diff options
Diffstat (limited to 'doc/outdated')
41 files changed, 5550 insertions, 0 deletions
diff --git a/doc/outdated/Makefile.am b/doc/outdated/Makefile.am new file mode 100644 index 0000000..861a6fd --- /dev/null +++ b/doc/outdated/Makefile.am @@ -0,0 +1,96 @@ +DOCS=accesslog.txt \ +authentication.txt \ +cgi.txt \ +compress.txt \ +configuration.txt \ +extforward.txt \ +fastcgi-state.txt \ +fastcgi.txt \ +features.txt \ +performance.txt \ +plugins.txt \ +proxy.txt \ +redirect.txt \ +rewrite.txt \ +secdownload.txt \ +security.txt \ +simple-vhost.txt \ +skeleton.txt \ +ssi.txt \ +ssl.txt \ +state.txt \ +rrdtool.txt \ +alias.txt \ +userdir.txt \ +mysqlvhost.txt \ +access.txt \ +traffic-shaping.txt \ +setenv.txt \ +status.txt \ +scgi.txt \ +cml.txt \ +trigger_b4_dl.txt \ +webdav.txt \ +expire.txt \ +dirlisting.txt \ +evhost.txt \ +magnet.txt + +HTMLDOCS=accesslog.html \ + authentication.html \ + cgi.html \ + compress.html \ + configuration.html \ + extforward.html \ + fastcgi-state.html \ + fastcgi.html \ + features.html \ + performance.html \ + plugins.html \ + proxy.html \ + redirect.html \ + rewrite.html \ + secdownload.html \ + security.html \ + simple-vhost.html \ + skeleton.html \ + ssi.html \ + ssl.html \ + state.html \ + rrdtool.html \ + alias.html \ + userdir.html \ + mysqlvhost.html \ + access.html \ + traffic-shaping.html \ + setenv.html \ + status.html \ + scgi.html \ + cml.html \ + trigger_b4_dl.html \ + webdav.html \ + expire.html \ + dirlisting.html \ + evhost.html \ + magnet.html + +EXTRA_DIST= \ + state.dot fastcgi-state.dot \ + $(DOCS) + +.txt.html: + rst2html $^ > $@ + + +html-local: $(HTMLDOCS) + +#%.ps.gz: %.ps +# gzip $^ + +#%.ps: %.dot +# dot -Tps -o $@ $^ + +clean-local: + rm -f *.html + + diff --git a/doc/outdated/Makefile.in b/doc/outdated/Makefile.in new file mode 100644 index 0000000..2b16a88 --- /dev/null +++ b/doc/outdated/Makefile.in @@ -0,0 +1,491 @@ +# Makefile.in generated by automake 1.11.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +target_triplet = @target@ +subdir = doc/outdated +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ + $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +AM_V_GEN = $(am__v_GEN_$(V)) +am__v_GEN_ = $(am__v_GEN_$(AM_DEFAULT_VERBOSITY)) +am__v_GEN_0 = @echo " GEN " $@; +AM_V_at = $(am__v_at_$(V)) +am__v_at_ = $(am__v_at_$(AM_DEFAULT_VERBOSITY)) +am__v_at_0 = @ +SOURCES = +DIST_SOURCES = +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +ATTR_LIB = @ATTR_LIB@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BZ_LIB = @BZ_LIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CRYPT_LIB = @CRYPT_LIB@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DL_LIB = @DL_LIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FAM_CFLAGS = @FAM_CFLAGS@ +FAM_LIBS = @FAM_LIBS@ +FGREP = @FGREP@ +GDBM_LIB = @GDBM_LIB@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LBER_LIB = @LBER_LIB@ +LD = @LD@ +LDAP_LIB = @LDAP_LIB@ +LDFLAGS = @LDFLAGS@ +LIBEV_CFLAGS = @LIBEV_CFLAGS@ +LIBEV_LIBS = @LIBEV_LIBS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LUA_CFLAGS = @LUA_CFLAGS@ +LUA_LIBS = @LUA_LIBS@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MEMCACHE_LIB = @MEMCACHE_LIB@ +MKDIR_P = @MKDIR_P@ +MYSQL_CONFIG = @MYSQL_CONFIG@ +MYSQL_INCLUDE = @MYSQL_INCLUDE@ +MYSQL_LIBS = @MYSQL_LIBS@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PCRECONFIG = @PCRECONFIG@ +PCRE_LIB = @PCRE_LIB@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +RANLIB = @RANLIB@ +SED = @SED@ +SENDFILE_LIB = @SENDFILE_LIB@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SQLITE_CFLAGS = @SQLITE_CFLAGS@ +SQLITE_LIBS = @SQLITE_LIBS@ +SSL_LIB = @SSL_LIB@ +STRIP = @STRIP@ +U = @U@ +UUID_LIBS = @UUID_LIBS@ +VERSION = @VERSION@ +XML_CFLAGS = @XML_CFLAGS@ +XML_LIBS = @XML_LIBS@ +Z_LIB = @Z_LIB@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target = @target@ +target_alias = @target_alias@ +target_cpu = @target_cpu@ +target_os = @target_os@ +target_vendor = @target_vendor@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +DOCS = accesslog.txt \ +authentication.txt \ +cgi.txt \ +compress.txt \ +configuration.txt \ +extforward.txt \ +fastcgi-state.txt \ +fastcgi.txt \ +features.txt \ +performance.txt \ +plugins.txt \ +proxy.txt \ +redirect.txt \ +rewrite.txt \ +secdownload.txt \ +security.txt \ +simple-vhost.txt \ +skeleton.txt \ +ssi.txt \ +ssl.txt \ +state.txt \ +rrdtool.txt \ +alias.txt \ +userdir.txt \ +mysqlvhost.txt \ +access.txt \ +traffic-shaping.txt \ +setenv.txt \ +status.txt \ +scgi.txt \ +cml.txt \ +trigger_b4_dl.txt \ +webdav.txt \ +expire.txt \ +dirlisting.txt \ +evhost.txt \ +magnet.txt + +HTMLDOCS = accesslog.html \ + authentication.html \ + cgi.html \ + compress.html \ + configuration.html \ + extforward.html \ + fastcgi-state.html \ + fastcgi.html \ + features.html \ + performance.html \ + plugins.html \ + proxy.html \ + redirect.html \ + rewrite.html \ + secdownload.html \ + security.html \ + simple-vhost.html \ + skeleton.html \ + ssi.html \ + ssl.html \ + state.html \ + rrdtool.html \ + alias.html \ + userdir.html \ + mysqlvhost.html \ + access.html \ + traffic-shaping.html \ + setenv.html \ + status.html \ + scgi.html \ + cml.html \ + trigger_b4_dl.html \ + webdav.html \ + expire.html \ + dirlisting.html \ + evhost.html \ + magnet.html + +EXTRA_DIST = \ + state.dot fastcgi-state.dot \ + $(DOCS) + +all: all-am + +.SUFFIXES: +.SUFFIXES: .html .txt +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign doc/outdated/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign doc/outdated/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +tags: TAGS +TAGS: + +ctags: CTAGS +CTAGS: + + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile +installdirs: +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-local mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: html-local + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: + +.MAKE: install-am install-strip + +.PHONY: all all-am check check-am clean clean-generic clean-libtool \ + clean-local distclean distclean-generic distclean-libtool \ + distdir dvi dvi-am html html-am html-local info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + uninstall uninstall-am + + +.txt.html: + rst2html $^ > $@ + +html-local: $(HTMLDOCS) + +#%.ps.gz: %.ps +# gzip $^ + +#%.ps: %.dot +# dot -Tps -o $@ $^ + +clean-local: + rm -f *.html + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/doc/outdated/access.txt b/doc/outdated/access.txt new file mode 100644 index 0000000..042da01 --- /dev/null +++ b/doc/outdated/access.txt @@ -0,0 +1,41 @@ +====== +Access +====== + +------------------ +Module: mod_access +------------------ + +:Author: Allan Wind +:Date: $Date: 2005/01/30 11:34:32 $ +:Revision: $Revision: 1.1 $ + +:abstract: + The access module is used to deny access to files with given trailing path names. + +.. meta:: + :keywords: lighttpd, trailing path access control + +.. contents:: Table of Contents + +Description +=========== + +The access module is used to deny access to files with given trailing path names. + +Options +======= + +url.access-deny + Denies access to all files with any of given trailing path names. + + Default: empty + + Example: :: + + url.access-deny = ( "~", ".inc") + + will deny access to all files ended with a diacritical mark (~) or .inc + such as example~ or example.inc. A trailing diacritical mark is often + used by editors for backup files. And the .inc extension is often used + for include files with code. diff --git a/doc/outdated/accesslog.txt b/doc/outdated/accesslog.txt new file mode 100644 index 0000000..889a4da --- /dev/null +++ b/doc/outdated/accesslog.txt @@ -0,0 +1,126 @@ +========= +Accesslog +========= + +--------------------- +Module: mod_accesslog +--------------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/11/03 22:26:05 $ +:Revision: $Revision: 1.2 $ + +:abstract: + The accesslog module ... + +.. meta:: + :keywords: lighttpd, accesslog, CLF + +.. contents:: Table of Contents + +Description +=========== + +CLF like by default, flexible like apache + +Options +======= + +accesslog.use-syslog + send the accesslog to syslog + + Default: disabled + +accesslog.filename + name of the file where the accesslog should be written too if syslog + is not used. + + if the name starts with a '|' the rest of the name is taken + as the name of a process which will be spawn and will get the + output + + e.g.: :: + + accesslog.filename = "/var/log/lighttpd.log" + + $HTTP["host"] == "mail.example.org" { + accesslog.filename = "|/usr/bin/cronolog" + } + + Default: disabled + +accesslog.format + the format of the logfile + + ====== ================================ + Option Description + ====== ================================ + %% a percent sign + %h name or address of remote-host + %l ident name (not supported) + %u authenticated user + %t timestamp for the request-start + %r request-line + %s status code + %b bytes sent for the body + %i HTTP-header field + %a remote address + %A local address + %B same as %b + %C cookie field (not supported) + %D time used in ms (not supported) + %e environment (not supported) + %f phyiscal filename + %H request protocol (HTTP/1.0, ...) + %m request method (GET, POST, ...) + %n (not supported) + %o `response header`_ + %p server port + %P (not supported) + %q query string + %T time used in seconds + %U request URL + %v server-name + %V (not supported) + %X connection status + %I bytes incomming + %O bytes outgoing + ====== ================================ + + If %s is written %>s or %<s the < and the > are ignored. They are support + for compat with apache. + + %i and %o expect the name of the field which should be written in curly brackets. + + e.g.: :: + + accesslog.format = "%h %l %u %t \"%r\" %b %>s \"%{User-Agent}i\" \"%{Referer}i\"" + + Default: CLF compatible output + +Response Header +--------------- + +The accesslog module provides a special way to log content from the +application in a accesslog file. It can be used to log the session id into a +logfile. + +If you want to log it into the accesslog just specify the field-name within +a %{...}o like :: + + accesslog.format = "%h %l %u %t \"%r\" %b %>s \"%{User-Agent}i\" \"%{Referer}i\" \"%{X-LIGHTTPD-SID}o\"" + +The prefix ``X-LIGHTTPD-`` is special as every response header starting with +this prefix is assumed to be special for lighttpd and won't be sent out +to the client. + +An example the use this functionality is provided below: :: + + <?php + + session_start(); + + header("X-LIGHTTPD-SID: ".session_id()); + + ?> + diff --git a/doc/outdated/alias.txt b/doc/outdated/alias.txt new file mode 100644 index 0000000..1315f93 --- /dev/null +++ b/doc/outdated/alias.txt @@ -0,0 +1,36 @@ +===== +Alias +===== + +----------------- +Module: mod_alias +----------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/08/29 09:43:49 $ +:Revision: $Revision: 1.1 $ + +:abstract: + The alias module ... + +.. meta:: + :keywords: lighttpd, alias + +.. contents:: Table of Contents + +Description +=========== + +The alias module is used to specify a special document-root for a given url-subset. + +Options +======= + +alias.url + rewrites the document-root for a URL-subset + + Default: empty + + Example: :: + + alias.url = ( "/cgi-bin/" => "/var/www/servers/www.example.org/cgi-bin/" ) diff --git a/doc/outdated/authentication.txt b/doc/outdated/authentication.txt new file mode 100644 index 0000000..edc2b2b --- /dev/null +++ b/doc/outdated/authentication.txt @@ -0,0 +1,207 @@ +==================== +Using Authentication +==================== + +---------------- +Module: mod_auth +---------------- + +:Author: Jan Kneschke +:Date: $Date$ +:Revision: $Revision$ + +:abstract: + The auth module provides ... + +.. meta:: + :keywords: lighttpd, authentication + +.. contents:: Table of Contents + +Description +=========== + +Supported Methods +----------------- + +lighttpd supportes both authentication method described by +RFC 2617: + +basic +````` + +The Basic method transfers the username and the password in +cleartext over the network (base64 encoded) and might result +in security problems if not used in conjunction with a crypted +channel between client and server. + +digest +`````` + +The Digest method only transfers a hashed value over the +network which performs a lot of work to harden the +authentication process in insecure networks. + +Backends +-------- + +Depending on the method lighttpd provides various way to store +the credentials used for the authentication. + +for basic auth: + +- plain_ +- htpasswd_ +- htdigest_ +- ldap_ + +for digest auth: + +- plain_ +- htdigest_ + + +plain +````` + +A file which contains username and the cleartext password +seperated by a colon. Each entry is terminated by a single +newline.:: + + e.g.: + agent007:secret + + +htpasswd +```````` + +A file which contains username and the crypt()'ed password +seperated by a colon. Each entry is terminated by a single +newline. :: + + e.g.: + agent007:XWY5JwrAVBXsQ + +You can use htpasswd from the apache distribution to manage +those files. :: + + $ htpasswd lighttpd.user.htpasswd agent007 + + +htdigest +```````` + +A file which contains username, realm and the md5()'ed +password seperated by a colon. Each entry is terminated +by a single newline. :: + + e.g.: + agent007:download area:8364d0044ef57b3defcfa141e8f77b65 + +You can use htdigest from the apache distribution to manage +those files. :: + + $ htdigest lighttpd.user.htdigest 'download area' agent007 + +Using md5sum can also generate the password-hash: :: + + #!/bin/sh + user=$1 + realm=$2 + pass=$3 + + hash=`echo -n "$user:$realm:$pass" | md5sum | cut -b -32` + + echo "$user:$realm:$hash" + +To use it: + + $ htdigest.sh 'agent007' 'download area' 'secret' + agent007:download area:8364d0044ef57b3defcfa141e8f77b65 + + + +ldap +```` + +the ldap backend is basically performing the following steps +to authenticate a user + +1. connect anonymously (at plugin init) +2. get DN for filter = username +3. auth against ldap server +4. disconnect + +if all 4 steps are performed without any error the user is +authenticated + +Configuration +============= + +:: + + ## debugging + # 0 for off, 1 for 'auth-ok' messages, 2 for verbose debugging + auth.debug = 0 + + ## type of backend + # plain, htpasswd, ldap or htdigest + auth.backend = "htpasswd" + + # filename of the password storage for + # plain + auth.backend.plain.userfile = "lighttpd-plain.user" + + ## for htpasswd + auth.backend.htpasswd.userfile = "lighttpd-htpasswd.user" + + ## for htdigest + auth.backend.htdigest.userfile = "lighttpd-htdigest.user" + + ## for ldap + # the $ in auth.backend.ldap.filter is replaced by the + # 'username' from the login dialog + auth.backend.ldap.hostname = "localhost" + auth.backend.ldap.base-dn = "dc=my-domain,dc=com" + auth.backend.ldap.filter = "(uid=$)" + # if enabled, startTLS needs a valid (base64-encoded) CA + # certificate + auth.backend.ldap.starttls = "enable" + auth.backend.ldap.ca-file = "/etc/CAcertificate.pem" + + ## restrictions + # set restrictions: + # + # ( <left-part-of-the-url> => + # ( "method" => "digest"/"basic", + # "realm" => <realm>, + # "require" => "user=<username>" ) + # ) + # + # <realm> is a string to display in the dialog + # presented to the user and is also used for the + # digest-algorithm and has to match the realm in the + # htdigest file (if used) + # + + auth.require = ( "/download/" => + ( + "method" => "digest", + "realm" => "download archiv", + "require" => "user=agent007|user=agent008" + ), + "/server-info" => + ( + "method" => "digest", + "realm" => "download archiv", + "require" => "valid-user" + ) + ) + +Limitations +============ + +- The implementation of digest method is currently not + completely compliant with the standard as it still allows + a replay attack. + diff --git a/doc/outdated/cgi.txt b/doc/outdated/cgi.txt new file mode 100644 index 0000000..95d187c --- /dev/null +++ b/doc/outdated/cgi.txt @@ -0,0 +1,50 @@ +=== +CGI +=== + +--------------- +Module: mod_cgi +--------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/11/03 22:26:05 $ +:Revision: $Revision: 1.2 $ + +:abstract: + The cgi module provides a CGI-conforming interface. + +.. meta:: + :keywords: lighttpd, cgi + +.. contents:: Table of Contents + +Description +=========== + +CGI programs allow you to enhance the functionality of the server in a very +straight and simple way.. + +Options +======= + +cgi.assign + + file-extensions that are handled by a CGI program + + e.g.: :: + + cgi.assign = ( ".pl" => "/usr/bin/perl", + ".cgi" => "/usr/bin/perl" ) + +Examples +======== + +To setup a executable which doesn't need the help of a external program you +just don't specify a handler for the extension. :: + + cgi.assign = ( ".sh" => "" ) + +If the file has no extension keep in mind that lighttpd matches not the +extension itself but the right part of the URL: :: + + cgi.assign = ( "/testfile" => "" ) diff --git a/doc/outdated/cml.txt b/doc/outdated/cml.txt new file mode 100644 index 0000000..10fac70 --- /dev/null +++ b/doc/outdated/cml.txt @@ -0,0 +1,261 @@ +========================= +CML (Cache Meta Language) +========================= + +--------------- +Module: mod_cml +--------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/11/03 22:26:05 $ +:Revision: $Revision: 1.2 $ + +:abstract: + CML is a Meta language to describe the dependencies of a page at one side and building a page from its fragments on the other side using LUA. + +.. meta:: + :keywords: lighttpd, cml, lua + +.. contents:: Table of Contents + +Description +=========== + +CML (Cache Meta Language) wants to solves several problems: + + * dynamic content needs caching to perform + * checking if the content is dirty inside of the application is usually more expensive than sending out the cached data + * a dynamic page is usually fragmented and the fragments have different livetimes + * the different fragements can be cached independently + +Cache Decision +-------------- + +A simple example should show how to a content caching the very simple way in PHP. + +jan.kneschke.de has a very simple design: + + * the layout is taken from a template in templates/jk.tmpl + * the menu is generated from a menu.csv file + * the content is coming from files on the local directory named content-1, content-2 and so on + +The page content is static as long non of the those tree items changes. A change in the layout +is affecting all pages, a change of menu.csv too, a change of content-x file only affects the +cached page itself. + +If we model this in PHP we get: :: + + <?php + + ## ... fetch all content-* files into $content + $cachefile = "/cache/dir/to/cached-content"; + + function is_cachable($content, $cachefile) { + if (!file_exists($cachefile)) { + return 0; + } else { + $cachemtime = filemtime($cachefile); + } + + foreach($content as $k => $v) { + if (isset($v["file"]) && + filemtime($v["file"]) > $cachemtime) { + return 0; + } + } + + if (filemtime("/menu/menu.csv") > $cachemtime) { + return 0; + } + if (filemtime("/templates/jk.tmpl") > $cachemtime) { + return 0; + } + } + + if (is_cachable(...), $cachefile) { + readfile($cachefile); + exit(); + } else { + # generate content and write it to $cachefile + } + ?