diff options
Diffstat (limited to 'recipes-core')
-rw-r--r-- | recipes-core/lighttpd/files/lighttpd.init | 310 | ||||
-rw-r--r-- | recipes-core/lighttpd/lighttpd_1.4.48.bb | 2 |
2 files changed, 0 insertions, 312 deletions
diff --git a/recipes-core/lighttpd/files/lighttpd.init b/recipes-core/lighttpd/files/lighttpd.init deleted file mode 100644 index 39860d3..0000000 --- a/recipes-core/lighttpd/files/lighttpd.init +++ /dev/null @@ -1,310 +0,0 @@ -#!/bin/sh - -enable -f libjsonget.so jsonget - -PATH=/sbin:/bin:/usr/sbin:/usr/bin -DAEMON=/usr/sbin/lighttpd -NAME=lighttpd -ANGEL=/sbin/lighttpd-angel -DESC="Lighttpd Web Server" -# Web UI -OPTS="-D -f /etc/lighttpd.conf" -# Node-RED stub -OPTS_NRS="-f /etc/lighttpd_nrs.conf" - -CAPA_NODE_RED=$(jsonget "$(< /var/run/config/device_info.json)" /capabilities/nodeRed) - -CONF_DIR=/var/config -RUN_CONF_DIR=/var/run/config - -true2enable() { - if [[ "$1" == "true" ]]; then - echo "enable" - else - echo "disable" - fi -} - -#Generates additional lighttpd configuration files -#1) Enables HTTPS -#2) Allows port configurations for HTTP and HTTPS -#3) Enables dipservice -#4) Allows port configurations for dipservice -generate_config() { - FILE="$RUN_CONF_DIR/lighttpd_port.conf" - FILE_DIP="$RUN_CONF_DIR/lighttpd_dipservice.conf" - - #Pull Webserver Ports - RMA=$(jsonget "$(< "/var/config/db.json")" /remoteAccess) - HTTP_ENABLED=$(jsonget "$RMA" /http/enabled) - HTTP_PORT=$(jsonget "$RMA" /http/port) - HTTPS_REDIRECT=$(jsonget "$RMA" /http/redirectToHttps) - HTTPS_ENABLED=$(jsonget "$RMA" /https/enabled) - HTTPS_PORT=$(jsonget "$RMA" /https/port) - - # Advanced secure protocol settings - ADVANCED_SEC_VALID="false" - ADVANCED_SEC=$(jsonget "$(< "/var/config/db.json")" /secureProtocols/2) - - if [[ "0" == "$?" ]]; then - ADVANCED_SEC_NAME=$(jsonget "$ADVANCED_SEC" /name) - if [[ "$ADVANCED_SEC_NAME" == "lighttpd" ]]; then - ADVANCED_SEC_VALID="true" - HTTPS_SSL3=$(true2enable "false") # $(true2enable $(jsonget "$ADVANCED_SEC" /protocol/ssl3)) - HTTPS_TLS1=$(true2enable "false") # $(true2enable $(jsonget "$ADVANCED_SEC" /protocol/tls1)) - HTTPS_TLS1_1=$(true2enable $(jsonget "$ADVANCED_SEC" /protocol/tls1_1)) - HTTPS_TLS1_2=$(true2enable $(jsonget "$ADVANCED_SEC" /protocol/tls1_2)) - HTTPS_CIPHER=$(jsonget "$ADVANCED_SEC" /cipherSuite) - if [[ -z $HTTPS_CIPHER && -f /etc/ssl/allowed_ciphersuites ]]; then - HTTPS_CIPHER=$( cat /etc/ssl/allowed_ciphersuites | tr "\n" ":" ) - fi - CLIENT_VERIFY=$(jsonget "$ADVANCED_SEC" /client/verify ) - fi - fi - - if [[ "$ADVANCED_SEC_VALID" != "true" ]]; then - echo "API init. Using default SSL security settings" - # In case of invalid Advanced Security section - start with default parameters - HTTPS_SSL3=$(true2enable "false") - HTTPS_TLS1=$(true2enable "false") - HTTPS_TLS1_1=$(true2enable "false") - HTTPS_TLS1_2=$(true2enable "true") - HTTPS_CIPHER="" - CLIENT_VERIFY="false" - fi - - #("Protocol" => "-ALL, TLSv1.2") - HTTPS_SSL_CONF='("Protocol" => "-ALL' - - if [[ "$HTTPS_TLS1" == "enable" ]]; then - HTTPS_SSL_CONF+=', TLSv1' - fi - if [[ "$HTTPS_TLS1_1" == "enable" ]]; then - HTTPS_SSL_CONF+=', TLSv1.1' - fi - if [[ "$HTTPS_TLS1_2" == "enable" ]]; then - HTTPS_SSL_CONF+=', TLSv1.2' - fi - HTTPS_SSL_CONF+='")' - - #Generate Lighttpd dipservice config - DIP=$(jsonget "$(< "$CONF_DIR/db.json")" /customDiagnostic || echo '{ "enabled": false, "port":8080 }') - DIP_ENABLED=$(jsonget "$DIP" /enabled) - DIP_PORT=$(jsonget "$DIP" /port) - - echo "Generating $FILE_DIP" - > "$FILE_DIP" - - #Generate Lighttpd Port Config - echo "Generating $FILE" - > "$FILE" - - if [[ "$DIP_ENABLED" == "true" ]]; then - cat >> $FILE_DIP <<END -\$SERVER["socket"] == "0.0.0.0:$DIP_PORT" { - fastcgi.server = ( - "/" => ( - ( - "host" => "127.0.0.1", - "port" => 9009, - "check-local" => "disable", - "bin-path" => "/sbin/dipservice -d /var/config/dipdata", - "max-procs" => 1, - "docroot" => "/var/config/dipdata" - ) - ) - ) -} -END - fi - - cat >> $FILE <<END -#AUTO-GENERATED LIGHTTPD HTTP/HTTPS CONFIGURATIONS -#DO NOT CHANGE THIS FILE -> CHANGE $0 -END - -#Explicitly set the default listening port to HTTP port. -cat >> $FILE <<END - -# listen to ipv4 -server.bind = "0.0.0.0" -server.port = "$HTTP_PORT" -END - - if [ "$HTTPS_ENABLED" = "true" ]; then - # Enable HTTPS for ipv4/ipv6 - # See (https://redmine.lighttpd.net/projects/lighttpd/wiki/IPv6-Config#Recommended-IPv6-setup) - - HTTPS_SSL_ENGINE_CONFIG="ssl.engine = \"enable\" - ssl.use-sslv3 = \"$HTTPS_SSL3\" - ssl.openssl.ssl-conf-cmd = $HTTPS_SSL_CONF - ssl.pemfile = \"$CONF_DIR/server.pem\"" - - if [ "$CLIENT_VERIFY" = "true" ]; then - HTTPS_SSL_ENGINE_CONFIG+="ssl.ca-file = \"/etc/ssl/certs/ca-certificates.crt\" - ssl.verifyclient.activate = \"enable\" - ssl.verifyclient.enforce = \"enable\"" - fi - - if [ -n "$HTTPS_CIPHER" ]; then - HTTPS_SSL_ENGINE_CONFIG+=" - ssl.cipher-list = \"$HTTPS_CIPHER\"" - fi - - cat >> $FILE <<END - -# ipv4 socket -\$SERVER["socket"] == "0.0.0.0:$HTTPS_PORT" { - $HTTPS_SSL_ENGINE_CONFIG -} - -# ipv6 socket -\$SERVER["socket"] == "[::]:$HTTPS_PORT" { - $HTTPS_SSL_ENGINE_CONFIG -} - -END - - fi - - - # Ensure that loopback can always access port 80 - if [ "$HTTP_PORT" != 80 ]; then - echo "\$SERVER[\"socket\"] == \"127.0.0.1:80\" { }" >> $FILE - fi - - # Enable redirect from HTTP to HTTPS if enabled - if [ "$HTTPS_REDIRECT" == "true" ]; then - HTTPS_REDIRECT_CONFIG="\$SERVER[\"socket\"] == \":$HTTP_PORT\" { - \$HTTP[\"host\"] =~ \"^([^:^/]*)(:\d*)?(.*)\" { - url.redirect = ( \"^/(.*)\" => \"https://%1:$HTTPS_PORT/\$1\" ) - } - } else " - fi - - HTTPX_REWRITE_URL='url.rewrite-once = ( "^/(?!static|api|tmp|help)(.+)/?$" => "/index.html" )' - - #BREAKDOWN - # LINE 1: CHECK: REMOTE IP IS NOT 127.0.0.1 (LOOPBACK) - # LINE 2: CHECK: DEST PORT IS THE HTTP PORT LIGHTTPD IS LISTENING ON - # LINE 3: CHECK: HOST ADDRESS (ex: 192.168.2.1:81/whatever) MATCHES THE REGEX [DOMAIN][PORT (optional)][URI] - # THE REGEX FROM LINE 3 CAN BE ACCESSED IN LINE 4 WITH '%#' (ex: %1 == DOMAIN, %2 == PORT, %3 == URI) - # LINE 4: FUNCTION: REGEX THE URI ([MATCH ALL]) AND BUILD THE REDIRECT URL - # THE REGEX FROM LINE 4 CAN BE ACCESSED IN THE REDIRECT CONSTRUCTION WITH '$#' (ex: $1 == THE ENTIRE URI) - - cat >> $FILE <<END -\$HTTP["remoteip"] != "127.0.0.1" { - $HTTPS_REDIRECT_CONFIG \$HTTP["host"] =~ "^([^:^/]*)(:\d*)?(.