Page 1 of 2

Configuring Lighttpd

Posted: Wed Nov 25, 2020 7:30 pm
by Windsurfer
I have a basic lighttpd instance running and I have wondercms installed under .../html/ next to the main domain and two subdomains. Currently Firefox spawns new tabs forever. I see that I need to make some changes in lighttpd.conf to replace the .htaccess file.

The suggested changes date back several years. Are they still valid?
Any suggestions would be welcome.

Re: Configuring Lighttpd

Posted: Wed Nov 25, 2020 8:22 pm
by wiz
I'm no Lighttpd expert, but I believe the below should suffice (provides clean URLs and denies direct access to database.js and cache.json).

Code: Select all

url.rewrite-once = (
    "^/([^.?]*)$" => "/index.php?page=$1",
)

$HTTP["querystring"] == "database.js" {
    url.access-deny = ("")
}

$HTTP["querystring"] == "cache.json" {
    url.access-deny = ("")
}

You can try visiting yourDomain.com/data/database.js and /data/cache.json to verify it's not public/accessible.
Additionally, when you visit /example, it should work (meaning the clean URLs also work).

Let me know if this worked for you. If it does, we'll add this to our docs/wiki.

Re: Configuring Lighttpd

Posted: Thu Nov 26, 2020 4:35 pm
by Windsurfer
I think it is almost there. When I try index.html only a blank page is displayed. I placed an index.html and a phpinfo.php file in the the home folder and they both open correctly. I am looking for an example file, but guess that it is created by the index.php file.

i added the code you provided into the appropriate host block and it is partially working. I cannot reach the blocked files, so that seems to work, although other settings are also probably providing protection.

I tried to add my lighttpd file as an attachment (renamed to lighttpdconf.txt) but it would not load. It is in line below. There are quite a few modules loaded. Being new to lighttpd, I do not yet know what everything does.

When everything is working, I would be delighted to provide an example config file.

server.modules = (
"mod_indexfile",
"mod_access",
"mod_accesslog",
"mod_fastcgi",
"mod_alias",
"mod_auth",
"mod_rewrite",
"mod_redirect",
"mod_openssl",
"mod_compress",
"mod_dirlisting",
"mod_staticfile",
)

# All virtual hosts are in /home/mypath/HTML/
# HTTP defaults
server.document-root = "/home/mypath/HTML/mydomain/"
server.upload-dirs = ( "/var/cache/lighttpd/uploads/" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 80
server.bind = "192.168.1.10"

#HTTPS settings
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.ca-file = "/etc/letsencrypt/live/mydomain/fullchain.pem"
ssl.pemfile = "/etc/letsencrypt/live/mydomain/combined.pem"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"

# Direct to main domain and then each subdomain
$HTTP["host"] =~ "mydomain" {
server.document-root = "/home/mypath/HTML/wondercms"

url.rewrite-once = (
"^/([^.?]*)$" => "/index.php?page=$1"
)

$HTTP["querystring"] == "database.js" {
url.access-deny = ("")
}

$HTTP["querystring"] == "cache.json" {
url.access-deny = ("")
}
}

$HTTP["host"] =~ "backup.mydomain" {
server.document-root = "/home/mypath/HTML/BackUp/"
}

$HTTP["host"] =~ "kodi.mydomain" {
server.document-root = "/home/mypath/HTML/Kodi/"
}

$HTTP["host"] =~ "nextcloud.mydomain" {
server.document-root = "/home/mypath/HTML/NextCloud/"
}
}