> + +Quite simple. No magic involved. If the one of the files is new than the cached +content, the content is dirty and has to be regenerated. + +Now let take a look at the numbers: + + * 150 req/s for a Cache-Hit + * 100 req/s for a Cache-Miss + +As you can see the increase is not as good as it could be. The main reason as the overhead +of the PHP interpreter to start up (a byte-code cache has been used here). + +Moving these decisions out of the PHP script into a server module will remove the need +to start PHP for a cache-hit. + +To transform this example into a CML you need 'index.cml' in the list of indexfiles +and the following index.cml file: :: + + output_contenttype = "text/html" + + b = request["DOCUMENT_ROOT"] + cwd = request["CWD"] + + output_include = { b .. "_cache.html" } + + trigger_handler = "index.php" + + if file_mtime(b .. "../lib/php/menu.csv") > file_mtime(cwd .. "_cache.html") or + file_mtime(b .. "templates/jk.tmpl") > file_mtime(cwd .. "_cache.html") or + file_mtime(b .. "content.html") > file_mtime(cwd .. "_cache.html") then + return CACHE_MISS + else + return CACHE_HIT + end + +Numbers again: + + * 4900 req/s for Cache-Hit + * 100 req/s for Cache-Miss + +Content Assembling +------------------ + +Sometimes the different fragment are already generated externally. You have to cat them together: :: + + <?php + readfile("head.html"); + readfile("menu.html"); + readfile("spacer.html"); + readfile("db-content.html"); + readfile("spacer2.html"); + readfile("news.html"); + readfile("footer.html"); + ?> + +We we can do the same several times faster directly in the webserver. + +Don't forget: Webserver are built to send out static content, that is what they can do best. + +The index.cml for this looks like: :: + + output_contenttype = "text/html" + + cwd = request["CWD"] + + output_include = { cwd .. "head.html", + cwd .. "menu.html", + cwd .. "spacer.html", + cwd .. "db-content.html", + cwd .. "spacer2.html", + cwd .. "news.html", + cwd .. "footer.html" } + + return CACHE_HIT + +Now we get about 10000 req/s instead of 600 req/s. + +Power Magnet +------------ + +Next to all the features about Cache Decisions CML can do more. Starting +with lighttpd 1.4.9 a power-magnet was added which attracts each request +and allows you to manipulate the request for your needs. + +We want to display a maintainance page by putting a file in a specified +place: + +We enable the power magnet: :: + + cml.power-magnet = "/home/www/power-magnet.cml" + +and create /home/www/power-magnet.cml with: :: + + dr = request["DOCUMENT_ROOT"] + + if file_isreg(dr .. 'maintainance.html') then + output_include = { 'maintainance.html' } + return CACHE_HIT + end + + return CACHE_MISS + +For each requested file the /home/www/power-magnet.cml is executed which +checks if maintainance.html exists in the docroot and displays it +instead of handling the usual request. + +Another example, create thumbnail for requested image and serve it instead +of sending the big image: :: + + ## image-url is /album/baltic_winter_2005.jpg + ## no params -> 640x480 is served + ## /album/baltic_winter_2005.jpg/orig for full size + ## /album/baltic_winter_2005.jpg/thumb for thumbnail + + dr = request["DOCUMENT_ROOT"] + sn = request["SCRIPT_NAME"] + + ## to be continued :) ... + + trigger_handler = '/gen_image.php' + + return CACHE_MISS + + +Installation +============ + +You need `lua <http://www.lua.org/>`_ and should install `libmemcache-1.3.x <http://people.freebsd.org/~seanc/libmemcache/>`_ and have to configure lighttpd with: :: + + ./configure ... --with-lua --with-memcache + +To use the plugin you have to load it: :: + + server.modules = ( ..., "mod_cml", ... ) + +Options +======= + +:cml.extension: + the file extension that is bound to the cml-module +:cml.memcache-hosts: + hosts for the memcache.* functions +:cml.memcache-namespace: + (not used yet) +:cml.power-magnet: + a cml file that is executed for each request + +Language +======== + +The language used for CML is provided by `LUA <http://www.lua.org/>`_. + +Additionally to the functions provided by lua mod_cml provides: :: + + tables: + + request + - REQUEST_URI + - SCRIPT_NAME + - SCRIPT_FILENAME + - DOCUMENT_ROOT + - PATH_INFO + - CWD + - BASEURI + + get + - parameters from the query-string + + functions: + string md5(string) + number file_mtime(string) + string memcache_get_string(string) + number memcache_get_long(string) + boolean memcache_exists(string) + + +What ever your script does, it has to return either CACHE_HIT or CACHE_MISS. +It case a error occures check the error-log, the user will get a error 500. If you don't like +the standard error-page use ``server.errorfile-prefix``. + diff --git a/doc/outdated/compress.txt b/doc/outdated/compress.txt new file mode 100644 index 0000000..14fbc2d --- /dev/null +++ b/doc/outdated/compress.txt @@ -0,0 +1,192 @@ +================== +Output Compression +================== + +-------------------- +Module: mod_compress +-------------------- + + +.. meta:: + :keywords: lighttpd, compress + +.. contents:: Table of Contents + +Description +=========== + +Output compression reduces the network load and can improve the overall +throughput of the webserver. All major http-clients support compression by +announcing it in the Accept-Encoding header. This is used to negotiate the +most suitable compression method. We support deflate, gzip and bzip2. + +deflate (RFC1950, RFC1951) and gzip (RFC1952) depend on zlib while bzip2 +depends on libbzip2. bzip2 is only supported by lynx and some other console +text-browsers. + +We currently limit to compression support to static files. + +Caching +------- + +mod_compress can store compressed files on disk to optimize the compression +on a second request away. As soon as compress.cache-dir is set the files are +compressed. + +(You will need to create the cache directory if it doesn't already exist. The web server will not do this for you. The directory will also need the proper ownership. For Debian/Ubuntu the user and group ids should both be www-data.) + +The names of the cache files are made of the filename, the compression method +and the etag associated to the file. + +Cleaning the cache is left to the user. A cron job deleting files older than +10 days could do it: :: + + find /var/www/cache -type f -mtime +10 | xargs -r rm + +Limitations +----------- + +The module limits the compression of files to files smaller than 128 MByte and +larger than 128 Byte. + +The lower limit is set as small files tend to become larger by compressing due +to the compression headers, the upper limit is set to work sensibly with +memory and cpu-time. + +Directories containing a tilde ('~') are not created automatically (See ticket +#113). To enable compression for user dirs you have to create the directories +by hand in the cache directory. + +Options +======= + +compress.allowed-encodings + override default set of allowed encodings + + e.g.: :: + + compress.allowed-encodings = ("bzip2", "gzip", "deflate") + +compress.cache-dir + name of the directory where compressed content will be cached + + e.g.: :: + + compress.cache-dir = "/var/www/cache/" + + # even better with virt-hosting + $HTTP["host"] == "docs.example.org" { + compress.cache-dir = "/var/www/cache/docs.example.org/" + } + + Default: not set, compress the file for every request + +compress.filetype + mimetypes which might get compressed + + e.g.: :: + + compress.filetype = ("text/plain", "text/html") + + Keep in mind that compressed JavaScript and CSS files are broken in some + browsers. Not setting any filetypes will result in no files being compressed. + + NOTE: You have to specify the full mime-type! If you also define a charset, for example, you have to use "text/plain; charset=utf-8" instead of just "text/plain". + + Default: not set + +compress.max-filesize + maximum size of the original file to be compressed kBytes. + + This is meant to protect the server against DoSing as compressing large + (let's say 1Gbyte) takes a lot of time and would delay the whole operation + of the server. + + There is a hard upper limit of 128Mbyte. + + Default: unlimited (== hard-limit of 128MByte) + +Display compressed files +======================== + +If you enable mod_compress, and you want to force clients to uncompress and display compressed text files, please force mimetype to nothing. +Exemple : +If you want to add headers for uncompress and display diff.gz files , add this section in your conf : :: + + $HTTP["url"] =~ "\.diff\.gz" { + setenv.add-response-header = ( "Content-Encoding" => "gzip" ) + mimetype.assign = () + } + + +Compressing Dynamic Content +=========================== + +PHP +--- + +To compress dynamic content with PHP please enable :: + + zlib.output_compression = 1 + zlib.output_handler = On + +in the php.ini as PHP provides compression support by itself. + +mod_compress of lighttpd 1.5 r1992 may not set correct Content-Encoding with php-fcgi. A solution to that problem would be: + +1.disable mod_compress when request a php file:: + + $HTTP["url"] !~ "\.php$" { + compress.filetype = ("text/plain", "text/html", "text/javascript", "text/css", "text/xml") + } + +2.enable mod_setenv of your lighttpd:: + + server.modules += ( "mod_setenv" ) + +3.manually set Content-Encoding:: + + $HTTP["url"] =~ "\.php$" { + setenv.add-response-header = ( "Content-Encoding" => "gzip") + } + + +TurboGears +---------- + +To compress dynamic content with TurboGears please enable :: + + [/] + gzip_filter.on = True + gzip_filter.mime_types = ["application/x-javascript", "text/javascript", "text/html", "text/css", "text/plain"] + +in the config/app.cfg file in your TurboGears application. The above lines should already be in the file. You just need to remove the comment symbol in front of the lines to make them active. + +Django +------ + +To compress dynamic content with Django please enable the GZipMiddleware :: + + MIDDLEWARE_CLASSES = ( + 'django.middleware.gzip.GZipMiddleware', + ... + ) + +in the settings.py file in your Django project. + +Catalyst +-------- + +To compress dynamic content with Perl/Catalyst, simply use the Catalyst::Plugin::Compress::Gzip module available on CPAN :: + + use Catalyst qw( + Compress::Gzip + ... + ); + +in your main package (MyApp.pm). Further configuration is not required. + +}}} + + + diff --git a/doc/outdated/configuration.txt b/doc/outdated/configuration.txt new file mode 100644 index 0000000..3d49f7f --- /dev/null +++ b/doc/outdated/configuration.txt @@ -0,0 +1,532 @@ +================== +Configuration File +================== + +------------ +Module: core +------------ + +:Author: Jan Kneschke +:Date: $Date$ +:Revision: $Revision$ + +:abstract: + the layout of the configuration file + +.. meta:: + :keywords: lighttpd, configuration + +.. contents:: Table of Contents + +Description +=========== + +Basic Syntax +------------ + +A BNF like notation: :: + + option : NAME = VALUE + merge : NAME += VALUE + NAME : modulename.key + VALUE : ( <string> | <integer> | <boolean> | <array> | VALUE [ + VALUE ]*) + <string> : "text" + <integer>: digit* + <boolean>: ( "enable" | "disable" ) + <array> : "(" [ <string> "=>" ] <value> [, [ <string> "=>" ] <value> ]* ")" + INCLUDE : "include" VALUE + INCLUDE_SHELL : "include_shell" STRING_VALUE + +Example +------- + +:: + + # default document-root + server.document-root = "/var/www/example.org/pages/" + + # TCP port + server.port = 80 + + # selecting modules + server.modules = ( "mod_access", "mod_rewrite" ) + + # variables, computed when config is read. + var.mymodule = "foo" + server.modules += ( "mod_" + var.mymodule ) + # var.PID is initialised to the pid of lighttpd before config is parsed + + # include, relative to dirname of main config file + include "mime.types.conf" + + # read configuration from output of a command + include_shell "/usr/local/bin/confmimetype /etc/mime.types" + + +Conditional Configuration +========================= + +Most options can be configured conditionally by using the following syntax +(including nesting). + +:: + + <field> <operator> <value> { + ... + <field> <operator> <value> { + ... nesting: match only when parent match + } + } + else <field> <operator> <value> { + ... the "else if" block + } + +where <field> is one of one of the following: + +$HTTP["cookie"] + match on cookie +$HTTP["scheme"] + match on scheme +$HTTP["host"] + match on host +$HTTP["useragent"] +$HTTP["user-agent"] + match on useragent +$HTTP["referer"] + match on referer +$HTTP["method"] + math on the http method +$HTTP["url"] + match on url +$HTTP["query-string"] + match on the (not decoded) query-string +$HTTP["remoteip"] +$HTTP["remote-ip"] + match on the remote IP or a remote Network +$HTTP["language"] + match on the Accept-Language header +$SERVER["socket"] + match on socket. Value must be on the format "ip:port" where ip is an IP + address and port a port number. Only equal match (==) is supported. + It also binds the daemon to this socket. Use this if you want to do IP/port- + based virtual hosts. + +<operator> is one of: + +== + string equal match +!= + string not equal match +=~ + perl style regular expression match +!~ + perl style regular expression not match + +and <value> is either a quoted ("") literal string or regular expression. + + +Example +------- + +:: + + # disable directory-listings for /download/* + dir-listing.activate = "enable" + $HTTP["url"] =~ "^/download/" { + dir-listing.activate = "disable" + } + + # handish virtual hosting + # map all domains of a top-level-domain to a single document-root + $HTTP["host"] =~ "(^|\.)example\.org$" { + server.document-root = "/var/www/htdocs/example.org/pages/" + } + + # multiple sockets + $SERVER["socket"] == "127.0.0.1:81" { + server.document-root = "..." + } + + $SERVER["socket"] == "127.0.0.1:443" { + ssl.pemfile = "/var/www/certs/localhost.pem" + ssl.engine = "enable" + + server.document-root = "/var/www/htdocs/secure.example.org/pages/" + } + + # deny access for all googlebot + $HTTP["useragent"] =~ "Google" { + url.access-deny = ( "" ) + } + + # deny access for all image stealers + $HTTP["referer"] !