Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:luci:luci.on.lighttpd [2018/03/03 20:56] – ↷ Links adapted because of a move operation bobafetthotmaildocs:guide-user:luci:luci.on.lighttpd [2021/04/23 14:01] oldium
Line 1: Line 1:
 ====== LuCI on lighttpd ====== ====== LuCI on lighttpd ======
-This article explains how to run the [[docs:techref:luci]] web interface on the [[docs:guide-user:services:webserver:lighttpd|lighttpd]] web server.  +LuCI is the main web administration utility for OpenWrt. **By default LuCI uses [[docs:guide-user:services:webserver:http.uhttpd|uHTTPd]]** 
-LuCI is the main web administration utility for OpenWrt. By default it is installed with [[docs:guide-user:services:webserver:http.uhttpd|uHTTPd]]. You can of course use any other web server for LuCI. There are a couple available in the OpenWrt archives: [[docs:guide-user:services:http.overview]] + 
-This is the howto for lighttpd.+You can use other web servers for LuCI. There are a couple available in the OpenWrt archives: [[docs:guide-user:services:webserver:start]] This article explains how to run the [[docs:techref:LuCI]] web interface on the [[docs:guide-user:services:webserver:lighttpd|lighttpd]] web server
  
 See also: See also:
  
   * [[docs:guide-user:services:webserver:lighttpd]]   * [[docs:guide-user:services:webserver:lighttpd]]
-  * [[docs:guide-user:luci:luci.essentials-tomerge]] +  * [[docs:guide-user:luci:luci.essentials]]  
 + 
 +:!: From the lighttpd server **version 1.4.56**, the HTTP/2 is enabled by configuration, **version 1.4.59** has it enabled by default, so if you have a modern browser, it will use the new protocol. There is a [[https://redmine.lighttpd.net/issues/3078|problem]] with HTTP/2 implementation, which might influence loading of LuCI page and might prevent its usage. Pressing F5 (**reload**) makes the page working again (once for login page, once after logging in), or there is a possibility to work-around the issue and disable HTTP/2 in the [[docs:guide-user:luci:luci.on.lighttpd#http2_issue_workaround|configuration]].
  
 ===== Installation ===== ===== Installation =====
Line 18: Line 20:
 </code> </code>
 **NOTE**: The **libiwinfo** package is only needed if your router has wireless.  **NOTE**: The **libiwinfo** package is only needed if your router has wireless. 
 +
 +Since lighttpd package version 1.4.56 the **SSL** module is not installed by default and you need to install one:
 +<code>
 +# Check the up-to-date list of lighttpd modules
 +opkg list lighttpd*
 +# Choose one and install it, version 1.4.56 offers lighttpd-mod-gnutls, lighttpd-mod-mbedtls, lighttpd-mod-nss, lighttpd-mod-openssl, lighttpd-mod-wolfssl
 +opkg install lighttpd-mod-openssl
 +</code>
  
 Then choose a LuCI theme Then choose a LuCI theme
Line 28: Line 38:
 </code> </code>
  
-Afterwards check that ''/etc/lighttpd/conf.d/10-cgi.conf'' loads the **mod_cgi**-module:+===== Configuration =====
  
-|''server.modules += "mod_cgi" )''|+Either go on with default configuration and make few changes, or add a file, which does the sameIn order to understand the changes, lets start with default configuration (the more complicated way).
  
-Now we need to tell lighttpd to process requests for the web interface using Lua. The LuCI administation package installs a file ''/cgi-bin/luci'', which is the default CGI gateway for LuCI. This is a script (with shebang line) that can run LuCI independently and calls Lua by itself. To tell lighttpd that it needs to load everything starting with ''/cgi-bin/luci'' by that script simply add  +==== Using default configuration (more changes====
-|''"cgi-bin/luci" %%=>%% ""''+
-to the cgi configuration file (''/etc/lighttpd/conf.d/10-cgi.conf''):+
  
