diff options
Diffstat (limited to 'www-servers/lighttpd/files')
-rw-r--r-- | www-servers/lighttpd/files/1.4.20/03_all_lighttpd-1.4.11-errorlog-pipe.diff | 175 | ||||
-rw-r--r-- | www-servers/lighttpd/files/1.4.20/04_all_1.4.x_tls_server_name_indication.diff | 324 | ||||
-rw-r--r-- | www-servers/lighttpd/files/conf/lighttpd.conf | 321 | ||||
-rw-r--r-- | www-servers/lighttpd/files/conf/mime-types.conf | 76 | ||||
-rw-r--r-- | www-servers/lighttpd/files/conf/mod_cgi.conf | 33 | ||||
-rw-r--r-- | www-servers/lighttpd/files/conf/mod_fastcgi.conf | 18 | ||||
-rw-r--r-- | www-servers/lighttpd/files/conf/mod_fastcgi.conf-1.4.13-r2 | 17 | ||||
-rw-r--r-- | www-servers/lighttpd/files/lighttpd.confd | 12 | ||||
-rw-r--r-- | www-servers/lighttpd/files/lighttpd.initd-1.4.13-r3 | 67 | ||||
-rw-r--r-- | www-servers/lighttpd/files/lighttpd.logrotate | 17 | ||||
-rw-r--r-- | www-servers/lighttpd/files/spawn-fcgi.confd | 35 | ||||
-rw-r--r-- | www-servers/lighttpd/files/spawn-fcgi.initd | 51 |
12 files changed, 1146 insertions, 0 deletions
diff --git a/www-servers/lighttpd/files/1.4.20/03_all_lighttpd-1.4.11-errorlog-pipe.diff b/www-servers/lighttpd/files/1.4.20/03_all_lighttpd-1.4.11-errorlog-pipe.diff new file mode 100644 index 0000000..5133fea --- /dev/null +++ b/www-servers/lighttpd/files/1.4.20/03_all_lighttpd-1.4.11-errorlog-pipe.diff @@ -0,0 +1,175 @@ +Initial patch from http://trac.lighttpd.net/trac/ticket/296 +Updated to apply against 1.4.20 by hoffie +Upstream will only accept it once it has been changed to make the pipe logging more generic + +diff -r 447bac6969ef src/base.h +--- a/src/base.h Tue Aug 19 18:04:17 2008 +0200 ++++ b/src/base.h Tue Aug 19 19:45:00 2008 +0200 +@@ -530,7 +530,7 @@ + + /* the errorlog */ + int errorlog_fd; +- enum { ERRORLOG_STDERR, ERRORLOG_FILE, ERRORLOG_SYSLOG } errorlog_mode; ++ enum { ERRORLOG_STDERR, ERRORLOG_FILE, ERRORLOG_SYSLOG, ERRORLOG_PIPE } errorlog_mode; + buffer *errorlog_buf; + + fdevents *ev, *ev_ins; +diff -r 447bac6969ef src/log.c +--- a/src/log.c Tue Aug 19 18:04:17 2008 +0200 ++++ b/src/log.c Tue Aug 19 19:45:00 2008 +0200 +@@ -57,10 +57,11 @@ + /** + * open the errorlog + * +- * we have 3 possibilities: ++ * we have 4 possibilities: + * - stderr (default) + * - syslog + * - logfile ++ * - pipe + * + * if the open failed, report to the user and die + * +@@ -79,21 +80,80 @@ + srv->errorlog_mode = ERRORLOG_SYSLOG; + } else if (!buffer_is_empty(srv->srvconf.errorlog_file)) { + const char *logfile = srv->srvconf.errorlog_file->ptr; ++ if (logfile[0] == '|') { ++#ifdef HAVE_FORK ++ /* create write pipe and spawn process */ + +- if (-1 == (srv->errorlog_fd = open(logfile, O_APPEND | O_WRONLY | O_CREAT | O_LARGEFILE, 0644))) { +- log_error_write(srv, __FILE__, __LINE__, "SSSS", ++ int to_log_fds[2]; ++ int fd; ++ pid_t pid; ++ ++ if (pipe(to_log_fds)) { ++ log_error_write(srv, __FILE__, __LINE__, "ss", ++ "pipe failed: ", strerror(errno)); ++ return -1; ++ } ++ ++ /* fork, execve */ ++ switch (pid = fork()) { ++ case 0: ++ /* child */ ++ ++ close(STDIN_FILENO); ++ dup2(to_log_fds[0], STDIN_FILENO); ++ close(to_log_fds[0]); ++ /* not needed */ ++ close(to_log_fds[1]); ++ ++ /* we don't need the client socket */ ++ for (fd = 3; fd < 256; fd++) { ++ close(fd); ++ } ++ ++ /* exec the log-process (skip the | ) ++ * ++ */ ++ ++ execl("/bin/sh", "sh", "-c", logfile + 1, NULL); ++ ++ log_error_write(srv, __FILE__, __LINE__, "sss", ++ "spawning log-process failed: ", ++ strerror(errno), logfile + 1); ++ ++ exit(-1); ++ break; ++ case -1: ++ /* error */ ++ log_error_write(srv, __FILE__, __LINE__, "ss", "fork failed:", strerror(errno)); ++ break; ++ default: ++ close(to_log_fds[0]); ++ ++ srv->errorlog_fd = to_log_fds[1]; ++ ++ break; ++ } ++ srv->errorlog_mode = ERRORLOG_PIPE; ++#else ++ log_error_write(srv, __FILE__, __LINE__, "SSS", ++ "opening errorlog '", logfile,"' impossible"); ++ return -1; ++#endif ++ } else { ++ if (-1 == (srv->errorlog_fd = open(logfile, O_APPEND | O_WRONLY | O_CREAT | O_LARGEFILE, 0644))) { ++ log_error_write(srv, __FILE__, __LINE__, "SSSS", + "opening errorlog '", logfile, + "' failed: ", strerror(errno)); + +- return -1; ++ return -1; ++ } ++ srv->errorlog_mode = ERRORLOG_FILE; + } + #ifdef FD_CLOEXEC + /* close fd on exec (cgi) */ + fcntl(srv->errorlog_fd, F_SETFD, FD_CLOEXEC); + #endif +- srv->errorlog_mode = ERRORLOG_FILE; + } +- + log_error_write(srv, __FILE__, __LINE__, "s", "server