Lighttpd: Supporthttps://redmine.lighttpd.net/https://redmine.lighttpd.net/favicon.ico?13667327412024-03-28T04:30:17Zlighty labs
Redmine Support: RE: lighttpd cannot start after upgrade from 1.4.74 to 1.4.75https://redmine.lighttpd.net/boards/2/topics/11495?r=11496#message-114962024-03-28T04:30:17Zgstrauss
<blockquote>
<p>I have OpenSSL 3.2.1 and OPENSSL_NO_OCSP defined.</p>
</blockquote>
<p>You are correct that <code>mod_openssl_asn1_time_to_posix</code> is not defined when <code>OPENSSL_NO_OCSP</code> is defined, but needs to be for changes made in lighttpd 1.4.75.</p>
<p>Commit <a class="changeset" title="[mod_openssl] use internal asn1_time fn on 32-bit (fixes #3244) (thx Tobias Jakobi (Compleo)) u..." href="https://redmine.lighttpd.net/projects/lighttpd/repository/14/revisions/7adc0f65fb0459b33b75e2af57b41d27e4853925">7adc0f65f</a> message explains why the change was made in lighttpd 1.4.75.</p>
<p>The following patch should fix that for you.</p>
<pre>
--- a/src/mod_openssl.c
+++ b/src/mod_openssl.c
@@ -1561,6 +1561,8 @@ mod_openssl_load_stapling_file (const char *file, log_error_st *errh, buffer *b)
#endif
}
+#endif /* OPENSSL_NO_OCSP */
+
static unix_time64_t
mod_openssl_asn1_time_to_posix (const ASN1_TIME *asn1time)
@@ -1678,6 +1680,8 @@ mod_openssl_asn1_time_to_posix (const ASN1_TIME *asn1time)
}
+#ifndef OPENSSL_NO_OCSP
+
static unix_time64_t
mod_openssl_ocsp_next_update (plugin_cert *pc)
{
</pre> Support: [Solved] lighttpd cannot start after upgrade from 1.4.74 to 1.4.75https://redmine.lighttpd.net/boards/2/topics/114952024-03-27T17:01:05ZDeweloper
<p>Hi,</p>
<p>I upgraded lighttpd to latest version 1.4.75 and now I'm getting:</p>
<pre>
/usr/sbin/lighttpd: symbol 'mod_openssl_asn1_time_to_posix': can't resolve symbol in lib '/usr/lib/lighttpd/mod_openssl.so'.
2024-03-27 17:24:08: (plugin.c.221) dlopen() failed for: /usr/lib/lighttpd/mod_openssl.so Unable to resolve symbol
2024-03-27 17:24:08: (server.c.1649) loading plugins finally failed
</pre>
<p>/usr/lib/lighttpd/mod_openssl.so wants to import symbol mod_openssl_asn1_time_to_posix but nothing provides it.</p>
<p>So I rebuilt it and there was a warning:</p>
<pre>
/bin/sh ../libtool --tag=CC --mode=compile i686-buildroot-linux-uclibc-gcc -DHAVE_CONFIG_H -DHAVE_VERSIONSTAMP_H -DLIBRARY_DIR="\"/usr/lib/lighttpd\"" -DSBIN_DIR="\"/usr/sbin\"" -I. -I.. -D_REENTRANT -D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGE_FILES -D_DEFAULT_SOURCE -march=i686 -Os -I/output/staging/usr/include -lz -pipe -Wall -W -Wshadow -pedantic -MT mod_openssl_la-mod_openssl.lo -MD -MP -MF .deps/mod_openssl_la-mod_openssl.Tpo -c -o mod_openssl_la-mod_openssl.lo `test -f 'mod_openssl.c' || echo './'`mod_openssl.c
libtool: compile: i686-buildroot-linux-uclibc-gcc -DHAVE_CONFIG_H -DHAVE_VERSIONSTAMP_H -DLIBRARY_DIR=\"/usr/lib/lighttpd\" -DSBIN_DIR=\"/usr/sbin\" -I. -I.. -D_REENTRANT -D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGE_FILES -D_DEFAULT_SOURCE -march=i686 -Os -I/output/staging/usr/include -lz -pipe -Wall -W -Wshadow -pedantic -MT mod_openssl_la-mod_openssl.lo -MD -MP -MF .deps/mod_openssl_la-mod_openssl.Tpo -c mod_openssl.c -fPIC -DPIC -o .libs/mod_openssl_la-mod_openssl.o
make[1]: 'busybox.links' jest aktualne.
