[Solved] url.rewrite-once in case of port forwarding

Added by enzopaz 7 months ago

I'm quite new with lighttpd.
I'm using it in a board using an ARM microprocessor with Debian on board.

I'heve developed a web app using the fat free framework and it works fine inside my local network.
I'm now tring to make the web app accessible from outside the local network.
So I have a port forwarding on the router to give access to the web server inside my local network.
So now the web server is accessible from to outside to the address

The problem is that when I perform a "reroute" to the /login route from my webapp the web app routes to the (wrong) url and not to the (right) url

This of course result in URL not found. If I add manually the port(7777) the url is ok.

The question is how modify the url.rewrite-once rule to add always the port 7777 (is not already present) when accessing the url

The actual lighttpd.conf is:

server.modules = (

server.document-root        = "/var/www/fatfree" 
server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
server.errorlog             = "/var/log/lighttpd/error.log"             = "/var/run/" 
server.username             = "www-data" 
server.groupname            = "www-data" 
server.port                 = 80

# strict parsing and normalization of URL for consistency and security
# (might need to explicitly set "url-path-2f-decode" = "disable" 
#  if a specific application is encoding URLs inside url-path)
server.http-parseopts = (
  "header-strict"           => "enable",# default
  "host-strict"             => "enable",# default
  "host-normalize"          => "enable",# default
  "url-normalize-unreserved"=> "enable",# recommended highly
  "url-normalize-required"  => "enable",# recommended
  "url-ctrls-reject"        => "enable",# recommended
  "url-path-2f-decode"      => "enable",# recommended highly (unless breaks app)
 #"url-path-2f-reject"      => "enable",
  "url-path-dotseg-remove"  => "enable",# recommended highly (unless breaks app)
 #"url-path-dotseg-reject"  => "enable",
 #"url-query-20-plus"       => "enable",# consistency in query string

index-file.names            = ( "index.php", "index.html" )
url.access-deny             = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

compress.cache-dir          = "/var/cache/lighttpd/compress/" 
compress.filetype           = ( "application/javascript", "text/css", "text/html", "text/plain" )

# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/ " + server.port
include_shell "/usr/share/lighttpd/" 
include "/etc/lighttpd/conf-enabled/*.conf" 

#server.compat-module-load   = "disable" 
server.modules += (

url.rewrite-once = ( "^/(.*?)(\?.+)?$"=>"/index.php/$1?$2" )
server.error-handler-404 = "/index.php" 


The versione of lighttpd is lighttpd/1.4.53 (ssl) - a light and fast webserver

Thanks in advance.

Replies (4)

RE: [Solved] url.rewrite-once in case of port forwarding - Added by enzopaz 5 months ago

please could give an example of the rule I should use to redirect the pages on the right port? Of course the port is not fixed but is a parameter defined by the router port mapping rule (in this case the ruoter maps the external port 7777 on the internal standard 80). Thansk a lot.

RE: [Solved] url.rewrite-once in case of port forwarding - Added by gstrauss 5 months ago

your webapp should look in the environment and use SERVER_PORT when constructing the route it sends back to the client.

[Edit] if your firewall is doing the port mapping, lighttpd does not know that the client used port :xxx; lighttpd only knows the port(s) on which lighttpd is listening, and provides that information to CGI, FastCGI, SCGI, etc in SERVER_PORT. If your app sends a response with a link, your app needs to either use a url-path (/login) or your app needs to produce the correct fully-qualified URL (http://authority:port/login).

RE: [Solved] url.rewrite-once in case of port forwarding - Added by enzopaz 4 months ago

The point is that SERVER_PORT contains the port 80 and not the port 7777 seen from outside the router. So it seems to me that the webapp can't build the URL you mention because I don't know where to recover the external port number (7777). For sure I doing something wrong but I don't know hwre the problem is.