From e310beaf18513ea10cd49bba71fd08f69a346fff Mon Sep 17 00:00:00 2001 From: Jesse Gilles Date: Mon, 27 Apr 2015 16:55:30 -0500 Subject: lighttpd: disable debug logging, add log rotation, no start on boot by default --- recipes-extended/lighttpd/lighttpd/lighttpd | 42 +++ recipes-extended/lighttpd/lighttpd/lighttpd.conf | 327 +++++++++++++++++++++ .../lighttpd/lighttpd/lighttpd.default | 2 + .../lighttpd/lighttpd/lighttpd.logrotate.conf | 6 + recipes-extended/lighttpd/lighttpd_1.4.33.bbappend | 18 +- 5 files changed, 394 insertions(+), 1 deletion(-) create mode 100644 recipes-extended/lighttpd/lighttpd/lighttpd create mode 100644 recipes-extended/lighttpd/lighttpd/lighttpd.conf create mode 100644 recipes-extended/lighttpd/lighttpd/lighttpd.default create mode 100644 recipes-extended/lighttpd/lighttpd/lighttpd.logrotate.conf (limited to 'recipes-extended') diff --git a/recipes-extended/lighttpd/lighttpd/lighttpd b/recipes-extended/lighttpd/lighttpd/lighttpd new file mode 100644 index 0000000..10335f4 --- /dev/null +++ b/recipes-extended/lighttpd/lighttpd/lighttpd @@ -0,0 +1,42 @@ +#!/bin/sh + +PATH=/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/lighttpd +NAME=lighttpd +DESC="Lighttpd Web Server" +OPTS="-f /etc/lighttpd.conf" + +ENABLED=yes +[ -f /etc/default/$NAME ] && . /etc/default/$NAME + +if [ "$ENABLED" != "yes" ]; then + echo "$NAME: disabled in /etc/default" + exit +fi + +case "$1" in + start) + echo -n "Starting $DESC: " + start-stop-daemon --start -x "$DAEMON" -- $OPTS + echo "$NAME." + ;; + stop) + echo -n "Stopping $DESC: " + start-stop-daemon --stop -x "$DAEMON" + echo "$NAME." + ;; + restart|force-reload) + echo -n "Restarting $DESC: " + start-stop-daemon --stop -x "$DAEMON" + sleep 1 + start-stop-daemon --start -x "$DAEMON" -- $OPTS + echo "$NAME." + ;; + *) + N=/etc/init.d/$NAME + echo "Usage: $N {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/recipes-extended/lighttpd/lighttpd/lighttpd.conf b/recipes-extended/lighttpd/lighttpd/lighttpd.conf new file mode 100644 index 0000000..ad462f8 --- /dev/null +++ b/recipes-extended/lighttpd/lighttpd/lighttpd.conf @@ -0,0 +1,327 @@ +# lighttpd configuration file +# +# use it as a base for lighttpd 1.0.0 and above +# +# $Id: lighttpd.conf,v 1.7 2004/11/03 22:26:05 weigon Exp $ + +############ Options you really have to take care of #################### + +## modules to load +# at least mod_access and mod_accesslog should be loaded +# all other module should only be loaded if really neccesary +# - saves some time +# - saves memory +server.modules = ( +# "mod_rewrite", +# "mod_redirect", +# "mod_alias", + "mod_access", +# "mod_cml", +# "mod_trigger_b4_dl", +# "mod_auth", +# "mod_status", +# "mod_setenv", +# "mod_fastcgi", +# "mod_proxy", +# "mod_simple_vhost", +# "mod_evhost", +# "mod_userdir", +# "mod_cgi", +# "mod_compress", +# "mod_ssi", +# "mod_usertrack", +# "mod_expire", +# "mod_secdownload", +# "mod_rrdtool", +# "mod_webdav", + "mod_accesslog" ) + +## a static document-root, for virtual-hosting take look at the +## server.virtual-* options +server.document-root = "/www/pages/" + +## where to send error-messages to +server.errorlog = "/var/log/lighttpd.error.log" + +# files to check for if .../ is requested +index-file.names = ( "index.php", "index.html", + "index.htm", "default.htm" ) + +## set the event-handler (read the performance section in the manual) +# server.event-handler = "freebsd-kqueue" # needed on OS X + +# mimetype mapping +mimetype.assign = ( + ".pdf" => "application/pdf", + ".sig" => "application/pgp-signature", + ".spl" => "application/futuresplash", + ".class" => "application/octet-stream", + ".ps" => "application/postscript", + ".torrent" => "application/x-bittorrent", + ".dvi" => "application/x-dvi", + ".gz" => "application/x-gzip", + ".pac" => "application/x-ns-proxy-autoconfig", + ".swf" => "application/x-shockwave-flash", + ".tar.gz" => "application/x-tgz", + ".tgz" => "application/x-tgz", + ".tar" => "application/x-tar", + ".zip" => "application/zip", + ".mp3" => "audio/mpeg", + ".m3u" => "audio/x-mpegurl", + ".wma" => "audio/x-ms-wma", + ".wax" => "audio/x-ms-wax", + ".ogg" => "application/ogg", + ".wav" => "audio/x-wav", + ".gif" => "image/gif", + ".jpg" => "image/jpeg", + ".jpeg" => "image/jpeg", + ".png" => "image/png", + ".xbm" => "image/x-xbitmap", + ".xpm" => "image/x-xpixmap", + ".xwd" => "image/x-xwindowdump", + ".css" => "text/css", + ".html" => "text/html", + ".htm" => "text/html", + ".js" => "text/javascript", + ".asc" => "text/plain", + ".c" => "text/plain", + ".cpp" => "text/plain", + ".log" => "text/plain", + ".conf" => "text/plain", + ".text" => "text/plain", + ".txt" => "text/plain", + ".dtd" => "text/xml", + ".xml" => "text/xml", + ".mpeg" => "video/mpeg", + ".mpg" => "video/mpeg", + ".mov" => "video/quicktime", + ".qt" => "video/quicktime", + ".avi" => "video/x-msvideo", + ".asf" => "video/x-ms-asf", + ".asx" => "video/x-ms-asf", + ".wmv" => "video/x-ms-wmv", + ".bz2" => "application/x-bzip", + ".tbz" => "application/x-bzip-compressed-tar", + ".tar.bz2" => "application/x-bzip-compressed-tar" + ) + +# Use