Use config directive extforward.hap-PROXY-ssl-client-verify = "enable"
to enable setting SSL_CLIENT_VERIFY, REMOTE_USER, and AUTH_TYPE using
information provided by HAProxy PROXY protocol.
(it is still recommended to create sockets in protected directories)
x-ref:
"Feature request: add server config for setting permissions on Unix domain socket"
https://redmine.lighttpd.net/issues/656
Treat README and HEADER as filepaths. If absolute path, take as-is.
If relative path, then take relative to directory physical path.
This extends dir-listing.show-header and dir-listing.show-readme
feature to take a filename, which was introduced in lighttpd 1.4.43
x-ref:
"Custom HEADER and README filepaths in mod_dirlisting are treated as relative paths instead of absolute paths when file name starts with '/'"
https://redmine.lighttpd.net/issue/2818
*experimental*
decodes websockets and passes body back and forth from backend
(body could be known protocol such as JSON, or any custom protocol)
originally based off https://github.com/nori0428/mod_websocket
add public domain SHA1() if not linking with crypto lib
obtained from https://github.com/nori0428/mod_websocket
* Originally written by Steve Reid <steve@edmweb.com>
*
* Modified by Aaron D. Gifford <agifford@infowest.com>
*
* NO COPYRIGHT - THIS IS 100% IN THE PUBLIC DOMAIN
*
* The original unmodified version is available at:
* ftp://ftp.funet.fi/pub/crypt/hash/sha/sha1.c
PROPFIND getetag attr must match Etag response header from GET request
For consistency, make similar change in mod_ssi.
(thx ethoms)
x-ref:
"mod_webdav: Etag in response differs between PROPFIND and GET"
https://redmine.lighttpd.net/boards/3/topics/7473
remove RCSid tags
authors are listed in AUTHORS file
amend list of supported platforms (still incomplete)
...more changes are needed to update contents to current feature set
*experimental*
enable adaptive spawning for socket backend processes
new feature will allow "min-procs" => "0" and will spawn a backend
upon receipt of a request, if no backends are currently running.
This may be useful on resource-limited systems where there is a
seldom-used resource-intensive backend, such as home router
configuration web pages. The first request may be slower as the
backend is starting up, but then subsequent requests within
"idle-timeout" will hit the (temporarily) persistent backend for
faster responses.
x-ref:
"Adaptive spawning with min-procs=>0"
https://redmine.lighttpd.net/issues/1162
resolve DNS at startup and use the first IP address returned by resolver
Note: use of IP addresses is recommended instead of using DNS names.
If DNS names are used, but DNS is slow or unavailable, then lighttpd
will either appear to hang at startup or will fail to start up.
connection attempts in progress count towards proc load so that bursts
of new connections do not all queue for current least busy proc
(makes a difference only for local backends with more than one proc)
common codebase for socket backends, based off mod_fastcgi with
some features added for mod_proxy
(mostly intended to reduce code duplication and enhance code isolation)
mod_fastcgi and mod_scgi can now use fastcgi.balance and scgi.balance
for similar behavior as proxy.balance, but the balancing is per-host
and not per-proc. proxy.balance is also per-host and not per-proc.
mod_proxy and mod_scgi can now use proxy.map-extensions and
scgi.map-extensions, similar to fastcgi.map-extensions.
mod_fastcgi behavior change (affects only mod_status):
- statistics tags have been renamed from "fastcgi.*" to "gw.*"
"fastcgi.backend.*" -> "gw.backend.*"
"fastcgi.active-requests" -> "gw.active-requests"
("fastcgi.requests" remains "fastcgi.requests")
("proxy.requests" is new)
("scgi.requests" is new)
mod_scgi behavior change (likely minor):
- removed scgi_proclist_sort_down() and scgi_proclist_sort_up().
procs now chosen based on load as measured by num socket connnections
Note:
modules using gw_backend.[ch] are currently still independent modules.
If it had been written as a single module with fastcgi, scgi, proxy
implementations, then there would have been a chance of breaking some
existing user configurations where module ordering made a difference
for which module handled a given request, though for most people, this
would have made no difference.
Details about mod_fastcgi code transformations:
unsigned int debug -> int debug
fastcgi_env member removed from plugin_config
renamed "fcgi" and "fastcgi" to "gw", and "FCGI" to "GW"
reorganize routines for high-level and lower-level interfaces
some lower-level internal interfaces changed to use host,proc,debug
args rather than knowing about higher-level (app) hctx and plugin_data
tabs->spaces and reformatting
more consistent connect() error handling
NOTE: behavior change in mod_scgi:
"disable-time" default is now 1 second (was 60 seconds)
The new behavior matches the default in mod_fastcgi
(and is a much saner default disable time).
Glenn Strauss