Actions
Bug #3168
closedLighttpd keeps sending status 400
Status:
Invalid
Priority:
Normal
Category:
-
Target version:
-
ASK QUESTIONS IN Forums:
No
Description
Hello!
I am encountering a hair-pulling issue and am hoping someone here much smarter than me can figure it out
I am using 2 Lighttpd webservers, both running Pihole. However, One of them has started returning error 400. I am using a button on my Steamdeck that pulls the status of the Pi. Both Pis have near identical Lighttpd config, however one is returning 400 and one isnt.
I am seeing in my error logs:
2022-08-05 20:03:33: connections.c.800) fd: 11 request-len: 80\n\x16\x03\x01\x02 2022-08-05 20:03:33: request.c.359) missing CR before LF in header -> 400 2022-08-05 20:03:33: request.c.1332) request-header:\n\x16\x03\x01\x02 2022-08-05 20:03:33: response.c.158) Response-Header:\nHTTP/1.0 400 Bad Request\r\nContent-Type: text/html\r\nContent-Length: 345\r\nConnection: close\r\nDate: Sat, 06 Aug 2022 00:03:33 GMT\r\nServer: lighttpd/1.4.59\r\n\r\n 2022-08-05 20:03:33: connections.c.750) invalid request-line -> sending Status 400 2022-08-05 20:03:33: response.c.158) Response-Header:\nHTTP/1.0 400 Bad Request\r\nContent-Type: text/html\r\nContent-Length: 345\r\nConnection: close\r\nDate: Sat, 06 Aug 2022 00:03:33 GMT\r\nServer: lighttpd/1.4.59\r\n\r\n 2022-08-05 20:03:38: connections.c.750) invalid request-line -> sending Status 400 2022-08-05 20:03:38: response.c.158) Response-Header:\nHTTP/1.0 400 Bad Request\r\nContent-Type: text/html\r\nContent-Length: 345\r\nConnection: close\r\nDate: Sat, 06 Aug 2022 00:03:38 GMT\r\nServer: lighttpd/1.4.59\r\n\r\n 2022-08-05 20:03:38: connections.c.750) invalid request-line -> sending Status 400 2022-08-05 20:03:38: response.c.158) Response-Header:\nHTTP/1.0 400 Bad Request\r\nContent-Type: text/html\r\nContent-Length: 345\r\nConnection: close\r\nDate: Sat, 06 Aug 2022 00:03:38 GMT\r\nServer: lighttpd/1.4.59\r\n\r\n 2022-08-05 20:03:38: connections.c.750) invalid request-line -> sending Status 400 2022-08-05 20:03:38: response.c.158) Response-Header:\nHTTP/1.0 400 Bad Request\r\nContent-Type: text/html\r\nContent-Length: 345\r\nConnection: close\r\nDate: Sat, 06 Aug 2022 00:03:38 GMT\r\nServer: lighttpd/1.4.59\r\n\r\n 2022-08-05 20:03:38: connections.c.800) fd: 11 request-len: 118\n\x16\x03\x01\x02 2022-08-05 20:03:38: request.c.359) missing CR before LF in header -> 400
Whereas my other Pi has no such issues:
2022-08-07 15:16:07: response.c.158) Response-Header:\nHTTP/1.1 200 OK\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nSet-Cookie: persistentlogin=REDACTED; expires=Sun, 14-Aug-2022 19:16:07 GMT; Max-Age=604800; HttpOnly\r\nContent-type: application/json\r\nX-Pi-hole: The Pi-hole Web interface is working!\r\nX-Frame-Options: DENY\r\nContent-Length: 689\r\nDate: Sun, 07 Aug 2022 19:16:07 GMT\r\nServer: lighttpd/1.4.59\r\n\r\n
Ive opened a related ticket here, but really hoping anyone can help.
