server.feature-flags += ("server.errorlog-high-precision" => "enable")
Note: if using syslog() for errorlog, modern syslog implementations are
configured separately (by an admin) for high precision timestamps;
server.feature-flags has no effect on syslog-generated timestamps
restructure some of log.c into smaller internal routines
keep a file-scoped global log_stderrh to write to STDERR_FILENO
so that an errh handle is always available for logging errors
fix missing space between timestamp and filename in errorlog output
(missing space in lighttpd 1.4.58 and lighttpd 1.4.59) (fixes #3105)
x-ref:
"missing ( in log lines from mod_auth"
https://redmine.lighttpd.net/issues/3105
separate internal control for backend max_per_read
When not streaming, large reads will be flushed to temp files on disk.
When streaming, use a smaller buffer to help reduce memory usage.
When not streaming, attempt to read and empty kernel socket bufs.
(e.g. MAX_READ_LIMIT 256k)
When writing to sockets (or pipes) attempt to fill kernel socket bufs.
(e.g. MAX_WRITE_LIMIT 256k)
file names tend to be much shorter than chunk_buf_sz
so using separate pool saves memory for large request and
response bodies where many temporary files are collected
HTTP/2 send GOAWAY soon after client timeout, before potentially
reading new stream requests, which will then have to be reset.
x-ref:
"Chrome gives random net::ERR_HTTP2_PROTOCOL_ERROR"
https://redmine.lighttpd.net/issues/3102
default backend "connect-timeout" to 8 seconds
Though this is is a behavior change where there previously was no
timeout, this is configurable by lighttpd.conf admin, and having a
default connection timeout of a fairly large value (8 seconds) puts
a (default) limit on resource usage waiting for socket connect().
x-ref:
"sockets disabled, out-of-fds with proxy module"
https://redmine.lighttpd.net/issues/3086
HTTP/2 send GOAWAY soon after keep-alive timeout, before potentially
reading new stream requests, which will then have to be reset.
x-ref:
"Chrome gives random net::ERR_HTTP2_PROTOCOL_ERROR"
https://redmine.lighttpd.net/issues/3102
reduce oversized memory allocations when reading from backends:
avoid extra power-2 allocation for 1 byte ('\0') when data
available to read is exactly power-2
(detect if client erroneously reuses stream id for a different request)
x-ref:
"Chrome gives random net::ERR_HTTP2_PROTOCOL_ERROR"
https://redmine.lighttpd.net/issues/3102
refuse excess streams only if would block DATA frames for active streams
(for excess streams received on initial connect, prior to receiving
SETTINGS ACK from client)
(thx flynn)
x-ref:
"Random TLS errors on established connections"
https://redmine.lighttpd.net/issues/3100
"Chrome 92, HTTP/2, fcgi, mutiple puts no response"
https://redmine.lighttpd.net/issues/3093
use shared temp buffer for preparing error log entries
(each error log entry is flushed to error log;
there is no persistent data buffering for error logs)
prefer per-request r->tmp_buf to per-module p->tmp_buf
to marginally increase buf reuse during each request.
(currently, r->tmp_buf == srv->tmp_buf)
(avoid some persistent memory allocations per-module,
as those are not currently cleared/released periodically)
(thx flynn)
clear buffer after backend dechunk if not sending chunked to client
x-ref:
"Memory fragmentation with HTTP/2 enabled"
https://redmine.lighttpd.net/issues/3084
remove redundant waitpid() on each backend
(performed each second during periodic maintenance)
Doing so is redundant with handle_waitpid hook since lighttpd 1.4.46
cgi.limits += ("tcp-fin-propagate" => "<signal>") (e.g. "SIGTERM")
send specified signal to CGI if TCP FIN is received from client
(default: do not send signal to CGI)
If chunkqueue size grows large enough in memory to use tempfiles,
write all MEM_CHUNK in chunkqueue to tempfiles to free up memory.
If earlier chunks in chunkqueue are MEM_CHUNK, then a prior attempt
to write was not able to proceed, or items are being added to
chunkqueue as they are decoded from TLS. In either case, choose to
free up memory sooner. This may result in some cases where lighttpd
soon reads data back from disk to send to the backend, but since some
(now all) of the data is in tempfiles, sendfile() will avoid reading
back into userspace, though sendfile() will not be used if lighttpd
needs to read data back into memory to encrypt data using TLS.
previously undocumented server.upload-temp-file-size in lighttpd 1.4.38
preceded introduction of lighttpd streaming options in lighttpd 1.4.40
(server.stream-request-body and server.stream-response-body)
init global config for server.bindhost and server.port after
initializing $SERVER["socket"] so that if bindhost and port matches
another $SERVER["socket"], the $SERVER["socket"] config is used,
as the $SERVER["socket"] config inherits from the global scope and
can the be overridden.
x-ref:
"Activate SSL with lighttpd on a Raspberry Pi"
https://stackoverflow.com/questions/68939760/activate-ssl-with-lighttpd-on-a-raspberry-pi
Preemptively cap the max number of arenas that might be created by glibc
Each thread attempts to use the previously-used arena.
lighttpd is single-threaded, so in general, only one arena is used.
x-ref:
"Memory fragmentation with HTTP/2 enabled"
https://redmine.lighttpd.net/issues/3084
also remove some now-redundant tests from request.t
and reduce scripts and directories under tests
(because automake is sloooow and the fewer dirs, the better)
rename log_error_multiline_buffer() to log_error_multiline()
and take (char *)ptr and (size_t)len instead of (buffer *)b
When debug printing request and response headers,
print each header on separate line for readability
and omit '\r' if "\r\n" ends line
improve CGI offloading when not streaming request body
If not streaming request body, collect request body into single tempfile
and use fd to tempfile as stdin to CGI (in lieu of input pipe()).
For prior behavior, set the following config option, enabled by default:
server.feature-flags += ("cgi.tempfile-accum" => "disable")
If there is no request body, open /dev/null instead of creating pipe().
RFC4648 base64url pad char is '='; change from '.' in lighttpd
The base64url encoding was introduced in lighttpd 1.4.38 in 2015,
but at the time, does not appear to have been used in base64url
decoding where padding might be present.
In lighttpd 1.4.50, base64url decoding was possible with %{decb64u:...}
potentially used in mod_redirect and mod_rewrite rules. However, this
is not believed to be widely used, and even if used, it is strongly
recommended that the URLs contain a base64url-encoded string WITHOUT
padding, since padding of '=' might be %-encoded and require decoding
before base64url-decoding.
Note: this change may affect %{decb64u:...} substitution in
mod_redirect and mod_rewrite, but *ONLY* in case where URL contains
a base64url-encoded string *WITH* padding, and that padding had been
created specifically for use with lighttpd, using '.' as padding char
x-ref:
RFC4648 https://datatracker.ietf.org/doc/html/rfc4648#section-5