started"); + + #ifdef HAVE_VALGRIND_VALGRIND_H +@@ -122,7 +182,7 @@ + */ + + int log_error_cycle(server *srv) { +- /* only cycle if we are not in syslog-mode */ ++ /* only cycle if the error log is a file */ + + if (srv->errorlog_mode == ERRORLOG_FILE) { + const char *logfile = srv->srvconf.errorlog_file->ptr; +@@ -154,6 +214,7 @@ + + int log_error_close(server *srv) { + switch(srv->errorlog_mode) { ++ case ERRORLOG_PIPE: /* fall through */ + case ERRORLOG_FILE: + close(srv->errorlog_fd); + break; +@@ -173,6 +234,7 @@ + va_list ap; + + switch(srv->errorlog_mode) { ++ case ERRORLOG_PIPE: + case ERRORLOG_FILE: + case ERRORLOG_STDERR: + /* cache the generated timestamp */ +@@ -257,6 +319,7 @@ + va_end(ap); + + switch(srv->errorlog_mode) { ++ case ERRORLOG_PIPE: /* fall through */ + case ERRORLOG_FILE: + buffer_append_string_len(srv->errorlog_buf, CONST_STR_LEN("\n")); + write(srv->errorlog_fd, srv->errorlog_buf->ptr, srv->errorlog_buf->used - 1); +diff -r 447bac6969ef src/mod_cgi.c +--- a/src/mod_cgi.c Tue Aug 19 18:04:17 2008 +0200 ++++ b/src/mod_cgi.c Tue Aug 19 19:45:00 2008 +0200 +@@ -781,7 +781,7 @@ + * + * we feed the stderr of the CGI to our errorlog, if possible + */ +- if (srv->errorlog_mode == ERRORLOG_FILE) { ++ if ((srv->errorlog_mode == ERRORLOG_FILE) || (srv->errorlog_mode == ERRORLOG_PIPE)) { + close(STDERR_FILENO); + dup2(srv->errorlog_fd, STDERR_FILENO); + } +diff -r 447bac6969ef src/mod_rrdtool.c +--- a/src/mod_rrdtool.c Tue Aug 19 18:04:17 2008 +0200 ++++ b/src/mod_rrdtool.c Tue Aug 19 19:45:00 2008 +0200 +@@ -134,7 +134,7 @@ + + close(STDERR_FILENO); + +- if (srv->errorlog_mode == ERRORLOG_FILE) { ++ if ((srv->errorlog_mode == ERRORLOG_FILE) || (srv->errorlog_mode == ERRORLOG_PIPE)) { + dup2(srv->errorlog_fd, STDERR_FILENO); + close(srv->errorlog_fd); + } diff --git a/www-servers/lighttpd/files/1.4.20/04_all_1.4.x_tls_server_name_indication.diff b/www-servers/lighttpd/files/1.4.20/04_all_1.4.x_tls_server_name_indication.diff new file mode 100644 index 0000000..5cd19d6 --- /dev/null +++ b/www-servers/lighttpd/files/1.4.20/04_all_1.4.x_tls_server_name_indication.diff @@ -0,0 +1,324 @@ +Index: src/configfile-glue.c +=================================================================== +--- src/configfile-glue.c (revision 2402) ++++ src/configfile-glue.c (working copy) +@@ -289,6 +289,10 @@ + default: + break; + } ++#if defined USE_OPENSSL && ! defined OPENSSL_NO_TLSEXT ++ } else if (!buffer_is_empty(con->tlsext_server_name)) { ++ l = con->tlsext_server_name; ++#endif + } else { + l = srv->empty_string; + } +Index: src/base.h +=================================================================== +--- src/base.h (revision 2402) ++++ src/base.h (working copy) +@@ -31,6 +31,9 @@ + #if defined HAVE_LIBSSL && defined HAVE_OPENSSL_SSL_H + # define USE_OPENSSL + # include <openssl/ssl.h> ++# if ! defined OPENSSL_NO_TLSEXT && ! defined SSL_CTRL_SET_TLSEXT_HOSTNAME ++# define OPENSSL_NO_TLSEXT ++# endif + #endif + + #ifdef HAVE_FAM_H +@@ -417,7 +420,10 @@ + #ifdef USE_OPENSSL + SSL *ssl; + buffer *ssl_error_want_reuse_buffer; ++#ifndef OPENSSL_NO_TLSEXT ++ buffer *tlsext_server_name; + #endif ++#endif + /* etag handling */ + etag_flags_t etag_flags; + +Index: src/connections.c +=================================================================== +--- src/connections.c (revision 2402) ++++ src/connections.c (working copy) +@@ -664,6 +664,9 @@ + CLEAN(server_name); + CLEAN(error_handler); + CLEAN(dst_addr_buf); ++#if defined USE_OPENSSL && ! defined OPENSSL_NO_TLSEXT ++ CLEAN(tlsext_server_name); ++#endif + + #undef CLEAN + con->write_queue = chunkqueue_init(); +@@ -728,6 +731,9 @@ + CLEAN(server_name); + CLEAN(error_handler); + CLEAN(dst_addr_buf); ++#if defined USE_OPENSSL && ! defined OPENSSL_NO_TLSEXT ++ CLEAN(tlsext_server_name); ++#endif + #undef CLEAN + free(con->plugin_ctx); + free(con->cond_cache); +@@ -1338,6 +1344,9 @@ + return NULL; + } + ++#ifndef OPENSSL_NO_TLSEXT ++ SSL_set_app_data(con->ssl, con); ++#endif + SSL_set_accept_state(con->ssl); + con->conf.is_ssl=1; + +Index: src/network.c +=================================================================== +--- src/network.c (revision 2402) ++++ src/network.c (working copy) +@@ -62,6 +62,45 @@ + return HANDLER_GO_ON; + } + ++#if defined USE_OPENSSL && ! defined OPENSSL_NO_TLSEXT ++int network_ssl_servername_callback(SSL *ssl, int *al, server *srv) { ++ const char *servername; ++ connection *con = (connection *) SSL_get_app_data(ssl); ++ ++ buffer_copy_string(con->uri.scheme, "https"); ++ ++ if (NULL == (servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) { ++ log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", ++ "failed to get TLS server name"); ++ return SSL_TLSEXT_ERR_NOACK; ++ } ++ buffer_copy_string(con->tlsext_server_name, servername); ++ buffer_to_lower(con->tlsext_server_name); ++ ++ config_cond_cache_reset(srv, con); ++ config_setup_connection(srv, con); ++ ++ config_patch_connection(srv, con, COMP_SERVER_SOCKET); ++ config_patch_connection(srv, con, COMP_HTTP_SCHEME); ++ config_patch_connection(srv, con, COMP_HTTP_HOST); ++ ++ if (NULL == con->conf.ssl_ctx) { ++ log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:", ++ "null SSL_CTX for TLS server name", con->tlsext_server_name); ++ return SSL_TLSEXT_ERR_ALERT_FATAL; ++ } ++ ++ /* switch to new SSL_CTX in reaction to a client's server_name extension */ ++ if (con->conf.ssl_ctx != SSL_set_SSL_CTX(ssl, con->conf.ssl_ctx)) { ++ log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:", ++ "failed to set SSL_CTX for TLS server name", con->tlsext_server_name); ++ return SSL_TLSEXT_ERR_ALERT_FATAL; ++ } ++ ++ return SSL_TLSEXT_ERR_OK; ++} ++#endif ++ + int network_server_init(server *srv, buffer *host_token, specific_config *s) { + int val; + socklen_t addr_len; +@@ -312,78 +351,10 @@ + + if (s->is_ssl) { + #ifdef USE_OPENSSL +- if (srv->ssl_is_init == 0) { +- SSL_load_error_strings(); +- SSL_library_init(); +- srv->ssl_is_init = 1; +- +- if (0 == RAND_status()) { +- log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", +- "not enough entropy in the pool"); +- return -1; +- } +- } +- +- if (NULL == (s->ssl_ctx = SSL_CTX_new(SSLv23_server_method()))) { +- log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", +- ERR_error_string(ERR_get_error(), NULL)); +- return -1; +- } +- +- if (!s->ssl_use_sslv2) { +- /* disable SSLv2 */ +- if (SSL_OP_NO_SSLv2 != SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2)) { +- log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", +- ERR_error_string(ERR_get_error(), NULL)); +- return -1; +- } +- } +- +- if (!buffer_is_empty(s->ssl_cipher_list)) { +- /* Disable support for low encryption ciphers */ +- if (SSL_CTX_set_cipher_list(s->ssl_ctx, s->ssl_cipher_list->ptr) != 1) { +- log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", +- ERR_error_string(ERR_get_error(), NULL)); +- return -1; +- } +- } +- +- if (buffer_is_empty(s->ssl_pemfile)) { ++ if (NULL == (srv_socket->ssl_ctx = s->ssl_ctx)) { + log_error_write(srv, __FILE__, __LINE__, "s", "ssl.pemfile has to be set"); + return -1; + } +- +- if (!buffer_is_empty(s->ssl_ca_file)) { +- if (1 != SSL_CTX_load_verify_locations(s->ssl_ctx, s->ssl_ca_file->ptr, NULL)) { +- log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:", +- ERR_error_string(ERR_get_error(), NULL), s->ssl_ca_file); +- return -1; +- } +- } +- +- if (SSL_CTX_use_certificate_file(s->ssl_ctx, s->ssl_pemfile->ptr, SSL_FILETYPE_PEM) < 0) { +- log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:", +- ERR_error_string(ERR_get_error(), NULL), s->ssl_pemfile); +- return -1; +- } +- +- if (SSL_CTX_use_PrivateKey_file (s->ssl_ctx, s->ssl_pemfile->ptr, SSL_FILETYPE_PEM) < 0) { +- log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:", +- ERR_error_string(ERR_get_error(), NULL), s->ssl_pemfile); +- return -1; +- } +- +- if (SSL_CTX_check_private_key(s->ssl_ctx) != 1) { +- log_error_write(srv, __FILE__, __LINE__, "sssb", "SSL:", +- "Private key does not match the certificate public key, reason:", +- ERR_error_string(ERR_get_error(), NULL), +- s->ssl_pemfile); +- return -1; +- } +- SSL_CTX_set_default_read_ahead(s->ssl_ctx, 1); +- SSL_CTX_set_mode(s->ssl_ctx, SSL_CTX_get_mode(s->ssl_ctx) | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); +- +- srv_socket->ssl_ctx = s->ssl_ctx; + #else + + buffer_free(srv_socket->srv_token); +@@ -491,6 +462,99 @@ + { NETWORK_BACKEND_UNSET, NULL } + }; + ++#ifdef USE_OPENSSL ++ /* load SSL certificates */ ++ for (i = 0; i < srv->config_context->used; i++) { ++ data_config *dc = (data_config *)srv->config_context->data[i]; ++ specific_config *s = srv->config_storage[i]; ++ ++ if (buffer_is_empty(s->ssl_pemfile)) continue; ++ ++#ifdef OPENSSL_NO_TLSEXT ++ if (COMP_HTTP_HOST == dc->comp) { ++ log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", ++ "can't use ssl.pemfile with $HTTP[\"host\"], openssl version does not support TLS extensions"); ++ return -1; ++ } ++#endif ++ ++ if (srv->ssl_is_init == 0) { ++ SSL_load_error_strings(); ++ SSL_library_init(); ++ srv->ssl_is_init = 1; ++ ++ if (0 == RAND_status()) { ++ log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", ++ "not enough entropy in the pool"); ++ return -1; ++ } ++ } ++ ++ if (NULL == (s->ssl_ctx = SSL_CTX_new(SSLv23_server_method()))) { ++ log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", ++ ERR_error_string(ERR_get_error(), NULL)); ++ return -1; ++ } ++ ++ if (!s->ssl_use_sslv2) { ++ /* disable SSLv2 */ ++ if (SSL_OP_NO_SSLv2 != SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2)) { ++ log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", ++ ERR_error_string(ERR_get_error(), NULL)); ++ return -1; ++ } ++ } ++ ++ if (!buffer_is_empty(s->ssl_cipher_list)) { ++ /* Disable support for low encryption ciphers */ ++ if (SSL_CTX_set_cipher_list(s->ssl_ctx, s->ssl_cipher_list->ptr) != 1) { ++ log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", ++ ERR_error_string(ERR_get_error(), NULL)); ++ return -1; ++ } ++ } ++ ++ if (!buffer_is_empty(s->ssl_ca_file)) { ++ if (1 != SSL_CTX_load_verify_locations(s->ssl_ctx, s->ssl_ca_file->ptr, NULL)) { ++ log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:", ++ ERR_error_string(ERR_get_error(), NULL), s->ssl_ca_file); ++ return -1; ++ } ++ } ++ ++ if (SSL_CTX_use_certificate_file(s->ssl_ctx, s->ssl_pemfile->ptr, SSL_FILETYPE_PEM) < 0) { ++ log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:", ++ ERR_error_string(ERR_get_error(), NULL), s->ssl_pemfile); ++ return -1; ++ } ++ ++ if (SSL_CTX_use_PrivateKey_file (s->ssl_ctx, s->ssl_pemfile->ptr, SSL_FILETYPE_PEM) < 0) { ++ log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:", ++ ERR_error_string(ERR_get_error(), NULL), s->ssl_pemfile); ++ return -1; ++ } ++ ++ if (SSL_CTX_check_private_key(s->ssl_ctx) != 1) { ++ log_error_write(srv, __FILE__, __LINE__, "sssb", "SSL:", ++ "Private key does not match the certificate public key, reason:", ++ ERR_error_string(ERR_get_error(), NULL), ++ s->ssl_pemfile); ++ return -1; ++ } ++ SSL_CTX_set_default_read_ahead(s->ssl_ctx, 1); ++ SSL_CTX_set_mode(s->ssl_ctx, SSL_CTX_get_mode(s->ssl_ctx) | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); ++ ++#ifndef OPENSSL_NO_TLSEXT ++ if (!SSL_CTX_set_tlsext_servername_callback(s->ssl_ctx, network_ssl_servername_callback) || ++ !SSL_CTX_set_tlsext_servername_arg(s->ssl_ctx, srv)) { ++ log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", ++ "failed to initialize TLS servername callback, openssl library does not support TLS servername extension"); ++ return -1; ++ } ++#endif ++ } ++#endif ++ + b = buffer_init(); + + buffer_copy_string_buffer(b, srv->srvconf.bindhost); +Index: src/configfile.c +=================================================================== +--- src/configfile.c (revision 2402) ++++ src/configfile.c (working copy) +@@ -293,6 +293,7 @@ + PATCH(is_ssl); + + PATCH(ssl_pemfile); ++ PATCH(ssl_ctx); + PATCH(ssl_ca_file); + PATCH(ssl_cipher_list); + PATCH(ssl_use_sslv2); +@@ -348,6 +349,7 @@ + PATCH(etag_use_size); + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.pemfile"))) { + PATCH(ssl_pemfile); ++ PATCH(ssl_ctx); + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.ca-file"))) { + PATCH(ssl_ca_file); + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-sslv2"))) { diff --git a/www-servers/lighttpd/files/conf/lighttpd.conf b/www-servers/lighttpd/files/conf/lighttpd.conf new file mode 100644 index 0000000..778a406 --- /dev/null +++ b/www-servers/lighttpd/files/conf/lighttpd.conf @@ -0,0 +1,321 @@ +############################################################################### +# Default lighttpd.conf for Gentoo. +# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/lighttpd.conf,v 1.3 2005/09/01 14:22:35 ka0ttic Exp $ +############################################################################### + +# {{{ variables +var.basedir = "/var/www/localhost" +var.logdir = "/var/log/lighttpd" +var.statedir = "/var/lib/lighttpd" +# }}} + +# {{{ modules +# At the very least, mod_access and mod_accesslog should be enabled. +# All other modules should only be loaded if necessary. +# NOTE: the order of modules is important. +server.modules = ( +# "mod_rewrite", +# "mod_redirect", +# "mod_alias", + "mod_access", +# "mod_cml", +# "mod_trigger_b4_dl", +# "mod_auth", +# "mod_status", +# "mod_setenv", +# "mod_proxy", +# "mod_simple_vhost", +# "mod_evhost", +# "mod_userdir", +# "mod_compress", +# "mod_ssi", +# "mod_usertrack", +# "mod_expire", +# "mod_secdownload", +# "mod_rrdtool", +# "mod_webdav", + "mod_accesslog" +) +# }}} + +# {{{ includes +include "mime-types.conf" +# uncomment for cgi support +# include "mod_cgi.conf" +# uncomment for php/fastcgi support +# include "mod_fastcgi.conf" +# }}} + +# {{{ server settings +server.username = "lighttpd" +server.groupname = "lighttpd" + +server.document-root = var.basedir + "/htdocs" +server.pid-file = "/var/run/lighttpd.pid" + +server.errorlog = var.logdir + "/error.log" +# log errors to syslog instead +# server.errorlog-use-syslog = "enable" + +server.indexfiles = ("index.php", "index.html", + "index.htm", "default.htm") + +# server.tag = "lighttpd" + +server.follow-symlink = "enable" + +# event handler (defaults to "poll") +# see performance.txt +# +# for >= linux-2.4 +# server.event-handler = "linux-rtsig" +# for >= linux-2.6 +# server.event-handler = "linux-sysepoll" +# for FreeBSD +# server.event-handler = "freebsd-kqueue" + +# chroot to directory (defaults to no chroot) +# server.chroot = "/" + +# bind to port (defaults to 80) +# server.port = 81 + +# bind to name (defaults to all interfaces) +# server.bind = "grisu.home.kneschke.de" + +# error-handler for status 404 +# server.error-handler-404 = "/error-handler.html" +# server.error-handler-404 = "/error-handler.php" + +# Format: <errorfile-prefix><status-code>.html +# -> ..../status-404.html for 'File not found' +# server.errorfile-prefix = var.basedir + "/error/status-" + +# FAM support for caching stat() calls +# requires that lighttpd be built with USE=fam +# server.stat-cache-engine = "fam" +# }}} + +# {{{ mod_staticfile + +# which extensions should not be handled via static-file transfer +# (extensions that are usually handled by mod_cgi, mod_fastcgi, etc). +static-file.exclude-extensions = (".php", ".pl", ".cgi", ".fcgi") +# }}} + +# {{{ mod_accesslog +accesslog.filename = var.logdir + "/access.log" +# }}} + +# {{{ mod_dirlisting +# enable directory listings +# dir-listing.activate = "enable" +# +# don't list hidden files/directories +# dir-listing.hide-dotfiles = "enable" +# +# use a different css for directory listings +# dir-listing.external-css = "/path/to/dir-listing.css" +# +# list of regular expressions. files that match any of the +# specified regular expressions will be excluded from directory +# listings. +# dir-listing.exclude = ("^\.", "~$") +# }}} + +# {{{ mod_access +# see access.txt + +url.access-deny = ("~", ".inc") +# }}} + +# {{{ mod_userdir +# see userdir.txt +# +# userdir.path = "public_html" +# userdir.exclude-user = ("root") +# }}} + +# {{{ mod_ssi +# see ssi.txt +# +# ssi.extension = (".shtml") +# }}} + +# {{{ mod_ssl +# see ssl.txt +# +# ssl.engine = "enable" +# ssl.pemfile = "server.pem" +# }}} + +# {{{ mod_status +# see status.txt +# +# status.status-url = "/server-status" +# status.config-url = "/server-config" +# }}} + +# {{{ mod_simple_vhost +# see simple-vhost.txt +# +# If you want name-based virtual hosting add the next three settings and load +# mod_simple_vhost +# +# document-root = +# virtual-server-root + virtual-server-default-host + virtual-server-docroot +# or +# virtual-server-root + http-host + virtual-server-docroot +# +# simple-vhost.server-root = "/home/weigon/wwwroot/servers/" +# simple-vhost.default-host = "grisu.home.kneschke.de" +# simple-vhost.document-root = "/pages/" +# }}} + +# {{{ mod_compress +# see compress.txt +# +# compress.cache-dir = var.statedir + "/cache/compress" +# compress.filetype = ("text/plain", "text/html") +# }}} + +# {{{ mod_proxy +# see proxy.txt +# +# proxy.server = ( ".php" => +# ( "localhost" => +# ( +# "host" => "192.168.0.101", +# "port" => 80 +# ) +# ) +# ) +# }}} + +# {{{ mod_auth +# see authentication.txt +# +# auth.backend = "plain" +# auth.backend.plain.userfile = "lighttpd.user" +# auth.backend.plain.groupfile = "lighttpd.group" + +# auth.backend.ldap.hostname = "localhost" +# auth.backend.ldap.base-dn = "dc=my-domain,dc=com" +# auth.backend.ldap.filter = "(uid=$)" + +# auth.require = ( "/server-status" => +# ( +# "method" => "digest", +# "realm" => "download archiv", +# "require" => "user=jan" +# ), +# "/server-info" => +# ( +# "method" => "digest", +# "realm" => "download archiv", +# "require" => "valid-user" +# ) +# ) +# }}} + +# {{{ mod_rewrite +# see rewrite.txt +# +# url.rewrite = ( +# "^/$" => "/server-status" +# ) +# }}} + +# {{{ mod_redirect +# see redirect.txt +# +# url.redirect = ( +# "^/wishlist/(.