mod_openssl.c:1390:1: warning: 'mod_openssl_asn1_time_to_posix' used but never defined
1390 | mod_openssl_asn1_time_to_posix (const ASN1_TIME *asn1time);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mv -f .deps/mod_openssl_la-mod_openssl.Tpo .deps/mod_openssl_la-mod_openssl.Plo
/bin/sh ../libtool --tag=CC --mode=link i686-buildroot-linux-uclibc-gcc -march=i686 -Os -I/output/staging/usr/include -lz -pipe -Wall -W -Wshadow -pedantic -module -export-dynamic -avoid-version -L/output/staging/usr/lib -lz -o mod_openssl.la -rpath /usr/lib/lighttpd mod_openssl_la-mod_openssl.lo -lssl -lcrypto
libtool: link: i686-buildroot-linux-uclibc-gcc -shared -fPIC -DPIC .libs/mod_openssl_la-mod_openssl.o -L/output/staging/usr/lib -lz -lssl -lcrypto -march=i686 -Os -Wl,-soname -Wl,mod_openssl.so -o .libs/mod_openssl.so
/usr/local/cross/bin/../lib/gcc/i686-buildroot-linux-uclibc/13.2.0/../../../../i686-buildroot-linux-uclibc/bin/ld: .libs/mod_openssl_la-mod_openssl.o: warning: relocation against `mod_openssl_asn1_time_to_posix' in read-only section `.text'
/usr/local/cross/bin/../lib/gcc/i686-buildroot-linux-uclibc/13.2.0/../../../../i686-buildroot-linux-uclibc/bin/ld: warning: creating DT_TEXTREL in a shared object
libtool: link: ( cd ".libs" && rm -f "mod_openssl.la" && ln -s "../mod_openssl.la" "mod_openssl.la" )
</pre>
<p>So it looks like mod_openssl.c declares mod_openssl_asn1_time_to_posix but doesn't define it, what causes gcc to try to import that symbol. In runtime the symbol is missing so mod_openssl.so cannot be loaded and lighttpd dies due to missing plugin.<br />I have OpenSSL 3.2.1 and OPENSSL_NO_OCSP defined.<br />When I reverted just this change:<br /><a class="external" href="https://redmine.lighttpd.net/projects/lighttpd/repository/14/diff/src/mod_openssl.c?utf8=%E2%9C%93&rev=7adc0f65fb0459b33b75e2af57b41d27e4853925&rev_to=87b3a9cab8d964330aef12db9f78aae66eaf0968">https://redmine.lighttpd.net/projects/lighttpd/repository/14/diff/src/mod_openssl.c?utf8=%E2%9C%93&rev=7adc0f65fb0459b33b75e2af57b41d27e4853925&rev_to=87b3a9cab8d964330aef12db9f78aae66eaf0968</a><br />lighttpd started properly and seems to be working.</p> Support: RE: [Solved] Blocking the access with specific extension file through browserhttps://redmine.lighttpd.net/boards/2/topics/11491?r=11494#message-114942024-03-27T14:21:24Zgstrauss
<p>Please read the following <em>very carefully</em>: <a href="https://redmine.lighttpd.net/boards/2/topics/5" class="external">How to get support</a></p>
<p>Then, read <a class="wiki-page" href="https://redmine.lighttpd.net/projects/lighttpd/wiki/Mod_rewrite">mod_rewrite</a> and try testing some alternatives on your own.</p> Support: RE: [Solved] Blocking the access with specific extension file through browserhttps://redmine.lighttpd.net/boards/2/topics/11491?r=11493#message-114932024-03-27T08:17:34Zshashank
<p>Tried the changes but still it is not working. After making the changes every file it is rewriting to notfound.ha.</p> Support: RE: Blocking the access with specific extension file through browserhttps://redmine.lighttpd.net/boards/2/topics/11491?r=11492#message-114922024-03-26T13:01:30Zgstrauss
<p><code>==</code> is an exact match condition, which will not match your shell file glob.<br /><code>=~</code> is for a regex condition, but what you wrote above is not a proper regex. You used a shell file glob instead of a regex.<br /><pre>
$HTTP["url"] =~ "^/cgi-bin/.*\.hf$" {
url.rewrite = ( "" => "/cgi-bin/notfound.ha" )
}
</pre><br />or more simply use the regex match in <code>url.rewrite</code><br /><code>url.rewrite = ( "^/cgi-bin/[^?]*\.hf" => "/cgi-bin/notfound.ha" )</code><br />or deny serving all *.hf as a static file using<br /><code>static-file.exclude-extensions += (".hf")</code></p> Support: [Solved] Blocking the access with specific extension file through browserhttps://redmine.lighttpd.net/boards/2/topics/114912024-03-26T11:58:46Zshashank
<p>Webserver home directory is cgi-bin</p>
