send large dir listings to tempfiles
send large header and footers (readme) to tempfiles if XML-encoding
separate header and footer HTML generation from
directory read and HTML generation for dir and files
code reuse, cleanup
reduce some string copying for include file paths
default is clock jump > 30 mins (1800 seconds)
server.feature-flags += ("server.clock-jump-restart" => 1800)
Can be set to 0 to disable.
x-ref:
"TLS 1.3 with SessionTicket fail for the first 8 hours of 1970"
https://redmine.lighttpd.net/issues/3075
optimize buffer_* primitives
Other than buffer_string_set_length(), reallocate with one power-2 step
in size (or use the requested size, if larger). This replaces the fixed
BUFFER_PIECE_SIZE round-up of only 64 bytes extension each reallocation,
which could lead to excessive reallocations in some scenarios.
buffer_extend() convenience routine to prep for batch append
(combines buffer_string_prepare_append() and buffer_commit())
mod_fastcgi, mod_scgi, mod_proxy and others now leverage buffer_extend()
mod_scgi directly performs little-endian encoding of short ints
http_response_write_header() optimizes writing response header,
leveraging buffer_extend()
modify mod_proxy to append line ends
similar to how it is done in http_response_write_header()
(removes one call to buffer_append_string_len())
use keyvalue.[ch] for basic matching
consolidate PCRE logic and leverage PCRE study in keyvalue.[ch]
remove direct link to -lpcre from modules using keyvalue.[ch]
enabled by default
disable using server.feature-flags += ("server.pcre_jit" => "disable")
Available since pcre-8.20 (2011), and improved in pcre-8.32 (2012),
PCRE_STUDY_JIT_COMPILE can greatly speed up repeated execution of PCRE
patterns. (https://zherczeg.github.io/sljit/pcre.html)
lighttpd continues to use pcre_exec() instead of pcre_jit_exec(),
even though doing so does not realize all of the performance increase
potentially available with PCRE_STUDY_JIT_COMPILE and pcre_jit_exec().
pcre_jit_exec() is available with PCRE 8.32 and later, if PCRE is
compiled with --enable-jit, but lighttpd does not currently use
pcre_jit_exec() since the PCRE library might not have been compiled
with --enable-jit (though this could be solved with a weak symbol).
Similarly, lighttpd does not currently configure the pcre_jit_stack.
(Using pcre_jit_exec() may be revisited in the future.)
x-ref:
"add support for pcre JIT"
https://redmine.lighttpd.net/issues/2361
NSS crashes with SIGFPE if SSL_REQUEST_CERTIFICATE is PR_TRUE,
but trust anchors have not been set with SSL_SetTrustAnchors()
(e.g. if ssl.verifyclient.activate = "enable" but ssl.ca-file
has not been configured in lighttpd.conf)
If cert is self-issued, then do not attempt to build certificate chain.
(Attempting to build certificate chain when chain is not provided, but
ssl.ca-file is specified, is provided as backward compatible behavior
from lighttpd versions prior to lighttpd 1.4.56)
remove buffer_urldecode_query() (unused)
query string generally needs to be split on '&'
before decoding '+' and decoding %-encoding
remove int2hex() (unused, and not well-named for nibble-to-hex)
Note: monotonic time does not change while VM is suspended
Continue to use real time where required by HTTP protocol, for logging
and for other user-visible instances, such as mod_status, as well as for
external databases and caches.
save parsed listen addrs at startup for reuse at runtime
srv_socket->srv_token is normalized at startup and contains IP and port.
save offset to colon, if present, or else length of string (unix socket)
At runtime, srv_token_colon can be quickly used as length of IP string
(without port) or, if not length of string, offset of stringified port
following the colon.
avoid interfaces deprecated in openssl 3.0.0
some newer interfaces might be present in openssl 1.1.1,
but might not be present in alt TLS libs (libressl or boringssl),
so retrict use to >= openssl 3.0.0
ignore server.event-handler = "libev" if lighttpd not built with libev
(no longer an error)
On most platforms, native event handling in lighttpd is more performant
than the overhead of libev, which usually uses the same underlying
OS system interface for event notification
fix crash for (broken) nested $SERVER["socket"] config
$SERVER["socket"] belongs in the global scope and should not be
nested in any other conditional config logic. Even so, lighttpd
should not crash when such misconfiguration occurs.
x-ref:
"Lighttpd multiple SSL hosts using Server Name Indication (SNI)"
https://redmine.lighttpd.net/boards/2/topics/9612
RFC 7233 Range handling for all non-streaming responses,
including (non-streaming) dynamic responses
(previously Range responses handled only for static files)
client browsers might remember prior algorithm if algorithm changed;
send 401 Unauthorized to reset client browser
(sending 400 Bad Request was not user friendly)
Glenn Strauss