~ "^($|http://www\.example\.org)" { + url.access-deny = ( ".jpg", ".jpeg", ".png" ) + } + + # deny the access to www.example.org to all user which + # are not in the 10.0.0.0/8 network + $HTTP["host"] == "www.example.org" { + $HTTP["remoteip"] != "10.0.0.0/8" { + url.access-deny = ( "" ) + } + } + +Using variables +=============== + +You can set your own variables in the configuration to simplify your config. +:: + + var.basedir = "/home/www/servers/" + $HTTP["host"] == "www.example.org" { + server.name = "www.example.org" + include "incl-base.conf" + } + + in incl-base.conf: + server.document-root = basedir + server.name + "/pages/" + accesslog.filename = basedir + server.name + "/logs/access.log" + +You can also use environement variables or the default variables var.PID and +var.CWD: :: + + var.basedir = env.LIGHTTPDBASE + + $HTTP["host"] == "www.example.org" { + server.name = "www.example.org" + include "incl-base.conf" + include "incl-fastcgi.conf" + } + + in incl-fastcgi.conf: + fastcgi.server = ( ... => (( + "socket" => basedir + server.name + "/tmp/fastcgi-" + PID + ".sock" + )) ) + +Or like the lighttpd script for rails does: + + var.basedir = var.CWD + + server.document-root = basedir + "/public/" + +Global context +============== + +:: + + global { + ... + } + +You don't need it in the main configuration file. But you might have +difficulty setting server wide configuration inside a included-file from +conditionals. + +Example +------- + +:: + + in lighttpd.conf: + server.modules = () + $HTTP["host"] == "www.example.org" { + include "incl-php.conf" + } + + in incl-php.conf: + global { + server.modules += ("mod_fastcgi") + static-file.exclude-extensions += (".php") + } + fastcgi.server = "..." + +Options +======= + +server module +------------- + +main sections +````````````` + +server.document-root + document-root of the webserver + + This variable has the specified as it will be used for all requests + without a Host: header and for all with a know hostname which you + might have specified with one of the above conditionals. + + Default: no default, required + +server.bind + IP address, hostname or absolute path to the unix-domain socket the server + listen on. + + Default: bind to all interfaces + + Example: :: + + server.bind = "127.0.0.1" + server.bind = "www.example.org" + server.bind = "/tmp/lighttpd.socket" + +server.port + tcp-port to bind the server to + +.. note:: port belows 1024 require root-permissions + + Default: 80 (443 if ssl is enabled) + +server.use-ipv6 + bind to the IPv6 socket + +server.defer-accept + set TCP_DEFER_ACCEPT to the specified value on the socket if the value is > 0 + and TCP_DEFER_ACCEPT is available on the platform (linux2.4+) + + default: 0 + +server.tag + set the string returned by the Server: response header + + Default: lighttpd <current-version> + +server.errorlog + pathname of the error-log + + Default: either STDERR or ``server.errorlog-use-syslog`` + +server.errorlog-use-syslog + send errorlog to syslog + + Default: disabled + +server.chroot + root-directory of the server + + NOTE: requires root-permissions + +server.username + username used to run the server + + NOTE: requires root-permissions + +server.groupname + groupname used to run the server + + NOTE: requires root-permissions + +server.follow-symlink + allow to follow-symlinks + + Default: enabled + +index-file.names + list of files to search for if a directory is requested + e.g.: :: + + index-file.names = ( "index.php", "index.html", + "index.htm", "default.htm" ) + + if a name starts with slash this file will be used a index generator + for all directories. + +server.modules + modules to load + +.. note:: the order of the modules is important. + + The modules are executed in the order as they are specified. Loading + mod_auth AFTER mod_fastcgi might disable authentication for fastcgi + backends (if check-local is disabled). + + As auth should be done first, move it before all executing modules (like + proxy, fastcgi, scgi and cgi). + + rewrites, redirects and access should be first, followed by auth and + the docroot plugins. + + Afterwards the external handlers like fastcgi, cgi, scgi and proxy and + at the bottom the post-processing plugins like mod_accesslog. + + e.g.: :: + + server.modules = ( "mod_rewrite", + "mod_redirect", + "mod_alias", + "mod_access", + "mod_auth", + "mod_status", + "mod_simple_vhost", + "mod_evhost", + "mod_userdir", + "mod_secdownload", + "mod_fastcgi", + "mod_proxy", + "mod_cgi", + "mod_ssi", + "mod_compress", + "mod_usertrack", + "mod_expire", + "mod_rrdtool", + "mod_accesslog" ) + + Starting with lighttpd 1.4.0 three default modules are loaded automaticly: + + - mod_indexfile + - mod_dirlisting + - mod_staticfile + +server.event-handler + set the event handler + + Default: "poll" + +server.pid-file + set the name of the .pid-file where the PID of the server should be placed. + This option is used in combination with a start-script and the daemon mode + + Default: not set + +server.max-request-size + maximum size in kbytes of the request (header + body). Only applies to POST + requests. + + Default: 2097152 (2GB) + +server.max-worker + number of worker processes to spawn. This is usually only needed on servers + which are fairly loaded and the network handler calls delay often (e.g. new + requests are not handled instantaneously). + + Default: 0 + +server.name + name of the server/virtual server + + Default: hostname + +server.max-keep-alive-requests + maximum number of request within a keep-alive session before the server + terminates the connection + + Default: 128 + +server.max-keep-alive-idle + maximum number of seconds until a idling keep-alive connection is droped + + Default: 30 + +server.max-read-idle + maximum number of seconds until a waiting, non keep-alive read times out + and closes the connection + + Default: 60 + +server.max-write-idle + maximum number of seconds until a waiting write call times out and closes + the connection + + Default: 360 + +server.error-handler-404 + uri to call if the requested file results in a 404 + + Default: not set + + Example: :: + + server.error-handler-404 = "/error-404.php" + +server.protocol-http11 + defines if HTTP/1.1 is allowed or not. + + Default: enabled + +server.range-requests + defines if range requests are allowed or not. + + Default: enabled + + +SSL engine +`````````` + +ssl.pemfile + path to the PEM file for SSL support + +debugging +````````` + +debug.dump-unknown-headers + enables listing of internally unhandled HTTP-headers + + e.g. :: + + debug.dump-unknown-headers = "enable" + +mimetypes +````````` + +mimetype.assign + list of known mimetype mappings + NOTE: if no mapping is given "application/octet-stream" is used + + e.g.: :: + + mimetype.assign = ( ".png" => "image/png", + ".jpg" => "image/jpeg", + ".jpeg" => "image/jpeg", + ".html" => "text/html", + ".txt" => "text/plain" ) + + The list is compared top down and the first match is taken. This is + important if you have matches like: :: + + ".tar.gz" => "application/x-tgz", + ".gz" => "application/x-gzip", + + If you want to set another default mimetype use: :: + + ..., + "" => "text/plain" ) + + as the last entry in the list. + +mimetype.use-xattr + If available, use the XFS-style extended attribute interface to + retrieve the "Content-Type" attribute on each file, and use that as the + mime type. If it's not defined or not available, fall back to the + mimetype.assign assignment. + + e.g.: :: + + mimetype.use-xattr = "enable" + + on shell use: + + $ attr -s Content-Type -V image/svg svgfile.svg + + or + + $ attr -s Content-Type -V text/html indexfile + + +debugging +````````` + +debug.log-request-header + default: disabled + +debug.log-response-header + default: disabled + +debug.log-file-not-found + default: disabled + +debug.log-request-handling + default: disabled + +debug.log-ssl-noise + default: disabled diff --git a/doc/outdated/dirlisting.txt b/doc/outdated/dirlisting.txt new file mode 100644 index 0000000..5dd6873 --- /dev/null +++ b/doc/outdated/dirlisting.txt @@ -0,0 +1,126 @@ +================== +Directory Listings +================== + +---------------------- +Module: mod_dirlisting +---------------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/11/03 22:26:05 $ +:Revision: $Revision: 1.2 $ + +:abstract: + mod_dirlisting generates HTML based directory listings with full CSS + control + +.. meta:: + :keywords: lighttpd, directory listings, dirlisting + +.. contents:: Table of Contents + +Description +=========== + +mod_dirlisting is one of the modules which is loaded by default and don't have to +be specified on server.modules to work. + +A directory listing is generated if a directory is requested and no index-file +was found in that directory. + +To enable directory listings globally: :: + + dir-listing.activate = "enable" + +If you need it only for a directory, use conditionals: :: + + $HTTP["url"] =~ "^/download($|/)" { + dir-listing.activate = "enable" + } + +You can also use a external generator for directory listings if you use +mod_indexfile. :: + + index-file.names = ( "/dir-generator.php" ) + +If a directory is requested the dir-generator.php is called instead which can +take the REQUEST_URI to see which directory was requested. + +For large folders this is highly recommend. + +Options +======= + +dir-listing.activate + enables virtual directory listings if a directory is requested no + index-file was found + + Default: disabled + +dir-listing.hide-dotfiles + if enabled, does not list hidden files in directory listings generated + by the dir-listing option. + + Default: enabled + +dir-listing.external-css + path to an external css stylesheet for the directory listing + +dir-listing.exclude + list of regular expressions. Files that match any of the specified regular + expressions will be excluded from directory listings. + +dir-listing.encoding + set a encoding for the generated directory listing + + If you file-system is not using ASCII you have to set the encoding of + the filenames as they are put into the HTML listing AS IS (with XML + encoding) + + Example: :: + + dir-listing.encoding = "utf-8" + +dir-listing.show-readme + shows README.txt after the dirlisting if it exists in the directory + + Default: disabled + +dir-listing.hide-readme-file + hides README.txt in the dirlisting + + Default: disabled + +dir-listing.show-header + shows HEADER.txt before the dirlisting if it exists in the directory + + Default: disabled + +dir-listing.hide-header-file + hides HEADER.txt in the dirlisting + + Default: disabled + +dir-listing.set-footer + + Default: empty, uses server.tag instead + +dir-listing.encode-readme + encodes all control characers, '&', '<', '>' and '\x7f' as &#x**; + + Default: enabled + +dir-listing.encode-header + encodes all control characers, '&', '<', '>' and '\x7f' as &#x**; + + Default: enabled + +dir-listing.auto-layout + Disable this if you want your own html header and footer; specify + them in HEADER.txt and README.txt + + you have to enable dir-list.show-readme/header for this of course + + .external-css and .set-footer will be ignored if this is disabled + + Default: enabled diff --git a/doc/outdated/evhost.txt b/doc/outdated/evhost.txt new file mode 100644 index 0000000..c69cc72 --- /dev/null +++ b/doc/outdated/evhost.txt @@ -0,0 +1,46 @@ +======================== +Enhanced Virtual-Hosting +======================== + +------------------ +Module: mod_evhost +------------------ + +:Author: Jan Kneschke +:Date: $Date: 2004/08/29 09:43:49 $ +:Revision: $Revision: 1.1 $ + +:abstract: + virtual hosting + +.. meta:: + :keywords: lighttpd, virtual hosting + +.. contents:: Table of Contents + +Description +=========== + +mod_evhost builds the document-root based on a pattern which contains +wildcards. Those wildcards can represent parts if the submitted hostname + + +:: + + %% => % sign + %0 => domain name + tld + %1 => tld + %2 => domain name without tld + %3 => subdomain 1 name + %4 => subdomain 2 name + %_ => the complete hostname (without port info) + + evhost.path-pattern = "/home/www/servers/%3/pages/" + +Options +======= + +evhost.path-pattern + pattern with wildcards to be replace to build a documentroot + + diff --git a/doc/outdated/expire.txt b/doc/outdated/expire.txt new file mode 100644 index 0000000..ca59c42 --- /dev/null +++ b/doc/outdated/expire.txt @@ -0,0 +1,42 @@ +=============================================== +Controlling the Expiration of Content in Caches +=============================================== + +------------------ +Module: mod_expire +------------------ + +:Author: Jan Kneschke +:Date: $Date: 2004/11/03 22:26:05 $ +:Revision: $Revision: 1.2 $ + +:abstract: + mod_expire controls the setting of the the Expire Response header + +.. meta:: + :keywords: lighttpd, expire + +.. contents:: Table of Contents + +Description +=========== + +mod_expire controls the Expire header in the Response Header of HTTP/1.0 +messages. It is usefull to set it for static files which should be cached +aggressivly like images, stylesheets or similar. + +Options +======= + +expire.url + assignes a expiration to all files below the specified path. The + specification of the time is made up of: :: + + <access|modification> <number> <years|months|days|hours|minutes|seconds> + + following the syntax used by mod_expire in Apache 1.3.x and later. + + Example: :: + + expire.url = ( "/images/" => "access 1 hour" ) + diff --git a/doc/outdated/extforward.txt b/doc/outdated/extforward.txt new file mode 100644 index 0000000..3d0c57c --- /dev/null +++ b/doc/outdated/extforward.txt @@ -0,0 +1,105 @@ +============== +mod_extforward +============== + +.. contents:: + +Overview +======== + +Comman Kang <comman.kang at gmail.com> sent me: :: + + Hello jan. + + I've made something rough but similar to mod_extract_forwarded for + Apache. This module will extract the client's "real" ip from + X-Forwarded-For header which is added by squid or other proxies. It might be + useful for servers behind reverse proxy servers. + + However, this module is causing segfault with mod_ssl or + $HTTP{''socket"} directive, crashing in config_check_cond while patching + connection , I do not understand architecture of the lighttpd well, does it + need to call patch_connection in either handle_request_done and + connection_reset ? + +Lionel Elie Mamane <lionel@mamane.lu> improved the patch: :: + + I've taken lighttpd-1.4.10-mod_extforward.c from the wiki and I've + extended it. Here is the result. + + Major changes: + + - IPv6 support + + - Fixed at least one segfault with SERVER['socket'] + + - Arrange things so that a url.access-deny under scope of a + HTTP['remoteip'] condition works well :) + + I've commented the code in some places, mostly where I wasn't sure + what was going on, or I didn't see what the original author meant to + do. + +Options +======= + +extforward.forwarder + Sets trust level of proxy IP's. + + Default: empty + + Example: :: + + extforward.forwarder = ("10.0.0.232" => "trust") + + will translate ip addresses coming from 10.0.0.232 to real ip addresses extracted from "X-Forwarded-For" or "Forwarded-For" HTTP request header. + +extforward.headers + Sets headers to search for finding the originl addresses. + + Example (for use with a Zeus ZXTM loadbalancer): :: + + extforward.headers = ("X-Cluster-Client-Ip") + + Default: empty, results in searching for "X-Forwarded-For" and "Forwarded-For" + +Note +======= + +The effect of this module is variable on $HTTP["remotip"] directives and other module's remote ip dependent actions. +Things done by modules before we change the remoteip or after we reset it will match on the proxy's IP. +Things done in between these two moments will match on the real client's IP. +The moment things are done by a module depends on in which hook it does things and within the same hook +on whether they are before/after us in the module loading order +(order in the server.modules directive in the config file). + +Tested behaviours: + + mod_access: Will match on the real client. + + mod_accesslog: + In order to see the "real" ip address in access log , + you'll have to load mod_extforward after mod_accesslog. + like this: :: + + server.modules = ( + ..... + mod_accesslog, + mod_extforward + ) + +Samples +======= + +Trust proxy 10.0.0.232 and 10.0.0.232 :: + + extforward.forwarder = ( + "10.0.0.232" => "trust", + "10.0.0.233" => "trust", + ) + +Trust all proxies (NOT RECOMMENDED!) :: + + extforward.forwarder = ( "all" => "trust") + +Note that "all" has precedence over specific entries, so "all except" setups will not work. diff --git a/doc/outdated/fastcgi-state.dot b/doc/outdated/fastcgi-state.dot new file mode 100644 index 0000000..8e3068c --- /dev/null +++ b/doc/outdated/fastcgi-state.dot @@ -0,0 +1,6 @@ +digraph fcgistate { + init -> connect -> prepwrite -> write -> read -> close + write -> write + read -> read + connect -> connect +} diff --git a/doc/outdated/fastcgi-state.txt b/doc/outdated/fastcgi-state.txt new file mode 100644 index 0000000..a05d2c2 --- /dev/null +++ b/doc/outdated/fastcgi-state.txt @@ -0,0 +1,51 @@ +================= +FastCGI Internals +================= + +--------------- +Module: fastcgi +--------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/08/01 07:01:29 $ +:Revision: $Revision: 1.1 $ + +:abstract: + This is a short summary of the state-engine which is driving the FastCGI + module. It describes the basic concepts and the way the different parts + of the module are connected. + +.. meta:: + :keywords: lighttpd, state-engine, fastcgi + +.. contents:: Table of Contents + +Description +=========== + +States +------ + +The state-engine is currently made of 6 states which are walk-through on +the way each connection. + +:init: + prepare fastcgi-connection +:connect: + waiting for a connection +:prepwrite: + build the fastcgi-request +:write: + write the fastcgi-request to the network +:read: + read fastcgi-response from network and push it to the write-queue +:close: + terminate the connection + +.. image:: fastcgi-state.png + +Delays +------ + +connect, write and read may need to wait for an fdevent. That's the reason +for the loop in the state-diagram. diff --git a/doc/outdated/fastcgi.txt b/doc/outdated/fastcgi.txt new file mode 100644 index 0000000..eee5f79 --- /dev/null +++ b/doc/outdated/fastcgi.txt @@ -0,0 +1,601 @@ +===================== +the FastCGI Interface +===================== + +------------------- +Module: mod_fastcgi +------------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/11/03 