From ed7e4a96a541ce139b5130fe558303a9f9dcf961 Mon Sep 17 00:00:00 2001 From: zhanglianghy Date: Thu, 22 Aug 2019 15:55:36 +0800 Subject: [PATCH 1/3] =?UTF-8?q?MOD=20aaa-12=20=E5=B0=86=E9=94=99=E8=AF=AF?= =?UTF-8?q?=E7=A0=81=E6=8F=90=E5=8F=96=E5=87=BA=E6=9D=A5=E5=8D=95=E7=8B=AC?= =?UTF-8?q?=E5=BD=A2=E6=88=90=E4=B8=80=E4=B8=AA=E6=96=87=E4=BB=B6=EF=BC=8C?= =?UTF-8?q?=E4=BE=BF=E4=BA=8E=E5=90=8E=E7=BB=AD=E5=90=84=E4=B8=AA=E4=B8=9A?= =?UTF-8?q?=E5=8A=A1=E6=A8=A1=E5=9D=97=E6=B7=BB=E5=8A=A0=E8=87=AA=E8=BA=AB?= =?UTF-8?q?=E9=94=99=E8=AF=AF=E7=A0=81=20SOL=20=20=E5=B0=86=E9=94=99?= =?UTF-8?q?=E8=AF=AF=E7=A0=81=E6=8F=90=E5=8F=96=E5=87=BA=E6=9D=A5=E5=8D=95?= =?UTF-8?q?=E7=8B=AC=E5=BD=A2=E6=88=90=E4=B8=80=E4=B8=AA=E6=96=87=E4=BB=B6?= =?UTF-8?q?=EF=BC=8C=E4=BE=BF=E4=BA=8E=E5=90=8E=E7=BB=AD=E5=90=84=E4=B8=AA?= =?UTF-8?q?=E4=B8=9A=E5=8A=A1=E6=A8=A1=E5=9D=97=E6=B7=BB=E5=8A=A0=E8=87=AA?= =?UTF-8?q?=E8=BA=AB=E9=94=99=E8=AF=AF=E7=A0=81=20=E4=BF=AE=E6=94=B9?= =?UTF-8?q?=E4=BA=BA=EF=BC=9Azhangliang=20=E6=A3=80=E8=A7=86=E4=BA=BA?= =?UTF-8?q?=EF=BC=9Azhangliang?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Common/ret_errno.h | 29 +++++++++++++++++-- .../configm/config-server/include/configm.h | 5 +--- .../netconfig/ipconfig/ipconfig.c | 2 +- .../user/configm/config-test/configtest.c | 7 +++-- 4 files changed, 32 insertions(+), 11 deletions(-) diff --git a/Common/ret_errno.h b/Common/ret_errno.h index f7eaf757a..7ef6ed927 100644 --- a/Common/ret_errno.h +++ b/Common/ret_errno.h @@ -7,9 +7,10 @@ typedef uint ret_code; -/*0x00000000 ~ 0x0000ffff 为系统预留错误码,用于一般性系统错误,例如内存不够,输入错误等*/ +/*0x00000000 ~ 0x0000ffff 为系统预留错误码,用于一般性系统错误, +例如内存不够,输入错误等*/ -/* RPC ret code 0x00000000 ~ 0x0000ffff*/ +/*ret code 0x00000000 ~ 0x0000ffff*/ #define RET_OK 0 #define RET_ERR 1 #define RET_UNKNOWN 2 @@ -30,6 +31,7 @@ typedef uint ret_code; #define RET_IPINVALID (uint)((uint)NETCONFIG_MODULE<<16|1) #define RET_BRNAMEERR (uint)((uint)NETCONFIG_MODULE<<16|1) +#define ERR_STR_LEN 64 /* 错误码描述 */ #define RET_ERROR_DISC \ @@ -41,16 +43,37 @@ typedef uint ret_code; { RET_NOTFOUND, "NotFound" }, \ { RET_TIMEOUT, "Timeout" }, \ { RET_NULLP, "NullPointer" } ,\ - { RET_NOMEM, "NotEnoughMemery"},\ + { RET_NOMEM, "NotEnoughMemory"},\ { RET_CHKERR, "CheckError"},\ { RET_NOTSUPPORT, "NotSupport"},\ { RET_INPUTERR, "InputError"},\ { RET_EXIST, "AlreadyExist"},\ { RET_FULL, "Full"},\ { RET_SENDERR, "SendErr"},\ +\ { RET_IPINVALID, "IpInvalid"},\ { RET_BRNAMEERR, "BrNameInvalid"}\ } +struct err_disc { + int code; + const char *name; +} ; + +static inline char* ret_code_format(ret_code code, char* str) { + struct err_disc ret_err[] = RET_ERROR_DISC; + int len = sizeof(ret_err) / sizeof(struct err_disc); + int i; + + for(i = 0; i < len; i++){ + if(code == ret_err[i].code){ + strcpy(str, ret_err[i].name); + return str; + } + } + + return str; +} + #endif diff --git a/Platform/user/configm/config-server/include/configm.h b/Platform/user/configm/config-server/include/configm.h index 81bd290eb..e2dd3d5d4 100755 --- a/Platform/user/configm/config-server/include/configm.h +++ b/Platform/user/configm/config-server/include/configm.h @@ -173,7 +173,7 @@ nat_config_proc, \ NULL, \ nat_config_get_all \ - }\ + }\ } typedef ret_code (*cm_config_init)(); @@ -214,8 +214,5 @@ struct _config_service { typedef struct _config_service config_service_t; - - - #endif /* RPC_COMMON_H_ */ diff --git a/Platform/user/configm/config-server/netconfig/ipconfig/ipconfig.c b/Platform/user/configm/config-server/netconfig/ipconfig/ipconfig.c index 7e3e04e5a..8132b8a85 100644 --- a/Platform/user/configm/config-server/netconfig/ipconfig/ipconfig.c +++ b/Platform/user/configm/config-server/netconfig/ipconfig/ipconfig.c @@ -563,7 +563,7 @@ ret_code ip_config_get_all(uint source, pointer output, int *output_len) *output_len = 0; ret = if_get_prefix_all(output, output_len, &code); - rpc_log_info("ip_config_get_all: %s\n", output); + rpc_log_info("ip_config_get_all: %s\n", (char *)output); RET_ERR_FORMART(ret, code, output, *output_len); ASSERT_RET(ret); diff --git a/Platform/user/configm/config-test/configtest.c b/Platform/user/configm/config-test/configtest.c index 095f1484a..f4a40142a 100644 --- a/Platform/user/configm/config-test/configtest.c +++ b/Platform/user/configm/config-test/configtest.c @@ -3,6 +3,7 @@ #include "rpc.h" #include "configm.h" #include "ipconfig.h" +#include "ret_errno.h" int main(int argc, char **argv) { @@ -35,13 +36,13 @@ int main(int argc, char **argv) memset(config_linebuf, 0, sizeof(config_linebuf)); while(fgets(config_linebuf, 512, f) != NULL) { - + char code_str[ERR_STR_LEN] = {0}; printf("configure: %s\n", config_linebuf); code = web_config_exec_sync(CM_CONFIG_SET, config_id, config_linebuf, strlen(config_linebuf) + 1, &output, &output_len); - - printf("call config type return:%s,result:%s\n", rpc_code_format(code), output); + ret_code_format(code, code_str); + printf("call config type return:%s,result:%s\n", code_str, output); memset(config_linebuf, 0, sizeof(config_linebuf)); memset(output, 0, output_len); From 21bb177b899d96f26817897b62e1f6de204099fc Mon Sep 17 00:00:00 2001 From: zhouwuqing Date: Thu, 22 Aug 2019 01:11:06 -0700 Subject: [PATCH 2/3] =?UTF-8?q?Mod=20aaa-12=20add=20lighttpd=20RCA:=20SOL:?= =?UTF-8?q?=20=E4=BF=AE=E6=94=B9=E4=BA=BA:zhouwuqing=20=E6=A3=80=E8=A7=86?= =?UTF-8?q?=E4=BA=BA:zhouwuqing?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- libs/files/lighttpd/config/lighttpd.conf | 148 ----------------------- 1 file changed, 148 deletions(-) delete mode 100644 libs/files/lighttpd/config/lighttpd.conf diff --git a/libs/files/lighttpd/config/lighttpd.conf b/libs/files/lighttpd/config/lighttpd.conf deleted file mode 100644 index ccd995c23..000000000 --- a/libs/files/lighttpd/config/lighttpd.conf +++ /dev/null @@ -1,148 +0,0 @@ -var.log_root = "/home/cmhi/secogateway/libs/files/lighttpd/log" -var.server_root = "/home/cmhi/secogateway/libs/files/lighttpd" -var.state_dir = "/home/cmhi/secogateway/libs/files/lighttpd" -var.home_dir = "/home/cmhi/secogateway/libs/files/lighttpd" -var.conf_dir = "/home/cmhi/secogateway/libs/files/lighttpd/config" - -var.vhosts_dir = server_root + "/vhosts" - -var.cache_dir = server_root + "/cache" - -var.socket_dir = home_dir + "/sockets" - -include "modules.conf" - -server.port = 8080 - -server.use-ipv6 = "disable" - -#server.username = "lighttpd" -#server.groupname = "lighttpd" - -server.document-root = server_root + "/webpages" - -server.pid-file = state_dir + "/lighttpd.pid" - -server.errorlog = log_root + "/error.log" - -include "conf.d/access_log.conf" - -include "conf.d/debug.conf" - -server.event-handler = "linux-sysepoll" - -## -## The basic network interface for all platforms at the syscalls read() -## and write(). Every modern OS provides its own syscall to help network -## servers transfer files as fast as possible -## -## sendfile - is recommended for small files. -## writev - is recommended for sending many large files -## -server.network-backend = "sendfile" - - -server.max-fds = 2048 - -server.stat-cache-engine = "simple" - -server.max-connections = 1024 - -index-file.names += ( - "index.xhtml", "index.html", "index.htm", "default.htm", "index.php" -) - -url.access-deny = ( "~", ".inc" ) - - -static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".scgi" ) - - - -include "conf.d/mime.conf" - -include "conf.d/dirlisting.conf" - -server.follow-symlink = "enable" - - -server.upload-dirs = ( "/home/cmhi/secogateway/libs/files/lighttpd/upload" ) - - - -####################################################################### -## -## SSL Support -## ------------- -## -## To enable SSL for the whole server you have to provide a valid -## certificate and have to enable the SSL engine.:: -## -## ssl.engine = "enable" -## ssl.pemfile = "/path/to/server.pem" -## -## The HTTPS protocol does not allow you to use name-based virtual -## hosting with SSL. If you want to run multiple SSL servers with -## one lighttpd instance you must use IP-based virtual hosting: :: -## -## Mitigate CVE-2009-3555 by disabling client triggered renegotation -## This is enabled by default. -## -## IMPORTANT: this setting can only be used in the global scope. -## It does *not* work inside conditionals -## -# ssl.disable-client-renegotiation = "enable" -## -## $SERVER["socket"] == "10.0.0.1:443" { -## ssl.engine = "enable" -## ssl.pemfile = "/etc/ssl/private/www.example.com.pem" -## # -## # (Following SSL/TLS Deployment Best Practices 1.3 / 17 September 2013 from: -## # https://www.ssllabs.com/projects/best-practices/index.html) -## # - BEAST is considered mitigaed on client side now, and new weaknesses have been found in RC4, -## # so it is strongly advised to disable RC4 ciphers (HIGH doesn't include RC4) -## # - It is recommended to disable 3DES too (although disabling RC4 and 3DES breaks IE6+8 on Windows XP, -## # so you might want to support 3DES for now - just remove the '!3DES' parts below). -## # - The examples below prefer ciphersuites with "Forward Secrecy" (and ECDHE over DHE (alias EDH)), remove '+kEDH +kRSA' -## # if you don't want that. -## # - SRP and PSK are not supported anyway, excluding those ('!kSRP !kPSK') just keeps the list smaller (easier to review) -## # Check your cipher list with: openssl ciphers -v '...' (use single quotes as your shell won't like ! in double quotes) -## # -## # If you know you have RSA keys (standard), you can use: -## ssl.cipher-list = "aRSA+HIGH !3DES +kEDH +kRSA !kSRP !kPSK" -## # The more generic version (without the restriction to RSA keys) is -## # ssl.cipher-list = "HIGH !aNULL !3DES +kEDH +kRSA !kSRP !kPSK" -## # -## # Make the server prefer the order of the server side cipher suite instead of the client suite. -## # This option is enabled by default, but only used if ssl.cipher-list is set. -## # -## # ssl.honor-cipher-order = "enable" -## # -## server.name = "www.example.com" -## -## server.document-root = "/srv/www/vhosts/example.com/www/" -## } -## - -## If you have a .crt and a .key file, cat them together into a -## single PEM file: -## $ cat /etc/ssl/private/lighttpd.key /etc/ssl/certs/lighttpd.crt \ -## > /etc/ssl/private/lighttpd.pem -## -#ssl.pemfile = "/etc/ssl/private/lighttpd.pem" - -## -## optionally pass the CA certificate here. -## -## -#ssl.ca-file = "" - -## -## and the CRL revocation list here. -## -## -#ssl.ca-crl-file = "" - -## -####################################################################### - From 581ddd4652f6177dd19f2236f6ed63ddc185c82b Mon Sep 17 00:00:00 2001 From: zhouwuqing Date: Thu, 22 Aug 2019 01:16:56 -0700 Subject: [PATCH 3/3] =?UTF-8?q?Mod=20aaa-12=20add=20lighttpd=20RCA:=20SOL:?= =?UTF-8?q?=20=E4=BF=AE=E6=94=B9=E4=BA=BA:zhouwuqing=20=E6=A3=80=E8=A7=86?= =?UTF-8?q?=E4=BA=BA:zhouwuqing?