| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision |
| docs:guide-user:luci:luci.on.lighttpd [2019/01/07 20:39] – Added simple configuration not touching default one oldium | docs:guide-user:luci:luci.on.lighttpd [2021/04/23 14:01] – oldium |
|---|
| ====== LuCI on lighttpd ====== | ====== LuCI on lighttpd ====== |
| This article explains how to run the [[docs:techref:luci]] web interface on the [[docs:guide-user:services:webserver:lighttpd|lighttpd]] web server. | LuCI is the main web administration utility for OpenWrt. **By default LuCI uses [[docs:guide-user:services:webserver:http.uhttpd|uHTTPd]]**. |
| LuCI is the main web administration utility for OpenWrt. By default it is installed with [[docs:guide-user:services:webserver:http.uhttpd|uHTTPd]]. You can of course use any other web server for LuCI. There are a couple available in the OpenWrt archives: [[docs:guide-user:services:http.overview]] | |
| This is the howto for lighttpd. | You can use other web servers for LuCI. There are a couple available in the OpenWrt archives: [[docs:guide-user:services:webserver:start]] This article explains how to run the [[docs:techref:LuCI]] web interface on the [[docs:guide-user:services:webserver:lighttpd|lighttpd]] web server. |
| |
| See also: | See also: |
| |
| * [[docs:guide-user:services:webserver:lighttpd]] | * [[docs:guide-user:services:webserver:lighttpd]] |
| * [[docs:guide-user:luci:luci.essentials-tomerge]] | * [[docs:guide-user:luci:luci.essentials]] |
| | |
| | :!: From the lighttpd server **version 1.4.56**, the HTTP/2 is enabled by configuration, **version 1.4.59** has it enabled by default, so if you have a modern browser, it will use the new protocol. There is a [[https://redmine.lighttpd.net/issues/3078|problem]] with HTTP/2 implementation, which might influence loading of LuCI page and might prevent its usage. Pressing F5 (**reload**) makes the page working again (once for login page, once after logging in), or there is a possibility to work-around the issue and disable HTTP/2 in the [[docs:guide-user:luci:luci.on.lighttpd#http2_issue_workaround|configuration]]. |
| |
| ===== Installation ===== | ===== Installation ===== |
| </code> | </code> |
| **NOTE**: The **libiwinfo** package is only needed if your router has wireless. | **NOTE**: The **libiwinfo** package is only needed if your router has wireless. |
| | |
| | Since lighttpd package version 1.4.56 the **SSL** module is not installed by default and you need to install one: |
| | <code> |
| | # Check the up-to-date list of lighttpd modules |
| | opkg list lighttpd* |
| | # Choose one and install it, version 1.4.56 offers lighttpd-mod-gnutls, lighttpd-mod-mbedtls, lighttpd-mod-nss, lighttpd-mod-openssl, lighttpd-mod-wolfssl |
| | opkg install lighttpd-mod-openssl |
| | </code> |
| |
| Then choose a LuCI theme | Then choose a LuCI theme |
| </code> | </code> |
| |
| Now we need to tell lighttpd to process requests for the web interface using Lua. The LuCI administation package installs a file ''/cgi-bin/luci'', which is the default CGI gateway for LuCI. This is a script (with shebang line) that can run LuCI independently and calls Lua by itself. To tell lighttpd that it needs to load everything starting with ''/cgi-bin/luci'' by that script simply add | Now we need to tell lighttpd to process requests for the web interface using CGI. The LuCI administation package installs files in ''/cgi-bin'', which is the default CGI gateway for LuCI. The main script ''luci'' is a script (with shebang line) that can run LuCI independently and calls Lua by itself. Other files ''cgi-backup'', ''cgi-download'' and ''cgi-upload'' are symbolic links to ''cgi-io'' executable. To tell lighttpd that it needs to execute scripts in ''/cgi-bin'' we need to add |
| <code> | <code> |
| "cgi-bin/luci" => "" | "/cgi-bin/luci" => "", |
| | "/cgi-bin/cgi-backup" => "", |
| | "/cgi-bin/cgi-download" => "", |
| | "/cgi-bin/cgi-exec" => "", |
| | "/cgi-bin/cgi-upload" => "" |
| </code> | </code> |
| to the cgi configuration file (''/etc/lighttpd/conf.d/30-cgi.conf''): | to the cgi configuration file (''/etc/lighttpd/conf.d/30-cgi.conf''): |
| ".erb" => "/usr/bin/eruby", | ".erb" => "/usr/bin/eruby", |
| ".py" => "/usr/bin/python", | ".py" => "/usr/bin/python", |
| "cgi-bin/luci" => "" ) | "/cgi-bin/luci" => "", |
| | "/cgi-bin/cgi-backup" => "", |
| | "/cgi-bin/cgi-download" => "", |
| | "/cgi-bin/cgi-exec" => "", |
| | "/cgi-bin/cgi-upload" => "", |
| | ) |
| </code> | </code> |
| |
| This makes LuCI work as a CGI process. See http://redmine.lighttpd.net/projects/1/wiki/docs_modcgi for an explanation of the ''cgi.assign'' syntax. | This makes LuCI work as a CGI process. See http://redmine.lighttpd.net/projects/1/wiki/docs_modcgi for an explanation of the ''cgi.assign'' syntax. |