22:26:05 $ +:Revision: $Revision: 1.3 $ + +:abstract: + The FastCGI interface is the fastest and most secure way + to interface external process-handlers like Perl, PHP and + your self-written applications. + +.. meta:: + :keywords: lighttpd, FastCGI + +.. contents:: Table of Contents + +Description +=========== + +lighttpd provides an interface to a external programs that +support the FastCGI interface. The FastCGI Interface is +defined by http://www.fastcgi.com/ and is a +platform-independent and server independent interface between +a web-application and a webserver. + +This means that FastCGI programs that run with the Apache +Webserver will run seamlessly with lighttpd and vice versa. + + +FastCGI +------- + +FastCGI is removes a lot of the limitations of CGI programs. +CGI programs have the problem that they have to be restarted +by the webserver for every request which leads to really bad +performance values. + +FastCGI removes this limitation by keeping the process running +and handling the requests by this always running process. This +removes the time used for the fork() and the overall startup +and cleanup time which is necessary to create and destroy a +process. + +While CGI programs communicate to the server over pipes, +FastCGI processes use Unix-Domain-Sockets or TCP/IP to talk +with the webserver. This gives you the second advantage over +simple CGI programs: FastCGI don't have to run on the Webserver +itself but everywhere in the network. + +lighttpd takes it a little bit further by providing a internal +FastCGI load-balancer which can be used to balance the load +over multiple FastCGI Servers. In contrast to other solutions +only the FastCGI process has to be on the cluster and not the +whole webserver. That gives the FastCGI process more resources +than a e.g. load-balancer+apache+mod_php solution. + +If you compare FastCGI against a apache+mod_php solution you +should note that FastCGI provides additional security as the +FastCGI process can be run under different permissions that +the webserver and can also live a chroot which might be +different than the one the webserver is running in. + +Options +======= + +lighttpd provides the FastCGI support via the fastcgi-module +(mod_fastcgi) which provides 2 options in the config-file: + +fastcgi.debug + a value between 0 and 65535 to set the debug-level in the + FastCGI module. Currently only 0 and 1 are used. Use 1 to + enable some debug output, 0 to disable it. + +fastcgi.map-extensions + map multiple extensions to the same fastcgi server + + Example: :: + + fastcgi.map-extensions = ( ".php3" => ".php" ) + +fastcgi.server + tell the module where to send FastCGI requests to. Every + file-extension can have it own handler. Load-Balancing is + done by specifying multiple handles for the same extension. + + structure of fastcgi.server section: :: + + ( <extension> => + ( + ( "host" => <string> , + "port" => <integer> , + "socket" => <string>, # either socket + # or host+port + "bin-path" => <string>, # OPTIONAL + "bin-environment" => <array>, # OPTIONAL + "bin-copy-environment" => <array>, # OPTIONAL + "mode" => <string>, # OPTIONAL + "docroot" => <string> , # OPTIONAL if "mode" + # is not "authorizer" + "check-local" => <string>, # OPTIONAL + "max-procs" => <integer>, # OPTIONAL + "broken-scriptfilename" => <boolean>, # OPTIONAL + "disable-time" => <integer>, # optional + "allow-x-send-file" => <boolean>, # optional + "kill-signal" => <integer>, # OPTIONAL + "fix-root-scriptname" => <boolean>, + # OPTIONAL + ( "host" => ... + ) + ) + ) + + :<extension>: is the file-extension or prefix + (if started with "/") + :"host": is hostname/ip of the FastCGI process + :"port": is tcp-port on the "host" used by the FastCGI + process + :"bin-path": path to the local FastCGI binary which should be + started if no local FastCGI is running + :"socket": path to the unix-domain socket + :"mode": is the FastCGI protocol mode. + Default is "responder", also "authorizer" + mode is implemented. + :"docroot": is optional and is the docroot on the remote + host for default "responder" mode. For + "authorizer" mode it is MANDATORY and it points + to docroot for authorized requests. For security + reasons it is recommended to keep this docroot + outside of server.document-root tree. + :"check-local": is optional and may be "enable" (default) or + "disable". If enabled the server first check + for a file in local server.document-root tree + and return 404 (Not Found) if no such file. + If disabled, the server forward request to + FastCGI interface without this check. + :"broken-scriptfilename": breaks SCRIPT_FILENAME in a wat that + PHP can extract PATH_INFO from it (default: disabled) + :"disable-time": time to wait before a disabled backend is checked + again + :"allow-x-send-file": controls if X-LIGHTTPD-send-file headers + are allowed + :"fix-root-scriptname": fix broken path-info split for "/" extension ("prefix") + + If bin-path is set: + + :"max-procs": the upper limit of the processess to start + :"bin-environment": put an entry into the environment of + the started process + :"bin-copy-environement": clean up the environment and copy + only the specified entries into the fresh + environment of the spawn process + :"kill-signal": signal to terminate the FastCGI process with, + defauls to SIGTERM + +Examples +-------- + + Multiple extensions for the same host :: + + fastcgi.server = ( ".php" => + (( "host" => "127.0.0.1", + "port" => 1026, + "bin-path" => "/usr/local/bin/php" + )), + ".php4" => + (( "host" => "127.0.0.1", + "port" => 1026 + )) + ) + + Example with prefix: :: + + fastcgi.server = ( "/remote_scripts/" => + (( "host" => "192.168.0.3", + "port" => 9000, + "check-local" => "disable", + "docroot" => "/" # remote server may use + # it's own docroot + )) + ) + + The request `http://my.host.com/remote_scripts/test.cgi` will + be forwarded to fastcgi server at 192.168.0.3 and the value + "/remote_scripts/test.cgi" will be used for the SCRIPT_NAME + variable. Remote server may prepend it with its own + document root. The handling of index files is also the + resposibility of remote server for this case. + + In the case that the prefix is not terminated with a slash + the prefix will be handled as file and /test.cgi would become + a PATH_INFO instead of part of SCRIPT_NAME. + + + Example for "authorizer" mode: :: + + fastcgi.server = ( "/remote_scripts/" => + (( "host" => "10.0.0.2", + "port" => 9000, + "docroot" => "/path_to_private_docs", + "mode" => "authorizer" + )) + ) + + Note that if "docroot" is specified then its value will be + used in DOCUMENT_ROOT and SCRIPT_FILENAME variables passed + to FastCGI server. + +Load-Balancing +============== + +The FastCGI plugin provides automaticly a load-balancing between +multiple FastCGI servers. :: + + fastcgi.server = ( ".php" => + (( "host" => "10.0.0.2", "port" => 1030 ), + ( "host" => "10.0.0.3", "port" => 1030 )) + ) + + +To understand how the load-balancing works you can enable the +fastcgi.debug option and will get a similar output as here: :: + + proc: 127.0.0.1 1031 1 1 1 31454 + proc: 127.0.0.1 1028 1 1 1 31442 + proc: 127.0.0.1 1030 1 1 1 31449 + proc: 127.0.0.1 1029 1 1 2 31447 + proc: 127.0.0.1 1026 1 1 2 31438 + got proc: 34 31454 + release proc: 40 31438 + proc: 127.0.0.1 1026 1 1 1 31438 + proc: 127.0.0.1 1028 1 1 1 31442 + proc: 127.0.0.1 1030 1 1 1 31449 + proc: 127.0.0.1 1031 1 1 2 31454 + proc: 127.0.0.1 1029 1 1 2 31447 + +Even if this for multiple FastCGI children on the local machine +the following explaination is valid for remote connections too. + +The output shows: + +- IP, port, unix-socket (is empty here) +- is-local, state (0 - unset, 1 - running, ... ) +- active connections (load) +- PID + +As you can see the list is always sorted by the load field. + +Whenever a new connection is requested, the first entry (the one +with the lowest load) is selected, the load is increased (got proc: ...) +and the list is sorted again. + +If a FastCGI request is done or the connection is dropped, the load on the +FastCGI proc decreases and the list is sorted again (release proc: ...) + +This behaviour is very light-weight in code and still very efficient +as it keeps the fastcgi-servers equally loaded even if they have different +CPUs. + +Adaptive Process Spawning +========================= + +.. note:: This feature is disabled in 1.3.14 again. min-procs is + ignored in that release + +Starting with 1.3.8 lighttpd can spawn processes on demand if +a bin-path is specified and the FastCGI process runs locally. + +If you want to have a least one FastCGI process running and +more of the number of requests increases you can use min-procs +and max-procs. + +A new process is spawned as soon as the average number of +requests waiting to be handle by a single process increases the +max-load-per-proc setting. + +The idle-timeout specifies how long a fastcgi-process should wait +for a new request before it kills itself. + +Example +------- +:: + + fastcgi.server = ( ".php" => + (( "socket" => "/tmp/php.socket", + "bin-path" => "/usr/local/bin/php", + "min-procs" => 1, + "max-procs" => 32, + "max-load-per-proc" => 4, + "idle-timeout" => 20 + )) + ) + +Disabling Adaptive Spawning +--------------------------- + +Adaptive Spawning is a quite new feature and it might misbehave +for your setup. There are several ways to control how the spawing +is done: + +1. ``"max-load-per-proc" => 1`` + if that works for you, great. + +2. If not set ``min-procs == max-procs``. + +3. For PHP you can also use: :: + + $ PHP_FCGI_CHILDREN=384 ./lighttpd -f ./lighttpd.conf + + fastcgi.server = ( ".php" => + (( "socket" => "/tmp/php.socket", + "bin-path" => "/usr/local/bin/php", + "min-procs" => 1, + "max-procs" => 1, + "max-load-per-proc" => 4, + "idle-timeout" => 20 + )) + ) + + It will create one socket and let's PHP create the 384 processes itself. + +4. If you don't want lighttpd to manage the fastcgi processes, remove the + bin-path and use spawn-fcgi to spawn them itself. + + +FastCGI and Programming Languages +================================= + +Preparing PHP as a FastCGI program +---------------------------------- + +One of the most important application that has a FastCGI +interface is php which can be downloaded from +http://www.php.net/ . You have to recompile the php from +source to enable the FastCGI interface as it is normally +not enabled by default in the distributions. + +If you already have a working installation of PHP on a +webserver execute a small script which just contains :: + + <?php phpinfo(); ?> + +and search for the line in that contains the configure call. +You can use it as the base for the compilation. + +You have to remove all occurences of `--with-apxs`, `--with-apxs2` +and the like which would build PHP with Apache support. Add the +next three switches to compile PHP with FastCGI support:: + + $ ./configure \ + --enable-fastcgi \ + --enable-force-cgi-redirect \ + ... + +After compilation and installation check that your PHP +binary contains FastCGI support by calling: :: + + $ php -v + PHP 4.3.3RC2-dev (cgi-fcgi) (built: Oct 19 2003 23:19:17) + +The important part is the (cgi-fcgi). + + +Starting a FastCGI-PHP +---------------------- + +Starting with version 1.3.6 lighttpd can spawn the FastCGI +processes locally itself if necessary: :: + + fastcgi.server = ( ".php" => + (( "socket" => "/tmp/php-fastcgi.socket", + "bin-path" => "/usr/local/bin/php" + )) + ) + +PHP provides 2 special environment variables which control the number of +spawned workes under the control of a single watching process +(PHP_FCGI_CHILDREN) and the number of requests what a single worker +handles before it kills itself. :: + + fastcgi.server = ( ".php" => + (( "socket" => "/tmp/php-fastcgi.socket", + "bin-path" => "/usr/local/bin/php", + "bin-environment" => ( + "PHP_FCGI_CHILDREN" => "16", + "PHP_FCGI_MAX_REQUESTS" => "10000" + ) + )) + ) + +To increase the security of the started process you should only pass +the necessary environment variables to the FastCGI process. :: + + fastcgi.server = ( ".php" => + (( "socket" => "/tmp/php-fastcgi.socket", + "bin-path" => "/usr/local/bin/php", + "bin-environment" => ( + "PHP_FCGI_CHILDREN" => "16", + "PHP_FCGI_MAX_REQUESTS" => "10000" ), + "bin-copy-environment" => ( + "PATH", "SHELL", "USER" ) + )) + ) + +Configuring PHP +--------------- + +If you want to use PATH_INFO and PHP_SELF in you PHP scripts you have to +configure php and lighttpd. The php.ini needs the option: :: + + cgi.fix_pathinfo = 1 + +and the option ``broken-scriptfilename`` in your fastcgi.server config: :: + + fastcgi.server = ( ".php" => + (( "socket" => "/tmp/php-fastcgi.socket", + "bin-path" => "/usr/local/bin/php", + "bin-environment" => ( + "PHP_FCGI_CHILDREN" => "16", + "PHP_FCGI_MAX_REQUESTS" => "10000" ), + "bin-copy-environment" => ( + "PATH", "SHELL", "USER" ), + "broken-scriptfilename" => "enable" + )) + ) + +Why this ? the ``cgi.fix_pathinfo = 0`` would give you a working ``PATH_INFO`` +but no ``PHP_SELF``. If you enable it, it turns around. To fix the +``PATH_INFO`` `--enable-discard-path` needs a SCRIPT_FILENAME which is against the CGI spec, a +broken-scriptfilename. With ``cgi.fix_pathinfo = 1`` in php.ini and +``broken-scriptfilename => "enable"`` you get both. + + +External Spawning +----------------- + +Spawning FastCGI processes directly in the webserver has some +disadvantages like + +- FastCGI process can only run locally +- has the same permissions as the webserver +- has the same base-dir as the webserver + +As soon as you are using a seperate FastCGI Server to +take off some load from the webserver you have to control +the FastCGI process by a external program like spawn-fcgi. + +spawn-fcgi is used to start a FastCGI process in its own +environment and set the user-id, group-id and change to +another root-directory (chroot). + +For convenience a wrapper script should be used which takes +care of all the necessary option. Such a script in included +in the lighttpd distribution and is call spawn-php.sh. + +The script has a set of config variables you should take +a look at: :: + + ## ABSOLUTE path to the spawn-fcgi binary + SPAWNFCGI="/usr/local/sbin/spawn-fcgi" + + ## ABSOLUTE path to the PHP binary + FCGIPROGRAM="/usr/local/bin/php" + + ## bind to tcp-port on localhost + FCGIPORT="1026" + + ## bind to unix domain socket + # FCGISOCKET="/tmp/php.sock" + + ## number of PHP childs to spawn + PHP_FCGI_CHILDREN=10 + + ## number of request server by a single php-process until + ## is will be restarted + PHP_FCGI_MAX_REQUESTS=1000 + + ## IP adresses where PHP should access server connections + ## from + FCGI_WEB_SERVER_ADDRS="127.0.0.1,192.168.0.1" + + # allowed environment variables sperated by spaces + ALLOWED_ENV="ORACLE_HOME PATH USER" + + ## if this script is run as root switch to the following user + USERID=wwwrun + GROUPID=wwwrun + +If you have set the variables to values that fit to your +setup you can start it by calling: :: + + $ spawn-php.sh + spawn-fcgi.c.136: child spawned successfully: PID: 6925 + +If you get "child spawned successfully: PID:" the php +processes could be started successfully. You should see them +in your processlist: :: + + $ ps ax | grep php + 6925 ? S 0:00 /usr/local/bin/php + 6928 ? S 0:00 /usr/local/bin/php + ... + +The number of processes should be PHP_FCGI_CHILDREN + 1. +Here the process 6925 is the master of the slaves which +handle the work in parallel. Number of parallel workers can +be set by PHP_FCGI_CHILDREN. A worker dies automaticly of +handling PHP_FCGI_MAX_REQUESTS requests as PHP might have +memory leaks. + +If you start the script as user root php processes will be +running as the user USERID and group GROUPID to drop the +root permissions. Otherwise the php processes will run as +the user you started script as. + +As the script might be started from a unknown stage or even +directly from the command-line it cleans the environment +before starting the processes. ALLOWED_ENV contains all +the external environement variables that should be available +to the php-process. + + +Perl +---- + +For Perl you have to install the FCGI module from CPAN. + +Skeleton for remote authorizer +============================== + +The basic functionality of authorizer is as follows (see +http://www.fastcgi.com/devkit/doc/fcgi-spec.html, 6.3 for +details). :: + + #include <fcgi_stdio.h> + #include <stdlib.h> + #include <unistd.h> + int main () { + char* p; + + while (FCGI_Accept() >= 0) { + /* wait for fastcgi authorizer request */ + + printf("Content-type: text/html\r\n"); + + if ((p = getenv("QUERY_STRING")) == NULL) || + <QUERY_STRING is unauthorized>) + printf("Status: 403 Forbidden\r\n\r\n"); + + else printf("\r\n"); + /* default Status is 200 - allow access */ + } + + return 0; + } + +It is possible to use any other variables provided by +FastCGI interface for authorization check. Here is only an +example. + + +Troubleshooting +=============== + +fastcgi.debug should be enabled for troubleshooting. + +If you get: :: + + (fcgi.c.274) connect delayed: 8 + (fcgi.c.289) connect succeeded: 8 + (fcgi.c.745) unexpected end-of-file (perhaps the fastcgi + process died): 8 + +the fastcgi process accepted the connection but closed it +right away. This happens if FCGI_WEB_SERVER_ADDRS