以下配置(/etc/lighttpd/lighttpd.conf)似乎重定向到默认页面
$HTTP["host"] == "pool.ntp.org|ch.pool.ntp.org" {
accesslog.filename = "/var/log/lighttpd/pool.ntp.org_access.log"
$HTTP["url"] =~ "^/$" {
url.redirect = ( "" => "https://ntppool.org" )
url.redirect-code = 302
}
}
重定向此流量的正确方法是什么?
输入此内容后,主机文件将 pool.ntp.org 指向该服务器的 IP,结果是一个包含<h1>default</h1>默认服务器内容的页面
我lighttpd在 Ubuntu 上的 docker 容器中运行(作为我的设置中必须始终启动的服务traefik)。我的docker-compose.yml包含:
lighttpd:
image: sebp/lighttpd
container_name: lighttpd
restart: unless-stopped
volumes:
- /srv/docker/traefik/lighttpd/etc/lighttpd.conf:/etc/lighttpd/lighttpd.conf
- /srv/docker/traefik/lighttpd/log/error.log:/var/log/lighttpd/error.log
- /srv/docker/traefik/lighttpd/log/access.log:/var/log/lighttpd/access.log
- /var/www/miniserver/html/:/var/www/html/
ports:
- "80"
tty: true
labels:
- "traefik.enable=true"
- "traefik.http.routers.lighttpd.rule=Host(`foo.rna.nl`)"
- "traefik.http.routers.lighttpd.entrypoints=web"
- "traefik.http.routers.lighttpd.tls=false"
networks:
- proxy
lighttpd工作,为我服务index.html,但是:
# docker logs lighttpd
2022-10-29 12:13:55: (server.c.1568) server started (lighttpd/1.4.64)
我收到启动消息,但没有别的。当我将访问日志定向到文件时,我会在那里获得访问日志条目:
172.26.0.2 foo.rna.nl - [29/Oct/2022:11:53:02 +0000] "GET /index.html HTTP/1.1" 200 37 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.0 Safari/605.1.15"
如何将lighttpd访问日志定向到标准输出?我尝试了这两个:
accesslog.filename = "/proc/self/fd/1"
accesslog.filename = "/dev/stdout"
我的完整lighttpd.conf:
server.modules = (
"mod_indexfile",
"mod_access",
"mod_alias",
"mod_redirect",
"mod_accesslog",
)
server.document-root = "/var/www/html"
#server.errorlog = "/var/log/lighttpd/error.log"
server.port = 80
mimetype.assign = (
".html" => "text/html",
".txt" => "text/plain",
".jpg" => "image/jpeg",
".png" => "image/png"
)
accesslog.filename = "/proc/self/fd/1"
#accesslog.filename = "/dev/stdout"
#accesslog.filename = "/var/log/lighttpd/access.log"
我有一个有趣的条件解析问题要解决,并且还没有在线搜索和查看 lighttpd 文档的运气。其中许多搜索导致了此处提出的类似问题和有用的答案(对于那些问题,让我们看看这个问题是如何运行的:
我在网关路由器(OpenWRT,或 Turris OS,如果您愿意,因为它是 Turris Omnia)上运行 lighttpd,并且它有许多域指向它的方式,作为 LAN 端服务器的反向代理网关。
一般配置是,在形式上,如:
$HTTP["host"] =~ "(a.com|b.com|c.com)$" {
proxy.server = ( "" => ( ( "host" => "..." ) ) )
...
} else $HTTP["host"] =~ "(d.org|e.org)$" {
proxy.server = ( "" => ( ( "host" => "..." ) ) )
...
} else $HTTP["host"] =~ "(f.net|g.net)$" {
proxy.server = ( "" => ( ( "host" => "..." ) ) )
...
}
多年来,这一直是一个梦想。
现在我想要一个特定的路径,所有这些站点都可以直接从这个路由器提供服务。
再次备考:
$HTTP["url"] =~ "^/topdir/subir/" {
server.document-root = "/www/sharedstuff"
}
我可以将它完美地组合如下(并且有效):
$HTTP["url"] =~ "^/topdir/subir/" {
server.document-root = "/www/sharedstuff"
} else {
$HTTP["host"] =~ "(a.com|b.com|c.com)$" {
proxy.server = ( "" => ( ( "host" => "..." ) ) )
...
} else $HTTP["host"] =~ "(d.org|e.org)$" {
proxy.server = ( "" => ( ( "host" => "..." ) ) )
...