<p>We have two files which is home.html, header.hf.</p>
<p>Url: <a class="external" href="https://&lt;ip&gt;/cgi-bin/home.html">https://&lt;ip&gt;/cgi-bin/home.html</a><br />Url: <a class="external" href="https://&lt;ip&gt;/cgi-bin/header.hf">https://&lt;ip&gt;/cgi-bin/header.hf</a></p>
<p>if user request any (*.hf) file we need to restrict in browser by sending to notfound page using rewrite.</p>
<p>Tried like below but below regular expression is not working.</p>
<p>$HTTP["url"] == "/cgi-bin/*.hf" {<br /> url.rewrite = ( "" => "/cgi-bin/notfound.ha" )<br />}</p>
<p>Which regular expression we should use to restrict all .hf files at a time??</p> Support: RE: [Solved] add current username on webpag( webapp)https://redmine.lighttpd.net/boards/2/topics/11487?r=11490#message-114902024-03-25T15:49:32Zgstrauss
<p>Asked and already answered.</p> Support: RE: add current username on webpag( webapp)https://redmine.lighttpd.net/boards/2/topics/11487?r=11489#message-114892024-03-25T15:15:28Zwissen
<p>thanks for answer.<br />Could i also use XMLHttpRequest of Javascript to fetch its? or i only need backend scripts?</p> Support: RE: add current username on webpag( webapp)https://redmine.lighttpd.net/boards/2/topics/11487?r=11488#message-114882024-03-25T14:21:33Zgstrauss
<p><strong>Do not post basic user-help questions in the lighttpd issue tracker.</strong> The lighttpd issue tracker is for issues in lighttpd.</p>
<p>After successful authentication, <code>REMOTE_USER</code> is set in the environment for backend scripts serving that authenticated request, e.g. <a class="wiki-page" href="https://redmine.lighttpd.net/projects/lighttpd/wiki/Mod_cgi">mod_cgi</a>, <a class="wiki-page" href="https://redmine.lighttpd.net/projects/lighttpd/wiki/Mod_fastcgi">mod_fastcgi</a>, <a class="wiki-page" href="https://redmine.lighttpd.net/projects/lighttpd/wiki/Mod_scgi">mod_scgi</a>, <a class="wiki-page" href="https://redmine.lighttpd.net/projects/lighttpd/wiki/Mod_ajp13">mod_ajp13</a>, <a class="wiki-page" href="https://redmine.lighttpd.net/projects/lighttpd/wiki/Mod_magnet">mod_magnet</a>. Generate the page containing <code>REMOTE_USER</code> or set a cookie in your script.</p>
<p>This website is for the lighttpd web server, not how to write client webapps.</p>
<p><a href="https://redmine.lighttpd.net/boards/2/topics/5" class="external">How to get support</a><br /><a class="wiki-page" href="https://redmine.lighttpd.net/projects/lighttpd/wiki/WikiStart">WikiStart</a><br /><a class="wiki-page" href="https://redmine.lighttpd.net/projects/lighttpd/wiki/Mod_auth">mod_auth</a></p> Support: [Solved] add current username on webpag( webapp)https://redmine.lighttpd.net/boards/2/topics/114872024-03-25T12:27:27Zwissen
<p>Hello,<br />i need your help. On my Raspberry system runs lighttpd (using Basic/digest Authentication) as webserver to hoste my webpage (Webapp). Then i call my webapp on webbrowser(on my PC) the server ask me the authentication, i give its and all work fine. But i want to add or show the current username (what i give to authentication) on my Webapp, when access the webpage. Can someboby help me ? I am trying many way but nothing. Thanks</p>
<pre>
server.modules += (
"mod_dirlisting",
"mod_staticfile",
"mod_auth",
"mod_authn_file"
)
auth.cache = ("max-age" => "200")
auth.backend = "plain"
auth.backend.plain.userfile = "/var/www/user/lighttpd-plain.user" # insecure location; temporary; FIX
auth.require = ( "" => ("method" => "digest", "algorithm" => "SHA-256", "realm" => "password protected area", "require" => "valid-user") )
</pre> Support: RE: [Solved] how running a CGI written in Chttps://redmine.lighttpd.net/boards/2/topics/11482?r=11486#message-114862024-03-20T01:53:11Zgstrauss
<p><code>server.document-root = "/var/www/html"</code> and <code>/var/www/cgi-bin</code> do not overlap.</p>
<p>When lighttpd looks for /cgi-bin/hello.cgi, it looks for /var/www/html/cgi-bin/hello.cgi <em>in your config</em> and does not find hello.cgi there.</p>