doesn't +include the host where you are connection from. + +If you get :: + + (fcgi.c.274) connect delayed: 7 + (fcgi.c.1107) error: unexpected close of fastcgi connection + for /peterp/seite1.php (no fastcgi process on host/port ?) + (fcgi.c.1015) emergency exit: fastcgi: connection-fd: 5 + fcgi-fd: 7 + +the fastcgi process is not running on the host/port you are +connection to. Check your configuration. + +If you get :: + + (fcgi.c.274) connect delayed: 7 + (fcgi.c.289) connect succeeded: 7 + +everything is fine. The connect() call just was delayed a +little bit and is completly normal. + diff --git a/doc/outdated/features.txt b/doc/outdated/features.txt new file mode 100644 index 0000000..f45fe08 --- /dev/null +++ b/doc/outdated/features.txt @@ -0,0 +1,116 @@ +=============== +progress report +=============== + +:Author: Jan Kneschke +:Date: $Date: 2004/11/03 22:26:05 $ +:Revision: $Revision: 1.2 $ + +:abstract: + This document tries to track the requested features and + the release when they have been implemented. + +.. meta:: + :keywords: lighttpd, features + +.. contents:: Table of Contents + +Description +=========== + +The document was inspired by a mail from David Phillips: + +http://marc.theaimsgroup.com/?l=thttpd&m=108051453226692&w=2 + +It is used to see what is still missing and what is already done. :: + + zell@zell.best.vwh.net writes: + > Now that the author has made the source code available, I am + > considering installing and testing the latest version. From a + > quick glance, it seems to support most/all of the features of + > Premium thttpd and Zeus. + + If you think it compares to Zeus, then you've obviously never used Zeus. + + lighttpd is currently the only non-blocking open source web server to + support FastCGI responders and that's worthwhile. + + The documentation is lacking. Comments in the configuration file do not + make up for a complete manual. + +Constantly improving. :: + + The configuration syntax is overly complex, like Apache. There is no .htaccess + support. + +.htaccess support is not planed yet. :: + + There is only one server. You cannot have a separate configuration for each + virtual server. This would seem to be especially problematic when doing + SSL. + +Works since 1.3.0. :: + + There is no SSI support. Zeus has full recursive SSI support. Output from + a FastCGI program can get run through the SSI interpreter. SSI can also do + virtual includes recursively. + +SSI works since 1.2.4. :: + + Request logging is not configurable. Zeus supports fully configurable + access logging, plus a binary version of CLF that save space. + +1.2.6 adds Apache-like logfile config. :: + + Access control only allows authentication via username and password. There + is no way to allow or deny based in IP address. + +planed for 1.3.x :: + + The request rewriting appears to only allow regex substitutions. Zeus has a + simple, yet powerful, request rewrite language. + + + + There is no support for FastCGI authorizers. These are very useful for high + traffic sites that require complex authentication schemes or that store + authorization information in a central database. + +since 1.1.9. :: + + There is no bandwidth throttling support. Zeus does bandwidth throttling + correctly (i.e. unlike past versions of thttpd) and can throttle on a + per-subserver (thttpd-style virtual hosts) basis. + +since 1.3.8. :: + + There is no ISAPI support. ISAPI is an elegant, open API that allows + modification of web server behavior. While it isn't strictly necessary for + an open source web server, it nice to have a documented, consistent API, + rather than having to manually patch the server. + +If someone requests it it might be implemented. :: + + There is no web based interface. Zeus has a complete web based interface + for everything, including a powerful feature of configuring multiple virtual + servers at once. + +That is something that should be a special feature of Zeus. :) :: + + There is no support for mapping certain URLs to specific filesystem paths. + +since 1.2.6 :: + + There is no referring checking. This is incredibly important to prevent + hotlinking of bandwidth intensive media types (images, movies, etc.). + +we have something better: mod_secdownload. And if someone wants referer +checking we have a condition in the config for it since 1.2.9 :: + + Zeus has a lot of features that lighttpd doesn't have, but I only mentioned + the ones I care about and use. + + -- + David Phillips <david@acz.org> + http://david.acz.org/ + diff --git a/doc/outdated/magnet.txt b/doc/outdated/magnet.txt new file mode 100644 index 0000000..0559174 --- /dev/null +++ b/doc/outdated/magnet.txt @@ -0,0 +1,429 @@ +{{{ +#!rst +============== +a power-magnet +============== + +------------------ +Module: mod_magnet +------------------ + + + +.. contents:: Table of Contents + +Requirements +============ + +:Version: lighttpd 1.4.12 or higher +:Packages: lua >= 5.1 + +Overview +======== + +mod_magnet is a module to control the request handling in lighty. + +.. note:: + + Keep in mind that the magnet is executed in the core of lighty. EVERY long-running operation is blocking + ALL connections in the server. You are warned. For time-consuming or blocking scripts use mod_fastcgi and friends. + +For performance reasons mod_magnet caches the compiled script. For each script-run the script itself is checked for +freshness and recompile if neccesary. + + +Installation +============ + +mod_magnet needs a lighty which is compiled with the lua-support ( --with-lua). Lua 5.1 or higher are required by +the module. Use "--with-lua=lua5.1" to install on Debian and friends. :: + + server.modules = ( ..., "mod_magnet", ... ) + +Options +======= + +mod_magnet can attract a request in several stages in the request-handling. + +* either at the same level as mod_rewrite, before any parsing of the URL is done +* or at a later stage, when the doc-root is known and the physical-path is already setup + +It depends on the purpose of the script which stage you want to intercept. Usually you want to use +the 2nd stage where the physical-path which relates to your request is known. At this level you +can run checks against lighty.env["physical.path"]. + +:: + + magnet.attract-raw-url-to = ( ... ) + magnet.attract-physical-path-to = ( ... ) + +You can define multiple scripts when separated by a semicolon. The scripts are executed in the specified +order. If one of them a returning a status-code, the following scripts will not be executed. + +Tables +====== + +Most of the interaction between between mod_magnet and lighty is done through tables. Tables in lua are hashes (Perl), dictionaries (Java), arrays (PHP), ... + +Request-Environment +------------------- + +Lighttpd has its internal variables which are exported as read/write to the magnet. + +If "http://example.org/search.php?q=lighty" is requested this results in a request like :: + + GET /search.php?q=lighty HTTP/1.1 + Host: example.org + +When you are using ``attract-raw-url-to`` you can access the following variables: + +* parts of the request-line + + * lighty.env["request.uri"] = "/search.php?q=lighty" + +* HTTP request-headers + + * lighty.request["Host"] = "example.org" + +Later in the request-handling, the URL is splitted, cleaned up and turned into a physical path name: + +* parts of the URI + + * lighty.env["uri.path"] = "/search.php" + * lighty.env["uri.path-raw"] = "/search.php" + * lighty.env["uri.scheme"] = "http" + * lighty.env["uri.authority"] = "example.org" + * lighty.env["uri.query"] = "q=lighty" + +* filenames, pathnames + + * lighty.env["physical.path"] = "/my-docroot/search.php" + * lighty.env["physical.rel-path"] = "/search.php" + * lighty.env["physical.doc-root"] = "/my-docroot" + +All of them are readable, not all of the are writable (or don't have an effect if you write to them). + +As a start, you might want to use those variables for writing: :: + + -- 1. simple rewriting is done via the request.uri + lighty.env["request.uri"] = ... + return lighty.RESTART_REQUEST + + -- 2. changing the physical-path + lighty.env["physical.path"] = ... + + -- 3. changing the query-string + lighty.env["uri.query"] = ... + +Response Headers +---------------- + +If you want to set a response header for your request, you can add a field to the lighty.header[] table: :: + + lighty.header["Content-Type"] = "text/html" + +Sending Content +=============== + +You can generate your own content and send it out to the clients. :: + + lighty.content = { "<pre>", { filename = "/etc/passwd" }, "</pre>" } + lighty.header["Content-Type"] = "text/html" + + return 200 + +The lighty.content[] table is executed when the script is finished. The elements of the array are processed left to right and the elements can either be a string or a table. Strings are included AS IS into the output of the request. + +* Strings + + * are included as is + +* Tables + + * filename = "<absolute-path>" is required + * offset = <number> [default: 0] + * length = <number> [default: size of the file - offset] + +Internally lighty will use the sendfile() call to send out the static files at full speed. + +Status Codes +============ + +You might have seen it already in other examples: In case you are handling the request completly in the magnet you +can return your own status-codes. Examples are: Redirected, Input Validation, ... :: + + if (lighty.env["uri.scheme"] == "http") then + lighty.header["Location"] = "https://" .. lighty.env["uri.authority"] .. lighty.env["request.uri"] + return 302 + end + +You every number above and equal to 100 is taken as final status code and finishes the request. No other modules are +executed after this return. + +A special return-code is lighty.RESTART_REQUEST (currently equal to 99) which is usually used in combination with +changing the request.uri in a rewrite. It restarts the splitting of the request-uri again. + +If you return nothing (or nil) the request-handling just continues. + +Debugging +========= + +To easy debugging we overloaded the print()-function in lua and redirect the output of print() to the error-log. :: + + print("Host: " .. lighty.request["Host"]) + print("Request-URI: " .. lighty.env["request.uri"]) + + +Examples +======== + +Sending text-files as HTML +-------------------------- + +This is a bit simplistic, but it illustrates the idea: Take a text-file and cover it in a <pre> tag. + +Config-file :: + + magnet.attract-physical-path-to = server.docroot + "/readme.lua" + +readme.lua :: + + lighty.content = { "<pre>", { filename = "/README" }, "</pre>" } + lighty.header["Content-Type"] = "text/html" + + return 200 + +Maintainance pages +------------------ + +Your side might be on maintainance from time to time. Instead of shutting down the server confusing all +users, you can just send a maintainance page. + +Config-file :: + + magnet.attract-physical-path-to = server.docroot + "/maintainance.lua" + +maintainance.lua :: + + require "lfs" + + if (nil == lfs.attributes(lighty.env["physical.doc-root"] .. "/maintainance.html")) then + lighty.content = ( lighty.env["physical.doc-root"] .. "/maintainance.html" ) + + lighty.header["Content-Type"] = "text/html" + + return 200 + end + +mod_flv_streaming +----------------- + +Config-file :: + + magnet.attract-physical-path-to = server.docroot + "/flv-streaming.lua" + +flv-streaming.lua:: + + if (lighty.env["uri.query"]) then + -- split the query-string + get = {} + for k, v in string.gmatch(lighty.env["uri.query"], "(%w+)=(%w+)") do + get[k] = v + end + + if (get["start"]) then + -- missing: check if start is numeric and positive + + -- send te FLV header + a seek into the file + lighty.content = { "FLV\x1\x1\0\0\0\x9\0\0\0\x9", + { filename = lighty.env["physical.path"], offset = get["start"] } } + lighty.header["Content-Type"] = "video/x-flv" + + return 200 + end + end + + +selecting a random file from a directory +---------------------------------------- + +Say, you want to send a random file (ad-content) from a directory. + +To simplify the code and to improve the performance we define: + +* all images have the same format (e.g. image/png) +* all images use increasing numbers starting from 1 +* a special index-file names the highest number + +Config :: + + server.modules += ( "mod_magnet" ) + magnet.attract-physical-path-to = "random.lua" + +random.lua :: + + dir = lighty.env["physical.path"] + + f = assert(io.open(dir .. "/index", "r")) + maxndx = f:read("*all") + f:close() + + ndx = math.random(maxndx) + + lighty.content = { { filename = dir .. "/" .. ndx }} + lighty.header["Content-Type"] = "image/png" + + return 200 + +denying illegal character sequences in the URL +---------------------------------------------- + +Instead of implementing mod_security, you might just want to apply filters on the content +and deny special sequences that look like SQL injection. + +A common injection is using UNION to extend a query with another SELECT query. + +:: + + if (string.find(lighty.env["request.uri"], "UNION%s")) then + return 400 + end + +Traffic Quotas +-------------- + +If you only allow your virtual hosts a certain amount for traffic each month and want to +disable them if the traffic is reached, perhaps this helps: :: + + host_blacklist = { ["www.example.org"] = 0 } + + if (host_blacklist[lighty.request["Host"]]) then + return 404 + end + +Just add the hosts you want to blacklist into the blacklist table in the shown way. + +Complex rewrites +---------------- + +If you want to implement caching on your document-root and only want to regenerate +content if the requested file doesn't exist, you can attract the physical.path: :: + + magnet.attract-physical-path-to = ( server.document-root + "/rewrite.lua" ) + +rewrite.lua :: + + require "lfs" + + attr = lfs.attributes(lighty.env["physical.path"]) + + if (not attr) then + -- we couldn't stat() the file for some reason + -- let the backend generate it + + lighty.env["uri.path"] = "/dispatch.fcgi" + lighty.env["physical.rel-path"] = lighty.env["uri.path"] + lighty.env["physical.path"] = lighty.env["physical.doc-root"] .. lighty.env["physical.rel-path"] + fi + +luafilesystem ++++++++++++++ + +We are requiring the lua-module 'lfs' (http://www.keplerproject.org/luafilesystem/). + +I had to compile lfs myself for lua-5.1 which required a minor patch as compat-5.1 is not needed:: + + $ wget http://luaforge.net/frs/download.php/1487/luafilesystem-1.2.tar.gz + $ wget http://www.lighttpd.net/download/luafilesystem-1.2-lua51.diff + $ gzip -cd luafilesystem-1.2.tar.gz | tar xf - + $ cd luafilesystem-1.2 + $ patch -ls -p1 < ../luafilesystem-1.2-lua51.diff + $ make install + +It will install lfs.so into /usr/lib/lua/5.1/ which is where lua expects the extensions on my system. + +SuSE and Gentoo are known to have their own lfs packages and don't require a compile. + +Usertracking +------------ + +... or how to store data globally in the script-context: + +Each script has its own script-context. When the script is started it only contains the lua-functions +and the special lighty.* name-space. If you want to save data between script runs, you can use the global-script +context: + +:: + + if (nil == _G["usertrack"]) then + _G["usertrack"] = {} + end + if (nil == _G["usertrack"][lighty.request["Cookie"]]) then + _G["usertrack"][lighty.request["Cookie"]] + else + _G["usertrack"][lighty.request["Cookie"]] = _G["usertrack"][lighty.request["Cookie"]] + 1 + end + + print _G["usertrack"][lighty.request["Cookie"]] + +The global-context is per script. If you update the script without restarting the server, the context will still be maintained. + +Counters +-------- + +mod_status support a global statistics page and mod_magnet allows to add and update values in the status page: + +Config :: + + status.statistics-url = "/server-counters" + magnet.attract-raw-url-to = server.docroot + "/counter.lua" + +counter.lua :: + + lighty.status["core.connections"] = lighty.status["core.connections"] + 1 + +Result:: + + core.connections: 7 + fastcgi.backend.php-foo.0.connected: 0 + fastcgi.backend.php-foo.0.died: 0 + fastcgi.backend.php-foo.0.disabled: 0 + fastcgi.backend.php-foo.0.load: 0 + fastcgi.backend.php-foo.0.overloaded: 0 + fastcgi.backend.php-foo.1.connected: 0 + fastcgi.backend.php-foo.1.died: 0 + fastcgi.backend.php-foo.1.disabled: 0 + fastcgi.backend.php-foo.1.load: 0 + fastcgi.backend.php-foo.1.overloaded: 0 + fastcgi.backend.php-foo.load: 0 + +Porting mod_cml scripts +----------------------- + +mod_cml got replaced by mod_magnet. + +A CACHE_HIT in mod_cml:: + + output_include = { "file1", "file2" } + + return CACHE_HIT + +becomes:: + + content = { { filename = "/path/to/file1" }, { filename = "/path/to/file2"} } + + return 200 + +while a CACHE_MISS like (CML) :: + + trigger_handler = "/index.php" + + return CACHE_MISS + +becomes (magnet) :: + + lighty.env["request.uri"] = "/index.php" + + return lighty.RESTART_REQUEST + +}}} diff --git a/doc/outdated/mysqlvhost.txt b/doc/outdated/mysqlvhost.txt new file mode 100644 index 0000000..9a869a1 --- /dev/null +++ b/doc/outdated/mysqlvhost.txt @@ -0,0 +1,58 @@ +==================== +MySQL-based vhosting +==================== + +----------------------- +Module: mod_mysql_vhost +----------------------- + +:Author: ada@riksnet.se +:Date: $Date: 2004/08/29 09:43:49 $ +:Revision: $Revision: 1.1 $ + +:abstract: + This module provides virtual hosts (vhosts) based on a MySQL table + +.. meta:: + :keywords: lighttpd, mysql, vhost + +.. contents:: Table of Contents + +Description +=========== + +With MySQL-based vhosting you can store the path to a given host's +document root in a MySQL database. + +.. note:: Keep in mind that only one vhost module should be active at a time. + Don't mix mod_simple_vhost with mod_mysql_vhost. + +Options +======= + +Example: :: + + mysql-vhost.db = "lighttpd" + mysql-vhost.user = "lighttpd" + mysql-vhost.pass = "secret" + mysql-vhost.sock = "/var/mysql.lighttpd.sock" + mysql-vhost.sql = "SELECT docroot FROM domains WHERE domain='?'" + + +MySQL setup: :: + + GRANT SELECT ON lighttpd.