adjust config parser for valid variable expansion
Return only the value when a variable is expanded so that the
array element keeps its state as value-only or part of key-value
(thx nicorac)
x-ref:
"https://redmine.lighttpd.net/boards/2/topics/7600"
set ssl.read-ahead = "disable" by default (modifies commit f4e1357d)
Given various reports from users of embedded systems, the default is
being changed to do the sane thing for these systems. This is the
right setting on slow embedded systems for which decoding SSL input
is slower than receiving that input over the network.
On the other hand, for faster systems, ssl.read-ahead = "enable" is
recommended for a slight performance gain and should be explicitly set
in the global or $SERVER["socket"] configuration blocks in lighttpd.conf
x-ref:
"https POST requests buffered in RAM since v1.4.41?"
https://redmine.lighttpd.net/boards/2/topics/7520
permit LF to end header lines if
server.http-parseopt-header-strict = "disable"
(instead of requiring CR LF)
(makes it easy to use 'openssl s_client -connect <IP:port>' on unix)
(Note: care taken to minimize diff in this commit,
but header parsing code should be revisited and overhauled)
remove erroneous call to SSL_set_shutdown()
(historical from commit:3888c103)
(erroneous since lighttpd 1.4.40 moved to bidirectional input/output)
x-ref:
"wstunnel sample config"
https://redmine.lighttpd.net/boards/2/topics/7600
copy small mem chunks into single large buffer before SSL_write()
to reduce number times write() called underneath SSL_write() and
potentially reduce number of packets generated if socket TCP_NODELAY
remove fd interest in FDEVENT_OUT to backend if create_env hook returns
a status that is not HANDLER_GO_ON, HANDLER_FINISHED, or HANDLER_ERROR
(e.g. HANDLER_WAIT_FOR_EVENT or HANDLER_WAIT_FOR_FD or HANDLER_COMEBACK)
lighttpd mod_dirlisting produces a directory listing with the date in a
certain format, and lighttpd calls setlocale(LC_TIME, "C"), so strftime
date used in mod_dirlisting is predictable. Use a custom date parse
routine to replace Date.parse() in the javascript sorting functions.
x-ref:
"Directory listing / sort by last modified does not work on Safari"
https://redmine.lighttpd.net/issues/2823
set Sec-WebSocket-Protocol: binary in response if request header
Sec-WebSocket-Protocol: binary provided by client in Upgrade: websocket
request, or if wstunnel.frame-type = "binary" in lighttpd config
some gateways might Upgrade connection before request body is read
(mod_wstunnel sets con->file_started = 1 and -1 == hctx->wb_reqlen
and sends Connection: upgrade and Upgrade: websocket before reading
request body)
x-ref:
"wstunnel sample config"
https://redmine.lighttpd.net/boards/2/topics/7600
server.bind = "/dev/stdin" for use with inetd wait yes
(experimental)
x-ref:
"inetd/wait mode with auto-shutdown after idle timeout"
https://redmine.lighttpd.net/issues/2824
(occurs when lighttpd is configured to listen on unix socket path)
x-ref:
"stale REMOTE_ADDR when using AF_UNIX socket"
https://redmine.lighttpd.net/issues/2826
check case-insensitive scheme if full URI provided in request-line
RFC7230:
The scheme and host are case-insensitive and normally provided
in lowercase; all other components are compared in a case-sensitive
manner.
x-ref:
"https://redmine.lighttpd.net/boards/3/topics/7637"
Prior code was effectively a 1-element cache after the initial fill
of the array since only the first element was replaced after the
initial fill. New code does round-robin replacement.
(whether or not #define FILE_CACHE_MAX 16 is appropriately sized here
is a question for another day)
check HAVE_UUID for -luuid in order to detect more pedantic cases,
e.g. when -luuid is not installed under Cygwin, even if devel headers
are present (<uuid/uuid.h>)
Omit calling cgi_handle_fdevent() after CGI process exit.
Another (sub)process may be holding pipe fd open and might write
response instead of the initial CGI process.
add FDEVENT_IN in addition to FDEVENT_HUP when triggering
cgi_handle_fdevent() after the CGI process exits.
(This helps improve reliability when running tests under Cygwin)
set default ssl.read-ahead = "disable" for streaming when
server.stream-request-body = 1 or 2 is set in the global scope
It is still recommended that embedded and other low-memory systems
explicitly set ssl.read-ahead = "disable" in the global scope
(regardless of server.stream-request-body setting)
On the other hand, for systems which enable server.stream-request-body
to non-zero value, and for which sufficient memory is available, then
ssl.read-ahead = "enable" is recommended and should be explicitly set
in the global or $SERVER["socket"] configuration blocks in lighttpd.conf
x-ref:
"https POST requests buffered in RAM since v1.4.41?"
https://redmine.lighttpd.net/boards/2/topics/7520
handle_trigger should return HANDLER_GO_ON even on error,
since we want other trigger funcs from other modules to
be able to perform periodic maintenance
centralize most waitpid() handling in core server, with hooks for
modules to be informed of pid and status when a process exits.
This enables faster discovery (and restart) of exited processes,
and also allows for lighttpd to manage backend processes in the
parent (master) process when server.max-worker > 0.
Use config directive extforward.hap-PROXY-ssl-client-verify = "enable"
to enable setting SSL_CLIENT_VERIFY, REMOTE_USER, and AUTH_TYPE using
information provided by HAProxy PROXY protocol.
(it is still recommended to create sockets in protected directories)
x-ref:
"Feature request: add server config for setting permissions on Unix domain socket"
https://redmine.lighttpd.net/issues/656
Glenn Strauss
fbrosson
Stefan Bühler