} else $HTTP["host"] =~ "(f.net|g.net)$" {
proxy.server = ( "" => ( ( "host" => "..." ) ) )
...
}
}
甜的。
但是,这是我要解决的问题。理想情况下,我希望将$HTTP["url"]条件封装在一个包含的文件中,并将$HTTP["host"]条件封装在另一个文件中,以便我可以:
include "/etc/lighttpd/conf.d/shared.conf" # contains the `$HTTP["url"]` constraint
include "/etc/lighttpd/conf.d/distributed.conf" # contains the `$HTTP["host"]` constraint
我想知道我是否对这里抱有太多期望。因为我想不出也想不出办法。
我想如果shared.conf包含一些语句,例如存在如下配置语句:
$HTTP["url"] =~ "^/topdir/subir/" {
server.document-root = "/www/sharedstuff"
ignore-all-subsequent-host-match-conditions
}
另一个创造性的想法是,如果我们可以重写$HTTP["host"]类似于:
$HTTP["host"] = "null.net"
这样后续的匹配$HTTP["host"] =~ "(a.com|b.com|c.com)$"都失败了,请求保持在本地。
以下是迄今为止探索的一些选项:
不行,因为这些是在加载配置时而不是在处理请求时评估的。
https://redmine.lighttpd.net/projects/1/wiki/docs_configuration#Using-variables
setenv.add-request-header看起来很有吸引力:
https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModSetEnv
如果 inshared.conf我们设置了一个自定义请求标头,也许我们可以使用$REQUEST_HEADER["header"]in对其进行测试distributed.conf:
https://redmine.lighttpd.net/projects/1/wiki/docs_configuration#Conditional-Configuration
但我没有取得任何成功。似乎有这样的条件:
$REQUEST_HEADER["my_header"] == "value_I_set" {
# Do not act as a reverse proxy
} else $HTTP["host"] =~ "(a.com|b.com|c.com)$" {
proxy.server = ( "" => ( ( "host" => "..." ) ) )
...
} else $HTTP["host"] =~ "(d.org|e.org)$" {
proxy.server = ( "" => ( ( "host" => "..." ) ) )
...
} else $HTTP["host"] =~ "(f.net|g.net)$" {
proxy.server = ( "" => ( ( "host" => "..." ) ) )
...
}
根本行不通,我无法真正猜到为什么。很难看到发生了什么,但如果我在条件处理上记录输出,即使对于匹配$REQUEST_HEADER["my_header"]的 URL,它似乎也总是空白:shared.conf
$HTTP["url"] =~ "^/topdir/subir/" {
setenv.add-request-header = ("my_header" => "value_I_set")
}
似乎该条件并未测试 setenv 设置的请求标头,与交付的标头一样多。
BusyBox httpd./cgi-bin/index.cgi如果存在则执行。这类似于index.php但与/cgi-bin/文件夹。例如,我有以下结构:
/api/
cgi-bin/index.cgi
/blog/
cgi-bin/index.cgi
/rss/
cgi-bin/index.cgi
因此,当请求发送时,http://example.com/api/它们实际上是由/www/api/cgi-bin/index.cgi脚本处理的。当被请求http://example.com/blog/时,它被处理,/www/blog/cgi-bin/index.cgi但/blog/rss/路径被处理/www/blog/rss/cgi-bin/index.cgi。
但现在我也想支持 Lighttpd 网络服务器。我怎样才能做到这一点?
这似乎类似于使 lighttpd 从 www.example.com 重定向到 www.example.com/cgi-bin/index.pl但要复杂得多。
我正在尝试使用我自己的内部 Windows CA 使用 lighttpd 启用客户端证书身份验证。免责声明:我对 PKI 还是很陌生:D
我的 homelab 中有一个离线根 CA 和一个从属 CA。我已经在受信任的 CA 下将根 CA 导入 Firefox。对于客户端证书,我使用 openssl 生成了一个 CSR,我使用启用了客户端身份验证的模板与我的从属 CA 签署了该 CSR。此客户端证书也作为 pfx 文件导入 Firefox。我还配置了 lighttpd,如下所示:
ssl.pemfile = "/etc/lighttpd/certs/lighttpd.pem"
ssl.ca-file = "/etc/lighttpd/certs/ca.cer"
ssl.verifyclient.activate = "enable"
ssl.verifyclient.enforce = "enable"
ssl.verifyclient.username = "SSL_CLIENT_S_DN_CN"
我收到以下错误:
火狐错误:
Peer does not recognize and trust the CA that issued your certificate.