* TO lighttpd@localhost IDENTIFIED BY 'secret'; + + CREATE DATABASE lighttpd; + + USE lighttpd; + + CREATE TABLE domains ( + domain varchar(64) not null primary key, + docroot varchar(128) not null + ); + + INSERT INTO domains VALUES ('host.dom.ain','/http/host.dom.ain/'); + + + diff --git a/doc/outdated/performance.txt b/doc/outdated/performance.txt new file mode 100644 index 0000000..04d48a1 --- /dev/null +++ b/doc/outdated/performance.txt @@ -0,0 +1,239 @@ +======================== +Performance Improvements +======================== + +------------ +Module: core +------------ + +:Author: Jan Kneschke +:Date: $Date: 2004/11/03 22:26:05 $ +:Revision: $Revision: 1.3 $ + +:abstract: + handling performance issues in lighttpd + +.. meta:: + :keywords: lighttpd, performance + +.. contents:: Table of Contents + +Description +=========== + +Performance Issues +------------------ + +lighttpd is optimized into varying directions. The most important direction is +performance. The operation system has two major facilities to help lighttpd +a deliver its best performance. + +HTTP Keep-Alive +--------------- + +Disabling keep-alive might help your server if you suffer from a large +number of open file descriptors. + +The defaults for the server are: :: + + server.max-keep-alive-requests = 128 + server.max-keep-alive-idle = 30 + server.max-read-idle = 60 + server.max-write-idle = 360 + +handling 128 keep-alive requests in a row on a single connection, waiting 30 seconds +before an unused keep-alive connection gets dropped by lighttpd. + +If you handle several connections at once under a high load (let's assume 500 connections +in parallel for 24h) you might run into the out-of-fd problem described below. :: + + server.max-keep-alive-requests = 4 + server.max-keep-alive-idle = 4 + +would release the connections earlier and would free file descriptors without a +detrimental performance loss. + +Disabling keep-alive completely is the last resort if you are still short on file descriptors: :: + + server.max-keep-alive-requests = 0 + +Event Handlers +-------------- + +The first one is the Event Handler which takes care of notifying the server +that one of the connections is ready to send or receive. As you can see, +every OS has at least the select() call which has some limitations. + +============ ========== =============== +OS Method Config Value +============ ========== =============== +all select select +Unix poll poll +Linux 2.4+ rt-signals linux-rtsig +Linux 2.6+ epoll linux-sysepoll +Solaris /dev/poll solaris-devpoll +FreeBSD, ... kqueue freebsd-kqueue +============ ========== =============== + + +For more information on this topic take a look at http://www.kegel.com/c10k.html + +Configuration +````````````` + +The event handler can be set by specifying the 'Config Value' from above +in the ``server.event-handler`` variable + +e.g.: :: + + server.event-handler = "linux-sysepoll" + +Network Handlers +---------------- + +The basic network interface for all platforms at the syscalls read() and +write(). Every modern OS provides its own syscall to help network servers +transfer files as fast as possible. + +If you want to send out a file from the webserver, it doesn't make any sense +to copy the file into the webserver just to write() it back into a socket +in the next step. + +sendfile() minimizes the work in the application and pushes a file directly +into the network card (ideally). + +lighttpd supports all major platform-specific calls: + +========== ========== +OS Method +========== ========== +all write +Unix writev +Linux 2.4+ sendfile +Linux 2.6+ sendfile64 +Solaris sendfilev +FreeBSD sendfile +========== ========== + +The best backend is selected at compile time. In case you want to use +another backend set: :: + + server.network-backend = "writev" + +You can find more information about network backend in: + + http://blog.lighttpd.net/articles/2005/11/11/optimizing-lighty-for-high-concurrent-large-file-downloads + + +Max Connections +--------------- + +As lighttpd is a single-threaded server, its main resource limit is the +number of file descriptors, which is set to 1024 by default (on most systems). + +If you are running a high-traffic site you might want to increase this limit +by setting :: + + server.max-fds = 2048 + +This only works if lighttpd is started as root. + +Out-of-fd condition +------------------- + +Since file descriptors are used for TCP/IP sockets, files and directories, +a simple request for a PHP page might result in using 3 file descriptors: + +1. the TCP/IP socket to the client +2. the TCP/IP and Unix domain socket to the FastCGI process +3. the filehandle to the file in the document root to check if it exists + +If lighttpd runs out of file descriptors, it will stop accepting new +connections for awhile to use the existing file descriptors to handle the +currently-running requests. + +If more than 90% of the file descriptors are used then the handling of new +connections is disabled. If it drops below 80% again new connections will +be accepted again. + +Under some circumstances you will see :: + + ... accept() failed: Too many open files + +in the error log. This tells you there were too many new requests at once +and lighttpd could not disable the incoming connections soon enough. The +connection was dropped and the client received an error message like 'connection +failed'. This is very rare and might only occur in test setups. + +Increasing the ``server.max-fds`` limit will reduce the probability of this +problem. + +stat() cache +============ + +A stat(2) can be expensive; caching it saves time and context switches. + +Instead of using stat() every time to check for the existence of a file +you can stat() it once and monitor the directory the file is in for +modifications. As long as the directory doesn't change, the files in it +must all still be the same. + +With the help of FAM or gamin you can use kernel events to assure that +your stat cache is up to date. :: + + server.stat-cache-engine = "fam" # either fam, simple or disabled + + +Platform-Specific Notes +======================= + +Linux +----- + +For Linux 2.4.x you should think about compiling lighttpd with the option +``--disable-lfs`` to disable the support for files larger than 2GB. lighttpd will +fall back to the ``writev() + mmap()`` network calls which is ok, but not as +fast as possible but support files larger than 2GB. + +Disabling the TCP options reduces the overhead of each TCP packet and might +help to get the last few percent of performance out of the server. Be aware that +disabling these options most likely decreases performance for high-latency and lossy +links. + +- net.ipv4.tcp_sack = 0 +- net.ipv4.tcp_timestamps = 0 + +Increasing the TCP send and receive buffers will increase the performance a +lot if (and only if) you have a lot of large files to send. + +- net.ipv4.tcp_wmem = 4096 65536 524288 +- net.core.wmem_max = 1048576 + +If you have a lot of large file uploads, increasing the receive buffers will help. + +- net.ipv4.tcp_rmem = 4096 87380 524288 +- net.core.rmem_max = 1048576 + +Keep in mind that every TCP connection uses the configured amount of memory for socket +buffers. If you've got many connections this can quickly drain the available memory. + +See http://www.acc.umu.se/~maswan/linux-netperf.txt for more information on these parameters. + +FreeBSD +------- + +On FreeBSD you might gain some performance by enabling accept filters. Just +compile your kernel with: :: + + options ACCEPT_FILTER_HTTP + +For more ideas about tuning FreeBSD read: tuning(7) + +Reducing the recvspace should always be ok if the server only handles HTTP +requests without large uploads. Increasing the sendspace would reduce the +system load if you have a lot of large files to be sent, but keep in mind that +you have to provide the memory in the kernel for each connection. 1024 * 64KB +would mean 64MB of kernel RAM. Keep this in mind. + +- net.inet.tcp.recvspace = 4096 + diff --git a/doc/outdated/plugins.txt b/doc/outdated/plugins.txt new file mode 100644 index 0000000..22dee40 --- /dev/null +++ b/doc/outdated/plugins.txt @@ -0,0 +1,260 @@ +================ +Plugin Interface +================ + +------------ +Module: core +------------ + +:Author: Jan Kneschke +:Date: $Date: 2004/08/01 07:01:29 $ +:Revision: $Revision: 1.1 $ + +:abstract: + The plugin interface is an integral part of lighttpd which + provides a flexible way to add specific functionality to lighttpd. + +.. meta:: + :keywords: lighttpd, plugins + +.. contents:: Table of Contents + +Description +=========== + +Plugins allow you to enhance the functionality of lighttpd without +changing the core of the webserver. They can be loaded at startup time +and can change virtually any aspect of the behaviour of the webserver. + +Plugin Entry Points +------------------- + +lighttpd has 16 hooks which are used in different states of the +execution of the request: + +Serverwide hooks +```````````````` + +:init_: + called when the plugin is loaded +:cleanup_: + called when the plugin is unloaded +:set_defaults_: + called when the configuration has to be processed +:handle_trigger_: + called once a second +:handle_sighup_: + called when the server received a SIGHUP + +Connectionwide hooks +```````````````````` + +Most of these hooks are called in ``http_response_prepare()`` after some +fields in the connection structure are set. + +:handle_uri_raw_: + called after uri.path_raw, uri.authority and uri.scheme are set +:handle_uri_clean_: + called after uri.path (a clean URI without .. and %20) is set +:handle_docroot_: + called at the end of the logical path handle to get a docroot +:handle_subrequest_start_: + called if the physical path is set up and checked +:handle_subrequest_: + called at the end of ``http_response_prepare()`` +:handle_physical_path_: + called after the physical path is created and no other handler is + found for this request +:handle_request_done_: + called when the request is done +:handle_connection_close_: + called if the connection has to be closed +:handle_joblist_: + called after the connection_state_engine is left again and plugin + internal handles have to be called +:connection_reset_: + called if the connection structure has to be cleaned up + + +Plugin Interface +---------------- + +\*_plugin_init +`````````````` + +Every plugin has a uniquely-named function which is called after the +plugin is loaded. It is used to set up the ``plugin`` structure with +some useful data: + +- name of the plugin ``name`` +- all hooks + +The field ``data`` and ``lib`` should not be touched in the init function. +``lib`` is the library handler from dlopen and ``data`` will be the storage +of the internal plugin data. + +:returns: + 0 (not handled) + +init +```` + +The first real call of a plugin function is the init hook which is used +to set up the internal plugin data. The internal plugin is assigned the +``data`` field mentioned in the \*_plugin_init description. + +:returns: + a pointer to the internal plugin data. + +cleanup +``````` + +The cleanup hook is called just before the plugin is unloaded. It is meant +to free all buffers allocated in ``init`` or somewhere else in the plugin +which are still not freed and to close all handles which were opened and +are not closed yet. + +:returns: + HANDLER_GO_ON if ok (not handled) + +set_defaults +```````````` + +set_defaults is your entry point into the configfile parsing. It should +pass a list of options to ``config_insert_values`` and check if +the plugin configuration is valid. If it is not valid yet, it should +set useful defaults or return with HANDLER_ERROR and an error message. + +:returns: + HANDLER_GO_ON if ok + + HANDLER_ERROR will terminate lighttpd + +connection_reset +```````````````` + +called at the end of each request + +:returns: + HANDLER_GO_ON if ok + + HANDLER_ERROR on error + +handle_trigger +`````````````` + +called once a second + +:returns: + HANDLER_GO_ON if ok + + HANDLER_ERROR on error + +handle_sighup +````````````` + +called if a SIGHUP is received (cycling logfiles, ...) + +:returns: + HANDLER_GO_ON if ok + + HANDLER_ERROR on error + +handle_uri_raw +`````````````` + +called after uri_raw is set + +:returns: + HANDLER_GO_ON if ok + HANDLER_FINISHED if the final output is prepared + + HANDLER_ERROR on error + +handle_uri_clean +```````````````` + +called after uri.path is set + +:returns: + HANDLER_GO_ON if ok + HANDLER_FINISHED if the final output is prepared + + HANDLER_ERROR on error + +handle_docroot +`````````````` + +called when a docroot is needed + +:returns: + HANDLER_GO_ON if ok + HANDLER_FINISHED if the final output is prepared + + HANDLER_ERROR on error + +handle_subrequest_start +``````````````````````` + +called after physical.path is set + +:returns: + HANDLER_GO_ON if ok + HANDLER_FINISHED if the final output is prepared + + HANDLER_ERROR on error + +handle_subrequest +````````````````` + +called if subrequest_start requested a COMEBACK or a WAIT_FOR_EVENT + +:returns: + HANDLER_GO_ON if ok + HANDLER_FINISHED if the final output is prepared + + HANDLER_ERROR on error + +handle_physical_path +```````````````````` + +called after physical.path is set + +:returns: + HANDLER_GO_ON if ok + HANDLER_FINISHED if the final output is prepared + + HANDLER_ERROR on error + + +handle_request_done +``````````````````` + +called at the end of the request (logging, statistics, ...) + +:returns: + HANDLER_GO_ON if ok + + HANDLER_ERROR on error + +handle_connection_close +``````````````````````` + +called if the connection is terminated + +:returns: + HANDLER_GO_ON if ok + + HANDLER_ERROR on error + +handle_joblist +`````````````` + +called if the state of the connection has changed + +:returns: + HANDLER_GO_ON if ok + + HANDLER_ERROR on error + + diff --git a/doc/outdated/proxy.txt b/doc/outdated/proxy.txt new file mode 100644 index 0000000..b8a3997 --- /dev/null +++ b/doc/outdated/proxy.txt @@ -0,0 +1,104 @@ +=================== +the Proxy Interface +=================== + +----------------- +Module: mod_proxy +----------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/08/01 07:01:29 $ +:Revision: $Revision: 1.1 $ + +:abstract: + The proxy module a simplest way to connect lighttpd to + java servers which have a HTTP-interface. + +.. meta:: + :keywords: lighttpd, Proxy + +.. contents:: Table of Contents + +Description +=========== + +... + +Options +======= + +lighttpd provides the Proxy support via the proxy-module +(mod_proxy) which provides 2 options in the config-file: + +:proxy.debug: + a value between 0 and 65535 to set the debug-level in the + Proxy module. Currently only 0 and 1 are used. Use 1 to + enable some debug output, 0 to disable it. + +:proxy.balance: + might be one of 'hash', 'round-robin' or 'fair' (default). + + 'round-robin' choses another host for each request, 'hash' + is generating a hash over the request-uri and makes sure + that the same request URI is sent to always the same host. + That can increase the performance of the backend servers + a lot due to higher cache-locality. 'fair' is the normal + load-based, passive balancing. + +:proxy.server: + tell the module where to send Proxy requests to. Every + file-extension can have its own handler. Load-Balancing is + done by specifying multiple handles for the same extension. + + structure of proxy.server section: :: + + ( <extension> => + ( + ( "host" => <string> , + "port" => <integer> ), + ( "host" => <string> , + "port" => <integer> ) + ), + <extension> => ... + ) + + :<extension>: is the file-extension or prefix (if started with "/") + might empty to match all requests + :"host": is ip of the proxy server + :"port": is tcp-port on the "host" used by the proxy + server (default: 80) + + e.g.: :: + + proxy.server = ( ".jsp" => + ( ( + "host" => "10.0.0.242", + "port" => 81 + ) ) + ) + +Example: +======== + +Using lighttpd + mod_proxy in front of 8 Squids which handle the +caching of dynamic content for you. All requests for the host +www.example.org should be forwarded to the proxy. All proxies +listen on port 80 for requests. :: + + $HTTP["host"] == "www.example.org" { + proxy.balance = "hash" + proxy.server = ( "" => ( ( "host" => "10.0.0.10" ), + ( "host" => "10.0.0.11" ), + ( "host" => "10.0.0.12" ), + ( "host" => "10.0.0.13" ), + ( "host" => "10.0.0.14" ), + ( "host" => "10.0.0.15" ), + ( "host" => "10.0.0.16" ), + ( "host" => "10.0.0.17" ) ) ) + } + +If one of the hosts goes down the all requests for this one server are +moved equally to the other servers. If you want to know more about +the algorithm used here google for 'Microsoft CARP'. + + diff --git a/doc/outdated/redirect.txt b/doc/outdated/redirect.txt new file mode 100644 index 0000000..ec54731 --- /dev/null +++ b/doc/outdated/redirect.txt @@ -0,0 +1,47 @@ +=============== +URL Redirection +=============== + +-------------------- +Module: mod_redirect +-------------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/08/29 09:43:49 $ +:Revision: $Revision: 1.1 $ + +:abstract: + url redirection + +.. meta:: + :keywords: lighttpd, redirect + +.. contents:: Table of Contents + +Description +=========== + +... + +Options +======= + +url.redirect + redirects a set of URLs externally + + e.g. :: + + url.redirect = ( "^/show/([0-9]+)/([0-9]+)$" => "http://www.example.org/show.php?isdn=$1&page$2", + "^/get/([0-9]+)/([0-9]+)$" => "http://www.example.org/get.php?isdn=$1&page$2" ) + + # make a external redirect + # from any www.host (with www.) to the host (without www.) + $HTTP["host"] =~ "^www\.