<p>Read <a class="wiki-page" href="https://redmine.lighttpd.net/projects/lighttpd/wiki/Mod_cgi">mod_cgi</a> doc more carefully and look at the <code>alias.url</code> use. See also <a class="wiki-page" href="https://redmine.lighttpd.net/projects/lighttpd/wiki/Mod_alias">mod_alias</a> doc.</p> Support: RE: [Solved] how running a CGI written in Chttps://redmine.lighttpd.net/boards/2/topics/11482?r=11485#message-114852024-03-20T01:02:07Zfreeor
<pre>
cd /var/www/cgi-bin/
deepin@deepin-PC:/var/www/cgi-bin$ ls
hello.cgi
web http://localhost/cgi-bin/hello.cgi 404 not found
lightthpd.conf
server.modules = ("mod_cgi")
server.document-root = "/var/www/html"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 80
# strict parsing and normalization of URL for consistency and security
# https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails
# (might need to explicitly set "url-path-2f-decode" = "disable"
# if a specific application is encoding URLs inside url-path)
server.http-parseopts = (
"header-strict" => "enable",# default
"host-strict" => "enable",# default
"host-normalize" => "enable",# default
"url-normalize-unreserved"=> "enable",# recommended highly
"url-normalize-required" => "enable",# recommended
"url-ctrls-reject" => "enable",# recommended
"url-path-2f-decode" => "enable",# recommended highly (unless breaks app)
#"url-path-2f-reject" => "enable",
"url-path-dotseg-remove" => "enable",# recommended highly (unless breaks app)
#"url-path-dotseg-reject" => "enable",
#"url-query-20-plus" => "enable",# consistency in query string
)
index-file.names = ( "index.php", "index.html" )
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".cgi", ".fcgi" )
compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )
# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.conf.pl"
include "/etc/lighttpd/conf-enabled/*.conf"
#server.compat-module-load = "disable"
server.modules += (
"mod_compress",
"mod_dirlisting",
"mod_staticfile",
)
$HTTP["url"] =~ "/cgi-bin/" {
cgi.assign = ( "" => "" )
}
cgi.assign = (
".cgi" => ""
)
</pre> Support: RE: how running a CGI written in Chttps://redmine.lighttpd.net/boards/2/topics/11482?r=11484#message-114842024-03-19T13:48:03Zgstrauss
<blockquote>
<p>But after I log in, <a class="external" href="http://cgi-bin/hello.cgi">http://cgi-bin/hello.cgi</a> shows that the web page cannot work.</p>
</blockquote>
<p>You seem to be deficient in some areas. "the web page cannot work" is a childish "description". For someone attempting to write in C, you ought to know better.</p>
<p><a href="https://redmine.lighttpd.net/boards/2/topics/5" class="external">How to get support - please read</a></p>
<p>The acmesystems.it page you referenced is not bad, but you were sloppy reading it. The Final Test example has three slashes <code>http:///cgi-bin/hello.cgi</code> and would have been better written as <code>http://127.0.0.1/cgi-bin/hello.cgi</code> or <code>http://localhost/cgi-bin/hello.cgi</code></p> Support: RE: how running a CGI written in Chttps://redmine.lighttpd.net/boards/2/topics/11482?r=11483#message-114832024-03-19T08:33:42Zfreeor
<p>freeor wrote:</p>
<blockquote>
<p>I followed this link <a class="external" href="https://www.acmesystems.it/foxg20_cgi">https://www.acmesystems.it/foxg20_cgi</a>,<br />But after I log in, <a class="external" href="http://cgi-bin/hello.cgi">http://cgi-bin/hello.cgi</a> shows that the web page cannot work. Do you have a routine for this C program cgi?</p>
</blockquote>
<p>lighttpd/1.4.53 (ssl) - a light and fast webserver</p>
<p>google</p>
<p>OS: linux</p> Support: [Solved] how running a CGI written in Chttps://redmine.lighttpd.net/boards/2/topics/114822024-03-19T08:17:50Zfreeor
<p>I followed this link <a class="external" href="https://www.acmesystems.it/foxg20_cgi">https://www.acmesystems.it/foxg20_cgi</a>,<br />But after I log in, <a class="external" href="http://cgi-bin/hello.cgi">http://cgi-bin/hello.cgi</a> shows that the web page cannot work. Do you have a routine for this C program cgi?</p>