large code move, but minimal changes made to code (besides whitespace),
so that code builds
next: need to isolate openssl data structures and config parsing
handle_request_env (called on demand by handlers to populate env)
handle_connection_accept
handle_connection_shut_wr (was handle_connection_close)
handle_connection_close (now occurs at socket close())
[mod_deflate] skip deflate if 1 min loadavg too high
deflate.max-loadavg = "3.50" # express value as string of float num
[mod_compress] skip compression if 1 min loadavg too high
compress.max-loadavg = "3.50" # express value as string of float num
Feature available on BSD-like systems which have getloadavg() in libc
Note: load average calculations are different on different operating
systems and different types of system loads, so there is no value that
can be recommended for one-size-fits-all.
x-ref:
"Enable mod_compress to abandon compression when load average is too high"
https://redmine.lighttpd.net/issues/1505
prefer RAND_pseudo_bytes() (openssl), arc4random() or jrand48(),
if available, over rand()
These are not necessarily cryptographically secure, but should be better
than rand()
limits total size per request of request headers submitted by client
default limit set to 8k (prior lighttpd <= 1.4.41 hard-coded 64k limit)
(similar to Apache directive LimitRequestFieldSize)
x-ref:
"limits the size of HTTP request header"
https://redmine.lighttpd.net/issues/2130
module status: experimental; more testing and review needed
Kerberos library calls have been preserved from original patch set
and should be reviewed.
module has been quickly tested with Basic auth (Use over TLS!)
SPNEGO -has not- been tested. Again, kerberos library calls have
been preserved from original patch set. YMMV. (Use over TLS!)
x-ref:
"Kerberos/GSSAPI Delegation Support"
https://redmine.lighttpd.net/issues/1899
server.username can not be root or 0.
server.groupname can not be root or 0.
If server.username is set, previous behavior might retain gid 0
if server.groupname was not set.
New behavior calls setgid() on server.username primary gid, and
then initgroups on server.username if server.username is set but
server.groupname is not set.
x-ref:
"server.groupname not required with server.username"
https://redmine.lighttpd.net/issues/2725
Do not switch to CON_STATE_ERROR upon idle timeout if already in
CON_STATE_CLOSE. Changing to CON_STATE_ERROR might keep resetting
con->close_timeout_ts if repeated calls to shutdown() succeed.
This allows admin to configure if response is collected in entirety
prior to sending data to client
For compatibility with existing configs, default is existing behavior:
buffer entire response prior to sending data to client
The following are config options, though not all implemented yet
// default: buffer entire request body before connecting to backend
server.stream-request-body = 0
// stream request body to backend; buffer to temp files
server.stream-request-body = 1
// stream request body to backend; minimal buffering might block upload
server.stream-request-body = 2
// default: buffer entire response body before sending to client
server.stream-request-body = 0
// stream response body to client; buffer to temp files
server.stream-request-body = 1
// stream response body to client; minimal buffering might block backend
server.stream-request-body = 2
x-ref:
"fastcgi, cgi, flush, php5 problem."
https://redmine.lighttpd.net/issues/949
"Reimplement upload (POST) handling to match apache/zeus/thttpd/boa functionality"
https://redmine.lighttpd.net/issues/376
server.http-parseopt-header-strict = "enable"
server.http-parseopt-host-strict = "enable" (implies host-normalize)
server.http-parseopt-host-normalize = "disable"
defaults retain current behavior, which is strict header parsing
and strict host parsing, with enhancement to normalize IPv4 address
and port number strings.
For lighttpd tests, these need to be enabled (and are by default)
For marginally faster HTTP header parsing for benchmarks, disable these.
To allow
- underscores in hostname
- hypen ('-') at beginning of hostname
- all-numeric TLDs
server.http-parseopt-host-strict = "disable"
x-ref:
"lighttpd doesn't allow underscores in host names"
https://redmine.lighttpd.net/issues/551
"hyphen in hostname"
https://redmine.lighttpd.net/issues/1086
"a numeric tld"
https://redmine.lighttpd.net/issues/1184
"Numeric tld's"
https://redmine.lighttpd.net/issues/2143
"Bad Request"
https://redmine.lighttpd.net/issues/2258
"400 Bad Request when using Numeric TLDs"
https://redmine.lighttpd.net/issues/2281
To allow a variety of numerical formats to be converted to IP addresses
server.http-parseopt-host-strict = "disable"
server.http-parseopt-host-normalize = "enable"
x-ref:
"URL encoding leads to "400 - Bad Request""
https://redmine.lighttpd.net/issues/946
"400 Bad Request when using IP's numeric value ("ip2long()")"
https://redmine.lighttpd.net/issues/1330
To allow most 8-bit and 7-bit chars in headers
server.http-parseopt-header-strict = "disable" (not recommended)
x-ref:
"Russian letters not alowed?"