(.*)" { + url.redirect = ( "^/(.*)" => "http://%1/$1" ) + } + +Warning +======= + +Do NOT use mod_redirect to protect specific urls, as the original url passed from the client +is matched against your rules, for example strings like "/abc/../xyz%2f/path". diff --git a/doc/outdated/rewrite.txt b/doc/outdated/rewrite.txt new file mode 100644 index 0000000..a139069 --- /dev/null +++ b/doc/outdated/rewrite.txt @@ -0,0 +1,77 @@ +============ +URL Rewrites +============ + +------------------- +Module: mod_rewrite +------------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/11/03 22:26:05 $ +:Revision: $Revision: 1.2 $ + +:abstract: + url rewrite + +.. meta:: + :keywords: lighttpd, rewrite + +.. contents:: Table of Contents + +Description +=========== + +internal redirects, url rewrite + +Options +======= + +url.rewrite-once + rewrites a set of URLs interally in the webserver BEFORE they are handled. + + e.g. :: + + url.rewrite-once = ( "<regex>" => "<relative-uri>" ) + +url.rewrite-repeat + rewrites a set of URLs interally in the webserver BEFORE they are handled + + e.g. :: + + url.rewrite-repeat = ( "<regex>" => "<relative-uri>" ) + +The options ``url.rewrite`` and ``url.rewrite-final`` were mapped to ``url.rewrite-once`` +in 1.3.16. + +Warning +======= + +Do NOT use mod_rewrite to protect specific urls, as the original url passed from the client +is matched against your rules, for example strings like "/abc/../xyz%2f/path". + +Examples +======== + +The regex is matching the full REQUEST_URI which is supplied by the user including +query-string.:: + + url.rewrite-once = ( "^/id/([0-9]+)$" => "/index.php?id=$1", + "^/link/([a-zA-Z]+)" => "/index.php?link=$1" ) + + + + # the following example, is, however just simulating vhost by rewrite + # * you can never change document-root by mod_rewrite + # use mod_*host instead to make real mass-vhost + + # request: http://any.domain.com/url/ + # before rewrite: REQUEST_URI="/www/htdocs/url/" + # and DOCUMENT_ROOT="/www/htdocs/" %0="www.domain.com" $1="url/" + # after rewrite: REQUEST_URI="/www/htdocs/domain.com/url/" + # still, you have DOCUMENT_ROOT=/www/htdocs/ + + server.document-root = "/www/htdocs/" + $HTTP["host"] =~ "^.*\.([^.]+\.com)$" { + url.rewrite-once = ( "^/(.*)" => "/%0/$1" ) + } + diff --git a/doc/outdated/rrdtool.txt b/doc/outdated/rrdtool.txt new file mode 100644 index 0000000..1ad5543 --- /dev/null +++ b/doc/outdated/rrdtool.txt @@ -0,0 +1,111 @@ +======= +rrdtool +======= + +------------------- +Module: mod_rrdtool +------------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/08/29 09:43:49 $ +:Revision: $Revision: 1.1 $ + +:abstract: + mod_rrdtool is used to monitor the traffic and load on the webserver + +.. meta:: + :keywords: lighttpd, skeleton + +.. contents:: Table of Contents + +Description +=========== + +RRD_ is a system to store and display time-series data (i.e. network +bandwidth, machine-room temperature, server load average). + +.. _RRD: http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/ + +Options +======= + +rrdtool.binary + path to the rrdtool binary + + e.g.: :: + + rrdtool.binary = "/usr/bin/rrdtool" + +rrdtool.db-name + filename of the rrd-database. Make sure that <rrdtool.db-name> doesn't exist + before the first run, as lighttpd has to create the DB for you. + + e.g.: :: + + rrdtool.db-name = "/var/www/lighttpd.rrd" + +Generating Graphs +================= + +:: + + #!/bin/sh + + RRDTOOL=/usr/bin/rrdtool + OUTDIR=/var/www/servers/www.example.org/pages/rrd/ + INFILE=/var/www/lighttpd.rrd + OUTPRE=lighttpd-traffic + + DISP="-v bytes --title TrafficWebserver \ + DEF:binraw=$INFILE:InOctets:AVERAGE \ + DEF:binmaxraw=$INFILE:InOctets:MAX \ + DEF:binminraw=$INFILE:InOctets:MIN \ + DEF:bout=$INFILE:OutOctets:AVERAGE \ + DEF:boutmax=$INFILE:OutOctets:MAX \ + DEF:boutmin=$INFILE:OutOctets:MIN \ + CDEF:bin=binraw,-1,* \ + CDEF:binmax=binmaxraw,-1,* \ + CDEF:binmin=binminraw,-1,* \ + CDEF:binminmax=binmaxraw,binminraw,- \ + CDEF:boutminmax=boutmax,boutmin,- \ + AREA:binmin#ffffff: \ + STACK:binmax#f00000: \ + LINE1:binmin#a0a0a0: \ + LINE1:binmax#a0a0a0: \ + LINE2:bin#a0a735:incoming \ + GPRINT:bin:MIN:%.2lf \ + GPRINT:bin:AVERAGE:%.2lf \ + GPRINT:bin:MAX:%.2lf \ + AREA:boutmin#ffffff: \ + STACK:boutminmax#00f000: \ + LINE1:boutmin#a0a0a0: \ + LINE1:boutmax#a0a0a0: \ + LINE2:bout#a0a735:outgoing \ + GPRINT:bout:MIN:%.2lf \ + GPRINT:bout:AVERAGE:%.2lf \ + GPRINT:bout:MAX:%.2lf \ + " + + + $RRDTOOL graph $OUTDIR/$OUTPRE-hour.png -a PNG --start -14400 $DISP + $RRDTOOL graph $OUTDIR/$OUTPRE-day.png -a PNG --start -86400 $DISP + $RRDTOOL graph $OUTDIR/$OUTPRE-month.png -a PNG --start -2592000 $DISP + + OUTPRE=lighttpd-requests + + DISP="-v req --title RequestsperSecond -u 1 \ + DEF:req=$INFILE:Requests:AVERAGE \ + DEF:reqmax=$INFILE:Requests:MAX \ + DEF:reqmin=$INFILE:Requests:MIN \ + CDEF:reqminmax=reqmax,reqmin,- \ + AREA:reqmin#ffffff: \ + STACK:reqminmax#0e0e0e: \ + LINE1:reqmin#a0a0a0: \ + LINE1:reqmax#a0a0a0: \ + LINE2:req#00a735:requests" + + + $RRDTOOL graph $OUTDIR/$OUTPRE-hour.png -a PNG --start -14400 $DISP + $RRDTOOL graph $OUTDIR/$OUTPRE-day.png -a PNG --start -86400 $DISP + $RRDTOOL graph $OUTDIR/$OUTPRE-month.png -a PNG --start -2592000 $DISP + diff --git a/doc/outdated/scgi.txt b/doc/outdated/scgi.txt new file mode 100644 index 0000000..dbb6371 --- /dev/null +++ b/doc/outdated/scgi.txt @@ -0,0 +1,33 @@ +================== +the SCGI Interface +================== + +------------------- +Module: mod_scgi +------------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/11/03 22:26:05 $ +:Revision: $Revision: 1.3 $ + +:abstract: + SCGI is a fast and simplified CGI interface. It is mostly + used by Python + WSGI. + +.. meta:: + :keywords: lighttpd, FastCGI + +.. contents:: Table of Contents + +Description +=========== + +The SCGI module is heavily based on the FastCGI when it comes +to configuration. Only the internal protocol between server +and client has been replaced. Please check the documentation +of the FastCGI module for more information. + +History +======= + +Added in lighttpd 1.3.14 as it was really simple to do. diff --git a/doc/outdated/secdownload.txt b/doc/outdated/secdownload.txt new file mode 100644 index 0000000..bf0a481 --- /dev/null +++ b/doc/outdated/secdownload.txt @@ -0,0 +1,147 @@ +=========================== +Secure and Fast Downloading +=========================== + +----------------------- +Module: mod_secdownload +----------------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/08/01 07:01:29 $ +:Revision: $Revision: 1.1 $ + +:abstract: + authenticated file requests and a countermeasure against + deep-linking can be achieved easily by using mod_secdownload + +.. meta:: + :keywords: lighttpd, secure, fast, downloads + +.. contents:: Table of Contents + +Options +======= + +:: + + secdownload.secret = <string> + secdownload.document-root = <string> + secdownload.uri-prefix = <string> (default: /) + secdownload.timeout = <short> (default: 60 seconds) + +Description +=========== + +there are multiple ways to handle secured download mechanisms: + +1. use the webserver and the internal HTTP authentication +2. use the application to authenticate and send the file + through the application + +Both ways have limitations: + +webserver: + +- ``+`` fast download +- ``+`` no additional system load +- ``-`` inflexible authentication handling + +application: + +- ``+`` integrated into the overall layout +- ``+`` very flexible permission management +- ``-`` the download occupies an application thread/process + +A simple way to combine the two ways could be: + +1. app authenticates user and checks permissions to + download the file. +2. app redirects user to the file accessable by the webserver + for further downloading. +3. the webserver transfers the file to the user. + +As the webserver doesn't know anything about the permissions +used in the app, the resulting URL would be available to every +user who knows the URL. + +mod_secdownload removes this problem by introducing a way to +authenticate a URL for a specified time. The application has +to generate a token and a timestamp which are checked by the +webserver before it allows the file to be downloaded by the +webserver. + +The generated URL has to have the format: + +<uri-prefix><token>/<timestamp-in-hex><rel-path> + +<token> is an MD5 of + +1. a secret string (user supplied) +2. <rel-path> (starts with /) +3. <timestamp-in-hex> + + +As you can see, the token is not bound to the user at all. The +only limiting factor is the timestamp which is used to +invalidate the URL after a given timeout (secdownload.timeout). + +.. Note:: + Be sure to choose a another secret than the one used in the + examples, as this is the only part of the token that is not + known to the user. + + + +If the user tries to fake the URL by choosing a random token, +status 403 'Forbidden' will be sent out. + +If the timeout is reached, status 408 'Request Timeout' will be +sent. (This does not really conform to the standard, but should +do the trick). + +If token and timeout are valid, the <rel-path> is appended to +the configured (secdownload.document-root) and passed to the +normal internal file transfer functionality. This might lead to +status 200 or 404. + +Example +======= + +Application +----------- + +Your application has to generate the correct URLs. The following sample +code for PHP should be easily adaptable to any other language: :: + + <?php + + $secret = "verysecret"; + $uri_prefix = "/dl/"; + + # filename + $f = "/secret-file.txt"; + + # current timestamp + $t = time(); + + $t_hex = sprintf("%08x", $t); + $m = md5($secret.$f.$t_hex); + + # generate link + printf('<a href="%s%s/%s%s">%s</a>', + $uri_prefix, $m, $t_hex, $f, $f); + ?> + +Webserver +--------- + +The server has to be configured in the same way. The URI prefix and +secret have to match: :: + + server.modules = ( ..., "mod_secdownload", ... ) + + secdownload.secret = "verysecret" + secdownload.document-root = "/home/www/servers/download-area/" + secdownload.uri-prefix = "/dl/" + secdownload.timeout = 120 + diff --git a/doc/outdated/security.txt b/doc/outdated/security.txt new file mode 100644 index 0000000..766fd34 --- /dev/null +++ b/doc/outdated/security.txt @@ -0,0 +1,60 @@ +================= +Security Features +================= + +------------ +Module: core +------------ + +:Author: Jan Kneschke +:Date: $Date: 2004/08/29 09:44:53 $ +:Revision: $Revision: 1.2 $ + +:abstract: + lighttpd was developed with security in mind ... + +.. meta:: + :keywords: lighttpd, security + +.. contents:: Table of Contents + +Description +=========== + +Limiting POST requests +---------------------- + + + +:: + + server.max-request-size = <kbyte> + +System Security +--------------- + +Running daemons as root with full privileges is a bad idea in general. +lighttpd runs best without any extra privileges and runs perfectly in chroot. + +Change Root +``````````` + +server.chroot = "..." + +Drop root privileges +```````````````````` + +server.username = "..." +server.groupname = "..." + +FastCGI +``````` + +fastcgi + chroot + +Permissions +``````````` + +:: + + $ useradd wwwrun ... diff --git a/doc/outdated/setenv.txt b/doc/outdated/setenv.txt new file mode 100644 index 0000000..c03474f --- /dev/null +++ b/doc/outdated/setenv.txt @@ -0,0 +1,37 @@ +=========================== +Conditional Request Headers +=========================== + +------------------ +Module: mod_setenv +------------------ + +:Author: Jan Kneschke +:Date: $Date: 2004/11/03 22:26:05 $ +:Revision: $Revision: 1.2 $ + +:abstract: + mod_setenv is used to add request + +.. meta:: + :keywords: lighttpd, skeleton + +.. contents:: Table of Contents + +Description +=========== + +... + +Options +======= + +setenv.add-environment + adds a value to the process environment that is passed to the external applications + + +setenv.add-response-header + adds a header to the HTTP response sent to the client + +setenv.add-request-header + adds a header to the HTTP request that was received from the client diff --git a/doc/outdated/simple-vhost.txt b/doc/outdated/simple-vhost.txt new file mode 100644 index 0000000..4f8338f --- /dev/null +++ b/doc/outdated/simple-vhost.txt @@ -0,0 +1,109 @@ +====================== +Simple Virtual-Hosting +====================== + +------------------------ +Module: mod_simple_vhost +------------------------ + +:Author: Jan Kneschke +:Date: $Date: 2004/08/29 09:43:49 $ +:Revision: $Revision: 1.1 $ + +:abstract: + virtual hosting + +.. meta:: + :keywords: lighttpd, virtual hosting + +.. contents:: Table of Contents + +Description +=========== + +Simple assumption: + +Every virtual host is in a directory below a base directory in a path that +is the same as the name of the vhost. Below this vhost path might be an +extra directory which is the document root of the vhost. + +The document root for each vhost is built from three values: + +- server-root +- hostname +- document-root + +The complete document root is constructed either by :: + + server-root + hostname + document-root + +or if this path does not exist by :: + + server-root + default-host + document-root + +A small example should make this idea clear: :: + + /var/www/ + /var/www/logs/ + /var/www/servers/ + /var/www/servers/www.example.org/ + /var/www/servers/www.example.org/lib/ + /var/www/servers/www.example.org/pages/ + /var/www/servers/mail.example.org/ + /var/www/servers/mail.example.org/lib/ + /var/www/servers/mail.example.org/pages/ + + simple-vhost.server-root = "/var/www/servers/" + simple-vhost.default-host = "www.example.org" + simple-vhost.document-root = "pages" + +You can use symbolic links to map several hostnames to the same directory. + +Conditionals vs. simple-vhost +----------------------------- + +You have to keep in mind that conditionals and simple-vhost interfere +with one another. :: + + simple-vhost.server-root = "/var/www/servers/" + simple-vhost.default-host = "www.example.org" + simple-vhost.document-root = "pages" + + $HTTP["host"] == "news.example.org" { + server.document-root = "/var/www/servers/news2.example.org/pages/" + } + +When ``news.example.org`` is requested, the ``server.document-root`` +will be set to ``/var/www/servers/news2.example.org/pages/``, but +simple-vhost will overwrite it shortly afterwards. + +If ``/var/www/servers/news.example.org/pages/`` exists, that will be +used. If not, ``/var/www/servers/www.example.org/pages/`` will be taken +because it is the default. + +To use conditionals together with simple-vhost, you should do this: :: + + $HTTP["host"] !~ "^(news\.example\.org)$" { + simple-vhost.server-root = "/var/www/servers/" + simple-vhost.default-host = "www.example.org" + simple-vhost.document-root = "pages" + } + + $HTTP["host"] == "news.example.org" { + server.document-root = "/var/www/servers/news2.example.org/pages/" + } + +It will enable simple vhosting for all hosts other than ``news.example.org``. + +Options +======= + +simple-vhost.server-root + root of the virtual host + +simple-vhost.default-host + use this hostname if the requested hostname does not have its own directory + +simple-vhost.document-root + path below the vhost directory + diff --git a/doc/outdated/skeleton.txt b/doc/outdated/skeleton.txt new file mode 100644 index 0000000..b1b01e6 --- /dev/null +++ b/doc/outdated/skeleton.txt @@ -0,0 +1,29 @@ +=================== +headline +=================== + +-------------------- +Module: mod_skeleton +-------------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/11/03 22:26:05 $ +:Revision: $Revision: 1.2 $ + +:abstract: + a nice, short abstrace about the module + +.. meta:: + :keywords: lighttpd, skeleton + +.. contents:: Table of Contents + +Description +=========== + +... + +Options +======= + +... diff --git a/doc/outdated/ssi.txt b/doc/outdated/ssi.txt new file mode 100644 index 0000000..c65e7e1 --- /dev/null +++ b/doc/outdated/ssi.txt @@ -0,0 +1,76 @@ +==================== +Server-Side Includes +==================== + +--------------- +Module: mod_ssi +--------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/08/29 09:44:53 $ +:Revision: $Revision: 1.2 $ + +:abstract: + The module for server-side includes provides a compatability + layer for NSCA/Apache SSI. + +.. meta:: + :keywords: lighttpd, ssi, Server-Side Includes + +.. contents:: Table of Contents + +Description +=========== + +Configuration +------------- + +:: + + server.modules = ( ..., "mod_ssi", ... ) + ssi.extension = ( ".shtml" ) + +Supported Options +----------------- + +- ``<!