Error code: SSL_ERROR_UNKNOWN_CA_ALERT
Lighttpd 错误:
SSL: 1 error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
SSL: 1 -1 error:140E0197:SSL routines:SSL_shutdown:shutdown while in ini
其他:
Acceptable client certificate CA names
DC = org, DC = homelab, CN = homelab-V-2019-ICA-CA
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
钙化酶
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5a:00:00:00:02:47:18:65:49:6e:51:2a:56:00:00:00:00:00:02
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=V-2019-RCA-CA
Validity
Not Before: Nov 24 06:00:19 2020 GMT
Not After : Nov 24 06:10:19 2021 GMT
Subject: DC=org, DC=homelab, CN=homelab-V-2019-ICA-CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
客户证书
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
56:00:00:00:23:c0:0e:f2:75:d8:de:ef:65:00:00:00:00:00:23
Signature Algorithm: sha256WithRSAEncryption
Issuer: DC = org, DC = homelab, CN = homelab-V-2019-ICA-CA
Validity
Not Before: Dec 1 23:54:33 2020 GMT
Not After : Nov 24 06:10:19 2021 GMT
Subject: C = US, ST = Rhode Island, L = Providence, O = HOMELAB, OU = HOMELAB, CN = homelab-V-2019-ICA-CA.homelab.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
...
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
1.3.6.1.4.1.311.21.10:
不知道从这里去哪里。任何帮助或文章将不胜感激。:)
我有一个www.somewebsite.com托管在 lighttpd 1.4服务器上的网站域,该服务器配置在具有本地 IPserver.port = 8080的设备(A)192.168.1.26上,我想使用反向代理来访问在不同设备(B)上运行192.168.1.30:80/myapp的另一台服务器为了被访问为
somewebsite.com/myapp
在设备(A)服务器配置中,我已启用mod_proxy
并尝试添加
$HTTP["url"] =~ "^.*myapp" {
proxy.server = ( "" =>
(( "(www.)?somewebsite.com" => "192.168.1.30", "port" => 80 ))
)
}
但是当我尝试访问时出现内部服务器错误页面somewebsite.com/myapp
我也试过
$HTTP["url"] =~ "(^/myapp/)" {
proxy.server = ( "" => ("" => ( "(www.)?somewebsite.com" => "127.0.0.1", "port" => 8080 )))
}
$SERVER["socket"] == ":81" {
url.rewrite-once = ( "^/myapp/(.*)$" => "/$1" )
proxy.server = ( "" => ( "" => ( "(www.)?somewebsite.com" => "192.168.1.30", "port" => 80 )))
}
但结果更糟,服务器完全崩溃
systemctl status lighttpd
● lighttpd.service - Lightning Fast Webserver With Light System Requirements
Loaded: loaded (/usr/lib/systemd/system/lighttpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Thu 2020-09-24 15:56:39 EDT; 2s ago
Process: 6152 ExecStart=/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf (code=exited, status=255)
Main PID: 6152 (code=exited, status=255)
Sep 24 15:56:39 js.dc.localsystemd[1]: Started Lightning Fast Webserver With Light System Requirements.
Sep 24 15:56:39 js.dc.locallighttpd[6152]: 2020-09-24 15:56:39: (server.c.752) opening errorlog '/var/log/lighttpd/error.log' failed: Permission denied
Sep 24 15:56:39 js.dc.locallighttpd[6152]: 2020-09-24 15:56:39: (server.c.1485) Opening errorlog failed. Going down.
Sep 24 15:56:39 js.dc.localsystemd[1]: lighttpd.service: Main process exited, code=exited, status=255/n/a
Sep 24 15:56:39 js.dc.localsystemd[1]: lighttpd.service: Failed with result 'exit-code'.
dir权限如下:
]# ls -la /var/log/lighttpd/
total 4
drw-rw-rw- 2 lighttpd lighttpd 41 Sep 24 15:54 .
drwxr-xr-x. 8 root root 4096 Sep 24 14:49 ..
