From 79fe78f5ef198f8af6678f7004fd1c20d1294d02 Mon Sep 17 00:00:00 2001 From: Marcin Krol Date: Tue, 11 Jul 2023 14:13:14 +0200 Subject: [PATCH] - merged 1.4.71 from PLD --- TODO | 29 -- lighttpd-branding.patch | 9 +- lighttpd-mod_evasive-status_code.patch | 97 ------- lighttpd.spec | 381 +++++-------------------- mod_authn_dbi.conf | 10 - mod_authn_mysql.conf | 9 - mod_cml.conf | 21 -- mod_deflate.conf | 2 +- mod_evasive.conf | 12 - mod_flv_streaming.conf | 7 - mod_geoip.conf | 25 -- mod_h2.conf | 5 + mod_mysql_vhost.conf | 7 - mod_secdownload.conf | 7 - mod_trigger_b4_dl.conf | 24 -- mod_uploadprogress.conf | 16 -- mod_usertrack.conf | 7 - ssl.conf | 79 +++-- test-port-setup.patch | 15 - 19 files changed, 117 insertions(+), 645 deletions(-) delete mode 100644 TODO delete mode 100644 lighttpd-mod_evasive-status_code.patch delete mode 100644 mod_authn_dbi.conf delete mode 100644 mod_authn_mysql.conf delete mode 100644 mod_cml.conf delete mode 100644 mod_evasive.conf delete mode 100644 mod_flv_streaming.conf delete mode 100644 mod_geoip.conf create mode 100644 mod_h2.conf delete mode 100644 mod_mysql_vhost.conf delete mode 100644 mod_secdownload.conf delete mode 100644 mod_trigger_b4_dl.conf delete mode 100644 mod_uploadprogress.conf delete mode 100644 mod_usertrack.conf delete mode 100644 test-port-setup.patch diff --git a/TODO b/TODO deleted file mode 100644 index ec6495d..0000000 --- a/TODO +++ /dev/null @@ -1,29 +0,0 @@ -# TODO: -- test mysql (failed at this time) -- mysql issue: http://www.freebsd.org/cgi/query-pr.cgi?pr=76866 -- fam over gamin is possible, just configure doesn't check other than gamin -- feature stat-cache-fam (doesn't work) -- lighttpd writes early startup messages to stderr, and if started from - rc-scripts the stderr is closed which causes lighttpd to abort(): - 2006-07-20 21:05:52: (server.c.1233) WARNING: unknown config-key: url.rewrite-final (ignored) - -# NOTES: -- disable largefile, if you have 2.4 kernel to get sendfile() support, and don't need > 2GB file requests, - see http://article.gmane.org/gmane.comp.web.lighttpd:722 - - -01:08:45 stbuehler> glen: http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2505 -01:09:57 glen> stbuehler: ah sorry, i didn't notice as you didn't reply (hilite) me here.. -01:13:52 glen> stbuehler: btw, what you think of this patch: - http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/lighttpd/lighttpd-mod_evasive-status_code.patch -01:17:52 stbuehler> the buffer_prepare_copy isn't really needed imho (and 255 seems to much for a long anyway) -01:18:11 stbuehler> and wasn't there a srv->tmp_buf for such things? -01:18:58 glen> ok i see it changes default 403 -> 503, that's probably bad too? -01:19:26 stbuehler> apart from that it looks good to me, although it changes the default status code to 503; and perhaps retry-after should - only be returned if it is not zero (i don't know what the rfc says) -01:19:51 >> OpenURL 9 -01:19:51 Tobsn> http://government.zdnet.com/?p=4792 -01:20:25 stbuehler> i think 503 is a sane default and better than 403, so it should be ok to change the default -01:21:54 stbuehler> gn8 - - diff --git a/lighttpd-branding.patch b/lighttpd-branding.patch index ac58026..ce2ac9a 100644 --- a/lighttpd-branding.patch +++ b/lighttpd-branding.patch @@ -1,11 +1,12 @@ --- lighttpd-1.4.56/src/server.c~ 2020-11-30 00:32:01.000000000 +0200 +++ lighttpd-1.4.56/src/server.c 2020-11-30 08:29:32.022380561 +0200 -@@ -25,7 +25,7 @@ +@@ -26,7 +26,7 @@ # define REPO_VERSION "" #endif -#define PACKAGE_DESC PACKAGE_NAME "/" PACKAGE_VERSION REPO_VERSION -+#define PACKAGE_DESC PACKAGE_NAME "/" PACKAGE_VERSION REPO_VERSION " (TLD Linux)" - static const buffer default_server_tag = { CONST_STR_LEN(PACKAGE_DESC)+1, 0 }; ++#define PACKAGE_DESC PACKAGE_NAME "/" PACKAGE_VERSION REPO_VERSION " (PLD Linux)" + static const buffer default_server_tag = + { PACKAGE_DESC "\0server", sizeof(PACKAGE_DESC), 0 }; - #include + diff --git a/lighttpd-mod_evasive-status_code.patch b/lighttpd-mod_evasive-status_code.patch deleted file mode 100644 index 02cbd9e..0000000 --- a/lighttpd-mod_evasive-status_code.patch +++ /dev/null @@ -1,97 +0,0 @@ ---- lighttpd-1.4.19/src/mod_evasive.c 2008-09-19 17:50:24.307245276 +0300 -+++ lighttpd-1.4.22/src/mod_evasive.c 2009-05-12 02:21:58.524447939 +0300 -@@ -28,11 +28,15 @@ - typedef struct { - unsigned short max_conns; - unsigned short silent; -+ unsigned short http_status_code; -+ unsigned int retry_after; - } plugin_config; - - typedef struct { - PLUGIN_DATA; - -+ buffer *evasive_rftmp; -+ - plugin_config **config_storage; - - plugin_config conf; -@@ -46,6 +50,10 @@ - - p = calloc(1, sizeof(*p)); - -+ p->evasive_rftmp = buffer_init(); -+ -+ buffer_prepare_copy(p->evasive_rftmp, 255); -+ - return p; - } - -@@ -56,6 +64,8 @@ - - if (!p) return HANDLER_GO_ON; - -+ buffer_free(p->evasive_rftmp); -+ - if (p->config_storage) { - size_t i; - for (i = 0; i < srv->config_context->used; i++) { -@@ -85,6 +85,8 @@ - config_values_t cv[] = { - { "evasive.max-conns-per-ip", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 0 */ - { "evasive.silent", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 1 */ -+ { "evasive.http-status-code", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 2 */ -+ { "evasive.retry-after", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 3 */ - { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET } - }; - -@@ -94,11 +96,15 @@ - plugin_config *s; - - s = calloc(1, sizeof(plugin_config)); -- s->max_conns = 0; -- s->silent = 0; -+ s->max_conns = 0; -+ s->silent = 0; -+ s->http_status_code = 503; -+ s->retry_after = 0; - - cv[0].destination = &(s->max_conns); - cv[1].destination = &(s->silent); -+ cv[2].destination = &(s->http_status_code); -+ cv[3].destination = &(s->retry_after); - - p->config_storage[i] = s; - -@@ -107,6 +123,8 @@ - - PATCH(max_conns); - PATCH(silent); -+ PATCH(http_status_code); -+ PATCH(retry_after); - - /* skip the first, the global context */ - for (i = 1; i < srv->config_context->used; i++) { -@@ -124,6 +142,10 @@ - PATCH(max_conns); - } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("evasive.silent"))) { - PATCH(silent); -+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("evasive.http-status-code"))) { -+ PATCH(http_status_code); -+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("evasive.retry-after"))) { -+ PATCH(retry_after); - } - } - } -@@ -192,8 +214,10 @@ - inet_ntop_cache_get_ip(srv, &(con->dst_addr)), - "turned away. Too many connections."); - -- con->http_status = 403; - con->mode = DIRECT; -+ con->http_status = p->conf.http_status_code; -+ buffer_copy_long(p->evasive_rftmp, p->conf.retry_after); -+ response_header_overwrite(srv, con, CONST_STR_LEN("Retry-After"), CONST_BUF_LEN(p->evasive_rftmp)); - return HANDLER_FINISHED; - } - } diff --git a/lighttpd.spec b/lighttpd.spec index 1b2fe81..efd9f52 100644 --- a/lighttpd.spec +++ b/lighttpd.spec @@ -1,4 +1,5 @@ # TODO: +# - cleanup empty subpackages # - don't use lighttpd-angel in systemd. systemd does the respawn/recovery logic itself # - provide or autogenerated self signed cert in post, so after installing # lighttpd-ssl server will still work @@ -19,44 +20,35 @@ %bcond_without xattr # support of extended attributes %bcond_without ipv6 # IPv4-only version (doesn't require IPv6 in kernel) %bcond_without largefile # largefile support (see notes above) -%bcond_without dbi # libdbi, enables mod_vhostdb_dbi +%bcond_without dbi # libdbi, enables mod_vhostdb_dbi, mod_authn_dbi %bcond_without ssl # ssl support -%bcond_without mysql # mysql support in mod_mysql_vhost, mod_vhostdb_mysql +%bcond_without mysql # mysql support in mod_vhostdb_mysql %bcond_without pgsql # PgSQL, enables mod_vhostdb_pgsql %bcond_without bzip2 # Enable bzip2 support for mod_deflate %bcond_without brotli # Enable brotli support for mod_deflate -%bcond_without geoip # GeoIP support %bcond_without maxminddb # MaxMind GeoIP2 module %bcond_with krb5 # krb5 support (does not work with heimdal) %bcond_without ldap # ldap support in mod_auth, mod_vhostdb_ldap -%bcond_without lua # LUA support in mod_cml (needs LUA >= 5.1) +%bcond_without lua # LUA support (needs LUA >= 5.1) %bcond_with gamin # gamin for reducing number of stat() calls. must be enabled in config: server.stat-cache-engine = "fam" -%bcond_without mod_trigger_b4_dl # mod_trigger_b4_dl %bcond_with webdav_props # properties in mod_webdav (includes extra sqlite3/libxml deps) %bcond_with webdav_locks # webdav locks with extra efsprogs deps %bcond_with valgrind # compile code with valgrind support. %bcond_with h264_streaming # build h264_streaming module -%bcond_without storage_memcached # memcached storage for mod_trigger_b4_dl/mod_cml -%bcond_without storage_gdbm # gdbm storage for mod_trigger_b4_dl %if %{with webdav_locks} %define webdav_progs 1 %endif -# if(WITH_PCRE AND (WITH_MEMCACHED OR WITH_GDBM)) -%if %{without storage_memcached} && %{without storage_gdbm} -%undefine with_mod_trigger_b4_dl -%endif - Summary: Fast and light HTTP server Summary(pl.UTF-8): Szybki i lekki serwer HTTP Name: lighttpd -Version: 1.4.58 +Version: 1.4.71 Release: 1 License: BSD Group: Networking/Daemons/HTTP Source0: https://download.lighttpd.net/lighttpd/releases-1.4.x/%{name}-%{version}.tar.xz -# Source0-md5: 8d12a31bd3fdd7eab85cf9a6d2cfa92e +# Source0-md5: c8ac5fb9580b84ba6be7dd14ac7b0c2d Source1: %{name}.init Source2: %{name}.conf Source3: %{name}.user @@ -77,61 +69,58 @@ Source101: mod_accesslog.conf Source102: mod_alias.conf Source103: mod_auth.conf Source104: mod_cgi.conf -Source105: mod_cml.conf +Source105: mod_h2.conf + Source107: mod_deflate.conf Source108: mod_dirlisting.conf -Source109: mod_evasive.conf Source110: mod_evhost.conf Source111: mod_expire.conf Source112: mod_fastcgi.conf -Source113: mod_flv_streaming.conf + Source114: mod_indexfile.conf Source115: mod_proxy.conf Source116: mod_redirect.conf Source117: mod_rewrite.conf Source118: mod_rrdtool.conf Source119: mod_scgi.conf -Source120: mod_secdownload.conf Source121: mod_setenv.conf Source122: mod_simple_vhost.conf Source123: mod_ssi.conf Source124: mod_staticfile.conf Source125: mod_status.conf -Source126: mod_trigger_b4_dl.conf + Source127: mod_userdir.conf -Source128: mod_usertrack.conf Source129: mod_webdav.conf Source130: php-spawned.conf Source131: php-external.conf Source132: ssl.conf -Source133: mod_mysql_vhost.conf + Source134: mod_magnet.conf Source135: mod_extforward.conf Source136: mod_h264_streaming.conf Source137: mod_cgi_php.conf -Source138: mod_authn_dbi.conf -Source139: mod_uploadprogress.conf -Source140: mod_geoip.conf + Source141: mod_authn_ldap.conf Source142: mod_openssl.conf Source143: mod_vhostdb.conf Source144: mod_wstunnel.conf -Source145: mod_authn_mysql.conf + Source146: mod_sockproxy.conf Source147: mod_maxminddb.conf # use branch.sh script to create branch.diff #Patch100: %{name}-branch.diff ## Patch100-md5: 7bd09235304c8bcb16f34d49d480c0fb -Patch1: %{name}-mod_evasive-status_code.patch Patch2: %{name}-mod_h264_streaming.patch Patch3: %{name}-branding.patch -Patch5: test-port-setup.patch URL: https://www.lighttpd.net/ -%{?with_geoip:BuildRequires: GeoIP-devel} %{?with_xattr:BuildRequires: attr-devel} BuildRequires: autoconf >= 2.57 %{?with_maxminddb:BuildRequires: libmaxminddb-devel} +%if "%{pld_release}" != "ac" BuildRequires: automake >= 1:1.11.2 +%else +BuildRequires: automake +%endif %{?with_bzip2:BuildRequires: bzip2-devel} BuildRequires: fcgi-devel %{?with_gamin:BuildRequires: gamin-devel} @@ -148,7 +137,7 @@ BuildRequires: mailcap >= 2.1.14-4.4 %{?with_mysql:BuildRequires: mysql-devel} %{?with_ldap:BuildRequires: openldap-devel} %{?with_ssl:BuildRequires: openssl-devel} -BuildRequires: pcre-devel +BuildRequires: pcre2-8-devel BuildRequires: pkgconfig %{?with_pgsql:BuildRequires: postgresql-devel} BuildRequires: rpm >= 4.4.9-56 @@ -169,6 +158,7 @@ Requires(pre): /usr/sbin/groupadd Requires(pre): /usr/sbin/useradd Requires(pre): /usr/sbin/usermod Requires: %{name}-mod_dirlisting = %{version}-%{release} +Requires: %{name}-mod_h2 = %{version}-%{release} Requires: %{name}-mod_indexfile = %{version}-%{release} Requires: %{name}-mod_staticfile = %{version}-%{release} Requires: rc-scripts >= 0.4.3.0 @@ -253,6 +243,16 @@ given URL-subset. Modul alias służy do określania specjalnego drzewa (document-roota) dla podanego podzbioru URL-i. +%package mod_ajp13 +Summary: Apache JServ Protocol version 1.3 (AJP13) gateway +Group: Networking/Daemons/HTTP +URL: https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModAJP13 +Requires: %{name} = %{version}-%{release} + +%description mod_ajp13 +lighttpd mod_ajp13 is a gateway implementing Apache JServ Protocol +version 1.3 (AJP13). + %package mod_auth Summary: lighttpd module for authentication support Summary(pl.UTF-8): Moduł lighttpd do obsługi uwierzytelniania @@ -263,9 +263,6 @@ Requires: %{name}-mod_authn_file = %{version}-%{release} %if %{with ldap} Suggests: %{name}-mod_authn_ldap = %{version}-%{release} %endif -%if %{with mysql} -Suggests: %{name}-mod_authn_mysql = %{version}-%{release} -%endif Provides: webserver(auth) %description mod_auth @@ -279,7 +276,9 @@ basic i digest. %package mod_authn_dbi Summary: lighttpd authn_dbi module Group: Networking/Daemons/HTTP +URL: https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModAuth Requires: %{name} = %{version}-%{release} +Requires: %{name}-mod_auth = %{version}-%{release} %description mod_authn_dbi lighttpd authn_dbi module. @@ -288,6 +287,7 @@ lighttpd authn_dbi module. Summary: lighttpd authn_file module Group: Networking/Daemons/HTTP Requires: %{name} = %{version}-%{release} +Requires: %{name}-mod_auth = %{version}-%{release} %description mod_authn_file lighttpd authn_file module. @@ -296,6 +296,7 @@ lighttpd authn_file module. Summary: lighttpd authn_gssapi module Group: Networking/Daemons/HTTP Requires: %{name} = %{version}-%{release} +Requires: %{name}-mod_auth = %{version}-%{release} %description mod_authn_gssapi lighttpd authn_gssapi module. @@ -304,22 +305,11 @@ lighttpd authn_gssapi module. Summary: lighttpd authn_ldap module Group: Networking/Daemons/HTTP Requires: %{name} = %{version}-%{release} +Requires: %{name}-mod_auth = %{version}-%{release} %description mod_authn_ldap lighttpd authn_ldap module. -%package mod_authn_mysql -Summary: lighttpd authn_mysql module -Group: Networking/Daemons/HTTP -Requires: %{name} = %{version}-%{release} - -%description mod_authn_mysql -lighttpd authn_mysql module. - -mod_authn_mysql is DEPRECATED; use mod_authn_dbi. - -Note: mod_authn_mysql will be removed from a future lighttpd release. - %package mod_cgi Summary: lighttpd module for CGI handling Summary(pl.UTF-8): Moduł lighttpd do obsługi CGI @@ -362,56 +352,6 @@ PHP. Programy CGI pozwalają rozszerzać funkcjonalność serwera w bardzo prosty i naturalny sposób. -%package mod_cml -Summary: lighttpd module for Cache Meta Language -Summary(pl.UTF-8): Moduł Cache Meta Language -Group: Networking/Daemons/HTTP -URL: http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ModCML -Requires: %{name} = %{version}-%{release} - -%description mod_cml -CML is a Meta language to describe the dependencies of a page at one -side and building a page from its fragments on the other side using -LUA. - -mod_cml is DEPRECATED; use mod_magnet. - -Note: mod_cml will be removed from a future lighttpd release. - -%description mod_cml -l pl.UTF-8 -CML to metajęzyk służący z jednej strony do opisu zależności strony i -z drugiej strony do budowania strony z fragmentów przy użyciu LUA. - -%package mod_compress -Summary: lighttpd module for output compression -Summary(pl.UTF-8): Moduł lighttpd do kompresji wyjścia -Group: Networking/Daemons/HTTP -URL: http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ModCompress -Requires: %{name} = %{version}-%{release} - -%description mod_compress -Output compression reduces the network load and can improve the -overall throughput of the webserver. - -Only static content is supported up to now. - -The server negotiates automatically which compression method is used. -Supported are gzip, deflate, bzip. - -mod_compress is DEPRECATED; use mod_deflate. mod_compress has been -subsumed by mod_deflate. - -Note: mod_compress config options may be removed in a future release. - -%description mod_compress -l pl.UTF-8 -Kompresja wyjścia zmniejsza obciążenie sieci i może poprawić całkowitą -przepustowość serwera WWW. - -Jak na razie obsługiwana jest tylko statyczna treść. - -Serwer automatycznie negocjuje, która metoda kompresji jest używana. -Obsługiwane są gzip, deflate i bzip. - %package mod_deflate Summary: lighttpd module for output compression using deflate method Summary(pl.UTF-8): Moduł lighttpd do kompresji wyjścia metodą deflate @@ -463,19 +403,6 @@ control. mod_dirlisting tworzy listingi katalogów w formacie HTML z pełną kontrolą CSS. -%package mod_evasive -Summary: lighttpd evasive module -Summary(pl.UTF-8): Moduł evasive dla lighttpd -Group: Networking/Daemons/HTTP -URL: http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ModEvasive -Requires: %{name} = %{version}-%{release} - -%description mod_evasive -lighttpd evasive module. - -%description mod_evasive -l pl.UTF-8 -Moduł evasive dla lighttpd. - %package mod_evhost Summary: lighttpd module for enhanced virtual-hosting Summary(pl.UTF-8): Moduł lighttpd rozszerzający obsługę hostów wirtualnych @@ -541,36 +468,13 @@ Interfejs FastCGI to najszybszy i najbezpieczniejszy sposób komunikacji z zewnętrznymi programami obsługującymi procesy, takimi jak Perl, PHP czy własne aplikacje. -%package mod_flv_streaming -Summary: lighttpd module for flv streaming -Summary(pl.UTF-8): Moduł lighttpd do streamingu flv -Group: Networking/Daemons/HTTP -URL: http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ModFLVStreaming -Requires: %{name} = %{version}-%{release} - -%description mod_flv_streaming -lighttpd module for flv streaming. - -%description mod_flv_streaming -l pl.UTF-8 -Moduł lighttpd do streamingu flv. - -%package mod_geoip -Summary: lighttpd module for IP Based Geographic Lookups +%package mod_h2 +Summary: lighttpd h2 module Group: Networking/Daemons/HTTP -URL: https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModGeoip Requires: %{name} = %{version}-%{release} -%description mod_geoip -mod_geoip is a module for fast ip/location lookups. It uses MaxMind -GeoIP / GeoCity databases. - -If the ip was found in the database the module sets the appropriate -environment variables to the request, thus making other modules/fcgi -be informed. - -mod_geoip is DEPRECATED; use mod_maxminddb. - -Note: mod_geoip will be removed from a future lighttpd release. +%description mod_h2 +lighttpd http 2 module %package mod_h264_streaming Summary: lighttpd module for h264 streaming @@ -621,25 +525,6 @@ Requires: %{name} = %{version}-%{release} %description mod_maxminddb -%package mod_mysql_vhost -Summary: lighttpd module for MySQL based vhosting -Summary(pl.UTF-8): Moduł lighttpd obsługujący vhosty oparte na MySQL-u -Group: Networking/Daemons/HTTP -URL: http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ModMySQLVhost -Requires: %{name} = %{version}-%{release} -Conflicts: %{name}-mod_simple_vhost - -%description mod_mysql_vhost -This module provides virtual hosts (vhosts) based on a MySQL table. - -mod_mysql_vhost is DEPRECATED; use mod_vhostdb_dbi or -mod_vhostdb_mysql. - -Note: mod_mysql_vhost will be removed from a future lighttpd release. - -%description mod_mysql_vhost -l pl.UTF-8 -Ten moduł udostępnia wirtualne hosty (vhosty) oparte na tabeli MySQL. - %package mod_openssl Summary: TLS/SSL for lighttpd Group: Networking/Daemons/HTTP @@ -751,21 +636,6 @@ Python + WSGI. SCGI to szybki i uproszczony interfejs CGI. Jest używany głównie przez Pythona z WSGI. -%package mod_secdownload -Summary: lighttpd module for secure and fast downloading -Summary(pl.UTF-8): Moduł lighttpd do bezpiecznego i szybkiego ściągania danych -Group: Networking/Daemons/HTTP -URL: http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ModSecDownload -Requires: %{name} = %{version}-%{release} - -%description mod_secdownload -With this module you can easily achieve authenticated file requests -and a countermeasure against deep-linking. - -%description mod_secdownload -l pl.UTF-8 -Przy użyciu tego modułu można łatwo umożliwić ściąganie plików z -uwierzytelnieniem i zapobiec używaniu bezpośrednich odnośników. - %package mod_setenv Summary: lighttpd module for setting conditional request headers Summary(pl.UTF-8): Moduł lighttpd do ustawiania warunkowych nagłówków żądań @@ -845,28 +715,6 @@ mod_status displays the server's status and configuration. %description mod_status -l pl.UTF-8 mod_status wyświetla stan i konfigurację serwera. -%package mod_trigger_b4_dl -Summary: Trigger before Download -Summary(pl.UTF-8): Wyzwalacz przed ściąganiem -Group: Networking/Daemons/HTTP -URL: http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ModTriggerBeforeDownload -Requires: %{name} = %{version}-%{release} - -%description mod_trigger_b4_dl -Another anti hot-linking module. - -%description mod_trigger_b4_dl -l pl.UTF-8 -Jeszcze jeden moduł blokujący bezpośrednie linkowanie. - -%package mod_uploadprogress -Summary: lighttpd module for upload progress -Group: Networking/Daemons/HTTP -URL: https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModUploadProgress -Requires: %{name} = %{version}-%{release} - -%description mod_uploadprogress -This module can be used to track the progress of a current upload. - %package mod_userdir Summary: lighttpd module for user homedirs Summary(pl.UTF-8): Moduł lighttpd obsługujący katalogi domowe użytkowników @@ -882,19 +730,6 @@ directories into the global namespace of the webserver. Moduł userdir udostępnia prosty sposób włączenia katalogów użytkowników do globalnej przestrzeni nazw serwera WWW. -%package mod_usertrack -Summary: lighttpd usertrack module -Summary(pl.UTF-8): Moduł usertrack dla lighttpd -Group: Networking/Daemons/HTTP -URL: http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ModUserTrack -Requires: %{name} = %{version}-%{release} - -%description mod_usertrack -lighttpd usertrack module. - -%description mod_usertrack -l pl.UTF-8 -Moduł usertrack dla lighttpd. - %package mod_vhostdb Summary: Virtual host database to provide vhost docroot Group: Networking/Daemons/HTTP @@ -1019,18 +854,21 @@ Plik monitrc do monitorowania serwera www lighttpd. %prep %setup -q #%patch100 -p1 -#%patch1 -p1 UPDATE (and submit upstream!) if you need this %{?with_h264_streaming:%patch2 -p1} %patch3 -p1 -%patch5 -p1 rm -f src/mod_ssi_exprparser.h # bad patching: should be removed by is emptied instead # build mime.types.conf sh %{SOURCE6} /etc/mime.types +%if "%{pld_release}" == "ac" +%{__sed} -i -e 's/ serial_tests//' configure.ac +%{__sed} -i -e 's/dist-xz/dist-bzip2/' configure.ac +%endif + %build -ver=$(awk '/AC_INIT/{a=$2;gsub(/[\[\],]/, "", a); print a}' configure.ac) +ver=$(awk -F ',' '/AC_INIT/{a=$2;gsub(/[\[\],]/, "", a); print a}' configure.ac) if [ "$ver" != "%{version}" ]; then : configure.ac specifies wrong version exit 1 @@ -1049,7 +887,6 @@ fi %{?with_bzip2:--with-bzip2} \ %{?with_dbi:--with-dbi} \ %{?with_gamin:--with-gamin} \ - %{?with_geoip:--with-geoip} \ %{?with_krb5:--with-krb5} \ %{?with_ldap:--with-ldap} \ %{?with_lua:--with-lua=lua51} \ @@ -1057,8 +894,6 @@ fi %{?with_mysql:--with-mysql} \ %{?with_pgsql:--with-pgsql} \ %{?with_ssl:--with-openssl} \ - %{?with_storage_gdbm:--with-gdbm} \ - %{?with_storage_memcached:--with-memcached} \ %{?with_valgrind:--with-valgrind} \ %{?with_webdav_locks:--with-webdav-locks} \ %{?with_webdav_props:--with-webdav-props} \ @@ -1079,7 +914,8 @@ install -d $RPM_BUILD_ROOT{%{_lighttpddir}/{cgi-bin,html},/etc/{logrotate.d,rc.d $RPM_BUILD_ROOT%{_sysconfdir}/{{conf,vhosts,webapps}.d,ssl} \ $RPM_BUILD_ROOT{/var/log/{%{name},archive/%{name}},/var/run/%{name}} \ $RPM_BUILD_ROOT%{_datadir}/lighttpd/errordocs \ - $RPM_BUILD_ROOT/var/lib/lighttpd + $RPM_BUILD_ROOT/var/lib/lighttpd \ + $RPM_BUILD_ROOT/var/cache/lighttpd/mod_deflate %{__make} install \ DESTDIR=$RPM_BUILD_ROOT @@ -1110,26 +946,19 @@ cp -p %{SOURCE100} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_access.conf cp -p %{SOURCE102} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_alias.conf cp -p %{SOURCE103} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_auth.conf cp -p %{SOURCE104} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_cgi.conf +cp -p %{SOURCE105} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_h2.conf cp -p %{SOURCE137} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_cgi_php.conf -cp -p %{SOURCE105} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_cml.conf + cp -p %{SOURCE107} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_deflate.conf cp -p %{SOURCE108} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_dirlisting.conf -cp -p %{SOURCE109} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_evasive.conf cp -p %{SOURCE110} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_evhost.conf cp -p %{SOURCE112} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_fastcgi.conf -cp -p %{SOURCE113} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_flv_streaming.conf -%if %{with geoip} -cp -p %{SOURCE140} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_geoip.conf -%endif %if %{with maxminddb} cp -p %{SOURCE147} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_maxminddb.conf %endif %if %{with ldap} cp -p %{SOURCE141} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_authn_ldap.conf %endif -%if %{with mysql} -cp -p %{SOURCE145} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_authn_mysql.conf -%endif %if %{with h264_streaming} cp -p %{SOURCE136} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_h264_streaming.conf %endif @@ -1138,25 +967,15 @@ cp -p %{SOURCE142} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_openssl.conf cp -p %{SOURCE115} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_proxy.conf cp -p %{SOURCE118} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_rrdtool.conf cp -p %{SOURCE119} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_scgi.conf -cp -p %{SOURCE120} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_secdownload.conf cp -p %{SOURCE121} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_setenv.conf cp -p %{SOURCE122} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_simple_vhost.conf cp -p %{SOURCE123} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_ssi.conf cp -p %{SOURCE124} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_staticfile.conf cp -p %{SOURCE125} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_status.conf -%if %{with mod_trigger_b4_dl} -cp -p %{SOURCE126} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_trigger_b4_dl.conf -%endif -cp -p %{SOURCE138} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_authn_dbi.conf -cp -p %{SOURCE139} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_uploadprogress.conf cp -p %{SOURCE127} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_userdir.conf -cp -p %{SOURCE128} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_usertrack.conf cp -p %{SOURCE143} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_vhostdb.conf cp -p %{SOURCE129} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_webdav.conf cp -p %{SOURCE144} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_wstunnel.conf -%if %{with mysql} -cp -p %{SOURCE133} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_mysql_vhost.conf -%endif cp -p %{SOURCE146} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/50_mod_sockproxy.conf cp -p %{SOURCE134} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/55_mod_magnet.conf @@ -1241,45 +1060,37 @@ fi %module_scripts mod_access %module_scripts mod_accesslog +%module_scripts mod_ajp13 %module_scripts mod_alias %module_scripts mod_auth %module_scripts mod_authn_dbi %module_scripts mod_authn_file %module_scripts mod_authn_gssapi %module_scripts mod_authn_ldap -%module_scripts mod_authn_mysql %module_scripts mod_cgi -%module_scripts mod_cml %module_scripts mod_deflate %module_scripts mod_dirlisting -%module_scripts mod_evasive %module_scripts mod_evhost %module_scripts mod_expire %module_scripts mod_extforward %module_scripts mod_fastcgi -%module_scripts mod_flv_streaming -%module_scripts mod_geoip +%module_scripts mod_h2 %module_scripts mod_h264_streaming %module_scripts mod_indexfile %module_scripts mod_magnet %module_scripts mod_maxminddb -%module_scripts mod_mysql_vhost %module_scripts mod_openssl %module_scripts mod_proxy %module_scripts mod_redirect %module_scripts mod_rewrite %module_scripts mod_scgi -%module_scripts mod_secdownload %module_scripts mod_setenv %module_scripts mod_simple_vhost %module_scripts mod_sockproxy %module_scripts mod_ssi %module_scripts mod_staticfile %module_scripts mod_status -%module_scripts mod_trigger_b4_dl -%module_scripts mod_uploadprogress %module_scripts mod_userdir -%module_scripts mod_usertrack %module_scripts mod_vhostdb %module_scripts mod_webdav %module_scripts mod_wstunnel @@ -1344,10 +1155,12 @@ fi # rrdtool database is stored there %dir %attr(771,root,lighttpd) /var/lib/lighttpd +# mod_deflate can put cached files there +%dir /var/cache/lighttpd + %files mod_access %defattr(644,root,root,755) %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_access.conf -%attr(755,root,root) %{pkglibdir}/mod_access.so %files mod_accesslog %defattr(644,root,root,755) @@ -1357,13 +1170,22 @@ fi %files mod_alias %defattr(644,root,root,755) %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_alias.conf -%attr(755,root,root) %{pkglibdir}/mod_alias.so + +%files mod_ajp13 +%defattr(644,root,root,755) +%attr(755,root,root) %{pkglibdir}/mod_ajp13.so %files mod_auth %defattr(644,root,root,755) %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_auth.conf %attr(755,root,root) %{pkglibdir}/mod_auth.so +%if %{with dbi} +%files mod_authn_dbi +%defattr(644,root,root,755) +%attr(755,root,root) %{pkglibdir}/mod_authn_dbi.so +%endif + %files mod_authn_file %defattr(644,root,root,755) %attr(755,root,root) %{pkglibdir}/mod_authn_file.so @@ -1374,13 +1196,6 @@ fi %attr(755,root,root) %{pkglibdir}/mod_authn_gssapi.so %endif -%if %{with dbi} -%files mod_authn_dbi -%defattr(644,root,root,755) -%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_authn_dbi.conf -%attr(755,root,root) %{pkglibdir}/mod_authn_dbi.so -%endif - %if %{with ldap} %files mod_authn_ldap %defattr(644,root,root,755) @@ -1388,13 +1203,6 @@ fi %attr(755,root,root) %{pkglibdir}/mod_authn_ldap.so %endif -%if %{with mysql} -%files mod_authn_mysql -%defattr(644,root,root,755) -%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_authn_mysql.conf -%attr(755,root,root) %{pkglibdir}/mod_authn_mysql.so -%endif - %files mod_cgi %defattr(644,root,root,755) %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_cgi.conf @@ -1404,35 +1212,24 @@ fi %defattr(644,root,root,755) %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_cgi_php.conf -%files mod_cml -%defattr(644,root,root,755) -%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_cml.conf -%attr(755,root,root) %{pkglibdir}/mod_cml.so - %files mod_deflate %defattr(644,root,root,755) %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_deflate.conf %attr(755,root,root) %{pkglibdir}/mod_deflate.so +%dir %attr(775,root,lighttpd) /var/cache/lighttpd/mod_deflate %files mod_dirlisting %defattr(644,root,root,755) %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_dirlisting.conf %attr(755,root,root) %{pkglibdir}/mod_dirlisting.so -%files mod_evasive -%defattr(644,root,root,755) -%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_evasive.conf -%attr(755,root,root) %{pkglibdir}/mod_evasive.so - %files mod_evhost %defattr(644,root,root,755) %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_evhost.conf -%attr(755,root,root) %{pkglibdir}/mod_evhost.so %files mod_expire %defattr(644,root,root,755) %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_expire.conf -%attr(755,root,root) %{pkglibdir}/mod_expire.so %files mod_extforward %defattr(644,root,root,755) @@ -1442,19 +1239,11 @@ fi %files mod_fastcgi %defattr(644,root,root,755) %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_fastcgi.conf -%attr(755,root,root) %{pkglibdir}/mod_fastcgi.so -%files mod_flv_streaming +%files mod_h2 %defattr(644,root,root,755) -%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_flv_streaming.conf -%attr(755,root,root) %{pkglibdir}/mod_flv_streaming.so - -%if %{with geoip} -%files mod_geoip -%defattr(644,root,root,755) -%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_geoip.conf -%attr(755,root,root) %{pkglibdir}/mod_geoip.so -%endif +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_h2.conf +%attr(755,root,root) %{pkglibdir}/mod_h2.so %if %{with h264_streaming} %files mod_h264_streaming @@ -1466,7 +1255,6 @@ fi %files mod_indexfile %defattr(644,root,root,755) %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_indexfile.conf -%attr(755,root,root) %{pkglibdir}/mod_indexfile.so %files mod_magnet %defattr(644,root,root,755) @@ -1480,13 +1268,6 @@ fi %attr(755,root,root) %{pkglibdir}/mod_maxminddb.so %endif -%if %{with mysql} -%files mod_mysql_vhost -%defattr(644,root,root,755) -%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_mysql_vhost.conf -%attr(755,root,root) %{pkglibdir}/mod_mysql_vhost.so -%endif - %files mod_proxy %defattr(644,root,root,755) %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_proxy.conf @@ -1500,12 +1281,10 @@ fi %files mod_redirect %defattr(644,root,root,755) %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_redirect.conf -%attr(755,root,root) %{pkglibdir}/mod_redirect.so %files mod_rewrite %defattr(644,root,root,755) %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_rewrite.conf -%attr(755,root,root) %{pkglibdir}/mod_rewrite.so %files mod_rrdtool %defattr(644,root,root,755) @@ -1516,22 +1295,14 @@ fi %files mod_scgi %defattr(644,root,root,755) %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_scgi.conf -%attr(755,root,root) %{pkglibdir}/mod_scgi.so - -%files mod_secdownload -%defattr(644,root,root,755) -%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_secdownload.conf -%attr(755,root,root) %{pkglibdir}/mod_secdownload.so %files mod_setenv %defattr(644,root,root,755) %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_setenv.conf -%attr(755,root,root) %{pkglibdir}/mod_setenv.so %files mod_simple_vhost %defattr(644,root,root,755) %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_simple_vhost.conf -%attr(755,root,root) %{pkglibdir}/mod_simple_vhost.so %files mod_sockproxy %defattr(644,root,root,755) @@ -1546,35 +1317,17 @@ fi %files mod_staticfile %defattr(644,root,root,755) %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_staticfile.conf -%attr(755,root,root) %{pkglibdir}/mod_staticfile.so %files mod_status %defattr(644,root,root,755) %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_status.conf %attr(755,root,root) %{pkglibdir}/mod_status.so -%if %{with mod_trigger_b4_dl} -%files mod_trigger_b4_dl -%defattr(644,root,root,755) -%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_trigger_b4_dl.conf -%attr(755,root,root) %{pkglibdir}/mod_trigger_b4_dl.so -%endif - -%files mod_uploadprogress -%defattr(644,root,root,755) -%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_uploadprogress.conf -%attr(755,root,root) %{pkglibdir}/mod_uploadprogress.so - %files