--#echo var="..." -->`` +- ``<!--#include (file="..."\|virtual="...") -->`` +- ``<!--#flastmod (file="..."\|virtual="...") -->`` +- ``<!--#fsize (file="..."\|virtual="...") -->`` +- ``<!--#config timefmt="..." sizefmt="(bytes|abbrev)" -->`` +- ``<!--#printenv -->`` +- ``<!--#set var="..." value="..." -->`` +- ``<!--#if expr="..." -->`` +- ``<!--#elif expr="..." -->`` +- ``<!--#else -->`` +- ``<!--#endif -->`` + +Expression Handling +------------------- + +Every ''expr'' is interpreted: + +- logical: AND, OR, ! +- compare: =, <, <=, >, =>, != +- precedence: (, ) +- quoted strings: 'string with a dollar: $FOO' +- variable substitution: $REMOTE_ADDR +- unquoted strings: string + +Flow Control +------------ + +if, elif, else and endif can only be used to insert content under special +conditions. + +Unsupported Features +-------------------- + +The original SSI module from NCSA and Apache provided some more options +which are not supported by this module for various reasons: + +- exec +- nested virtual +- config.errmsg +- echo.encoding + diff --git a/doc/outdated/ssl.txt b/doc/outdated/ssl.txt new file mode 100644 index 0000000..447da4e --- /dev/null +++ b/doc/outdated/ssl.txt @@ -0,0 +1,62 @@ +=========== +Secure HTTP +=========== + +------------ +Module: core +------------ + +:Author: Jan Kneschke +:Date: $Date: 2004/08/29 09:44:53 $ +:Revision: $Revision: 1.2 $ + +:abstract: + How to set up SSL in lighttpd + +.. meta:: + :keywords: lighttpd, ssl + +.. contents:: Table of Contents + +Description +=========== + +lighttpd supports SSLv2 and SSLv3 if it is compiled against openssl. + +Configuration +------------- + +To enable SSL for the whole server you have to provide a valid +certificate and have to enable the SSL engine.:: + + ssl.engine = "enable" + ssl.pemfile = "/path/to/server.pem" + +The HTTPS protocol does not allow you to use name-based virtual +hosting with SSL. If you want to run multiple SSL servers with +one lighttpd instance you must use IP-based virtual hosting: :: + + $SERVER["socket"] == "10.0.0.1:443" { + ssl.engine = "enable" + ssl.pemfile = "www.example.org.pem" + server.name = "www.example.org" + + server.document-root = "/www/servers/www.example.org/pages/" + } + +If you have a .crt and a .key file, cat them together into a +single PEM file: +:: + + $ cat host.key host.crt > host.pem + + +Self-Signed Certificates +------------------------ + +A self-signed SSL certificate can be generated like this: :: + + $ openssl req -new -x509 \ + -keyout server.pem -out server.pem \ + -days 365 -nodes + diff --git a/doc/outdated/state.dot b/doc/outdated/state.dot new file mode 100644 index 0000000..551b232 --- /dev/null +++ b/doc/outdated/state.dot @@ -0,0 +1,18 @@ +digraph state { + edge [color=green]; + connect -> reqstart -> read -> reqend -> handlereq -> respstart -> write -> respend -> connect; + edge [color=grey]; + reqend -> readpost -> handlereq [ label="POST" ]; + edge [ color=blue] + respend -> reqstart [ label="keep-alive" ]; + edge [ color=lightblue] + handlereq -> handlereq [ label="sub-request" ]; + edge [style=dashed, color=red]; + error -> close -> connect; + error -> connect; + handlereq -> error; + read -> error; + readpost -> error; + write -> error; + connect [shape=box]; +} diff --git a/doc/outdated/state.txt b/doc/outdated/state.txt new file mode 100644 index 0000000..5e8277b --- /dev/null +++ b/doc/outdated/state.txt @@ -0,0 +1,170 @@ +============================ +The State Engine of lighttpd +============================ + +------------ +Module: core +------------ + +:Author: Jan Kneschke +:Date: $Date: 2004/08/01 07:01:29 $ +:Revision: $Revision: 1.1 $ + +:abstract: + This is a short summary of the state-engine which is driving the lighttpd + webserver. It describes the basic concepts and the way the different parts + of the server are connected. + +.. meta:: + :keywords: lighttpd, state-engine + +.. contents:: Table of Contents + +Description +=========== + +States +------ + +The state-engine is currently made of 11 states which are walk-through on +the way each connection. Some of them are specific for a special operation +and some may never be hit at all. + +:connect: + waiting for a connection +:reqstart: + init the read-idle timer +:read: + read http-request-header from network +:reqend: + parse request +:readpost: + read http-request-content from network +:handlereq: + handle the request internally (might result in sub-requests) +:respstart: + prepare response header +:write: + write response-header + content to network +:respend: + cleanup environment, log request +:error: + reset connection (incl. close()) +:close: + close connection (handle lingering close) + +.. image:: state.png + +A simple GET request (green path) +--------------------------------- + +The connection is idling in the 'connect' state waiting for a connection. +As soon as the connection is set up we init the read-timer in 'reqstart' +and start to read data from the network. As soon as we get the +HTTP-request terminator (CRLFCRLF) we forward the header to the parser. + +The parsed request is handled by 'handlereq' and as soon as a decision out +the request is made it is sent to 'respstart' to prepare the +HTTP-response header. In the 'write' state the prepare content is sent out +to the network. When everything is sent 'respend' is entered to log the +request and cleanup the environment. After the close() call the connection +is set back to the 'connect' state again. + +Keep-Alive (blue path) +---------------------- + +The Keep-Alive handling is implemented by going from the 'respend' +directly to 'reqstart' without the close() and the accept() calls. + +POST requests (grey path) +------------------------- + +As requests might contain a request-body the state 'readpost' entered as +soon as the header is parsed and we know how much data we expect. + +Pipelining +---------- + +HTTP/1.1 supportes pipelining (sending multiple requests without waiting +for the response of the first request). This is handled transparently by +the 'read' state. + +Unexpected errors (red path) +---------------------------- + +For really hard errors we use the 'error' state which resets the +connection and can be call from every state. It is only use if there is no +other way to handle the issue (e.g. client-side close of the connection). +If possible we should use http-status 500 ('internal server error') and +log the issue in the errorlog. + +If we have to take care of some data which is coming in after we ran into +the error condition the 'close' state is used the init a half-close and +read all the delay packet from the network. + +Sub-Requests (lightblue) +------------------------ + +The FastCGI, CGI, ... intergration is done by introducing a loop in +'handlereq' to handle all aspect which are neccesary to find out what has +to be sent back to the client. + +Functions +========= + +Important functions used by the state-engine + +:state-engine: + +- ``connection_state_machine()`` + +:connect: + +- (nothing) + +:reqstart: + +- (nothing) + +:read: + +- ``connection_handle_read_state()`` +- ``connection_handle_read()`` + +:reqend: + +- ``http_request_parse()`` + +:readpost: + +- ``connection_handle_read_state()`` +- ``connection_handle_read()`` + +:handlereq: + +- ``http_response_prepare()`` + +:respstart: + +- ``connection_handle_write_prepare()`` + +:write: + +- ``connection_handle_write()`` + +:respend: + +- ``plugins_call_handle_request_done()`` +- ``plugins_call_handle_connection_close()`` +- ``connection_close()`` (if not keep-alive) +- ``connection_reset()`` + +:error: + +- ``plugins_call_handle_request_done()`` +- ``plugins_call_handle_connection_close()`` +- ``connection_reset()`` + +:close: + +- ``connection_close()`` diff --git a/doc/outdated/status.txt b/doc/outdated/status.txt new file mode 100644 index 0000000..5312176 --- /dev/null +++ b/doc/outdated/status.txt @@ -0,0 +1,111 @@ +============= +Server Status +============= + +------------------ +Module: mod_status +------------------ + +:Author: Jan Kneschke +:Date: $Date: 2004/11/03 22:26:05 $ +:Revision: $Revision: 1.2 $ + +:abstract: + mod_status displays the server's status and configuration + +.. meta:: + :keywords: lighttpd, server status + +.. contents:: Table of Contents + +Description +=========== + +The server status module generates the status overview of the webserver. The +information covers: + +- uptime +- average throughput +- current throughput +- active connections and their state + + +We need to load the module first. :: + + server.modules = ( ..., "mod_ssi", ... ) + +By default the status page is disabled to hide internal information from +unauthorized users. :: + + status.status-url = "/server-status" + +If you want to open the status page just for users from the local network +cover it in a conditional. :: + + $HTTP["remoteip"] == "10.0.0.0/8" { + status.status-url = "/server-status" + } + +Or require authorization: :: + + auth.require = ( "/server-status" => + ( "realm" ... ) ) + + +Please note that when using the server.max-worker directive, the stati of the +childs are not combined yet, so you're going to see different stats with each +request. + + +Output Format +------------- + +By default a nice looking HTML page is generated. If you append ?auto to the +status-url you can get a text version which is simpler to parse. :: + + Total Accesses: 1234 + Total kBytes: 1043 + Uptime: 1234 + BusyServers: 123 + +Total Accesses is the number of handled requests, kBytes the overall outgoing +traffic, Uptime the uptime in seconds and BusyServers the number of currently +active connections. + +The naming is kept compatible to Apache even if we have another concept and +don't start new servers for each connection. + + +Options +======= + +status.status-url + + relative URL which is used to retrieve the status-page + + Default: unset + + Example: status.status-url = "/server-status" + +status.enable-sort + + add JavaScript which allows client-side sorting for the connection overview + + Default: enable + +status.config-url + + relative URL for the config page which displays the loaded modules + + Default: unset + + Example: status.config-url = "/server-config" + +status.statistics-url + + relative URL for a plain-text page containing the internal statistics + + Default: unset + + Example: status.statistics-url = "/server-statistics" + diff --git a/doc/outdated/traffic-shaping.txt b/doc/outdated/traffic-shaping.txt new file mode 100644 index 0000000..1076686 --- /dev/null +++ b/doc/outdated/traffic-shaping.txt @@ -0,0 +1,55 @@ +=============== +Traffic Shaping +=============== + +------------ +Module: core +------------ + +:Author: Jan Kneschke +:Date: $Date: 2004/11/03 22:26:05 $ +:Revision: $Revision: 1.2 $ + +:abstract: + limiting bandwidth usage + +.. meta:: + :keywords: lighttpd, bandwidth limit, traffic shaping + +.. contents:: Table of Contents + +Description +=========== + +Starting with 1.3.8, lighttpd supports limiting the bandwidth for +a single connection or config context like a virtual host or a URL. + +Options +======= + +:connection.kbytes-per-second: + limit the throughput for each single connection to the given + limit in kbyte/s + + default: 0 (no limit) + +:server.kbytes-per-second: + limit the throughput for all connections to the given limit + in kbyte/s + + if you want to specify a limit for a special virtual server + use: :: + + $HTTP["host"] == "www.example.org" { + server.kbytes-per-second = 128 + } + + which will override the default for this host. + + default: 0 (no limit) + +Additional Notes +================ + +Keep in mind that a limit below 32kb/s might actually limit the traffic to 32kb/s. This +is caused by the size of the TCP send buffer. diff --git a/doc/outdated/trigger_b4_dl.txt b/doc/outdated/trigger_b4_dl.txt new file mode 100644 index 0000000..f5c9d29 --- /dev/null +++ b/doc/outdated/trigger_b4_dl.txt @@ -0,0 +1,57 @@ +======================= +Trigger before Download +======================= + +------------------------- +Module: mod_trigger_b4_dl +------------------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/11/03 22:26:05 $ +:Revision: $Revision: 1.2 $ + +:abstract: + another anti-hot-linking module + +.. meta:: + :keywords: lighttpd, hot-linking, deep-linking + +.. contents:: Table of Contents + +Description +=========== + +Anti Hotlinking: + + * if user requests ''download-url'' directly, the request is denied and he is redirected to ''deny-url' + * if user visits ''trigger-url'' before requesting ''download-url'', access is granted + * if user visits ''download-url'' again after ''trigger-timeout'' has elapsed, the request is denied and he is redirected to ''deny-url'' + +The trigger information is either stored locally in a gdbm file or remotely in memcached. + +Requirements +------------ + + * libpcre + * libgdbm or libmemcache + +Options +======= + +:: + + trigger-before-download.gdbm-filename = "/home/weigon/testbase/trigger.db" + trigger-before-download.memcache-hosts = ( "127.0.0.1:11211" ) + trigger-before-download.trigger-url = "^/trigger/" + trigger-before-download.download-url = "^/download/" + trigger-before-download.deny-url = "http://192.168.1.5:1025/index.html" + trigger-before-download.trigger-timeout = 10 + +If both trigger-before-download.gdbm-filename and +trigger-before-download.memcache-hosts is set gdbm will take precedence. + +Installation +============ + +memcached should be started with the option -M as we don't want to remove entry if the memory is full. + diff --git a/doc/outdated/userdir.txt b/doc/outdated/userdir.txt new file mode 100644 index 0000000..7a62f06 --- /dev/null +++ b/doc/outdated/userdir.txt @@ -0,0 +1,72 @@ +======= +userdir +======= + +------------------- +Module: mod_userdir +------------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/08/29 09:43:49 $ +:Revision: $Revision: 1.1 $ + +:abstract: + The userdir module ... + +.. meta:: + :keywords: lighttpd, userdir + +.. contents:: Table of Contents + +Description +=========== + +The userdir module provides a simple way to link user-based directories into the global namespace of the webserver. + +Requests in the form ``/~user/page.html`` are rewritten to take the file ``page.html`` from the home directory of the user. +If ``userdir.path`` is set, the path will be appended to the home directory +building the classic mapping of: :: + + userdir.path = "public_html" + + URL: http://www.example.org/~jan/index.html + Path: /home/jan/public_html/ + +To control which users should be able to use this feature you can set a list of usernames to include or exclude. + +In case your mapping is independent of /etc/passwd you can use +``userdir.basepath``: :: + + userdir.path = "htdocs" + userdir.basepath = "/var/www/users/" + + URL: http://www.example.org/~jan/index.html + Path: /var/www/users/jan/htdocs/index.html + +Options +======= + +userdir.path (required option) + usually it should be set to "public_html" to take ~/public_html/ as the document root + + Default: unset (mod_userdir disabled; set it to "" if you want the home directory to be the document root as it was the default before 1.4.19) + Example: :: + + userdir.path = "public_html" + +userdir.exclude-user + list of usernames which may not use this feature + + Default: empty (all users may use it) + Example: :: + + userdir.exclude-user = ( "root", "postmaster" ) + + +userdir.include-user + if set, only users from this list may use the feature + + Default: empty (all users may use it) + +userdir.basepath + if set, don't check /etc/passwd for homedir diff --git a/doc/outdated/webdav.txt b/doc/outdated/webdav.txt new file mode 100644 index 0000000..7b5259e --- /dev/null +++ b/doc/outdated/webdav.txt @@ -0,0 +1,64 @@ +====== +WebDAV +====== + +-------------------- +Module: mod_webdav +-------------------- + +:Author: Jan Kneschke +:Date: $Date: 2004/11/03 22:26:05 $ +:Revision: $Revision: 1.2 $ + +:abstract: + WebDAV module for lighttpd + +.. meta:: + :keywords: lighttpd, webdav + +.. contents:: Table of Contents + +Description +=========== + +The WebDAV module is a very minimalistic implementation of RFC 2518. +Minimalistic means that not all operations are implemented yet. + +So far we have + + * PROPFIND + * OPTIONS + * MKCOL + * DELETE + * PUT + +and the usual GET, POST, HEAD from HTTP/1.1. + +So far, mounting a WebDAV resource into Windows XP works and the basic litmus +tests are passed. + +Options +======= + +webdav.activate + If you load the webdav module, the WebDAV functionality has to be + enabled for the directories you want to provide to the user. + + Default: disable + +webdav.is-readonly + Only allow reading methods (GET, PROPFIND, OPTIONS) on WebDAV resources. + + Default: writable + +Examples +======== + +To enable WebDAV for the /dav directory, you wrap your webdav options in +a conditional. You have to use the regex like below as you want to match +the directory /dav and everything below it, but not e.g. /davos. :: + + $HTTP["url"] =~ "^/dav($|/)" { + webdav.activate = "enable" + webdav.is-readonly = "enable" + } |