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- libs/files/lighttpd/config/portal.conf | 155 +++++++++++++++ .../files/lighttpd/config/portal_modules.conf | 179 ++++++++++++++++++ libs/files/lighttpd/config/webserver.conf | 154 +++++++++++++++ libs/files/lighttpd/portal_log/test.txt | 1 + libs/files/lighttpd/portal_upload/test.txt | 1 + .../files/lighttpd/portal_webpages/index.html | 4 + 6 files changed, 494 insertions(+) create mode 100644 libs/files/lighttpd/config/portal.conf create mode 100644 libs/files/lighttpd/config/portal_modules.conf create mode 100644 libs/files/lighttpd/config/webserver.conf create mode 100644 libs/files/lighttpd/portal_log/test.txt create mode 100644 libs/files/lighttpd/portal_upload/test.txt create mode 100644 libs/files/lighttpd/portal_webpages/index.html diff --git a/libs/files/lighttpd/config/portal.conf b/libs/files/lighttpd/config/portal.conf new file mode 100644 index 000000000..ce26ba370 --- /dev/null +++ b/libs/files/lighttpd/config/portal.conf @@ -0,0 +1,155 @@ + +#var.log_root = "/home/cmhi/secogateway/libs/files/lighttpd/log" +var.server_root = "/home/cmhi/secogateway/libs/files/lighttpd" +#var.state_dir = "/home/cmhi/secogateway/libs/files/lighttpd" +#var.home_dir = "/home/cmhi/secogateway/libs/files/lighttpd" +#var.conf_dir = "/home/cmhi/secogateway/libs/files/lighttpd/config" + +var.log_root = server_root + "/portal_log" + +var.state_dir = server_root +var.home_dir = server_root +var.conf_dir = server_root + "/config" + +var.vhosts_dir = server_root + "/portal_vhosts" + +var.cache_dir = server_root + "/portal_cache" + +var.socket_dir = home_dir + "/portal_sockets" + +include "portal_modules.conf" + +server.port = 8081 + +server.use-ipv6 = "disable" + +#server.username = "lighttpd" +#server.groupname = "lighttpd" + +server.document-root = server_root + "/portal_webpages" + +server.pid-file = state_dir + "/portal_lighttpd.pid" + +server.errorlog = log_root + "/error.log" + +include "conf.d/access_log.conf" + +include "conf.d/debug.conf" + +server.event-handler = "linux-sysepoll" + +## +## The basic network interface for all platforms at the syscalls read() +## and write(). Every modern OS provides its own syscall to help network +## servers transfer files as fast as possible +## +## sendfile - is recommended for small files. +## writev - is recommended for sending many large files +## +server.network-backend = "sendfile" + + +server.max-fds = 2048 + +server.stat-cache-engine = "simple" + +server.max-connections = 1024 + +index-file.names += ( + "index.xhtml", "index.html", "index.htm", "default.htm", "index.php" +) + +url.access-deny = ( "~", ".inc" ) + + +static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".scgi" ) + + + +include "conf.d/mime.conf" + +include "conf.d/dirlisting.conf" + +server.follow-symlink = "enable" + + +server.upload-dirs = ( server_root + "/portal_upload" ) + + + +####################################################################### +## +## SSL Support +## ------------- +## +## To enable SSL for the whole server you have to provide a valid +## certificate and have to enable the SSL engine.:: +## +## ssl.engine = "enable" +## ssl.pemfile = "/path/to/server.pem" +## +## The HTTPS protocol does not allow you to use name-based virtual +## hosting with SSL. If you want to run multiple SSL servers with +## one lighttpd instance you must use IP-based virtual hosting: :: +## +## Mitigate CVE-2009-3555 by disabling client triggered renegotation +## This is enabled by default. +## +## IMPORTANT: this setting can only be used in the global scope. +## It does *not* work inside conditionals +## +# ssl.disable-client-renegotiation = "enable" +## +## $SERVER["socket"] == "10.0.0.1:443" { +## ssl.engine = "enable" +## ssl.pemfile = "/etc/ssl/private/www.example.com.pem" +## # +## # (Following SSL/TLS Deployment Best Practices 1.3 / 17 September 2013 from: +## # https://www.ssllabs.com/projects/best-practices/index.html) +## # - BEAST is considered mitigaed on client side now, and new weaknesses have been found in RC4, +## # so it