mod_userdir %defattr(644,root,root,755) %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_userdir.conf %attr(755,root,root) %{pkglibdir}/mod_userdir.so -%files mod_usertrack -%defattr(644,root,root,755) -%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_usertrack.conf -%attr(755,root,root) %{pkglibdir}/mod_usertrack.so - %files mod_vhostdb %defattr(644,root,root,755) %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*mod_vhostdb.conf diff --git a/mod_authn_dbi.conf b/mod_authn_dbi.conf deleted file mode 100644 index 1f13ed2..0000000 --- a/mod_authn_dbi.conf +++ /dev/null @@ -1,10 +0,0 @@ -# dbi (mod_authn_dbi) -# -# The DBI backend authenticates the user against MySQL/MariaDB, Postgres, SQLite3, -# and possible other databases with libdbi-drivers -# -# Documentation: https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModAuth#dbi-mod_authn_dbi-since-lighttpd-1456 - -server.modules += ( - "mod_authn_dbi" -) diff --git a/mod_authn_mysql.conf b/mod_authn_mysql.conf deleted file mode 100644 index 0abfb1e..0000000 --- a/mod_authn_mysql.conf +++ /dev/null @@ -1,9 +0,0 @@ -# mysql (mod_authn_mysql) -# -# The mysql backend authenticates the user against MySQL/MariaDB infrastructure -# -# Documentation: https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModAuth#mysql-mod_authn_mysql - -server.modules += ( - "mod_authn_mysql" -) diff --git a/mod_cml.conf b/mod_cml.conf deleted file mode 100644 index 844a069..0000000 --- a/mod_cml.conf +++ /dev/null @@ -1,21 +0,0 @@ -# CML is a Meta language to describe the dependencies of a page -# at one side and building a page from its fragments on the -# other side using LUA. -# -# Documentation: http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModCML - -server.modules += ( - "mod_cml" -) - -## the extension for file with cache information. With .cml, -## the cache info file for index.html is index.cml -cml.extension = ".cml" - -index-file.names += ( "index" + cml.extension ) - -## the memcached used by mod_cml -#cml.memcache-hosts = ( "127.0.0.1:11211" ) - -## a cml file that is executed for each request -#cml.power-magnet = "/home/services/lighttpd/html/power-magnet.cml" diff --git a/mod_deflate.conf b/mod_deflate.conf index f952331..93b6562 100644 --- a/mod_deflate.conf +++ b/mod_deflate.conf @@ -12,7 +12,7 @@ server.modules += ( #deflate.allowed-encodings = ( "brotli", "gzip", "deflate", "bzip2" ) ### optional -#deflate.cache-dir = "/path/to/compress/cache" +deflate.cache-dir = "/var/cache/lighttpd/mod_deflate" # measured in kilobytes, so 131072 indicates 128 MB #deflate.max-compress-size = 131072 # measured in bytes diff --git a/mod_evasive.conf b/mod_evasive.conf deleted file mode 100644 index 8ecb17f..0000000 --- a/mod_evasive.conf +++ /dev/null @@ -1,12 +0,0 @@ -# Evasive module. -# -# Documentation: http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModEvasive - -server.modules += ( - "mod_evasive" -) - -## -## Limits number of connections per IP -## -#evasive.max-conns-per-ip = 5 diff --git a/mod_flv_streaming.conf b/mod_flv_streaming.conf deleted file mode 100644 index 898654c..0000000 --- a/mod_flv_streaming.conf +++ /dev/null @@ -1,7 +0,0 @@ -# FLV streaming module. -# -# Documentation: http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModFLVStreaming - -server.modules += ( - "mod_flv_streaming" -) diff --git a/mod_geoip.conf b/mod_geoip.conf deleted file mode 100644 index 9a720b3..0000000 --- a/mod_geoip.conf +++ /dev/null @@ -1,25 +0,0 @@ -# GeoIP module. -# -# Documentation: https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModGeoip -# -# mod_geoip is a module for fast ip/location lookups. It uses MaxMind -# GeoIP / GeoCity databases. If the ip was found in the database the -# module sets the appropriate environments variables to the request, -# thus making other modules/fcgi be informed. - -server.modules += ( - "mod_geoip" -) - -# -# mod_geoip will determine the database type automatically so if you -# enter GeoCity database path it will load GeoCity Env. -# -#geoip.db-filename = "/usr/share/GeoIP/GeoIP.dat" - -# -# If enabled, mod_geoip will load the database binary file to memory -# for very fast lookups. The only penalty is memory usage. -# default: disabled -# -#geoip.memory-cache = "enable" diff --git a/mod_h2.conf b/mod_h2.conf new file mode 100644 index 0000000..93f1c2b --- /dev/null +++ b/mod_h2.conf @@ -0,0 +1,5 @@ +# HTTP 2 module. + +server.modules += ( + "mod_h2" +) diff --git a/mod_mysql_vhost.conf b/mod_mysql_vhost.conf deleted file mode 100644 index b54b090..0000000 --- a/mod_mysql_vhost.conf +++ /dev/null @@ -1,7 +0,0 @@ -# mysql_vhost module. -# -# Documentation: http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModMySQLVhost - -server.modules += ( - "mod_mysql_vhost" -) diff --git a/mod_secdownload.conf b/mod_secdownload.conf deleted file mode 100644 index c916f1d..0000000 --- a/mod_secdownload.conf +++ /dev/null @@ -1,7 +0,0 @@ -# secure and fast downloading module. -# -# Documentation: http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModSecDownload - -server.modules += ( - "mod_secdownload" -) diff --git a/mod_trigger_b4_dl.conf b/mod_trigger_b4_dl.conf deleted file mode 100644 index 1b63371..0000000 --- a/mod_trigger_b4_dl.conf +++ /dev/null @@ -1,24 +0,0 @@ -# A module to prevent deep-linking from other sites. -# -# Documentation: http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModTriggerBeforeDownload - -server.modules += ( - "mod_trigger_b4_dl" -) - -## guarded download URL, direct access is denied -#trigger-before-download.download-url = "^/download/" - -## trigger URL to allow downloads from -#trigger-before-download.trigger-url = "^/trigger/" - -## if access to a file is denied, the user is redirected to this URL -#trigger-before-download.deny-url = "/home/services/lighttpd/html/deny.html" - -## access to granted for seconds after the trigger -#trigger-before-download.trigger-timeout = 10 - -## storage of trigger information. If both destinations are provided, -## the GDBM file takes precedence. -#trigger-before-download.gdbm-filename = "/home/services/lighttpd/data/trigger.db" -#trigger-before-download.memcache-hosts = ( "127.0.0.1:11211" ) diff --git a/mod_uploadprogress.conf b/mod_uploadprogress.conf deleted file mode 100644 index e8db906..0000000 --- a/mod_uploadprogress.conf +++ /dev/null @@ -1,16 +0,0 @@ -# Upload Progress module. -# -# Documentation: https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModUploadProgress - -server.modules += ( - "mod_uploadprogress" -) - -# string, empty by default; use "/progress" (or something else) to enable the module -#upload-progress.progress-url = "/progress" - -# integer, default: 60 seconds -#upload-progress.remove-timeout = 30 - -# boolean, default: "disable" -#upload-progress.debug = "enable" diff --git a/mod_usertrack.conf b/mod_usertrack.conf deleted file mode 100644 index eb1aba4..0000000 --- a/mod_usertrack.conf +++ /dev/null @@ -1,7 +0,0 @@ -# usertrack module. -# -# Documentation: http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModUserTrack - -server.modules += ( - "mod_usertrack" -) diff --git a/ssl.conf b/ssl.conf index 15bfb6a..6e45428 100644 --- a/ssl.conf +++ b/ssl.conf @@ -4,51 +4,50 @@ # https://www.ssllabs.com/projects/best-practices/index.html # https://cipherli.st/ # https://wiki.mozilla.org/Security/Server_Side_TLS -# https://mozilla.github.io/server-side-tls/ssl-config-generator/ - -$SERVER["socket"] == ":443" { - protocol = "https://" - ssl.engine = "enable" - ssl.disable-client-renegotiation = "enable" - - # ssl.pemfile: path to the PEM file for SSL support - # (Should contain both the private key and the certificate) - ## If you have a .crt and a .key file, cat them together into a single PEM file: - ## $ cat lighttpd.key lighttpd.crt > lighttpd.pem - ssl.pemfile = "/etc/lighttpd/ssl/server.pem" - # ssl.ca-file: path to the CA file for support of chained certificates +# +# generated 2023-05-28, Mozilla Guideline v5.7, lighttpd 1.4.70, OpenSSL 3.1.0, intermediate configuration +# https://ssl-config.mozilla.org/#server=lighttpd&version=1.4.70&config=intermediate&openssl=3.1.0&guideline=5.7 + +$HTTP["scheme"] == "http" { + url.redirect = ("" => "https://${url.authority}${url.path}${qsa}") +} + +# lighttpd 1.4.56 and later will inherit ssl.* from the global scope if +# $SERVER["socket"] contains ssl.engine = "enable" and no other ssl.* options +# (to avoid having to repeat ssl.* directives in both ":443" and "[::]:443") +$SERVER["socket"] == ":443" { ssl.engine = "enable" } +$SERVER["socket"] == "[::]:443" { ssl.engine = "enable" } + +$HTTP["scheme"] == "https" { + # HTTP Strict Transport Security (63072000 seconds is around 2 years) + setenv.add-response-header = ( + "Strict-Transport-Security" => "max-age=63072000" + ) +} + +# ssl.pemfile: path to the PEM file for SSL support +# (Should contain both the private key and the certificate) +## If you have a .crt and a .key file, cat them together into a single PEM file: +## $ cat lighttpd.key lighttpd.crt > lighttpd.pem +ssl.pemfile = "/etc/lighttpd/ssl/server.pem" +# ssl.privkey = "/path/to/private_key" +# ssl.ca-file: path to the CA file for support of chained certificates # ssl.ca-file = "/etc/lighttpd/ssl/chain.pem" - # for DH/DHE ciphers, dhparam should be >= 2048-bit - # Generate with: - # openssl dhparam -out dh2048.pem -outform PEM -2 2048 -# ssl.dh-file = "/etc/lighttpd/ssl/dhparam.pem" - # ECDH/ECDHE ciphers curve strength (see `openssl ecparam -list_curves`) -# ssl.ec-curve = "secp384r1" - # Compression is by default off at compile-time, but use if needed +# OCSP stapling (input file must be maintained by external script) +# https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_SSL#OCSP-Stapling +# ssl.stapling-file = "/path/to/cert-staple.der" + +# Compression is by default off at compile-time, but use if needed # ssl.use-compression = "disable" - # Environment flag for HTTPS enabled +# Environment flag for HTTPS enabled # setenv.add-environment = ( # "HTTPS" => "on" # ) - # https://ssl-config.mozilla.org/#server=lighttpd&server-version=1.4.54&config=intermediate - # intermediate configuration, tweak to your needs - # - ssl.use-sslv2 = "disable" - ssl.use-sslv3 = "disable" - # intermediate configuration, tweak to your needs - ssl.openssl.ssl-conf-cmd = ("Protocol" => "ALL, -SSLv2, -SSLv3, -TLSv1, -TLSv1.1") - ssl.cipher-list = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" - ssl.honor-cipher-order = "disable" - - # HTTP Strict Transport Security (63072000 seconds - # setenv.add-response-header = ( - # "Strict-Transport-Security" => "max-age=63072000" - # ) - - $HTTP["useragent"] =~ "MSIE" { - server.max-keep-alive-requests = 0 - } -} +ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1.2") +ssl.openssl.ssl-conf-cmd += ("Options" => "-ServerPreference") +# TLS modules besides mod_openssl might name ciphers differently +# See https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_SSL +ssl.openssl.ssl-conf-cmd += ("CipherString" => "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305") diff --git a/test-port-setup.patch b/test-port-setup.patch deleted file mode 100644 index 3578e17..0000000 --- a/test-port-setup.patch +++ /dev/null @@ -1,15 +0,0 @@ - -TODO: upstream it: -https://github.com/lighttpd/lighttpd1.4/pull/69 - ---- lighttpd-1.4.56/tests/LightyTest.pm~ 2020-11-30 00:32:01.000000000 +0200 -+++ lighttpd-1.4.56/tests/LightyTest.pm 2020-11-30 08:31:44.175860280 +0200 -@@ -81,7 +81,7 @@ - if (exists $ENV{LIGHTTPD_EXE_PATH}) { - $self->{LIGHTTPD_PATH} = $ENV{LIGHTTPD_EXE_PATH}; - } -- $self->{PORT} = 2048; -+ $self->{PORT} = $ENV{LIGHTTPD_TEST_PORT} ? int($ENV{LIGHTTPD_TEST_PORT}) : 2048; - - my ($name, $aliases, $addrtype, $net) = gethostbyaddr(inet_aton("127.0.0.1"), AF_INET); - -- 2.44.0