-|''cgi.assign                 = ( ".pl"  %%=>%% "/usr/bin/perl", +Check that ''/etc/lighttpd/conf.d/30-cgi.conf'' loads the **mod_cgi**-module: 
-                               ".cgi" %%=>%% "/usr/bin/perl", + 
-                               ".rb"  %%=>%% "/usr/bin/ruby", +<code> 
-                               ".erb" %%=>%% "/usr/bin/eruby", +server.modules += ( "mod_cgi"
-                               ".py"  %%=>%% "/usr/bin/python", +</code> 
-                               "cgi-bin/luci" %%=>%% ""+ 
-''|+Now we need to tell lighttpd to process requests for the web interface using CGI. The LuCI administation package installs files in ''/cgi-bin'', which is the default CGI gateway for LuCI. The main script ''luci'' is a script (with shebang line) that can run LuCI independently and calls Lua by itself. Other files ''cgi-backup'', ''cgi-download'' and ''cgi-upload'' are symbolic links to ''cgi-io'' executable. To tell lighttpd that it needs to execute scripts in ''/cgi-bin'' we need to add 
 +<code> 
 +"/cgi-bin/luci" => "", 
 +"/cgi-bin/cgi-backup" => "", 
 +"/cgi-bin/cgi-download" => "", 
 +"/cgi-bin/cgi-exec" => "", 
 +"/cgi-bin/cgi-upload" => "" 
 +</code> 
 +to the cgi configuration file (''/etc/lighttpd/conf.d/30-cgi.conf''): 
 + 
 +<code> 
 +cgi.assign                 = ( ".pl"  => "/usr/bin/perl", 
 +                               ".cgi" => "/usr/bin/perl", 
 +                               ".rb"  => "/usr/bin/ruby", 
 +                               ".erb" => "/usr/bin/eruby", 
 +                               ".py"  => "/usr/bin/python", 
 +                               "/cgi-bin/luci" => ""
 +                               "/cgi-bin/cgi-backup" => "", 
 +                               "/cgi-bin/cgi-download" => "", 
 +                               "/cgi-bin/cgi-exec" => "", 
 +                               "/cgi-bin/cgi-upload" => "", 
 +                                
 +</code>
  
 This makes LuCI work as a CGI process. See http://redmine.lighttpd.net/projects/1/wiki/docs_modcgi for an explanation of the ''cgi.assign'' syntax. This makes LuCI work as a CGI process. See http://redmine.lighttpd.net/projects/1/wiki/docs_modcgi for an explanation of the ''cgi.assign'' syntax.
-Note that the index.html file in the document root ''/www'' that comes with the LuCI package redirects to ''/cgi-bin/luci'', thereby allowing access to the web interface by just loading the address of your OpenWrt device (e.g. 192.168.1.1 instead of having to load 192.168.1.1/cgi-bin/luci).+Note that the ''index.html'' file in the document root ''/www'' that comes with the LuCI package redirects to ''/cgi-bin/luci'', thereby allowing access to the web interface by just loading the address of your OpenWrt device (e.g. 192.168.1.1 instead of having to load 192.168.1.1/cgi-bin/luci).
  
-If you want lighttpd's logs in the output of "**logread**"add this:+LuCI needs root privileges to access configuration, so lighttpd needs to run as root tooso edit the configuration file ''/etc/lighttpd/lighttpd.conf'':
  
-|''#enable syslog +<code> 
-server.errorlog-use-syslog = "enable+#server.username             = "http" 
-''|+#server.groupname            = "www-data
 +</code> 
 + 
 +==== Using easy configuration ==== 
 + 
 +The same effect as the previous changes could be made, if you create file ''/etc/lighttpd/99-luci.conf'' and put all changes there:
  
-Enable lighttpd (so that it will be started at every boot) and start it: 
 <code> <code>
-/etc/init.d/lighttpd enable +## Necessary LUCI configuration 
-/etc/init.d/lighttpd start+cgi.assign += ( "/cgi-bin/luci" => "", 
 +                "/cgi-bin/cgi-backup" => "", 
 +                "/cgi-bin/cgi-download" => "", 
 +                "/cgi-bin/cgi-exec" => "", 
 +                "/cgi-bin/cgi-upload" => ""
 + 
 +server.username := "" 
 +server.groupname := ""
 </code> </code>
  