*)" { - \$SERVER["socket"] == "[::]:$HTTPS_PORT" { - $HTTPX_REWRITE_URL - } - \$SERVER["socket"] == ":$HTTPS_PORT" { - $HTTPX_REWRITE_URL - } - \$SERVER["socket"] == ":$HTTP_PORT" { - $HTTPX_REWRITE_URL - } - } -} -END -} - -populate_www_images() { - local CONFIGIMAGES="/var/config/images" - local OEMIMAGES="/var/oem/images" - local WWWIMAGES="/var/volatile/www/images" - local WWWIMAGES_RO="/var/www/images_ro" - - # Populate images only once per boot - if [ ! -d $WWWIMAGES ]; then - - # Copy from oem partition to config partition - if [ ! -d $CONFIGIMAGES ]; then - if [ -d $OEMIMAGES ]; then - echo "Copying oem images" - mkdir -p $CONFIGIMAGES - cp -rf $OEMIMAGES/* $CONFIGIMAGES - fi - fi - - # Copy from root partition to RAM - mkdir -p $WWWIMAGES - cp -rf $WWWIMAGES_RO/* $WWWIMAGES - - # Overwrite with /var/config/images - if [ -d $CONFIGIMAGES ]; then - cp -rf $CONFIGIMAGES/* $WWWIMAGES - fi - fi -} - -wait_ready() { - # wait api - local retry=0 - local MAX=30 - sleep 1 - while [ $retry -lt $MAX ]; do - if [ "200" == "$(curl -s --unix-socket /var/run/api/http.sock -I -o /dev/null -w "%{http_code}" http://localhost/api/system)" ]; then - return - fi - retry=$(( $retry + 1 )) - echo "Waiting for API ($retry/$MAX)..." - sleep 1 - done - echo "Failed waiting API!" -} - -start() { - mkdir -p /var/volatile/www/tmp - lighttpd_custom_images_setup # detect mime types for UI Customization images and generate Lighttpd config fragment - - generate_config - - start-stop-daemon --start --background --exec $ANGEL -- $DAEMON $OPTS - - if [ "$CAPA_NODE_RED" = "true" ]; then - start-stop-daemon --start -x "$DAEMON" -p /var/run/lighttpd_nrs.pid -- $OPTS_NRS - fi - - wait_ready -} - -stop() { - start-stop-daemon --stop --exec $ANGEL - - if [ "$CAPA_NODE_RED" = "true" ]; then - start-stop-daemon --stop -x "$DAEMON" -p /var/run/lighttpd_nrs.pid - rm -f /var/run/lighttpd_nrs.pid - fi - - rm -f /var/run/config/lighttpd_* -} - -populate_www_images - -case "$1" in - start) - echo -n "Starting $DESC: " - start - echo "$NAME." - ;; - stop) - echo -n "Stopping $DESC: " - stop - echo "$NAME." - ;; - restart|force-reload) - echo -n "Restarting $DESC: " - stop - sleep 1 - start - echo "$NAME." - ;; - *) - N=/etc/init.d/$NAME - echo "Usage: $N {start|stop|restart|force-reload}" >&2 - exit 1 - ;; -esac - -exit 0 diff --git a/recipes-core/lighttpd/lighttpd_1.4.48.bb b/recipes-core/lighttpd/lighttpd_1.4.48.bb index a6b5d60..776acc9 100644 --- a/recipes-core/lighttpd/lighttpd_1.4.48.bb +++ b/recipes-core/lighttpd/lighttpd_1.4.48.bb @@ -28,7 +28,6 @@ RDEPENDS_${PN} += "bash file file-magic-db-images" SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.tar.gz \ file://lighttpd.conf \ file://lighttpd_nrs.conf \ - file://lighttpd.init \ file://lighttpd_custom_images_setup \ file://0001-lighttpd-pcre-use-pkg-config.patch;apply=true \ file://0004_fastcgi_env_with_unixsocket.patch;apply=true \ @@ -65,7 +64,6 @@ do_install_append() { install -d ${D}${sysconfdir}/init.d ${D}${sysconfdir}/lighttpd.d ${D}/www/pages/dav install -d 0644 ${D}${sysconfdir}/ssl install -m 0755 --group www -d ${D}${localstatedir}/www - install -m 0755 ${WORKDIR}/lighttpd.init ${D}${sysconfdir}/init.d/lighttpd install -m 0644 --group www ${WORKDIR}/lighttpd.conf ${D}${sysconfdir} install -m 0644 --group www ${WORKDIR}/lighttpd_nrs.conf ${D}${sysconfdir} |