set Sec-WebSocket-Protocol: binary in response if request header
Sec-WebSocket-Protocol: binary provided by client in Upgrade: websocket
request, or if wstunnel.frame-type = "binary" in lighttpd config
some gateways might Upgrade connection before request body is read
(mod_wstunnel sets con->file_started = 1 and -1 == hctx->wb_reqlen
and sends Connection: upgrade and Upgrade: websocket before reading
request body)
x-ref:
"wstunnel sample config"
https://redmine.lighttpd.net/boards/2/topics/7600
server.bind = "/dev/stdin" for use with inetd wait yes
(experimental)
x-ref:
"inetd/wait mode with auto-shutdown after idle timeout"
https://redmine.lighttpd.net/issues/2824
(occurs when lighttpd is configured to listen on unix socket path)
x-ref:
"stale REMOTE_ADDR when using AF_UNIX socket"
https://redmine.lighttpd.net/issues/2826
check case-insensitive scheme if full URI provided in request-line
RFC7230:
The scheme and host are case-insensitive and normally provided
in lowercase; all other components are compared in a case-sensitive
manner.
x-ref:
"https://redmine.lighttpd.net/boards/3/topics/7637"
Prior code was effectively a 1-element cache after the initial fill
of the array since only the first element was replaced after the
initial fill. New code does round-robin replacement.
(whether or not #define FILE_CACHE_MAX 16 is appropriately sized here
is a question for another day)
check HAVE_UUID for -luuid in order to detect more pedantic cases,
e.g. when -luuid is not installed under Cygwin, even if devel headers
are present (<uuid/uuid.h>)
Omit calling cgi_handle_fdevent() after CGI process exit.
Another (sub)process may be holding pipe fd open and might write
response instead of the initial CGI process.
add FDEVENT_IN in addition to FDEVENT_HUP when triggering
cgi_handle_fdevent() after the CGI process exits.
(This helps improve reliability when running tests under Cygwin)
set default ssl.read-ahead = "disable" for streaming when
server.stream-request-body = 1 or 2 is set in the global scope
It is still recommended that embedded and other low-memory systems
explicitly set ssl.read-ahead = "disable" in the global scope
(regardless of server.stream-request-body setting)
On the other hand, for systems which enable server.stream-request-body
to non-zero value, and for which sufficient memory is available, then
ssl.read-ahead = "enable" is recommended and should be explicitly set
in the global or $SERVER["socket"] configuration blocks in lighttpd.conf
x-ref:
"https POST requests buffered in RAM since v1.4.41?"
https://redmine.lighttpd.net/boards/2/topics/7520
handle_trigger should return HANDLER_GO_ON even on error,
since we want other trigger funcs from other modules to
be able to perform periodic maintenance
centralize most waitpid() handling in core server, with hooks for
modules to be informed of pid and status when a process exits.
This enables faster discovery (and restart) of exited processes,
and also allows for lighttpd to manage backend processes in the
parent (master) process when server.max-worker > 0.
Use config directive extforward.hap-PROXY-ssl-client-verify = "enable"
to enable setting SSL_CLIENT_VERIFY, REMOTE_USER, and AUTH_TYPE using
information provided by HAProxy PROXY protocol.
(it is still recommended to create sockets in protected directories)
x-ref:
"Feature request: add server config for setting permissions on Unix domain socket"
https://redmine.lighttpd.net/issues/656
Treat README and HEADER as filepaths. If absolute path, take as-is.
If relative path, then take relative to directory physical path.
This extends dir-listing.show-header and dir-listing.show-readme
feature to take a filename, which was introduced in lighttpd 1.4.43
x-ref:
"Custom HEADER and README filepaths in mod_dirlisting are treated as relative paths instead of absolute paths when file name starts with '/'"
https://redmine.lighttpd.net/issue/2818
Glenn Strauss
Stefan Bühler