 got lost; maybe you can compare with the output of netstat from 1.4.45.

RE: Cannot maked 1.4.47 to work - Added by HenrikHolst almost 3 years ago

It's identical:

root@fileserver:~# netstat -antp | grep light
tcp6       0      0 :::80                   :::*                    LISTEN      18518/lighttpd  
tcp6       0      0 :::443                  :::*                    LISTEN      18518/lighttpd  

Note that is is on a dual stack machine that serves woth IPv4 and IPv6 traffic so it receives IPv4 data via the IPv6 stack (forgot to mention that in the first post). So an active IPv4 connection to it looks like this:

root@fileserver:~# netstat -antp | grep light
tcp6       0      0 :::80                   :::*                    LISTEN      18518/lighttpd  
tcp6       0      0 :::443                  :::*                    LISTEN      18518/lighttpd  
tcp6       0      0 195.242.143.117:443      213.115.115.81:43763    ETABLERAD   18518/lighttpd  
tcp6       0  53813 195.242.143.117:443      213.174.79.240:30737    ETABLERAD   18518/lighttpd  
tcp6       0      0 195.242.143.117:443      213.115.115.81:22435    ETABLERAD   18518/lighttpd  
tcp6       0      0 195.242.143.117:443      213.115.115.81:55597    ETABLERAD   18518/lighttpd  
tcp6       0      0 195.242.143.117:443      213.115.115.81:45661    ETABLERAD   18518/lighttpd  
tcp6       0      0 195.242.143.117:443      213.115.115.81:4863     ETABLERAD   18518/lighttpd  
tcp6       0      0 195.242.143.117:443      213.115.115.81:37745    ETABLERAD   18518/lighttpd  
tcp6       0      0 195.242.143.117:443      213.174.79.240:30738    ETABLERAD   18518/lighttpd  

RE: Cannot maked 1.4.47 to work - Added by avij almost 3 years ago

Seeing your lighttpd.conf might be helpful.

RE: Cannot maked 1.4.47 to work - Added by HenrikHolst almost 3 years ago

Here you go.

lighttpd.conf (3.96 KB) lighttpd.conf config file

RE: Cannot maked 1.4.47 to work - Added by stbuehler almost 3 years ago

server.set-v6only is on by default; before this was ignored when server.bind was empty, and this check used host == NULL to indicate this. This check might be broken now, so as a workaround you could try disabling server.set-v6only.

RE: Cannot maked 1.4.47 to work - Added by HenrikHolst almost 3 years ago

Thanks! That made it work again.

So the long-term solution is to use server.bind and bind to both ipv4 and ipv6 interfaces?

RE: Cannot maked 1.4.47 to work - Added by gstrauss almost 3 years ago

Thanks for the pointer, @stbuehler. It appears that this was broken back in Jun in 5248b46c

HenrikHolst, yes, the long-term solution is to be explicit which IPv4 or IPv6 addresses are to be bound, even if wildcard addresses.

I'll post a patch here in a bit.

RE: Cannot maked 1.4.47 to work - Added by gstrauss almost 3 years ago

This should apply to 1.4.47 with some fuzz.

--- a/src/network.c
+++ b/src/network.c
@@ -146,6 +129,7 @@ static int network_server_init(server *srv, buffer *host_token, size_t sidx, int
        specific_config *s = srv->config_storage[sidx];
        socklen_t addr_len = sizeof(sock_addr);
        sock_addr addr;
+       int set_v6only = 0;

 #ifdef __WIN32
        int err;
@@ -197,6 +181,17 @@ static int network_server_init(server *srv, buffer *host_token, size_t sidx, int
        } else if (0 != network_host_parse_addr(srv, &addr, &addr_len, host_token, s->use_ipv6)) {
                return -1;
        }
+
+      #ifdef HAVE_IPV6
+       if (*host != '\0' && AF_INET6 == addr.plain.sa_family) {
+               if (s->set_v6only) {
+                       set_v6only = 1;
+               } else {
+                       log_error_write(srv, __FILE__, __LINE__, "s", "warning: server.set-v6only will be removed soon, update your config to have different sockets for ipv4 and ipv6");
+               }
+       }
+      #endif
+
        network_host_normalize_addr_str(host_token, &addr);
        host = host_token->ptr;

@@ -286,17 +281,12 @@ static int network_server_init(server *srv, buffer *host_token, size_t sidx, int
        }

 #ifdef HAVE_IPV6
-               if (AF_INET6 == srv_socket->addr.plain.sa_family
-                   && host != NULL) {
-                       if (s->set_v6only) {
+               if (set_v6only && -1 == stdin_fd) {
                                int val = 1;
                                if (-1 == setsockopt(srv_socket->fd, IPPROTO_IPV6, IPV6_V6ONLY, &val, sizeof(val))) {
                                        log_error_write(srv, __FILE__, __LINE__, "ss", "setsockopt(IPV6_V6ONLY) failed:", strerror(errno));
                                        return -1;
                                }
-                       } else {
-                               log_error_write(srv, __FILE__, __LINE__, "s", "warning: server.set-v6only will be removed soon, update your config to have different sockets for ipv4 and ipv6");
-                       }
                }
 #endif

    (1-8/8)