Configuring Lighttpd
-
- Posts: 9
- Joined: Wed Nov 25, 2020 7:09 pm
Configuring Lighttpd
I have a basic lighttpd instance running and I have wondercms installed under .../html/ next to the main domain and two subdomains. Currently Firefox spawns new tabs forever. I see that I need to make some changes in lighttpd.conf to replace the .htaccess file.
The suggested changes date back several years. Are they still valid?
Any suggestions would be welcome.
The suggested changes date back several years. Are they still valid?
Any suggestions would be welcome.
Re: Configuring Lighttpd
I'm no Lighttpd expert, but I believe the below should suffice (provides clean URLs and denies direct access to database.js and cache.json).
You can try visiting yourDomain.com/data/database.js and /data/cache.json to verify it's not public/accessible.
Additionally, when you visit /example, it should work (meaning the clean URLs also work).
Let me know if this worked for you. If it does, we'll add this to our docs/wiki.
Code: Select all
url.rewrite-once = (
"^/([^.?]*)$" => "/index.php?page=$1",
)
$HTTP["querystring"] == "database.js" {
url.access-deny = ("")
}
$HTTP["querystring"] == "cache.json" {
url.access-deny = ("")
}
Additionally, when you visit /example, it should work (meaning the clean URLs also work).
Let me know if this worked for you. If it does, we'll add this to our docs/wiki.
-
- Posts: 9
- Joined: Wed Nov 25, 2020 7:09 pm
Re: Configuring Lighttpd
I think it is almost there. When I try index.html only a blank page is displayed. I placed an index.html and a phpinfo.php file in the the home folder and they both open correctly. I am looking for an example file, but guess that it is created by the index.php file.
i added the code you provided into the appropriate host block and it is partially working. I cannot reach the blocked files, so that seems to work, although other settings are also probably providing protection.
I tried to add my lighttpd file as an attachment (renamed to lighttpdconf.txt) but it would not load. It is in line below. There are quite a few modules loaded. Being new to lighttpd, I do not yet know what everything does.
When everything is working, I would be delighted to provide an example config file.
server.modules = (
"mod_indexfile",
"mod_access",
"mod_accesslog",
"mod_fastcgi",
"mod_alias",
"mod_auth",
"mod_rewrite",
"mod_redirect",
"mod_openssl",
"mod_compress",
"mod_dirlisting",
"mod_staticfile",
)
# All virtual hosts are in /home/mypath/HTML/
# HTTP defaults
server.document-root = "/home/mypath/HTML/mydomain/"
server.upload-dirs = ( "/var/cache/lighttpd/uploads/" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 80
server.bind = "192.168.1.10"
#HTTPS settings
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.ca-file = "/etc/letsencrypt/live/mydomain/fullchain.pem"
ssl.pemfile = "/etc/letsencrypt/live/mydomain/combined.pem"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
# Direct to main domain and then each subdomain
$HTTP["host"] =~ "mydomain" {
server.document-root = "/home/mypath/HTML/wondercms"
url.rewrite-once = (
"^/([^.?]*)$" => "/index.php?page=$1"
)
$HTTP["querystring"] == "database.js" {
url.access-deny = ("")
}
$HTTP["querystring"] == "cache.json" {
url.access-deny = ("")
}
}
$HTTP["host"] =~ "backup.mydomain" {
server.document-root = "/home/mypath/HTML/BackUp/"
}
$HTTP["host"] =~ "kodi.mydomain" {
server.document-root = "/home/mypath/HTML/Kodi/"
}
$HTTP["host"] =~ "nextcloud.mydomain" {
server.document-root = "/home/mypath/HTML/NextCloud/"
}
}
# strict parsing and normalization of URL for consistency and security
# https://redmine.lighttpd.net/projects/l ... ptsDetails
# (might need to explicitly set "url-path-2f-decode" = "disable"
# if a specific application is encoding URLs inside url-path)
server.http-parseopts = (
"header-strict" => "enable",# default
"host-strict" => "enable",# default
"host-normalize" => "enable",# default
"url-normalize-unreserved"=> "enable",# recommended highly
"url-normalize-required" => "enable",# recommended
"url-ctrls-reject" => "enable",# recommended
"url-path-2f-decode" => "enable",# recommended highly (unless breaks app)
#"url-path-2f-reject" => "enable",
"url-path-dotseg-remove" => "enable",# recommended highly (unless breaks app)
#"url-path-dotseg-reject" => "enable",
"url-query-20-plus" => "enable",# consistency in query string
)
index-file.names = ( "index.html", "index.php" )
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".pl", ".fcgi", ".rb", "~" )
compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )
#Do not use below as it clashes with include-shell below
#mimetype.assign += (
# ".html" => "text/html",
# ".txt" => "text/plain",
# ".jpg" => "image/jpg",
# ".png" => "image/png",
#)
# default listening port for IPv6 falls back to the IPv4 port
## Use ipv6 if available
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.conf.pl"
include "/etc/lighttpd/conf-enabled/*.conf"
fastcgi.server = ( ".php" => ((
"bin-path" => "/usr/bin/php-cgi",
"socket" => "/tmp/php.socket"
)))
i added the code you provided into the appropriate host block and it is partially working. I cannot reach the blocked files, so that seems to work, although other settings are also probably providing protection.