https://redmine.lighttpd.net/issues/602
"header Content-Disposition with russian '?' (CP1251, ascii code 255) causes error"
https://redmine.lighttpd.net/issues/1016
libressl defines SSL_OP_NO_SSLv2 and SSL_OP_NO_SSLv3 as 0x0
(thx Christian Heckendorf)
libressl matches ERR_remove_thread_state() signature from openssl 1.0.2
(libressl pretends that libressl is openssl version 2.0.0,
but openssl 1.1.0 changes signature of ERR_remove_thread_state())
libressl does not yet provide compatibility interfaces for the new
prototypes introduced in openssl 1.1.0, including
DH_set0_pqg() and DH_set_length()
remove OPENSSL_NO_KRB5 from build config (added in 5fab991b in 2005)
(define USE_OPENSSL_KERBEROS if required)
(Note: OPENSSL_NO_KRB5 removed in openssl 1.1.0)
(e.g. when called from xinetd)
Note: lighttpd is designed as a high performance, long-running server,
not a one-shot executable. This one-shot mode of operation has not been
tuned for performance. lighttpd server start-up and initialization aims
for correctness, not speed. If using this one-shot mode as part of fork
and exec from xinetd, then performance is already not of high concern.
x-ref:
"support for xinetd"
https://redmine.lighttpd.net/issues/1584
-i <secs> graceful shutdown after <secs> of inactivity
Option might be used with applications such as git instaweb.
While git instaweb does have command line options of its own
to [start,stop,restart], some may find it convenient to configure
git instaweb to start lighttpd with a default idle time limit,
after which lighttpd will gracefully shut itself down without
any further action from the user.
x-ref:
"[PATCH] support -i <secs> idle timeout option"
https://redmine.lighttpd.net/issues/2696
original request and patch submitted by mackyle. thx.
server.error-handler preserves HTTP status error code when error page
is static, and allows dynamic handlers to change HTTP status code
when error page is provided by dynamic handler. server.error-handler
intercepts all HTTP status codes >= 400 except when the content is
generated by a dynamic handler (cgi, ssi, fastcgi, scgi, proxy, lua).
The request method is unconditionally changed to GET for the request
to service the error handler, and the original request method is
later restored (for logging purposes). request body from the
original request, if present, is discarded.
server.error-handler is somewhat similar to server.error-handler-404,
but server.error-handler-404 is now deprecated, intercepts only 404
and 403 HTTP status codes, and returns 200 OK for static error pages,
a source of confusion for some admins. On the other hand, the new
server.error-handler, when set, will intercept all HTTP status error
codes >= 400. server.error-handler takes precedence over
server.error-handler-404 when both are set.
NOTE: a major difference between server.error-handler and the
now-deprecated server.error-handler-404 is that the values of the
non-standard CGI environment variables REQUEST_URI and REDIRECT_URI
have been swapped. Since REDIRECT_STATUS is the original HTTP
status code, REDIRECT_URI is now the original request, and REQUEST_URI
is the current request (e.g. the URI/URL to the error handler).
The prior behavior -- which reversed REQUEST_URI and REDIRECT_URI values
from those described above -- is preserved for server.error-handler-404.
Additionally, REDIRECT_STATUS is now available to mod_magnet, which
continues to have access to request.uri and request.orig_uri.
See further discussion at https://redmine.lighttpd.net/issues/2702
and https://redmine.lighttpd.net/issues/1828
github: closes #36
remove handle_joblist hook and remove the hooks defined in
mod_fastcgi and mod_scgi. The calls made to fdevent management
are redundant. If the calls were actually needed, then
mod_proxy would have needed a handle_joblist handler, too.
to detect client disconnect. Do so even when waiting on backend,
and not polling for POLLRD or POLLWR on client connection.
This reduces unnecessary load on backends when backends are slow
to respond and client has given up waiting.
x-ref:
"https://redmine.lighttpd.net/issues/399"
FastCGI performance on high load
For backwards compatibility with existing lighttpd configs, default is
mimetype.xattr-name = "Content-Type"
Those who wish to use the freedesktop.org definition of xattr mimetype
can set the following in the global lighttpd config:
mimetype.xattr-name = "user.mime_type"
From: Glenn Strauss <gstrauss@gluelogic.com>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3131 152afb58-edef-0310-8abb-c4023f1b3aa9
lighttpd -t loads config file and performs syntax check
lighttpd -tt (new) performs preflight startup checks,
including loading and initializing modules, but skipping any
potentially destructive actions which might affect an already
running server (separate instance). These currently include:
- skipping pidfile modification
- skipping bind() to network sockets
- skipping open of error and access logs
From: Glenn Strauss <gstrauss@gluelogic.com>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3130 152afb58-edef-0310-8abb-c4023f1b3aa9
If the server has changed its uid or is running in a chroot
it may be unable to remove the pid file when it exits.
