FrequentlyAskedQuestions » History » Revision 77
Revision 76 (gstrauss, 2021-07-16 08:30) → Revision 77/83 (gstrauss, 2021-07-17 03:17)
h1. FAQs . h3. [[WikiStart#Documentation|Help]]: h2. Where can I to get [[WikiStart#Documentation|Help]]? help? IRC: "libera":https://libera.chat/, channel "#lighttpd":irc://irc.libera.chat/lighttpd . Mailing list: [[WikiStart#Community]], [[Mailinglists]] h2. General h3. How do I bind to more than one address? Use @server.bind@ server.bind and @server.port@ server.port to bind to the first port and then the @$SERVER["socket"]@ conditional, which can have an empty body @{ }@, $SERVER["socket"] conditional to bind to the rest. For example, to rest (it will 'magically' bind to 192.0.2.1 port 80, and the specified socket). Example that exposes /server-status to bind an internal IP only (note that it's perfectly valid to *:443 and [::]:443 ([[Docs_SSL|TLS/SSL]] ports) leave the body of the conditional empty): <pre> server.port = 80 server.bind = "192.0.2.1" $SERVER["socket"] == ":443" "192.168.2.100:80" { status.status-url = "/server-status" } $SERVER["socket"] == "[::]:443" "/path/to/unix_domain_socket:1" { } </pre> This can also be combined with [[lighttpd:Docs_SSL|SSL]]. h3. What Do you support .htaccess files? No. lighttpd's design does %1/$1 mean? These not permit implementing this functionality as config files are "backreferences":http://www.regular-expressions.info/brackets.html used by [[Docs_ModRewrite|mod_rewrite]] loaded at startup time and [[Docs_ModRedirect|mod_redirect]] .htaccess would be needed to be parsed at request time. %n Also scanning all the directories in the request path for those files can cause significant slowdown especially because lighty is used to denote a backreference to the config conditional, single process and $n is used to backreference on the redirect/rewrite regex. single threaded. If you Furthermore, .htaccess files are Apache config files. We would need to learn about regexes, "Regular-Expressions.info":http://www.regular-expressions.info/ is write a good place parser and it might not even be possible to start. map all functionality to lighty logic. h3. What kind of environment does @server.error-handler-404@ server.error-handler-404 set up? The environment (which is relevant when using CGI or FastCGI) is quite normal, but observe the following: * REQUEST_URI is the *original* request, and has nothing to do with where the redirect points to. * The rest of the CGI environment is based off the @server.error-handler-404@ target. * QUERY_STRING is _not_ set from the original request, so you have to parse the REQUEST_URI yourself to get it. * PATH_INFO, similarly, is not set from the original request. * SCRIPT_NAME is set according to the @server.error-handler-404@ target, not according to the original REQUEST_URI. * REDIRECT_STATUS is the error status of the original request (e.g. 404 or 403) for which @server.error-handler-404@ is being called. h3. Why is @server.error-handler-404@ server.error-handler-404 serving 200 instead of 404? Quote from Jan: The status returned <pre> Yes. As we handle the error we generate a something new. If you just want to send a custom-404 errorpage, there is server.errorfile-prefix </pre> For further information read the result of running the [[Server_error-handler-404Details|server.error-handler-404]] server.errorfile-prefix entry [[lighttpd:Docs_Configuration|in configuration info]]. If your target handler. Your target handler for @server.error-handler-404@ checks REDIRECT_STATUS, it can check REDIRECT_STATUS and can choose to return that status instead of 200. If you just want to send a custom-404 errorpage, there use [[Server_errorfile-prefixDetails|server.errorfile-prefix]]. For full control over all HTTP error status codes, see "server.error-handler":https://redmine.lighttpd.net/projects/lighttpd/repository/14/revisions/dbdab5dbc9b98df9c40f11e0fc6a6ce49bfea804 h3. How do I protect a directory with a password? Look in the doc/authentication.txt [[Docs_ModAuth|mod_auth]] "doc/authentication.txt":https://git.lighttpd.net/lighttpd/lighttpd1.4/src/branch/master/doc/outdated/authentication.txt If you are you're converting