For uploaded files or other request body, fall back to
lseek(),read() if filesystem does not support mmap()
(mmap(), if supported, is utilized regardless of --enable-mmap
since request body is either in memory or stored in temporary
files controlled by lighttpd)
"WebDAV upload-> mmap failed: operation not permitted"
"handle filesystems without mmap() support"
github: closes #55
handle X-Sendfile and X-LIGHTTPD-send-file w/ http_response_xsendfile()
if host is configured ( "x-sendfile" = "enable" )
Note: X-Sendfile path is url-decoded for consistency, like X-Sendfile2
(response headers should be url-encoded to avoid tripping over
chars allowed in filesystem but which might change response
header parsing semantics)
Note: deprecated: "allow-x-send-file"; use "x-sendfile"
Note: deprecated: X-LIGHTTPD-send-file header; use X-Sendfile header
Note: deprecated: X-Sendfile2 header; use X-Sendfile header
For now, X-Sendfile2 is still handled internally by mod_fastcgi.
Since http_response_send_file() supports HTTP Range requests,
X-Sendfile2 is effectively obsolete. However, any code, e.g. PHP,
currently using X-Sendfile2 is probably manually generating 206 Partial
Content status and Range response headers. A future version of lighttpd
might *remove* X-Sendfile2. Existing code should be converted to use
X-Sendfile, which is easily done by removing all the special logic
around using X-Sendfile2, since the 206 Partial Content status and Range
response headers are handled in http_response_send_file().
"mod_fastcgi + X-Sendfile -> mod_staticfile"
"Feature Request: New option "x-send-file-docroot""
"X-Sendfile handoff to mod-static-file in 1.4.x"
"X-sendfile should be able to set content-type"
move code from mod_staticfile.c to http-header-glue.c to allow reuse
(includes ETag, Last-Modified headers, Range requests for static files)
operate on path arg instead of con->physical.path
skip Range requests if con->http_status already set >= 300
remove redundant calls to stat_cache_get_entry() handling Range requests
"X-Sendfile handoff to mod-static-file in 1.4.x"
server.error-handler preserves HTTP status error code when error page
is static, and allows dynamic handlers to change HTTP status code
when error page is provided by dynamic handler. server.error-handler
intercepts all HTTP status codes >= 400 except when the content is
generated by a dynamic handler (cgi, ssi, fastcgi, scgi, proxy, lua).
The request method is unconditionally changed to GET for the request
to service the error handler, and the original request method is
later restored (for logging purposes). request body from the
original request, if present, is discarded.
server.error-handler is somewhat similar to server.error-handler-404,
but server.error-handler-404 is now deprecated, intercepts only 404
and 403 HTTP status codes, and returns 200 OK for static error pages,
a source of confusion for some admins. On the other hand, the new
server.error-handler, when set, will intercept all HTTP status error
codes >= 400. server.error-handler takes precedence over
server.error-handler-404 when both are set.
NOTE: a major difference between server.error-handler and the
now-deprecated server.error-handler-404 is that the values of the
non-standard CGI environment variables REQUEST_URI and REDIRECT_URI
have been swapped. Since REDIRECT_STATUS is the original HTTP
status code, REDIRECT_URI is now the original request, and REQUEST_URI
is the current request (e.g. the URI/URL to the error handler).
The prior behavior -- which reversed REQUEST_URI and REDIRECT_URI values
from those described above -- is preserved for server.error-handler-404.
Additionally, REDIRECT_STATUS is now available to mod_magnet, which
continues to have access to request.uri and request.orig_uri.
See further discussion at https://redmine.lighttpd.net/issues/2702
github: closes #36
set REDIRECT_STATUS to con->error_handler_saved_status in dynamic
handlers for PHP compiled with --force-redirect. Set to "200"
if (0 == con->error_handler_saved_status)
(mod_cgi, mod_fastcgi, mod_scgi, mod_ssi)
FYI: setting REDIRECT_STATUS in con->environment allows access and
manipulation by mod_magnet.
"REDIRECT_STATUS == 200 on 404 redirect"
github: closes #35
iterate over environ via array-index notation with char **ptr on stack
(instead of repeatedly re-accessing global 'environ')
check getsockname() return values including addrlen
[mod_dirlisting] pass buf size into http_list_directory_sizefmt()
github: resolves #48
dynamic handlers mod_fastcgi, mod_scgi, and mod_proxy can now read
response from backend prior to finishing sending request body.
If the backend closes the connections (or shuts down socket write
end so that lighttpd read() 0 to indicate EOF), then lighttpd will
abort attempting to send request body to backend.
"mod_fastcgi should handle "quick" responses"
"FastCGI FCGI_STDOUT before FCGI_STDIN bug"
remove handle_joblist hook and remove the hooks defined in
mod_fastcgi and mod_scgi. The calls made to fdevent management
are redundant. If the calls were actually needed, then
mod_proxy would have needed a handle_joblist handler, too.
to detect client disconnect. Do so even when waiting on backend,
and not polling for POLLRD or POLLWR on client connection.
This reduces unnecessary load on backends when backends are slow
to respond and client has given up waiting.