https://github.com/johnholbrook/streamdeck-pihole/issues/8
My config:
# Pi-hole: A black hole for Internet advertisements
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
# Network-wide ad blocking via your own hardware.
#
# Lighttpd config for Pi-hole
#
# This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license.
###############################################################################
# FILE AUTOMATICALLY OVERWRITTEN BY PI-HOLE INSTALL/UPDATE PROCEDURE. #
# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
# #
# CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE: #
# /etc/lighttpd/external.conf #
###############################################################################
server.modules = (
"mod_access",
"mod_accesslog",
"mod_alias",
"mod_auth",
"mod_expire",
"mod_deflate",
"mod_redirect",
"mod_setenv",
"mod_rewrite",
"mod_proxy",
"mod_openssl"
)
server.document-root = "/var/www/html/"
server.error-handler-404 = "/var/www/html/pihole/CustomBlockPage.php"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 82
server.use-ipv6 = "disable"
accesslog.filename = "/var/log/lighttpd/access.log"
accesslog.format = "%{%s}t|%V|%r|%s|%b"
## enable debugging
debug.log-request-header = "enable"
debug.log-response-header = "enable"
debug.log-request-handling = "enable"
debug.log-file-not-found = "enable"
debug.log-condition-handling = "enable"
# Allow streaming response
# reference: https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_stream-response-bodyDetails
server.stream-response-body = 1
#ssl.read-ahead = "disable"
index-file.names = ( "index.php", "index.html", "index.lighttpd.html" )
url.access-deny = ( "~", ".inc", ".md", ".yml", ".ini" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
mimetype.assign = (
".ico" => "image/x-icon",
".jpeg" => "image/jpeg",
".jpg" => "image/jpeg",
".png" => "image/png",
".svg" => "image/svg+xml",
".css" => "text/css; charset=utf-8",
".html" => "text/html; charset=utf-8",
".js" => "text/javascript; charset=utf-8",
".json" => "application/json; charset=utf-8",
".map" => "application/json; charset=utf-8",
".txt" => "text/plain; charset=utf-8",
".eot" => "application/vnd.ms-fontobject",
".otf" => "font/otf",
".ttc" => "font/collection",
".ttf" => "font/ttf",
".woff" => "font/woff",
".woff2" => "font/woff2"
)
# Add user chosen options held in external file
# This uses include_shell instead of an include wildcard for compatibility
include_shell "cat external.conf 2>/dev/null"
# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
# Prevent Lighttpd from enabling Let's Encrypt SSL for every blocked domain
#include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
include_shell "find /etc/lighttpd/conf-enabled -name '*.conf' -a ! -name 'letsencrypt.conf' -printf 'include \"%p\"\n' 2>/dev/null"
# If the URL starts with /admin, it is the Web interface
$HTTP["url"] =~ "^/admin/" {
# Create a response header for debugging using curl -I
setenv.add-response-header = (
"X-Pi-hole" => "The Pi-hole Web interface is working!",
"X-Frame-Options" => "DENY"
)
$HTTP["url"] =~ "\.(eot|otf|tt[cf]|woff2?)$" {
# Allow Block Page access to local fonts
setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" )
}
}
# Block . files from being served, such as .git, .github, .gitignore
$HTTP["url"] =~ "^/admin/\.(.*)" {
url.access-deny = ("")
}
# allow teleporter and API qr code iframe on settings page
$HTTP["url"] =~ "/(teleporter|api_token)\.php$" {
$HTTP["referer"] =~ "/admin/settings\.php" {
setenv.add-response-header = ( "X-Frame-Options" => "SAMEORIGIN" )
}
}
# Default expire header
expire.url = ( "" => "access plus 0 seconds" )
My external config:
$HTTP["host"] == "tortuga.servebeer.com" {
# Ensure the Pi-hole Block Page knows that this is not a blocked domain
setenv.add-environment = ("fqdn" => "true")
# Enable the SSL engine with a LE cert, only for this specific host
$SERVER["socket"] == ":444" {
ssl.engine = "enable"
ssl.pemfile = "/etc/letsencrypt/live/mydomain.mydomain.com/combined.pem"
ssl.ca-file = "/etc/letsencrypt/live/mydomain.mydomain.com/fullchain.pem"
ssl.honor-cipher-order = "enable"
ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1.2",
"CipherString" => "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH")
}
# Redirect HTTP to HTTPS
$HTTP["scheme"] == "http" {
$HTTP["host"] =~ ".*" {
url.redirect = (".*" => "https://%0$0")
}
}
}
Updated by P14r73 over 1 year ago
Hello!
I am encountering a hair-pulling issue and am hoping someone here much smarter than me can figure it out
I am using 2 Lighttpd webservers, both running Pihole. However, One of them has started returning error 400. I am using a button on my Steamdeck that pulls the status of the Pi. Both Pis have near identical Lighttpd config, however one is returning 400 and one isn't.