from Apache, an example using htpasswd authentication: authentication backend is what you're looking for. See also [[HowToAuthenticationFromMultipleFiles]] h3. Can I use Apache Modules with lighttpd? No, Apache modules are not compatible with lighttpd. h3. Can I use SVN over WebDAV with lighttpd? No, use Apache. If you would like, you can proxy requests to Apache through lighttpd. h3. What is lighttpd's equivalent to Apache's "Options +!MultiViews"? See [[MigratingFromApache#MultiViews]] h3. Why do I still get a 403 status, even though the permissions on my doc root directory and its contents are set to 755? Nine times out of ten (in IRC support), you have forgotten to check the permissions on one of the parent directories. Double check each directory in your path to insure the lighttpd user can access the nested doc root. selinux and alike might also play tricks on you :) h2. FastCGI h3. Where is the spawn-php program/script available from? it's mentioned in docs but not available in the distributed package (1.3.7) If you install lighttpd (http://lighttpd.net/download/INSTALL), the spawn-fcgi binary is installed automatically (on versions < 1.4.23). It is Its now a seperate package living at: http://redmine.lighttpd.net/projects/spawn-fcgi h3. Is there an su-exec wrapper available? Not officially, but Sune Foldager coded one especially for lighttpd which you can grab "here":http://cgit.stbuehler.de/gitosis/execwrap/. It's very easy to use, but has not yet been extensively tested so a little caution is advised. On the other hand, the source is very small so it's easy to get a security overview. Instructions and usage examples (with lighttpd) are in the "README":http://cyanite.org/projects/execwrap/READ_ME. h3. How do I exclude a certain directory from FastCGI? <pre> <pre> $HTTP["url"] !~ "^/no-fcgi/" { # to exclude multiple directories: $HTTP["url"] !~ "^/(?:no-fcgi1|foo/no-fcgi2|bar)/" { $HTTP["url"] !~ "^/no-fcgi/" { fastcgi.server = ( "/" => ... ) } </pre> You *can* also use @server.error-handler-404@ server.error-handler-404 to redirect all non-existent files to FastCGI (see [[LighttpdOnRails]] LighttpdOnRails for an example), but you should not. It is known to have unexpected side effects and is more a hack than a real solution. Use mod_magnet whenever you need such changes, "darix darix provides very good scripts":http://nordisch.org/ scripts (which should fit a lot of web apps) at his "website":http://nordisch.org/ h3. I get the error "No input file specified" when trying to use PHP Sadly, this error message can mean a lot of things. A common explanation attempt: PHP is unable to locate or open the file which it is supposed to parse. This can have a lot of reasons: * You forgot to add '''cgi.fix_pathinfo=1 to your php.ini''' file See the comments in the "PHP docs":http://www.php.net/manual/de/security.cgi-bin.php. The issue here is that the environment variable @SCRIPT_FILENAME@ is not being passed to PHP. * Make sure you did not set *doc_root or userdir in php.ini*, or if you have set it, make sure it has the correct value (doc_root should match lighttpd's server.document-root option in this case) * If open_basedir is set, make sure the requested file is below one of the directories which is specified there. In the past PHP parsed files which were not inside open_basedir as well, but this security problem was fixed (in php-5.2.3 or so). * If you are running PHP with different permissions than lighttpd (spawn-fcgi with -u/-g, execwrap, suexec, ...), check that PHP can really read the file If you are unable to find / fix the problem, you can use [[HowToReportABug#strace|strace]] to see if it is a (OS-related) permission problem (look out for stat*(...YOURFILE...) = RETURNCODE). It might help to set @max-procs@ to 1 and @PHP_FCGI_CHILDREN@ as well (see [[lighttpd:Docs_ModFastCGI|fastcgi docs]]) in that case, so that you can easily attach strace to the correct php-cgi process. h3. How many php CGI processes will lighttpd spawn? lighttpd has three configuration options that control how many php-cgi processes will run: * @PHP_FCGI_CHILDREN@ (defaults to 1) * @max-procs@ (default 4) * @min-procs@ (default max-procs) When