server.socket-perms = "0770" to set perms on unix domain socket
on which lighttpd listens for requests, e.g. $SERVER["socket"] == "..."
x-ref:
"Feature request: add server config for setting permissions on Unix domain socket"
https://redmine.lighttpd.net/issues/656
If lighttpd is started privileged, then SSL/TLS modules need to be
initialized prior to chroot (optional) and prior to dropping privileges
in order to be able to read sensitive files such as private certificates
(thx m4t)
silence compiler warnings if HAVE_FORK is not set
However, if HAVE_FORK is not set, then -Werror was probably passed to
./configure, which is currently a mistake. lighttpd can successfully
compiles src/ with -Werror on many platforms, but ./configure tests
should not be run with -Werror. [gstrauss]
github: closes #81
x-ref:
"Fix warnings"
https://github.com/lighttpd/lighttpd1.4/pull/81
more consistent cleanup of resources at shutdown
(e.g. upon error conditions)
Notes: graceful restart with SIGUSR1
- not available if chroot()ed, oneshot mode, or if idle timeout occurs
- preserve process id (pid)
- preserve existing listen sockets
- i.e. does not close old listen sockets from prior configs
(even if old listen sockets no longer in the new config)
(sockets may have been bound w/ root privileges no longer available)
- will fail to add listen sockets from new config if privileges
lighttpd configured to drop privileges to non-root user, and
new listen socket attempts to bind to low-numbered port requiring
root privileges.
- will fail if listen sockets in new config conflict with any previous
old listen sockets
- These failure modes will result in lighttpd shutting down instead of
graceful restart. These failure modes are not detectable with
preflight checks ('lighttpd -tt -f lighttpd.conf') because the
new instance of lighttpd running the preflight check does not
known config state of n prior graceful restarts, or even the
config state of the currently running lighttpd server.
- due to lighttpd feature of optionally managing backends
(e.g. fastcgi and scgi via "bin-path"), lighttpd must wait for
all child processes to exit prior to restarting. Restarting new
workers while old workers (and old backends) were still running would
result in failure of restarted lighttpd process to be able to bind to
sockets already in use by old backends (e.g. unix "socket" path)
x-ref:
"graceful restart with SIGUSR1"
https://redmine.lighttpd.net/issues/2785
close connections in keep-alive that are waiting for next request
disable keep-alive on existing connections
remove bandwidth write limits
reduce remaining linger timeout (on already finished requests)
to be (from zero) *up to* one more second, but no more
large code move, but minimal changes made to code (besides whitespace),
so that code builds
next: need to isolate openssl data structures and config parsing
handle_request_env (called on demand by handlers to populate env)
handle_connection_accept
handle_connection_shut_wr (was handle_connection_close)
handle_connection_close (now occurs at socket close())
[mod_deflate] skip deflate if 1 min loadavg too high
deflate.max-loadavg = "3.50" # express value as string of float num
[mod_compress] skip compression if 1 min loadavg too high
compress.max-loadavg = "3.50" # express value as string of float num
Feature available on BSD-like systems which have getloadavg() in libc
Note: load average calculations are different on different operating
systems and different types of system loads, so there is no value that
can be recommended for one-size-fits-all.
x-ref:
"Enable mod_compress to abandon compression when load average is too high"
https://redmine.lighttpd.net/issues/1505
prefer RAND_pseudo_bytes() (openssl), arc4random() or jrand48(),
if available, over rand()
These are not necessarily cryptographically secure, but should be better
than rand()
limits total size per request of request headers submitted by client
default limit set to 8k (prior lighttpd <= 1.4.41 hard-coded 64k limit)
(similar to Apache directive LimitRequestFieldSize)
x-ref:
"limits the size of HTTP request header"
https://redmine.lighttpd.net/issues/2130
module status: experimental; more testing and review needed
Kerberos library calls have been preserved from original patch set
and should be reviewed.
module has been quickly tested with Basic auth (Use over TLS!)
SPNEGO -has not- been tested. Again, kerberos library calls have
been preserved from original patch set. YMMV. (Use over TLS!)
x-ref:
"Kerberos/GSSAPI Delegation Support"
https://redmine.lighttpd.net/issues/1899
server.username can not be root or 0.
server.groupname can not be root or 0.
If server.username is set, previous behavior might retain gid 0
if server.groupname was not set.
New behavior calls setgid() on server.username primary gid, and
then initgroups on server.username if server.username is set but
server.groupname is not set.
x-ref:
"server.groupname not required with server.username"
https://redmine.lighttpd.net/issues/2725
Do not switch to CON_STATE_ERROR upon idle timeout if already in
CON_STATE_CLOSE. Changing to CON_STATE_ERROR might keep resetting
con->close_timeout_ts if repeated calls to shutdown() succeed.
Gaël PORTAY