+)" => "http://www.123.org/$1" +# ) +# }}} + +# {{{ mod_evhost +# define a pattern for the host url finding +# %% => % sign +# %0 => domain name + tld +# %1 => tld +# %2 => domain name without tld +# %3 => subdomain 1 name +# %4 => subdomain 2 name +# +# evhost.path-pattern = "/home/storage/dev/www/%3/htdocs/" +# }}} + +# {{{ mod_expire +# expire.url = ( +# "/buggy/" => "access 2 hours", +# "/asdhas/" => "access plus 1 seconds 2 minutes" +# ) +# }}} + +# {{{ mod_rrdtool +# see rrdtool.txt +# +# rrdtool.binary = "/usr/bin/rrdtool" +# rrdtool.db-name = var.statedir + "/lighttpd.rrd" +# }}} + +# {{{ mod_setenv +# see setenv.txt +# +# setenv.add-request-header = ( "TRAV_ENV" => "mysql://user@host/db" ) +# setenv.add-response-header = ( "X-Secret-Message" => "42" ) +# }}} + +# {{{ mod_trigger_b4_dl +# see trigger_b4_dl.txt +# +# trigger-before-download.gdbm-filename = "/home/weigon/testbase/trigger.db" +# trigger-before-download.memcache-hosts = ( "127.0.0.1:11211" ) +# trigger-before-download.trigger-url = "^/trigger/" +# trigger-before-download.download-url = "^/download/" +# trigger-before-download.deny-url = "http://127.0.0.1/index.html" +# trigger-before-download.trigger-timeout = 10 +# }}} + +# {{{ mod_cml +# see cml.txt +# +# don't forget to add index.cml to server.indexfiles +# cml.extension = ".cml" +# cml.memcache-hosts = ( "127.0.0.1:11211" ) +# }}} + +# {{{ mod_webdav +# see webdav.txt +# +# $HTTP["url"] =~ "^/dav($|/)" { +# webdav.activate = "enable" +# webdav.is-readonly = "enable" +# } +# }}} + +# {{{ extra rules +# +# set Content-Encoding and reset Content-Type for browsers that +# support decompressing on-thy-fly (requires mod_setenv) +# $HTTP["url"] =~ "\.gz$" { +# setenv.add-response-header = ("Content-Encoding" => "x-gzip") +# mimetype.assign = (".gz" => "text/plain") +# } + +# $HTTP["url"] =~ "\.bz2$" { +# setenv.add-response-header = ("Content-Encoding" => "x-bzip2") +# mimetype.assign = (".bz2" => "text/plain") +# } +# +# }}} + +# {{{ debug +# debug.log-request-header = "enable" +# debug.log-response-header = "enable" +# debug.log-request-handling = "enable" +# debug.log-file-not-found = "enable" +# }}} + +# vim: set ft=conf foldmethod=marker et : diff --git a/www-servers/lighttpd/files/conf/mime-types.conf b/www-servers/lighttpd/files/conf/mime-types.conf new file mode 100644 index 0000000..3c36577 --- /dev/null +++ b/www-servers/lighttpd/files/conf/mime-types.conf @@ -0,0 +1,76 @@ +############################################################################### +# Default mime-types.conf for Gentoo. +# include'd from lighttpd.conf. +# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/mime-types.conf,v 1.2 2005/08/27 12:36:13 ka0ttic Exp $ +############################################################################### + +# {{{ mime types +mimetype.assign = ( + ".pdf" => "application/pdf", + ".sig" => "application/pgp-signature", + ".spl" => "application/futuresplash", + ".class" => "application/octet-stream", + ".ps" => "application/postscript", + ".torrent" => "application/x-bittorrent", + ".dvi" => "application/x-dvi", + ".gz" => "application/x-gzip", + ".pac" => "application/x-ns-proxy-autoconfig", + ".swf" => "application/x-shockwave-flash", + ".tar.gz" => "application/x-tgz", + ".tgz" => "application/x-tgz", + ".tar" => "application/x-tar", + ".zip" => "application/zip", + ".mp3" => "audio/mpeg", + ".m3u" => "audio/x-mpegurl", + ".wma" => "audio/x-ms-wma", + ".wax" => "audio/x-ms-wax", + ".ogg" => "application/ogg", + ".wav" => "audio/x-wav", + ".gif" => "image/gif", + ".jpg" => "image/jpeg", + ".jpeg" => "image/jpeg", + ".png" => "image/png", + ".xbm" => "image/x-xbitmap", + ".xpm" => "image/x-xpixmap", + ".xwd" => "image/x-xwindowdump", + ".css" => "text/css", + ".html" => "text/html", + ".htm" => "text/html", + ".js" => "text/javascript", + ".asc" => "text/plain", + ".c" => "text/plain", + ".h" => "text/plain", + ".cc" => "text/plain", + ".cpp" => "text/plain", + ".hh" => "text/plain", + ".hpp" => "text/plain", + ".conf" => "text/plain", + ".log" => "text/plain", + ".text" => "text/plain", + ".txt" => "text/plain", + ".diff" => "text/plain", + ".patch" => "text/plain", + ".ebuild" => "text/plain", + ".eclass" => "text/plain", + ".rtf" => "application/rtf", + ".bmp" => "image/bmp", + ".tif" => "image/tiff", + ".tiff" => "image/tiff", + ".ico" => "image/x-icon", + ".dtd" => "text/xml", + ".xml" => "text/xml", + ".mpeg" => "video/mpeg", + ".mpg" => "video/mpeg", + ".mov" => "video/quicktime", + ".qt" => "video/quicktime", + ".avi" => "video/x-msvideo", + ".asf" => "video/x-ms-asf", + ".asx" => "video/x-ms-asf", + ".wmv" => "video/x-ms-wmv", + ".bz2" => "application/x-bzip", + ".tbz" => "application/x-bzip-compressed-tar", + ".tar.bz2" => "application/x-bzip-compressed-tar" + ) +# }}} + +# vim: set ft=conf foldmethod=marker et : diff --git a/www-servers/lighttpd/files/conf/mod_cgi.conf b/www-servers/lighttpd/files/conf/mod_cgi.conf new file mode 100644 index 0000000..1cb3770 --- /dev/null +++ b/www-servers/lighttpd/files/conf/mod_cgi.conf @@ -0,0 +1,33 @@ +############################################################################### +# mod_cgi.conf +# include'd by lighttpd.conf. +# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/mod_cgi.conf,v 1.1 2005/08/27 12:36:13 ka0ttic Exp $ +############################################################################### + +# +# see cgi.txt for more information on using mod_cgi +# + +server.modules += ("mod_cgi") + +# NOTE: this requires mod_alias +alias.url = ( + "/cgi-bin/" => var.basedir + "/cgi-bin/" +) + +# +# Note that you'll also want to enable the +# cgi-bin alias via mod_alias (above). +# + +$HTTP["url"] =~ "^/cgi-bin/" { + # disable directory listings + dir-listing.activate = "disable" + # only allow cgi's in this directory + cgi.assign = ( + ".pl" => "/usr/bin/perl", + ".cgi" => "/usr/bin/perl" + ) +} + +# vim: set ft=conf foldmethod=marker et : diff --git a/www-servers/lighttpd/files/conf/mod_fastcgi.conf b/www-servers/lighttpd/files/conf/mod_fastcgi.conf new file mode 100644 index 0000000..452e174 --- /dev/null +++ b/www-servers/lighttpd/files/conf/mod_fastcgi.conf @@ -0,0 +1,18 @@ +############################################################################### +# mod_fastcgi.conf +# include'd by lighttpd.conf. +# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/mod_fastcgi.conf,v 1.2 2005/08/27 12:36:13 ka0ttic Exp $ +############################################################################### + +server.modules += ("mod_fastcgi") +fastcgi.server = ( ".php" => + ( "localhost" => + ( + "host" => "127.0.0.1", + "port" => 1026, + "bin-path" => "/usr/bin/php-cgi" + ) + ) + ) + +# vim: set ft=conf foldmethod=marker et : diff --git a/www-servers/lighttpd/files/conf/mod_fastcgi.conf-1.4.13-r2 b/www-servers/lighttpd/files/conf/mod_fastcgi.conf-1.4.13-r2 new file mode 100644 index 0000000..ca1369a --- /dev/null +++ b/www-servers/lighttpd/files/conf/mod_fastcgi.conf-1.4.13-r2 @@ -0,0 +1,17 @@ +############################################################################### +# mod_fastcgi.conf +# include'd by lighttpd.conf. +# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/mod_fastcgi.conf-1.4.13-r2,v 1.1 2007/04/01 23:22:00 robbat2 Exp $ +############################################################################### + +server.modules += ("mod_fastcgi") +fastcgi.server = ( ".php" => + ( "localhost" => + ( + "socket" => "/var/run/lighttpd/lighttpd-fastcgi-php-" + PID + ".socket", + "bin-path" => "/usr/bin/php-cgi" + ) + ) + ) + +# vim: set ft=conf foldmethod=marker et : diff --git a/www-servers/lighttpd/files/lighttpd.confd b/www-servers/lighttpd/files/lighttpd.confd new file mode 100644 index 0000000..70d4170 --- /dev/null +++ b/www-servers/lighttpd/files/lighttpd.confd @@ -0,0 +1,12 @@ +# /etc/conf.d/lighttpd + +# Location of a shell used by the 'include_shell' directive +# in the lighttpd's configuration file +#export SHELL="/bin/bash" + +# Location of the lighttpd configuration file +LIGHTTPD_CONF="/etc/lighttpd/lighttpd.conf" + +# Location of the lighttpd pid file +LIGHTTPD_PID="/var/run/lighttpd.pid" + diff --git a/www-servers/lighttpd/files/lighttpd.initd-1.4.13-r3 b/www-servers/lighttpd/files/lighttpd.initd-1.4.13-r3 new file mode 100644 index 0000000..80aaacc --- /dev/null +++ b/www-servers/lighttpd/files/lighttpd.initd-1.4.13-r3 @@ -0,0 +1,67 @@ +#!