However, if it holds on to an open handle to the pid file
that has write permission, it will be able to truncate the
pid file to 0 bytes in length.
Most monitoring software recognizes a 0-length pid file
as indicating there is no process running.
Therefore always attempt to truncate the pid file before
trying to remove it so that it's not left containing the
pid of a process that is no longer running.
Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3112 152afb58-edef-0310-8abb-c4023f1b3aa9
do not propagate sighup if 0 == server.max-workers; reduce impact of
sighup on child processes, such as piped loggers, by not forwarding
sighup signal unless server.max-workers configured
For those configuring server.max-workers, it is recommended that
piped loggers be used to avoid log corruption, and then admins can
avoid sending lighttpd SIGHUP as there is currently no benefit to
doing so with the standard modules (beyond that of log rotation of
non-piped access and error logs).
From: Glenn Strauss <gstrauss@gluelogic.com>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3076 152afb58-edef-0310-8abb-c4023f1b3aa9
If the crypt function is available as part of the standard
system library, then HAVE_LIBCRYPT will not be set, but
HAVE_CRYPT or HAVE_CRYPT_R will.
Make server.c test HAVE_CRYPT, HAVE_CRYPT_R and HAVE_LIBCRYPT
to determine the correct value of crypt support.
Signed-off-by: Kyle J. McKay
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3061 152afb58-edef-0310-8abb-c4023f1b3aa9
The FreeBSD version of sendfile is already supported. Starting
with OS X 10.5, Darwin also supports sendfile, but using a
slightly different argument list even though much of the
implementation is likely taken from FreeBSD just like the man
page is.
Add support for darwin's sendfile by introducing a new
network_darwin_sendfile.c file that's just a copy of the
network_freebsd_sendfile.c file except with the arguments
adjusted to compensate for the minor API difference (FreeBSD
has separate in and out byte count arguments whereas Darwin
has a combined in/out byte count argument).
Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3060 152afb58-edef-0310-8abb-c4023f1b3aa9
- a lot of code tried to handle manually adding terminating zeroes and
keeping track of the correct "used" count.
Replaced all "external" usages with simple wrapper functions:
* buffer_string_is_empty (used <= 1), buffer_is_empty (used == 0);
prefer buffer_string_is_empty
* buffer_string_set_length
* buffer_string_length
* CONST_BUF_LEN() macro
- removed "static" buffer hacks (buffers pointing to constant/stack
memory instead of malloc()ed data)
- buffer_append_strftime(): refactor buffer+strftime uses
- li_tohex(): no need for a buffer for binary-to-hex conversion:
the output data length is easy to predict
- remove "-Winline" from extra warnings: the "inline" keyword just
supresses the warning about unused but defined (static) functions;
don't care whether it actually gets inlined or not.
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2979 152afb58-edef-0310-8abb-c4023f1b3aa9
* remove unused structs and functions
(buffer_array, read_buffer)
* change return type from int to void for many functions,
as the return value (indicating error/success) was never checked,
and the function would only fail on programming errors and not on
invalid input; changed functions to use force_assert instead of
returning an error.
* all "len" parameters now are the real size of the memory to be read.
the length of strings is given always without the terminating 0.
* the "buffer" struct still counts the terminating 0 in ->used,
provide buffer_string_length() to get the length of a string in a
buffer.
unset config "strings" have used == 0, which is used in some places
to distinguish unset values from "" (empty string) values.
* most buffer usages should now use it as string container.
* optimise some buffer copying by "moving" data to other buffers
* use (u)intmax_t for generic int-to-string functions
* remove unused enum values: UNUSED_CHUNK, ENCODING_UNSET
* converted BUFFER_APPEND_SLASH to inline function (no macro feature
needed)
* refactor: create chunkqueue_steal: moving (partial) chunks into another
queue
* http_chunk: added separate function to terminate chunked body instead of
magic handling in http_chunk_append_mem().
http_chunk_append_* now handle empty chunks, and never terminate the
chunked body.
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2975 152afb58-edef-0310-8abb-c4023f1b3aa9
Kyle J. McKay