I am seeing in my error logs:
2022-08-05 20:03:33: connections.c.800) fd: 11 request-len: 80\n\x16\x03\x01\x02 2022-08-05 20:03:33: request.c.359) missing CR before LF in header -> 400 2022-08-05 20:03:33: request.c.1332) request-header:\n\x16\x03\x01\x02 2022-08-05 20:03:33: response.c.158) Response-Header:\nHTTP/1.0 400 Bad Request\r\nContent-Type: text/html\r\nContent-Length: 345\r\nConnection: close\r\nDate: Sat, 06 Aug 2022 00:03:33 GMT\r\nServer: lighttpd/1.4.59\r\n\r\n 2022-08-05 20:03:33: connections.c.750) invalid request-line -> sending Status 400 2022-08-05 20:03:33: response.c.158) Response-Header:\nHTTP/1.0 400 Bad Request\r\nContent-Type: text/html\r\nContent-Length: 345\r\nConnection: close\r\nDate: Sat, 06 Aug 2022 00:03:33 GMT\r\nServer: lighttpd/1.4.59\r\n\r\n 2022-08-05 20:03:38: connections.c.750) invalid request-line -> sending Status 400 2022-08-05 20:03:38: response.c.158) Response-Header:\nHTTP/1.0 400 Bad Request\r\nContent-Type: text/html\r\nContent-Length: 345\r\nConnection: close\r\nDate: Sat, 06 Aug 2022 00:03:38 GMT\r\nServer: lighttpd/1.4.59\r\n\r\n 2022-08-05 20:03:38: connections.c.750) invalid request-line -> sending Status 400 2022-08-05 20:03:38: response.c.158) Response-Header:\nHTTP/1.0 400 Bad Request\r\nContent-Type: text/html\r\nContent-Length: 345\r\nConnection: close\r\nDate: Sat, 06 Aug 2022 00:03:38 GMT\r\nServer: lighttpd/1.4.59\r\n\r\n 2022-08-05 20:03:38: connections.c.750) invalid request-line -> sending Status 400 2022-08-05 20:03:38: response.c.158) Response-Header:\nHTTP/1.0 400 Bad Request\r\nContent-Type: text/html\r\nContent-Length: 345\r\nConnection: close\r\nDate: Sat, 06 Aug 2022 00:03:38 GMT\r\nServer: lighttpd/1.4.59\r\n\r\n 2022-08-05 20:03:38: connections.c.800) fd: 11 request-len: 118\n\x16\x03\x01\x02 2022-08-05 20:03:38: request.c.359) missing CR before LF in header -> 400
Whereas my other Pi has no such issues:
2022-08-07 15:16:07: response.c.158) Response-Header:\nHTTP/1.1 200 OK\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nSet-Cookie: persistentlogin=REDACTED; expires=Sun, 14-Aug-2022 19:16:07 GMT; Max-Age=604800; HttpOnly\r\nContent-type: application/json\r\nX-Pi-hole: The Pi-hole Web interface is working!\r\nX-Frame-Options: DENY\r\nContent-Length: 689\r\nDate: Sun, 07 Aug 2022 19:16:07 GMT\r\nServer: lighttpd/1.4.59\r\n\r\n
Ive opened a related ticket here, but really hoping anyone can help.
https://github.com/johnholbrook/streamdeck-pihole/issues/8
My config:
# Pi-hole: A black hole for Internet advertisements
(c) 2017 Pi-hole, LLC (https://pi-hole.net)
Network-wide ad blocking via your own hardware. #
Lighttpd config for Pi-hole #
This file is copyright under the latest version of the EUPL.
Please see LICENSE file for your rights under this license.