-rw-rw-rw- 1 lighttpd lighttpd 0 Sep 24 15:00 access.log
-rw-rw-rw- 1 lighttpd lighttpd 0 Sep 24 15:54 error.log
我已经删除并重新创建了该文件。没有启用selinux。不知道还有什么可以尝试的。
我正在尝试在 lighttpd 上设置 webdav,但我得到了一个 lighttpd.conf:解析器在文件末尾附近的某个地方失败。webdav 配置位于文件末尾:这里是-
$HTTP["host"] == "www.markmhart.com" {
server.document-root = "/var/www/servers/www.markmhart.com/pages/"
$HTTP["url"] =~ "^/download/" {
dir-listing.activate = "enable"
}
alias.url = ("/media" => "/media/mark/media")
$HTTP["url"] =~ "^/media($|/)" {
webdav.activate = "enable"
webdav.is-readonly = "disable"
webdav.sqlite-db-name = "/var/run/lighttpd/lighttpd.webdav_lock.db"
auth.backend = "htpasswd"
auth.backend.htpasswd.userfile = "/var/www/servers/www.markmhart.com/passwd.dav"
auth.require = ( "" => ( "method" => "basic",
"realm" => "webdav",
"require" => "valid-user" ))
}
在此先感谢您的帮助。
我正在使用 AWS 的 Blackboard AMI,但无法让 lighttpd 在其上运行。我不断得到502。
我跑service lighttpd status了,这让我回来了:
● lighttpd.service - Lighttpd Daemon
Loaded: loaded (/lib/systemd/system/lighttpd.service; disabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2020-03-02 09:33:49 EST; 4min 31s ago
Process: 4770 ExecStart=/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf (code=exited, status=255)
Process: 4763 ExecStartPre=/usr/sbin/lighttpd -t -f /etc/lighttpd/lighttpd.conf (code=exited, status=0/SUCCESS)
Main PID: 4770 (code=exited, status=255)
Mar 02 09:33:49 ip-172-31-27-103 systemd[1]: Stopped Lighttpd Daemon.
Mar 02 09:33:49 ip-172-31-27-103 systemd[1]: Starting Lighttpd Daemon...
Mar 02 09:33:49 ip-172-31-27-103 lighttpd[4763]: Syntax OK
Mar 02 09:33:49 ip-172-31-27-103 systemd[1]: Started Lighttpd Daemon.
Mar 02 09:33:49 ip-172-31-27-103 lighttpd[4770]: 2020-03-02 09:33:49: (network.c.409) can't bind to port: 443 Address already in use
Mar 02 09:33:49 ip-172-31-27-103 systemd[1]: lighttpd.service: Main process exited, code=exited, status=255/n/a
Mar 02 09:33:49 ip-172-31-27-103 systemd[1]: lighttpd.service: Unit entered failed state.
Mar 02 09:33:49 ip-172-31-27-103 systemd[1]: lighttpd.service: Failed with result 'exit-code'.
然后我跑去netstat -tulpn查看正在使用的内容443并返回:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1134/sshd
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 1269/postgres
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 1895/nginx.conf
tcp6 0 0 :::22 :::* LISTEN 1134/sshd
tcp6 0 0 :::9900 :::* LISTEN 1963/node
udp 0 0 0.0.0.0:68 0.0.0.0:* 903/dhclient
udp 0 0 172.31.27.103:123 0.0.0.0:* 1230/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 1230/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 1230/ntpd
udp6 0 0 fe80::cc5:7dff:fee9:123 :::* 1230/ntpd
udp6 0 0 ::1:123 :::* 1230/ntpd
udp6 0 0 :::123 :::* 1230/ntpd
然后我尝试了各种命令来查看它的状态,nginx但它们都返回它没有在我的机器上运行。
Failed to restart nginx.service: Unit nginx.service not found.
sudo: /usr/sbin/nginx: command not found
可以nginx在另一个服务下运行,或者我怎样才能让我的服务器正常运行?没有为 AMI 提供支持。
更新ps -efl|grep 1895 | grep -v "grep"返回:
4 S root 1895 1864 0 80 0 - 14857 sigsus 08:07 ? 00:00:00 nginx: master process /usr/local/openresty/bin/openresty -c /usr/local/etc/openresty/nginx.conf
5 S nobody 1911 1895 0 80 0 - 15113 ep_pol 08:07 ? 00:00:00 nginx: worker process
5 S nobody 1912 1895 0 80 0 - 15113 ep_pol 08:07 ? 00:00:00 nginx: worker process
我正在尝试从头开始在 lighttpd 上设置letsencrypt。我目前在 16.10 xenial 上运行 lighttpd,并希望将现有站点从 http 转移到 https。我知道 Apache 和 ngnix 有一个自动设置过程,但我不愿意把东西移过来。我有六个主机名,在一对使用虚拟主机托管的域上,每个主机都有单独的块。
我该怎么做?