# strict parsing and normalization of URL for consistency and security
# https://redmine.lighttpd.net/projects/l ... ptsDetails
# (might need to explicitly set "url-path-2f-decode" = "disable"
# if a specific application is encoding URLs inside url-path)
server.http-parseopts = (
"header-strict" => "enable",# default
"host-strict" => "enable",# default
"host-normalize" => "enable",# default
"url-normalize-unreserved"=> "enable",# recommended highly
"url-normalize-required" => "enable",# recommended
"url-ctrls-reject" => "enable",# recommended
"url-path-2f-decode" => "enable",# recommended highly (unless breaks app)
#"url-path-2f-reject" => "enable",
"url-path-dotseg-remove" => "enable",# recommended highly (unless breaks app)
#"url-path-dotseg-reject" => "enable",
"url-query-20-plus" => "enable",# consistency in query string
)

index-file.names = ( "index.html", "index.php" )
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".pl", ".fcgi", ".rb", "~" )

compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )

#Do not use below as it clashes with include-shell below
#mimetype.assign += (
# ".html" => "text/html",
# ".txt" => "text/plain",
# ".jpg" => "image/jpg",
# ".png" => "image/png",
#)

# default listening port for IPv6 falls back to the IPv4 port
## Use ipv6 if available
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.conf.pl"
include "/etc/lighttpd/conf-enabled/*.conf"

fastcgi.server = ( ".php" => ((
"bin-path" => "/usr/bin/php-cgi",
"socket" => "/tmp/php.socket"
)))

Re: Configuring Lighttpd

Posted: Thu Nov 26, 2020 6:25 pm
by Windsurfer
I have just changed owner to www-data and permissions to 755.
I now see 'Sorry, page not found. :(' on the basic theme.
It seems to be coming to life.

Re: Configuring Lighttpd

Posted: Thu Nov 26, 2020 6:43 pm
by Windsurfer
It is now working. I have logged in and am learning how to set it up.
I'll provide a detailed set of instructions in a day or two.
Thanks for the lighttpd configuration code.

Re: Configuring Lighttpd

Posted: Sat Nov 28, 2020 3:30 pm
by Windsurfer
I found that I had to remove:

Code: Select all

url.rewrite-once = (
"^/([^.?]*)$" => "/index.php?page=$1"
)
because it prevented the user from reaching the subdomains.
Without it both http and https requests went to the correct place as https requests.

The lighttpd lines below define allowable index file names and deny access to files with certain endings.

Code: Select all

index-file.names = ( "index.html", "index.php" )
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".pl", ".fcgi", ".rb", "~"

Re: Configuring Lighttpd

Posted: Sun Nov 29, 2020 11:11 am
by wiz
When you removed the following:

Code: Select all

url.rewrite-once = (
"^/([^.?]*)$" => "/index.php?page=$1"
)
Do the clean URLs still work for your WCMS website? Like example.com/home example.com/test?
If eveything works as expected, this will be added to the documentation.

Re: Configuring Lighttpd

Posted: Mon Nov 30, 2020 8:22 pm
by Windsurfer
Sorry I've been quiet for a while. I had a few problems and reinstalled it.
You are correct that I can't log in to Home, Example or loginURL.
I get a 404 Not found.
I first thought it was the Regex because it did not work in my Regex tester, and changed it to

Code: Select all

url.rewrite-once = (
"(/.*(/)(.*))$" => "/index.php?page=$2"
)
It gives the text after the last / as $2 and shows https://mydomain.co.uk/home in the bottom left of the screen when home is hovered over. (As it did before I changed it.)
I have changed all permissions to 755 and am now stuck. I have again reinstalled and made sure the permissions were correct before I visited the site. I'll look through the nginx stuff for clues, and get back when I am successful.

Re: Configuring Lighttpd

Posted: Mon Nov 30, 2020 11:30 pm
by wiz
No problem at all.

What's wrong when you include the code? Isn't https://mydomain.co.uk/home the correct behaviour and what happens when you click on it?

The last time you mentioned it was preventing from reaching subdomains and I fully understand that? If you can, please shortly describe what the expected/wanted behaviour is and what the issue is at this stage.

If you'd like faster feedback, just on our Slack channel: https://wondercms.slack.com/

Re: Configuring Lighttpd

Posted: Tue Dec 01, 2020 5:40 pm
by Windsurfer
I get the front page, but when I click on one of the three links, I get a 404 Not Found.

I'll play with it a bit and get back to you.