###############################################################################
FILE AUTOMATICALLY OVERWRITTEN BY PI-HOLE INSTALL/UPDATE PROCEDURE. #
ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
#
CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE: #
/etc/lighttpd/external.conf # ###############################################################################
server.modules = (
"mod_access",
"mod_accesslog",
"mod_alias",
"mod_auth",
"mod_expire",
"mod_deflate",
"mod_redirect",
"mod_setenv",
"mod_rewrite",
"mod_proxy",
"mod_openssl"
)
server.document-root = "/var/www/html/"
server.error-handler-404 = "/var/www/html/pihole/CustomBlockPage.php"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 82
server.use-ipv6 = "disable"
accesslog.filename = "/var/log/lighttpd/access.log"
accesslog.format = "%{%s}t|%V|%r|%s|%b"
enable debugging
debug.log-request-header = "enable"
debug.log-response-header = "enable"
debug.log-request-handling = "enable"
debug.log-file-not-found = "enable"
debug.log-condition-handling = "enable"
Allow streaming response
reference: https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_stream-response-bodyDetails
server.stream-response-body = 1
#ssl.read-ahead = "disable"
index-file.names = ( "index.php", "index.html", "index.lighttpd.html" )
url.access-deny = ( "~", ".inc", ".md", ".yml", ".ini" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
mimetype.assign = (
".ico" => "image/x-icon",
".jpeg" => "image/jpeg",
".jpg" => "image/jpeg",
".png" => "image/png",
".svg" => "image/svg+xml",
".css" => "text/css; charset=utf-8",
".html" => "text/html; charset=utf-8",
".js" => "text/javascript; charset=utf-8",
".json" => "application/json; charset=utf-8",
".map" => "application/json; charset=utf-8",
".txt" => "text/plain; charset=utf-8",
".eot" => "application/vnd.ms-fontobject",
".otf" => "font/otf",
".ttc" => "font/collection",
".ttf" => "font/ttf",
".woff" => "font/woff",
".woff2" => "font/woff2"
)
# Add user chosen options held in external file
# This uses include_shell instead of an include wildcard for compatibility
include_shell "cat external.conf 2>/dev/null"
# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
# Prevent Lighttpd from enabling Let's Encrypt SSL for every blocked domain
#include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
include_shell "find /etc/lighttpd/conf-enabled -name '*.conf' -a ! -name 'letsencrypt.conf' -printf 'include \"%p\"\n' 2>/dev/null"
# If the URL starts with /admin, it is the Web interface
$HTTP["url"] =~ "^/admin/" { # Create a response header for debugging using curl -I
setenv.add-response-header = (
"X-Pi-hole" => "The Pi-hole Web interface is working!",
"X-Frame-Options" => "DENY"
)
$HTTP["url"] =~ "\.(eot|otf|tt[cf]|woff2?)$" { # Allow Block Page access to local fonts
setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" )
}
}
# Block . files from being served, such as .git, .github, .gitignore
$HTTP["url"] =~ "^/admin/\.(.*)" {
url.access-deny = ("")
}
# allow teleporter and API qr code iframe on settings page
$HTTP["url"] =~ "/(teleporter|api_token)\.php$" {
$HTTP["referer"] =~ "/admin/settings\.php" {
setenv.add-response-header = ( "X-Frame-Options" => "SAMEORIGIN" )
}
}
# Default expire header
expire.url = ( "" => "access plus 0 seconds" )
My external config:
$HTTP["host"] == "mydomain.mydomain.com" { # Ensure the Pi-hole Block Page knows that this is not a blocked domain
setenv.add-environment = ("fqdn" => "true")
# Enable the SSL engine with a LE cert, only for this specific host
$SERVER["socket"] == ":444" {
ssl.engine = "enable"
ssl.pemfile = "/etc/letsencrypt/live/mydomain.mydomain.com/combined.pem"
ssl.ca-file = "/etc/letsencrypt/live/mydomain.mydomain.com/fullchain.pem"
ssl.honor-cipher-order = "enable"
ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1.2",
"CipherString" => "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH")
}
# Redirect HTTP to HTTPS
$HTTP["scheme"] == "http" {
$HTTP["host"] =~ ".*" {
url.redirect = (".*" => "https://%0$0")
}
}
}
Updated by gstrauss over 1 year ago
- Status changed from New to Invalid
- Target version deleted (
1.4.xx)
Thank you for putting together all that information along with your question.
Please ask questions in the forums. https://redmine.lighttpd.net/projects/lighttpd/boards/2
Please hover your mouse over "ASK QUESTIONS IN Forums:" in your post near the top of this page and read what it says.
Updated by gstrauss over 1 year ago
$SERVER["socket"] conditions must not be nested in other lighttpd.conf conditions. Details in lighttpd TLS docs
Updated by gstrauss over 1 year ago
Follow-up in https://redmine.lighttpd.net/boards/2/topics/10593
Actions
Also available in: Atom