/sbin/runscript +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/lighttpd.initd-1.4.13-r3,v 1.2 2007/10/12 20:54:46 swegener Exp $ + +opts="reload graceful" + +depend() { + need net + use mysql logger spawn-fcgi ldap slapd + after famd + after sshd +} + +checkconfig() { + if [ ! -f "${LIGHTTPD_CONF}" ] ; then + ewarn "${LIGHTTPD_CONF} does not exist." + return 1 + fi + + /usr/sbin/lighttpd -t -f ${LIGHTTPD_CONF} >/dev/null +} + +start() { + checkconfig || return 1 + + ebegin "Starting lighttpd" + start-stop-daemon --start --quiet --exec /usr/sbin/lighttpd \ + --pidfile "${LIGHTTPD_PID}" -- -f "${LIGHTTPD_CONF}" + eend $? +} + +stop() { + local rv=0 + ebegin "Stopping lighttpd" + start-stop-daemon --stop --quiet --pidfile "${LIGHTTPD_PID}" + eend $? +} + +reload() { + if ! service_started "${SVCNAME}" ; then + eerror "${SVCNAME} isn't running" + return 1 + fi + checkconfig || return 1 + + ebegin "Re-opening lighttpd log files" + start-stop-daemon --stop --oknodo --quiet --pidfile "${LIGHTTPD_PID}" \ + --signal HUP + eend $? +} + +graceful() { + if ! service_started "${SVCNAME}" ; then + eerror "${SVCNAME} isn't running" + return 1 + fi + checkconfig || return 1 + + ebegin "Gracefully stopping lighttpd" + start-stop-daemon --stop --oknodo --quiet --pidfile "${LIGHTTPD_PID}" \ + --signal INT + if eend $? ; then + rm -f "${LIGHTTPD_PID}" + start + fi +} diff --git a/www-servers/lighttpd/files/lighttpd.logrotate b/www-servers/lighttpd/files/lighttpd.logrotate new file mode 100644 index 0000000..76f0ef3 --- /dev/null +++ b/www-servers/lighttpd/files/lighttpd.logrotate @@ -0,0 +1,17 @@ +# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/lighttpd.logrotate,v 1.2 2006/05/30 19:49:29 bangert Exp $ +# lighttpd logrotate script for Gentoo + +/var/log/lighttpd/*.log { + daily + missingok + copytruncate + rotate 7 + compress + notifempty + sharedscripts + postrotate + if [ -f /var/run/lighttpd.pid ]; then \ + /etc/init.d/lighttpd reload > /dev/null 2>&1 || true ; \ + fi; + endscript +} diff --git a/www-servers/lighttpd/files/spawn-fcgi.confd b/www-servers/lighttpd/files/spawn-fcgi.confd new file mode 100644 index 0000000..2a88806 --- /dev/null +++ b/www-servers/lighttpd/files/spawn-fcgi.confd @@ -0,0 +1,35 @@ +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/spawn-fcgi.confd,v 1.1 2005/02/14 11:39:01 ka0ttic Exp $ + +# Configuration file for the FCGI-Part of /etc/init.d/lighttpd + +## Set this to "yes" to enable SPAWNFCGI +ENABLE_SPAWNFCGI="yes" + +## ABSOLUTE path to the spawn-fcgi binary +SPAWNFCGI="/usr/bin/spawn-fcgi" + +## ABSOLUTE path to the PHP binary +FCGIPROGRAM="/usr/bin/php-cgi" + +## bind to tcp-port on localhost +FCGIPORT="1026" + +## number of PHP childs to spawn +PHP_FCGI_CHILDREN=5 + +## number of request server by a single php-process until is will be restarted +PHP_FCGI_MAX_REQUESTS=1000 + +## IP adresses where PHP should access server connections from +FCGI_WEB_SERVER_ADDRS="127.0.0.1" + +# allowed environment variables sperated by spaces +ALLOWED_ENV="PATH USER" +# do NOT change line below +ALLOWED_ENV="$ALLOWED_ENV PHP_FCGI_MAX_REQUESTS FCGI_WEB_SERVER_ADDRS" + +## if this script is run as root switch to the following user +USERID=lighttpd +GROUPID=lighttpd diff --git a/www-servers/lighttpd/files/spawn-fcgi.initd b/www-servers/lighttpd/files/spawn-fcgi.initd new file mode 100644 index 0000000..63daa75 --- /dev/null +++ b/www-servers/lighttpd/files/spawn-fcgi.initd @@ -0,0 +1,51 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/spawn-fcgi.initd,v 1.2 2007/04/02 12:46:08 uberlord Exp $ + +SPAWNFCGI_PID="/var/run/spawn-fcgi.pid" + +depend() { + need net +} + +start() { + local my_end + + ebegin "Starting spawn-fcgi" + export PHP_FCGI_MAX_REQUESTS FCGI_WEB_SERVER_ADDRS + + EX="${SPAWNFCGI} -p ${FCGIPORT} -f ${FCGIPROGRAM} -u ${USERID} \ + -g ${GROUPID} -C ${PHP_FCGI_CHILDREN}" + + # copy the allowed environment variables + unset E + for i in ${ALLOWED_ENV}; do + E="${E} ${i}=${!i}" + done + + # clean environment and set up a new one + env - ${E} ${EX} 2>${SPAWNFCGI_PID} + my_end=$? + if [ "$my_end" != "0" ]; then + [ -f ${SPAWNFCGI_PID} ] && rm -f ${SPAWNFCGI_PID} + eend $my_end + fi + + #extract parent-process-id and write it back to the file + FCGI_PPID=`cat ${SPAWNFCGI_PID} | cut -d':' -f4` + echo ${FCGI_PPID} > ${SPAWNFCGI_PID} + eend 0 +} + +stop() { + ebegin "Stopping spawn-fcgi" + if ! kill `cat ${SPAWNFCGI_PID}` ; then + eend $? + return 1 + fi + if [ -w ${SPAWNFCGI_PID} ]; then + rm ${SPAWNFCGI_PID} + fi + eend 0 +} |