-Add the following for the server to listen on ipv4 and ipv6+Or specify CGI execution as a default for a whole ''/cgi-bin'' URL: 
 + 
 +<code> 
 +## Necessary LUCI configuration 
 +$HTTP["url"] =~ "^/cgi-bin"
 +    cgi.assign += ( "" => ""
 +
 + 
 +server.username := "" 
 +server.groupname := "" 
 +</code> 
 + 
 +☝ The key to understand it is that ''+='' merges the values, '':='' replaces/overwrites previously assigned value and ''='' simply assigns a value if not set already (see [[https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_Configuration|lighttpd configuration documentation]]). 
 + 
 +==== HTTP/2 Issue Workaround ==== 
 + 
 +OpenWrt enabled HTTP/2 in version 1.4.56 in the configuration, version 1.4.59 has it enabled by default. Usage of HTTP/2 exposed a [[https://redmine.lighttpd.net/issues/3078|problem]] in HTTP/2 implementation, which might influence loading of LuCI page and might prevent its normal usage. Pressing F5 (**reload**) makes the page working again (once for login page, once after logging in), or there is a possibility to work-around the issue and disable HTTP/2 in ''/etc/lighttpd/lighttpd.conf'': 
 + 
 +<code> 
 +server.feature-flags += ("server.h2proto" => "disable"
 +server.feature-flags += ("server.h2c"     => "disable"                                                           s 
 +</code> 
 + 
 + 
 +==== Finalizing the configuration ==== 
 + 
 +If you want lighttpd's logs in the output of "**logread**", add this (to ''/etc/lighttpd/lighttpd.conf'' or ''/etc/lighttpd/99-luci.conf'', or your own config file): 
 + 
 +<code> 
 +## enable syslog 
 +server.errorlog-use-syslog = "enable" 
 +</code> 
 + 
 +Add the following for the server to listen on ipv4 and ipv6 (create for example ''/etc/lighttpd/50-http.conf''):
 <code> <code>
 #Listen on ipv4 #Listen on ipv4
Line 69: Line 143:
 } }
 </code> </code>
 +
 +Enable lighttpd (so that it will be started at every boot) and start it:
 +<code>
 +/etc/init.d/lighttpd enable
 +/etc/init.d/lighttpd start
 +</code>
 +
 +
 +===== SSL Redirect =====
 +
 +If you want to redirect to SSL, install ''lighttpd-mod-redirect'' package:
 +
 +<code>
 +opkg update
 +opkg install lighttpd-mod-redirect
 +</code>
 +
 +Next, create ''/etc/lighttpd/conf.d/50-https.conf'' with the following content:
 +
 +<code>
 +$SERVER["socket"] == ":443" {
 +    ssl.engine                  = "enable"
 +    ssl.pemfile                 = "/etc/lighttpd/ssl/your_private_and_public_key.pem"
 +} else $HTTP["scheme"] == "http" {
 +    $HTTP["host"] =~ ".*" {
 +        url.redirect = (".*" => "https://%0$0")
 +    }
 +}
 +</code>
 +
 +And if you have SSL certificate from any authority without hostname-only alias, you can redirect like the following (replace ''hostname'' with your hostname and ''hostname.domain'' with your fully qualified domain name):
 +
 +<code>
 +$SERVER["socket"] == ":443" {
 +    ssl.engine                  = "enable"
 +    ssl.pemfile                 = "/etc/lighttpd/ssl/your_private_and_public_key.pem"
 +} else $HTTP["scheme"] == "http" {
 +    $HTTP["host"] == "hostname" {
 +        url.redirect = (".*" => "https://hostname.domain$0")
 +    } else $HTTP["host"] =~ ".*" {
 +        url.redirect = (".*" => "https://%0$0")
 +    }
 +}
 +</code>
 +
 +Unfortunately redirecting from https://hostname to https://hostname.domain does not work well, so it is not shown in the example above -- the reason is that the SSL channel is set-up based on SNI (i.e. hostname) before the redirection could happen, so certificate is matched against hostname and not hostname.domain.
  
 ===== LuCI and Another Website Simultaneously on lighttpd (Listening on Multiple Ports) ===== ===== LuCI and Another Website Simultaneously on lighttpd (Listening on Multiple Ports) =====
Line 83: Line 203:
 Now we simply need to use lighttpd's "matching on socket" mechanism (see [[http://redmine.lighttpd.net/projects/1/wiki/Docs_Configuration#Conditional-Configuration|the documentation on conditional configuration]]), for which you have to put the following somewhere in your lighttpd.conf: Now we simply need to use lighttpd's "matching on socket" mechanism (see [[http://redmine.lighttpd.net/projects/1/wiki/Docs_Configuration#Conditional-Configuration|the documentation on conditional configuration]]), for which you have to put the following somewhere in your lighttpd.conf:
  
-| ''$SERVER["socket"] == ":80"+<code> 
-server.document-root = "/website/" +$SERVER["socket"] == ":80"
-}'' |+  server.document-root = "/website/" 
 +} 
 +</code>
  
 After restarting lighttpd your website is on port 81 and LuCI is still on port 80 using lighttpd. Naturally, you can interchange these two ports such that the website is on the default HTTP port 80 and set the web interface on port 81. After restarting lighttpd your website is on port 81 and LuCI is still on port 80 using lighttpd. Naturally, you can interchange these two ports such that the website is on the default HTTP port 80 and set the web interface on port 81.
  • Last modified: 2021/04/25 05:51
  • by oldium