I tried to add my lighttpd file as an attachment (renamed to lighttpdconf.txt) but it would not load. It is in line below. There are quite a few modules loaded. Being new to lighttpd, I do not yet know what everything does.
When everything is working, I would be delighted to provide an example config file.
server.modules = (
"mod_indexfile",
"mod_access",
"mod_accesslog",
"mod_fastcgi",
"mod_alias",
"mod_auth",
"mod_rewrite",
"mod_redirect",
"mod_openssl",
"mod_compress",
"mod_dirlisting",
"mod_staticfile",
)
# All virtual hosts are in /home/mypath/HTML/
# HTTP defaults
server.document-root = "/home/mypath/HTML/mydomain/"
server.upload-dirs = ( "/var/cache/lighttpd/uploads/" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 80
server.bind = "192.168.1.10"
#HTTPS settings
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.ca-file = "/etc/letsencrypt/live/mydomain/fullchain.pem"
ssl.pemfile = "/etc/letsencrypt/live/mydomain/combined.pem"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
# Direct to main domain and then each subdomain
$HTTP["host"] =~ "mydomain" {
server.document-root = "/home/mypath/HTML/wondercms"
url.rewrite-once = (
"^/([^.?]*)$" => "/index.php?page=$1"
)
$HTTP["querystring"] == "database.js" {
url.access-deny = ("")
}
$HTTP["querystring"] == "cache.json" {
url.access-deny = ("")
}
}
$HTTP["host"] =~ "backup.mydomain" {
server.document-root = "/home/mypath/HTML/BackUp/"
}
$HTTP["host"] =~ "kodi.mydomain" {
server.document-root = "/home/mypath/HTML/Kodi/"
}
$HTTP["host"] =~ "nextcloud.mydomain" {
server.document-root = "/home/mypath/HTML/NextCloud/"
}
}
# strict parsing and normalization of URL for consistency and security
# https://redmine.lighttpd.net/projects/l ... ptsDetails
# (might need to explicitly set "url-path-2f-decode" = "disable"
# if a specific application is encoding URLs inside url-path)
server.http-parseopts = (
"header-strict" => "enable",# default
"host-strict" => "enable",# default
"host-normalize" => "enable",# default
"url-normalize-unreserved"=> "enable",# recommended highly
"url-normalize-required" => "enable",# recommended
"url-ctrls-reject" => "enable",# recommended
"url-path-2f-decode" => "enable",# recommended highly (unless breaks app)
#"url-path-2f-reject" => "enable",
"url-path-dotseg-remove" => "enable",# recommended highly (unless breaks app)
#"url-path-dotseg-reject" => "enable",
"url-query-20-plus" => "enable",# consistency in query string
)
index-file.names = ( "index.html", "index.php" )
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".pl", ".fcgi", ".rb", "~" )
compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )
#Do not use below as it clashes with include-shell below
#mimetype.assign += (
# ".html" => "text/html",
# ".txt" => "text/plain",
# ".jpg" => "image/jpg",
# ".png" => "image/png",
#)
# default listening port for IPv6 falls back to the IPv4 port
## Use ipv6 if available
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.conf.pl"
include "/etc/lighttpd/conf-enabled/*.conf"
fastcgi.server = ( ".php" => ((
"bin-path" => "/usr/bin/php-cgi",
"socket" => "/tmp/php.socket"
)))
-
- Posts: 9
- Joined: Wed Nov 25, 2020 7:09 pm
Re: Configuring Lighttpd
I have just changed owner to www-data and permissions to 755.
