From 7335301852643457530e988f8c7a04151b1af115 Mon Sep 17 00:00:00 2001 From: "Kyle J. McKay" Date: Tue, 6 Jul 2021 23:11:10 -0700 Subject: [PATCH] lighttpd.conf.in: add some fine tuning and comments Although the config works fine for Girocco the way it is now, there are some lighttpd idiosyncrasies that just happen to not affect Girocco. Mention these issues and add a few extra settings to address them to make sure any added non-Girocco scripts don't run into them. Signed-off-by: Kyle J. McKay --- lighttpd.conf.in | 41 +++++++++++++++++++++++++++++++++++++++-- 1 file changed, 39 insertions(+), 2 deletions(-) diff --git a/lighttpd.conf.in b/lighttpd.conf.in index 39d4b20..11a41f7 100644 --- a/lighttpd.conf.in +++ b/lighttpd.conf.in @@ -59,6 +59,9 @@ var.ipv4addr = "127.0.0.1" var.ipv6addr = "::1" @@endif@@ +# Suitable default PATH for CGI use +var.syspath = "@@var_getconfpath@@" + # ## ## Standalone configuration @@ -224,8 +227,9 @@ $HTTP["host"] == "@@httpdnsname@@" { # "virtual" host @@httpdnsname@@ } server.document-root = "@@webroot@@" - static-file.disable-pathinfo = "enable" # probably??? + static-file.disable-pathinfo = "enable" # should be default cgi.execute-x-only = "enable" # why is this not the default??? + cgi.local-redir = "enable" # match Apache -- required by RFC 3875 # The standard Apache Girocco configuration follows # symlinks as a prerequisite to make ".htaccess" files work. @@ -279,21 +283,34 @@ $HTTP["host"] == "@@httpdnsname@@" { # "virtual" host @@httpdnsname@@ url.redirect = ( "^([^?#]*)" => var.rdrbase + "$1%1%2" ) } } - alias.url = ( "/w" => "@@cgiroot@@/gitweb.cgi" ) + #alias.url = ( "/w" => "@@cgiroot@@/gitweb.cgi" ) # would munge DOCUMENT_ROOT fastcgi.server = ( "/w" => ( "gitweb" => ( "socket" => var.fcgisockbase+"gitweb-@@tmpsuffix@@", "check-local" => "disable", + # lighttpd cannot handle gitweb exiting gracefully after each 100 requests; + # to kludge around lighttpd's limitations, use gitweb-gc.sh instead. #"bin-path" => "@@cgiroot@@/gitweb.cgi", "bin-path" => "@@basedir@@/bin/gitweb-gc.sh", "min-procs" => 1, # default is min(4, max-procs) "max-procs" => @@var_online_cpus@@, # default is 4 "idle-timeout" => 180, # seconds (default is 60) + # Unlike mod_cgi, mod_fastcgi by default passes through + # the server's environment (the exact opposite of Apache) + # In order to be consistent we use bin-copy-environment (which + # would be better named bin-clean-environment) plus bin-environment + # to get an environment that matches the one sent to mod_cgi executables + "bin-copy-environment" => ( "" ), # cleans env like mod_cgi does + "bin-environment" => ( "PATH" => var.syspath ), # adds consistent PATH ))) } else $HTTP["url"] =~ "^/b(?:/|$)" { $REQUEST_HEADER["user-agent"] =~ var.botpat { url.access-deny = ( "" ) } alias.url = ( "/b" => "@@cgiroot@@/bundles.cgi" ) cgi.assign = ( "" => "" ) + # CGI scripts will likely behave poorly without this + setenv.set-environment += ( "PATH" => var.syspath ) + # Send Apache-identical DOCUMENT_ROOT not lighttpd crazy one + setenv.set-environment += ( "DOCUMENT_ROOT" => server.document-root ) } # setenv.set-environment GIT_HTTP_BACKEND_BIN to override Config.pm $git_http_backend_bin else $HTTP["url"] =~ "^/r(?:/|$)" { @@ -301,6 +318,10 @@ $HTTP["host"] == "@@httpdnsname@@" { # "virtual" host @@httpdnsname@@ setenv.set-environment += ( "REQUIRE_SSL_CLIENT_VERIFY_SUCCESS" => "1" ) alias.url = ( "/r" => "@@basedir@@/bin/git-http-backend-verify" ) cgi.assign = ( "" => "" ) + # CGI scripts will likely behave poorly without this + setenv.set-environment += ( "PATH" => var.syspath ) + # Send Apache-identical DOCUMENT_ROOT not lighttpd crazy one + setenv.set-environment += ( "DOCUMENT_ROOT" => server.document-root ) } # /h/ => html pages pre-generated via the html.cgi template script else $HTTP["url"] =~ "^/h/.+\.html$" { @@ -312,6 +333,10 @@ $HTTP["host"] == "@@httpdnsname@@" { # "virtual" host @@httpdnsname@@ else $HTTP["url"] =~ "^/(?!(?i)gitweb\.cgi|bundles\.cgi|html\.cgi(?:/|$))([^/]+\.cgi(?:/.*)?)$" { alias.url = ( "/" => "@@cgiroot@@/" ) cgi.assign = ( "" => "" ) + # CGI scripts will likely behave poorly without this + setenv.set-environment += ( "PATH" => var.syspath ) + # Send Apache-identical DOCUMENT_ROOT not lighttpd crazy one + setenv.set-environment += ( "DOCUMENT_ROOT" => server.document-root ) } # Any requests without the magic /[bchrw] are treated as Git requests if they @@ -363,6 +388,10 @@ $HTTP["host"] == "@@httpdnsname@@" { # "virtual" host @@httpdnsname@@ setenv.set-environment += ( "REQUIRE_SSL_CLIENT_VERIFY_SUCCESS" => "1" ) alias.url = ( "/" => "@@basedir@@/bin/git-http-backend-verify/" ) cgi.assign = ( "" => "" ) + # CGI scripts will likely behave poorly without this + setenv.set-environment += ( "PATH" => var.syspath ) + # Send Apache-identical DOCUMENT_ROOT not lighttpd crazy one + setenv.set-environment += ( "DOCUMENT_ROOT" => server.document-root ) } # Everything else off to bundles.cgi or gitweb.cgi @@ -372,6 +401,10 @@ $HTTP["host"] == "@@httpdnsname@@" { # "virtual" host @@httpdnsname@@ $REQUEST_HEADER["user-agent"] =~ var.botpat { url.access-deny = ( "" ) } alias.url = ( "/" => "@@cgiroot@@/bundles.cgi/" ) cgi.assign = ( "" => "" ) + # CGI scripts will likely behave poorly without this + setenv.set-environment += ( "PATH" => var.syspath ) + # Send Apache-identical DOCUMENT_ROOT not lighttpd crazy one + setenv.set-environment += ( "DOCUMENT_ROOT" => server.document-root ) } else $HTTP["url"] =~ "(?x) ^/(?![bchrw]/) @@ -441,6 +474,10 @@ $HTTP["host"] == "@@httpdnsname@@" { # "virtual" host @@httpdnsname@@ ) fastcgi.server = () cgi.assign = ( "" => "" ) + # CGI scripts will likely behave poorly without this + setenv.set-environment += ( "PATH" => var.syspath ) + # Send Apache-identical DOCUMENT_ROOT not lighttpd crazy one + setenv.set-environment += ( "DOCUMENT_ROOT" => server.document-root ) } # The fancy .no_blob_plain processing is not handled with lighttpd...yet! -- 2.11.4.GIT