FastCGI performance on high load
read request body in dynamic handlers supporting request body
(mod_cgi, mod_fastcgi, mod_proxy, mod_scgi, mod_webdav)
(In the future, each dynamic handler might choose whether or not to
buffer request body or to stream request body to backend as request
body is received.)
modify mod_webdav to mark request in handle_physical hook, and move
the main logic to handle_subrequest hook, where the main logic is
for other dynamic handlers.
no code changes besides making connection_handle_read() public
(by removing 'static' and adding to connections.h)
read request body right before calling subrequest handler,
allowing request to be handled prior to reading request body,
e.g. to send 401 Unauthorized response when authentication is required
(In the future, this might move into each dynamic handler which supports
request body (mod_cgi, mod_fastcgi, mod_proxy, mod_scgi, mod_webdav) so
that each dynamic handler can choose whether or not to buffer request
body or to stream request body to backend as request body is received.)
keep-alive is disabled if request body has not been completely read
prior to sending response
"HTTP 401 Unauthorized only sent back after full POST request is read"
for dynamic handlers mod_cgi, mod_fastcgi, mod_scgi, mod_proxy
(mod_cgi control flow logic simplification began in a prior commit)
- connection state machine calls the subrequest handler
- subrequest handler sets up the connection to the backend
and registers fdevent handler to handle backend events
- fdevent handler handles backend events and then schedules
a call to connection state machine
- when retrying an alternate backend, backend state is reset
and then response state is reset so that the connection state
machine will call back into the subrequest handler to retry
Dynamic handlers no longer directly modify connection state
(calls to connection_set_state() from dynamic handlers were removed)
Dynamic handlers no longer reset con->physical.path, and they
preserve con->mode when retrying alternate backends. This is done
to skip repeated processing in response.c:http_response_prepare()
While this patch increases consistency in control flow handling,
there is more work to be done that can further improve upon this.
"handle-req time too long"
Previous code would fail on partial write, EINTR, and ENOSPC.
Upon any of the above errors, this patch tries next tempdir in list,
if list of tempdirs provided by config option server.upload-dirs
"Problem when uploading large files"
See doc/config/lighttpd.conf for explanation of listen() backlog queue
Additionally, mod_fastcgi and mod_scgi backend servers can now also be
configured with separate listen-backlog settings per server
"add server.listen-backlog option instead of hard-coded value (128 * 8) for listen()"
"Don't disable backend when overloaded"
http_chunk_append_file() opens fd when appending file to chunkqueue.
Defers calculation of content length until response is finished.
This reduces race conditions pertaining to stat() and then (later)
open(), when the result of the stat() was used for Content-Length
or to generate chunked headers.
Note: this does not change how lighttpd handles files that are modified
in-place by another process after having been opened by lighttpd --
don't do that. This *does* improve handling of files that are
frequently modified via a temporary file and then atomically renamed
mod_fastcgi has been modified to use http_chunk_append_file_range() with
X-Sendfile2 and will open the target file multiple times if there are
Note: (future todo) not implemented for chunk.[ch] interfaces used by
range requests in mod_staticfile or by mod_ssi. Those uses could lead
to too many open fds. For mod_staticfile, limits should be put in place
for max number of ranges accepted by mod_staticfile. For mod_ssi,
limits would need to be placed on the maximum number of includes, and
the primary SSI file split across lots of SSI directives should either
copy the pieces or perhaps chunk.h could be extended to allow for an
open fd to be shared across multiple chunks. Doing either of these
would improve the performance of SSI since they would replace many file
opens on the pieces of the SSI file around the SSI directives.
"Serving a file that is getting updated can cause an empty response or incorrect content-length error"
A new SSI directive, "ssi.conditional-requests", allows to inform
lighttpd which SSI pages should be considered as cacheable and which
should not. In particular, the "ETag" & "Last-Modified" headers will
only be sent for those SSI pages for which the directive is enabled.
"ETag" and "Last-Modified" headers were being sent for all SSI pages,
regardless of whether they were cacheable or not. And yet, there was
no cache validation at all for any SSI page.
This commit fixes these two minor issues by adding a new directive,
"ssi.conditional-requests", which allows to specify which SSI pages
are cacheable and which are not, and by adding cache validation to
those SSI pages which are cacheable. And since sending ETags for
non-cacheable documents is not appropriate, they are no longuer
computed nor sent for those SSI pages which are not cacheable.
Regarding the "Last-Modified" header for non-cacheable documents,
the standards allow to either send the current date and time for
that header or to simply skip it. The approach chosen is to not send
it for non-cacheable SSI pages. "ETag" and "Last-Modified" headers
are therefore only sent for an SSI page if ssi.conditional-requests
is enabled for that page.
The ssi.conditional-requests directive can be enabled or disabled
globally and/or in any context. It is disabled by default.
An index.shtml which only includes deterministic SSI commands such as:
is a trivial example of a dynamic SSI page that is cacheable.
remove Cache-Control and Expires headers before handling error docs
(caching headers may have been set by mod_expire before http status
was determined to be an error)
"mod_expires sends headers on 404 responses"
error if unix socket path is duplicated
(does not check across modules, but will detect duplicated unix socket
paths within fastcgi directives, and separately, duplicated unix socket
paths within scgi directives)