(experimental)
mod_mbedtls supports most ssl.* config options supported by mod_openssl
thx Ward Willats for the initial discussion and attempt in the comments
https://redmine.lighttpd.net/boards/3/topics/7029
NB: r->tmp_buf == srv->tmp_buf (pointer is copied for quicker access)
NB: request read and write chunkqueues currently point to connection
chunkqueues; per-request and per-connection chunkqueues are
not distinct from one another
con->read_queue == r->read_queue
con->write_queue == r->write_queue
NB: in the future, a separate connection config may be needed for
connection-level module hooks. Similarly, might need to have
per-request chunkqueues separate from per-connection chunkqueues.
Should probably also have a request_reset() which is distinct from
connection_reset().
convert all log_error_write() to log_error() and pass (log_error_st *)
use con->errh in preference to srv->errh (even though currently same)
avoid passing (server *) when previously used only for logging (errh)
even 2 billion is way larger than even extreme operating values
expected for the members in base.h
include some structs directly in struct server, rather than by ptr
reduce code duplication in list resizing
realloc() of NULL ptr has behavior similar to malloc()
Note that if initial size == 0, then code used to adjust size
must be += x to ensure the size is non-zero for reallocation.
(Multiplying 0 * x, e.g. power-2 resizing, will result in 0.)
quickly clear buffer instead of buffer_string_set_length(b, 0) or
buffer_reset(b). Avoids free() of large buffers about to be reused,
or buffers that are module-scoped, persistent, and reused.
(buffer_reset() should still be used with buffers in connection *con
when the data in the buffers is supplied by external, untrusted source)
provide standard types in first.h instead of base.h
provide lighttpd types in base_decls.h instead of settings.h
reduce headers exposed by headers for core data structures
do not expose <pcre.h> or <stdlib.h> in headers
move stat_cache_entry to stat_cache.h
reduce use of "server.h" and "base.h" in headers
fix implicit wildcard IPv4 and IPv6 listening (regression in 1.4.46)
(broken in commit:5248b46c)
workaround (without this patch): server.set-v6only = "disable"
(which may produce a warning when lighttpd parses config)
x-ref:
https://redmine.lighttpd.net/boards/2/topics/7720
address strings need to have DNS resolved and port added
for consistency when matching other config conditionals
x-ref:
"1.4.46 regression: $SERVER["socket"] matches when it shouldn't"
https://redmine.lighttpd.net/issues/2830
address strings need to have DNS resolved and port added
for consistency when matching other config conditionals
x-ref:
"1.4.46 regression: $SERVER["socket"] matches when it shouldn't"
https://redmine.lighttpd.net/issues/2830
address strings need to have DNS resolved and port added
for consistency when matching other config conditionals
x-ref:
"1.4.46 regression: $SERVER["socket"] matches when it shouldn't"
https://redmine.lighttpd.net/issues/2830
server.bind = "/dev/stdin" for use with inetd wait yes
(experimental)
x-ref:
"inetd/wait mode with auto-shutdown after idle timeout"
https://redmine.lighttpd.net/issues/2824
(it is still recommended to create sockets in protected directories)
x-ref:
"Feature request: add server config for setting permissions on Unix domain socket"
https://redmine.lighttpd.net/issues/656
server.socket-perms = "0770" to set perms on unix domain socket
on which lighttpd listens for requests, e.g. $SERVER["socket"] == "..."
x-ref:
"Feature request: add server config for setting permissions on Unix domain socket"
https://redmine.lighttpd.net/issues/656
more consistent cleanup of resources at shutdown
(e.g. upon error conditions)
Notes: graceful restart with SIGUSR1
- not available if chroot()ed, oneshot mode, or if idle timeout occurs
- preserve process id (pid)
- preserve existing listen sockets
- i.e. does not close old listen sockets from prior configs
(even if old listen sockets no longer in the new config)
(sockets may have been bound w/ root privileges no longer available)
- will fail to add listen sockets from new config if privileges
lighttpd configured to drop privileges to non-root user, and
new listen socket attempts to bind to low-numbered port requiring
root privileges.
- will fail if listen sockets in new config conflict with any previous
old listen sockets
- These failure modes will result in lighttpd shutting down instead of
graceful restart. These failure modes are not detectable with
preflight checks ('lighttpd -tt -f lighttpd.conf') because the
new instance of lighttpd running the preflight check does not
known config state of n prior graceful restarts, or even the
config state of the currently running lighttpd server.
- due to lighttpd feature of optionally managing backends
(e.g. fastcgi and scgi via "bin-path"), lighttpd must wait for
all child processes to exit prior to restarting. Restarting new
workers while old workers (and old backends) were still running would
result in failure of restarted lighttpd process to be able to bind to
sockets already in use by old backends (e.g. unix "socket" path)
x-ref:
"graceful restart with SIGUSR1"
https://redmine.lighttpd.net/issues/2785
when available, use getaddrinfo(),inet_pton() instead of gethostbyname()
NOTE: behavior change: mod_scgi now listens to INADDR_LOOPBACK if "host"
is not specified. (Prior behavior was INADDR_ANY.) Backends
should not listen on potentially public IPs unless explicitly
configured to do so. This change matches a change to mod_fastcgi
made in 2008.
x-ref
"gethostbyname deprecated, should use getaddrinfo"
https://redmine.lighttpd.net/issues/2783
move write throttling code from network.c:network_write_chunkqueue()
to connections-glue.c:connection_write_chunkqueue() and fix the code
to use TCP_CORK only on TCP sockets.
new directive ssl.read-ahead = "enable"/"disable" to control
SSL_CTX_set_read_ahead(). Default "enable". The "disable" setting
is intended for use on low memory systems with a slow CPU which is
unable to keep up with decryption of large request bodies.
x-ref:
"larger memory usage for file uploads via SSL on embedded system"
https://redmine.lighttpd.net/issues/2778
silence coverity warning
openssl 1.1.0 makes SSL_OP_NO_SSLv2 flag a no-op, leading to
logically dead code when used with openssl 1.1.0. However, the code
is still valid with earlier openssl versions, and so must be preserved.
Glenn Strauss
nicorac