lighttpd starts, it will launch max-procs parent php processes. Each parent process then pre-forks PHP_FCGI_CHILDREN child processes. For example, if max-procs are 4 and PHP_FCGI_CHILDREN is 16, lighttpd will start max-procs x ( PHP_FCGI_CHILDREN + 1). In our case: 4 * ( 16 + 1 ) = 68 (4 watcher processes which do not handle requests, 64 real php backends which serve requests). If you are using an opcode cache such as eAccelerator, XCache or similar it's advisable to keep max-procs at a very low number (1 is perfectly fine) and raise PHP_FCGI_CHILDREN instead. Those opcode caches will create a separate memory space for each parent process, otherwise, which is not what one would call "efficient memory usage" in that case.. If you leave max-procs at 4, you'll end up with four separate opcode memory cache segments. Note that setting PHP_FCGI_MAX_REQUESTS is recommended to avoid possible memory leak side-effects. h2. Questions from Apache users h3. Tips on how to [[MigratingFromApache|Migrate from Apache]] What does %1/$1 mean? h3. Do you support .htaccess files? It's just "lighty speak" for [http://www.regular-expressions.info/brackets.html backreferences]]. (See doc/rewrite.txt and doc/redirect.txt.) No. lighttpd's design does not permit implementing this functionality as config files are loaded at startup time and .htaccess would be needed %n is used to be parsed at request time. Also scanning all denote a backreference on the directories in the request path for those files can cause significant slowdown especially because lighttpd is single process conditional, and $n is single threaded. Furthermore, .htaccess files are Apache config files. We would used to backreference on the redirect/rewrite regex. If you need to write learn about regexen, "Regular-Expressions.info":http://www.regular-expressions.info/ is as good a parser place to start as any. h3. What does "(server.c.XXX) connection closed - write-request-timeout: YY" in my error log mean? This error means that a client connection has timed out and lighttpd has closed the connection. This error on its own is not something to worry about as it might not even can occur regularly during the course of normal site operation. The default timeout is 360 seconds and can be possible to map all functionality to lighttpd logic. set using "server.max-write-idle":http://lighttpd.net/documentation/configuration.html. There´s a silence-option for this now. h3. Can I use Apache Modules with lighttpd? Why: 'unexpected end-of-file (perhaps the fastcgi process died)'? or random '500 - Internal Server Error' No, Apache modules If you are not compatible using FastCGI with lighttpd. h3. Can I use SVN over WebDAV PHP then this may be caused by using PHP extensions that are unstable. For example the following configuration caused my lighttpd install to respond sometimes to identical queries with lighttpd? '500 - Internal Server Error' and sometimes with the page requested. The issue was fixed by removing the APD 'extension' line in the relevant PHP configuration file. No, use Apache. If you would like, you can proxy requests <pre> PHP 5.1.6-pl6-gentoo (cgi-cgi) (built: Feb 8 2007 11:14:58) Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies with Advanced PHP Debugger (PAD) v0.9, , by George Schlossnagle </pre> Note that in php5.2.5 there is also this bug http://bugs.php.net/bug.php?id=43295 which has similar symptoms, but needs a patch to Apache through lighttpd using [[Docs_ModProxy|mod_proxy]]. PHP http://cvs.php.net/viewvc.cgi/php-src/main/SAPI.c?r1=1.202.2.7.2.15&r2=1.202.2.7.2.16&pathrev=PHP_5_2&diff_format=u or wait until 5.2.6 since the patch is committed to php's CVS by dimitry. h2. SSL h3. What Microsoft Internet Explorer reports "bad data from server" when surfing an SSL-enabled Lighttpd site This is lighttpd's equivalent to Apache's "Options +!MultiViews"? most likely because of some known bugs in the implementation of SSL in some old versions of MSIE. The current solution (equivalent of using SetEnvIf in Apache) is using the following configuration snippet: See [[MigratingFromApache#MultiViews]] <pre> $HTTP["useragent"] =~ "MSIE" { server.max-keep-alive-requests = 0 } </pre>