| Note that the index.html file in the document root ''/www'' that comes with the LuCI package redirects to ''/cgi-bin/luci'', thereby allowing access to the web interface by just loading the address of your OpenWrt device (e.g. 192.168.1.1 instead of having to load 192.168.1.1/cgi-bin/luci). | Note that the ''index.html'' file in the document root ''/www'' that comes with the LuCI package redirects to ''/cgi-bin/luci'', thereby allowing access to the web interface by just loading the address of your OpenWrt device (e.g. 192.168.1.1 instead of having to load 192.168.1.1/cgi-bin/luci). |
| |
| LuCI needs root privileges to access configuration, so lighttpd needs to run as root too, so edit the configuration file ''/etc/lighttpd/lighttpd.conf'': | LuCI needs root privileges to access configuration, so lighttpd needs to run as root too, so edit the configuration file ''/etc/lighttpd/lighttpd.conf'': |
| <code> | <code> |
| ## Necessary LUCI configuration | ## Necessary LUCI configuration |
| cgi.assign += ( "cgi-bin/luci" => "" ) | cgi.assign += ( "/cgi-bin/luci" => "", |
| | "/cgi-bin/cgi-backup" => "", |
| | "/cgi-bin/cgi-download" => "", |
| | "/cgi-bin/cgi-exec" => "", |
| | "/cgi-bin/cgi-upload" => "" ) |
| |
| server.username := "" | server.username := "" |
| </code> | </code> |
| |
| ☝ The key to understand it is that ''+='' merges the values, '':='' replaces/overwrites previously assigned value and ''='' simply assigns a value (see [[https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_Configuration|lighttpd configuration documentation]]). | Or specify CGI execution as a default for a whole ''/cgi-bin'' URL: |
| | |
| | <code> |
| | ## Necessary LUCI configuration |
| | $HTTP["url"] =~ "^/cgi-bin" { |
| | cgi.assign += ( "" => "" ) |
| | } |
| | |
| | server.username := "" |
| | server.groupname := "" |
| | </code> |
| | |
| | ☝ The key to understand it is that ''+='' merges the values, '':='' replaces/overwrites previously assigned value and ''='' simply assigns a value if not set already (see [[https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_Configuration|lighttpd configuration documentation]]). |
| | |
| | ==== HTTP/2 Issue Workaround ==== |
| | |
| | OpenWrt enabled HTTP/2 in version 1.4.56 in the configuration, version 1.4.59 has it enabled by default. Usage of HTTP/2 exposed a [[https://redmine.lighttpd.net/issues/3078|problem]] in HTTP/2 implementation, which might influence loading of LuCI page and might prevent its normal usage. Pressing F5 (**reload**) makes the page working again (once for login page, once after logging in), or there is a possibility to work-around the issue and disable HTTP/2 in ''/etc/lighttpd/lighttpd.conf'': |
| | |
| | <code> |
| | server.feature-flags += ("server.h2proto" => "disable") |
| | server.feature-flags += ("server.h2c" => "disable") s |
| | </code> |
| |
| ==== Finalizing the configuration ==== | ==== Finalizing the configuration ==== |
| ## enable syslog | ## enable syslog |
| server.errorlog-use-syslog = "enable" | server.errorlog-use-syslog = "enable" |
| </code> | |
| |
| Enable lighttpd (so that it will be started at every boot) and start it: | |
| <code> | |
| /etc/init.d/lighttpd enable | |
| /etc/init.d/lighttpd start | |
| </code> | </code> |
| |
| } | } |
| </code> | </code> |
| | |
| | Enable lighttpd (so that it will be started at every boot) and start it: |
| | <code> |
| | /etc/init.d/lighttpd enable |
| | /etc/init.d/lighttpd start |
| | </code> |
| | |
| |
| ===== SSL Redirect ===== | ===== SSL Redirect ===== |
| Now we simply need to use lighttpd's "matching on socket" mechanism (see [[http://redmine.lighttpd.net/projects/1/wiki/Docs_Configuration#Conditional-Configuration|the documentation on conditional configuration]]), for which you have to put the following somewhere in your lighttpd.conf: | Now we simply need to use lighttpd's "matching on socket" mechanism (see [[http://redmine.lighttpd.net/projects/1/wiki/Docs_Configuration#Conditional-Configuration|the documentation on conditional configuration]]), for which you have to put the following somewhere in your lighttpd.conf: |
| |
| | ''$SERVER["socket"] == ":80" { | <code> |
| server.document-root = "/website/" | $SERVER["socket"] == ":80" { |
| }'' | | server.document-root = "/website/" |
| | } |
| | </code> |
| |
| After restarting lighttpd your website is on port 81 and LuCI is still on port 80 using lighttpd. Naturally, you can interchange these two ports such that the website is on the default HTTP port 80 and set the web interface on port 81. | After restarting lighttpd your website is on port 81 and LuCI is still on port 80 using lighttpd. Naturally, you can interchange these two ports such that the website is on the default HTTP port 80 and set the web interface on port 81. |