I now see 'Sorry, page not found. ' on the basic theme.
It seems to be coming to life.
I now see 'Sorry, page not found. ' on the basic theme.
It seems to be coming to life.
-
- Posts: 9
- Joined: Wed Nov 25, 2020 7:09 pm
Re: Configuring Lighttpd
It is now working. I have logged in and am learning how to set it up.
I'll provide a detailed set of instructions in a day or two.
Thanks for the lighttpd configuration code.
I'll provide a detailed set of instructions in a day or two.
Thanks for the lighttpd configuration code.
-
- Posts: 9
- Joined: Wed Nov 25, 2020 7:09 pm
Re: Configuring Lighttpd
I found that I had to remove:
because it prevented the user from reaching the subdomains.
Without it both http and https requests went to the correct place as https requests.
The lighttpd lines below define allowable index file names and deny access to files with certain endings.
Code: Select all
url.rewrite-once = (
"^/([^.?]*)$" => "/index.php?page=$1"
)
Without it both http and https requests went to the correct place as https requests.
The lighttpd lines below define allowable index file names and deny access to files with certain endings.
Code: Select all
index-file.names = ( "index.html", "index.php" )
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".pl", ".fcgi", ".rb", "~"
Re: Configuring Lighttpd
When you removed the following:
Do the clean URLs still work for your WCMS website? Like example.com/home example.com/test?
If eveything works as expected, this will be added to the documentation.
Code: Select all
url.rewrite-once = (
"^/([^.?]*)$" => "/index.php?page=$1"
)
If eveything works as expected, this will be added to the documentation.
-
- Posts: 9
- Joined: Wed Nov 25, 2020 7:09 pm
Re: Configuring Lighttpd
Sorry I've been quiet for a while. I had a few problems and reinstalled it.
You are correct that I can't log in to Home, Example or loginURL.
I get a 404 Not found.
I first thought it was the Regex because it did not work in my Regex tester, and changed it to
It gives the text after the last / as $2 and shows https://mydomain.co.uk/home in the bottom left of the screen when home is hovered over. (As it did before I changed it.)
I have changed all permissions to 755 and am now stuck. I have again reinstalled and made sure the permissions were correct before I visited the site. I'll look through the nginx stuff for clues, and get back when I am successful.
You are correct that I can't log in to Home, Example or loginURL.
I get a 404 Not found.
I first thought it was the Regex because it did not work in my Regex tester, and changed it to
Code: Select all
url.rewrite-once = (
"(/.*(/)(.*))$" => "/index.php?page=$2"
)
I have changed all permissions to 755 and am now stuck. I have again reinstalled and made sure the permissions were correct before I visited the site. I'll look through the nginx stuff for clues, and get back when I am successful.
Re: Configuring Lighttpd
No problem at all.
What's wrong when you include the code? Isn't https://mydomain.co.uk/home the correct behaviour and what happens when you click on it?
The last time you mentioned it was preventing from reaching subdomains and I fully understand that? If you can, please shortly describe what the expected/wanted behaviour is and what the issue is at this stage.
If you'd like faster feedback, just on our Slack channel: https://wondercms.slack.com/
What's wrong when you include the code? Isn't https://mydomain.co.uk/home the correct behaviour and what happens when you click on it?
The last time you mentioned it was preventing from reaching subdomains and I fully understand that? If you can, please shortly describe what the expected/wanted behaviour is and what the issue is at this stage.
If you'd like faster feedback, just on our Slack channel: https://wondercms.slack.com/
-
- Posts: 9
- Joined: Wed Nov 25, 2020 7:09 pm
Re: Configuring Lighttpd
I get the front page, but when I click on one of the three links, I get a 404 Not Found.
I'll play with it a bit and get back to you.
I'll play with it a bit and get back to you.