is strongly advised to disable RC4 ciphers (HIGH doesn't include RC4) +## # - It is recommended to disable 3DES too (although disabling RC4 and 3DES breaks IE6+8 on Windows XP, +## # so you might want to support 3DES for now - just remove the '!3DES' parts below). +## # - The examples below prefer ciphersuites with "Forward Secrecy" (and ECDHE over DHE (alias EDH)), remove '+kEDH +kRSA' +## # if you don't want that. +## # - SRP and PSK are not supported anyway, excluding those ('!kSRP !kPSK') just keeps the list smaller (easier to review) +## # Check your cipher list with: openssl ciphers -v '...' (use single quotes as your shell won't like ! in double quotes) +## # +## # If you know you have RSA keys (standard), you can use: +## ssl.cipher-list = "aRSA+HIGH !3DES +kEDH +kRSA !kSRP !kPSK" +## # The more generic version (without the restriction to RSA keys) is +## # ssl.cipher-list = "HIGH !aNULL !3DES +kEDH +kRSA !kSRP !kPSK" +## # +## # Make the server prefer the order of the server side cipher suite instead of the client suite. +## # This option is enabled by default, but only used if ssl.cipher-list is set. +## # +## # ssl.honor-cipher-order = "enable" +## # +## server.name = "www.example.com" +## +## server.document-root = "/srv/www/vhosts/example.com/www/" +## } +## + +## If you have a .crt and a .key file, cat them together into a +## single PEM file: +## $ cat /etc/ssl/private/lighttpd.key /etc/ssl/certs/lighttpd.crt \ +## > /etc/ssl/private/lighttpd.pem +## +#ssl.pemfile = "/etc/ssl/private/lighttpd.pem" + +## +## optionally pass the CA certificate here. +## +## +#ssl.ca-file = "" + +## +## and the CRL revocation list here. +## +## +#ssl.ca-crl-file = "" + +## +####################################################################### + diff --git a/libs/files/lighttpd/config/portal_modules.conf b/libs/files/lighttpd/config/portal_modules.conf new file mode 100644 index 000000000..dedadbd47 --- /dev/null +++ b/libs/files/lighttpd/config/portal_modules.conf @@ -0,0 +1,179 @@ +####################################################################### +## +## Modules to load +## ----------------- +## +## at least mod_access and mod_accesslog should be loaded +## all other module should only be loaded if really neccesary +## +## - saves some time +## - saves memory +## +## the default module set contains: +## +## "mod_indexfile", "mod_dirlisting", "mod_staticfile" +## +## you dont have to include those modules in your list +## +## Modules, which are pulled in via conf.d/*.conf +## +## NOTE: the order of modules is important. +## +## - mod_accesslog -> conf.d/access_log.conf +## - mod_compress -> conf.d/compress.conf +## - mod_status -> conf.d/status.conf +## - mod_webdav -> conf.d/webdav.conf +## - mod_cml -> conf.d/cml.conf +## - mod_evhost -> conf.d/evhost.conf +## - mod_simple_vhost -> conf.d/simple_vhost.conf +## - mod_mysql_vhost -> conf.d/mysql_vhost.conf +## - mod_trigger_b4_dl -> conf.d/trigger_b4_dl.conf +## - mod_userdir -> conf.d/userdir.conf +## - mod_rrdtool -> conf.d/rrdtool.conf +## - mod_ssi -> conf.d/ssi.conf +## - mod_cgi -> conf.d/cgi.conf +## - mod_scgi -> conf.d/scgi.conf +## - mod_fastcgi -> conf.d/fastcgi.conf +## - mod_proxy -> conf.d/proxy.conf +## - mod_secdownload -> conf.d/secdownload.conf +## - mod_expire -> conf.d/expire.conf +## + +server.modules = ( + "mod_webm", +# "mod_access", +# "mod_alias", +# "mod_auth", +# "mod_authn_file", +# "mod_evasive", +# "mod_redirect", +# "mod_rewrite", +# "mod_setenv", +# "mod_usertrack", +) + +## +####################################################################### + +####################################################################### +## +## Config for various Modules +## + +## +## mod_geoip +## +#include "conf.d/geoip.conf" + +## +## mod_ssi +## +#include "conf.d/ssi.conf" + +## +## mod_status +## +#include "conf.d/status.conf" + +## +## mod_webdav +## +#include "conf.d/webdav.conf" + +## +## mod_compress +## +#include "conf.d/compress.conf" + +## +## mod_userdir +## +#include "conf.d/userdir.conf" + +## +## mod_magnet +## +#include "conf.d/magnet.conf" + +## +## mod_cml +## +#include "conf.d/cml.conf" + +## +## mod_rrdtool +## +#include "conf.d/rrdtool.conf" + +## +## mod_proxy +## +#include "conf.d/proxy.conf" + +## +## mod_expire +## +#include "conf.d/expire.conf" + +## +## mod_secdownload +## +#include "conf.d/secdownload.conf" + +## +####################################################################### + +####################################################################### +## +## CGI modules +## + +## +## SCGI (mod_scgi) +## +#include "conf.d/scgi.conf" + +## +## FastCGI (mod_fastcgi) +## +#include "conf.d/fastcgi.conf" + +## +## plain old CGI (mod_cgi) +## +#include "conf.d/cgi.conf" + +## +####################################################################### + +####################################################################### +## +## VHost Modules +## +## Only load ONE of them! +## ======================== +## + +## +## You can use conditionals for vhosts aswell. +## +## see https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_Configuration +## + +## +## mod_evhost +## +#include "conf.d/evhost.conf" + +## +## mod_simple_vhost +## +#include "conf.d/simple_vhost.conf" + +## +## mod_mysql_vhost +## +#include "conf.d/mysql_vhost.conf" + +## +####################################################################### diff --git a/libs/files/lighttpd/config/webserver.conf b/libs/files/lighttpd/config/webserver.conf new file mode 100644 index 000000000..4920bb638 --- /dev/null +++ b/libs/files/lighttpd/config/webserver.conf @@ -0,0 +1,154 @@ + +#var.log_root = "/home/cmhi/secogateway/libs/files/lighttpd/log" +var.server_root = "/home/cmhi/secogateway/libs/files/lighttpd" +#var.state_dir = "/home/cmhi/secogateway/libs/files/lighttpd" +#var.home_dir = "/home/cmhi/secogateway/libs/files/lighttpd" +#var.conf_dir = "/home/cmhi/secogateway/libs/files/lighttpd/config" + +var.log_root = server_root + "/log" +var.state_dir = server_root +var.home_dir = server_root +var.conf_dir = server_root + "/config" + +var.vhosts_dir = server_root + "/vhosts" + +var.cache_dir = server_root + "/cache" + +var.socket_dir = home_dir + "/sockets" + +include "modules.conf" + +server.port = 8080 + +server.use-ipv6 = "disable" + +#server.username = "lighttpd" +#server.groupname = "lighttpd" + +server.document-root = server_root + "/webpages" + +server.pid-file = state_dir + "/lighttpd.pid" + +server.errorlog = log_root + "/error.log" + +include "conf.d/access_log.conf" + +include "conf.d/debug.conf" + +server.event-handler = "linux-sysepoll" + +## +## The basic network interface for all platforms at the syscalls read() +## and write(). Every modern OS provides its own syscall to help network +## servers transfer files as fast as possible +## +## sendfile - is recommended for small files. +## writev - is recommended for sending many large files +## +server.network-backend = "sendfile" + + +server.max-fds = 2048 + +server.stat-cache-engine = "simple" + +server.max-connections = 1024 + +index-file.names += ( + "index.xhtml", "index.html", "index.htm", "default.htm", "index.php" +) + +url.access-deny = ( "~", ".inc" ) + + +static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".scgi" ) + + + +include "conf.d/mime.conf" + +include "conf.d/dirlisting.conf" + +server.follow-symlink = "enable" + + +server.upload-dirs = ( server_root + "/upload" ) + + + +####################################################################### +## +## SSL Support +## ------------- +## +## To enable SSL for the whole server you have to provide a valid +## certificate and have to enable the SSL engine.:: +## +## ssl.engine = "enable" +## ssl.pemfile = "/path/to/server.pem" +## +## The HTTPS protocol does not allow you to use name-based virtual +## hosting with SSL. If you want to run multiple SSL servers with +## one lighttpd instance you must use IP-based virtual hosting: :: +## +## Mitigate CVE-2009-3555 by disabling client triggered renegotation +## This is enabled by default. +## +## IMPORTANT: this setting can only be used in the global scope. +## It does *not* work inside conditionals +## +# ssl.disable-client-renegotiation = "enable" +## +## $SERVER["socket"] == "10.0.0.1:443" { +## ssl.engine = "enable" +## ssl.pemfile = "/etc/ssl/private/www.example.com.pem" +## # +## # (Following SSL/TLS Deployment Best Practices 1.3 / 17 September 2013 from: +## # https://www.ssllabs.com/projects/best-practices/index.html) +## # - BEAST is considered mitigaed on client side now, and new weaknesses have been found in RC4, +## # so it is strongly advised to disable RC4 ciphers (HIGH doesn't include RC4) +## # - It is recommended to disable 3DES too (although disabling RC4 and 3DES breaks IE6+8 on Windows XP, +## # so you might want to support 3DES for now - just remove the '!3DES' parts below). +## # - The examples below prefer ciphersuites with "Forward Secrecy" (and ECDHE over DHE (alias EDH)), remove '+kEDH +kRSA' +## # if you don't want that. +## # - SRP and PSK are not supported anyway, excluding those ('!kSRP !kPSK') just keeps the list smaller (easier to review) +## # Check your cipher list with: openssl ciphers -v '...' (use single quotes as your shell won't like ! in double quotes) +## # +## # If you know you have RSA keys (standard), you can use: +## ssl.cipher-list = "aRSA+HIGH !3DES +kEDH +kRSA !kSRP !kPSK" +## # The more generic version (without the restriction to RSA keys) is +## # ssl.cipher-list = "HIGH !aNULL !3DES +kEDH +kRSA !kSRP !kPSK" +## # +## # Make the server prefer the order of the server side cipher suite instead of the client suite. +## # This option is enabled by default, but only used if ssl.cipher-list is set. +## # +## # ssl.honor-cipher-order = "enable" +## # +## server.name = "www.example.com" +## +## server.document-root = "/srv/www/vhosts/example.com/www/" +## } +## + +## If you have a .crt and a .key file, cat them together into a +## single PEM file: +## $ cat /etc/ssl/private/lighttpd.key /etc/ssl/certs/lighttpd.crt \ +## > /etc/ssl/private/lighttpd.pem +## +#ssl.pemfile = "/etc/ssl/private/lighttpd.pem" + +## +## optionally pass the CA certificate here. +## +## +#ssl.ca-file = "" + +## +## and the CRL revocation list here. +## +## +#ssl.ca-crl-file = "" + +## +####################################################################### + diff --git a/libs/files/lighttpd/portal_log/test.txt b/libs/files/lighttpd/portal_log/test.txt new file mode 100644 index 000000000..8b1378917 --- /dev/null +++ b/libs/files/lighttpd/portal_log/test.txt @@ -0,0 +1 @@ + diff --git a/libs/files/lighttpd/portal_upload/test.txt b/libs/files/lighttpd/portal_upload/test.txt new file mode 100644 index 000000000..8b1378917 --- /dev/null +++ b/libs/files/lighttpd/portal_upload/test.txt @@ -0,0 +1 @@ + diff --git a/libs/files/lighttpd/portal_webpages/index.html b/libs/files/lighttpd/portal_webpages/index.html new file mode 100644 index 000000000..af126bf80 --- /dev/null +++ b/libs/files/lighttpd/portal_webpages/index.html @@ -0,0 +1,4 @@ + + + "welcome auth portal" +