the "Content-Type" extended attribute to obtain mime type if possible +#mimetype.use-xattr = "enable" + + +## send a different Server: header +## be nice and keep it at lighttpd +# server.tag = "lighttpd" + +#### accesslog module +accesslog.filename = "/var/log/lighttpd.access.log" + +## deny access the file-extensions +# +# ~ is for backupfiles from vi, emacs, joe, ... +# .inc is often used for code includes which should in general not be part +# of the document-root +url.access-deny = ( "~", ".inc" ) + +$HTTP["url"] =~ "\.pdf$" { + server.range-requests = "disable" +} + +## +# which extensions should not be handle via static-file transfer +# +# .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi +static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) + +######### Options that are good to be but not neccesary to be changed ####### + +## bind to port (default: 80) +#server.port = 81 + +## bind to localhost (default: all interfaces) +#server.bind = "grisu.home.kneschke.de" + +## error-handler for status 404 +#server.error-handler-404 = "/error-handler.html" +#server.error-handler-404 = "/error-handler.php" + +## to help the rc.scripts +#server.pid-file = "/var/run/lighttpd.pid" + + +###### virtual hosts +## +## If you want name-based virtual hosting add the next three settings and load +## mod_simple_vhost +## +## document-root = +## virtual-server-root + virtual-server-default-host + virtual-server-docroot +## or +## virtual-server-root + http-host + virtual-server-docroot +## +#simple-vhost.server-root = "/home/weigon/wwwroot/servers/" +#simple-vhost.default-host = "grisu.home.kneschke.de" +#simple-vhost.document-root = "/pages/" + + +## +## Format: .html +## -> ..../status-404.html for 'File not found' +#server.errorfile-prefix = "/home/weigon/projects/lighttpd/doc/status-" + +## virtual directory listings +#dir-listing.activate = "enable" + +## enable debugging +#debug.log-request-header = "enable" +#debug.log-response-header = "enable" +#debug.log-request-handling = "enable" +#debug.log-file-not-found = "enable" + +### only root can use these options +# +# chroot() to directory (default: no chroot() ) +#server.chroot = "/" + +## change uid to (default: don't care) +#server.username = "wwwrun" + +## change uid to (default: don't care) +#server.groupname = "wwwrun" + +#### compress module +#compress.cache-dir = "/tmp/lighttpd/cache/compress/" +#compress.filetype = ("text/plain", "text/html") + +#### proxy module +## read proxy.txt for more info +#proxy.server = ( ".php" => +# ( "localhost" => +# ( +# "host" => "192.168.0.101", +# "port" => 80 +# ) +# ) +# ) + +#### fastcgi module +## read fastcgi.txt for more info +## for PHP don't forget to set cgi.fix_pathinfo = 1 in the php.ini +#fastcgi.server = ( ".php" => +# ( "localhost" => +# ( +# "socket" => "/tmp/php-fastcgi.socket", +# "bin-path" => "/usr/local/bin/php" +# ) +# ) +# ) + +#### CGI module +#cgi.assign = ( ".pl" => "/usr/bin/perl", +# ".cgi" => "/usr/bin/perl" ) +# + +#### SSL engine +#ssl.engine = "enable" +#ssl.pemfile = "server.pem" + +#### status module +#status.status-url = "/server-status" +#status.config-url = "/server-config" + +#### auth module +## read authentication.txt for more info +#auth.backend = "plain" +#auth.backend.plain.userfile = "lighttpd.user" +#auth.backend.plain.groupfile = "lighttpd.group" + +#auth.backend.ldap.hostname = "localhost" +#auth.backend.ldap.base-dn = "dc=my-domain,dc=com" +#auth.backend.ldap.filter = "(uid=$)" + +#auth.require = ( "/server-status" => +# ( +# "method" => "digest", +# "realm" => "download archiv", +# "require" => "user=jan" +# ), +# "/server-config" => +# ( +# "method" => "digest", +# "realm" => "download archiv", +# "require" => "valid-user" +# ) +# ) + +#### url handling modules (rewrite, redirect, access) +#url.rewrite = ( "^/$" => "/server-status" ) +#url.redirect = ( "^/wishlist/(.+)" => "http://www.123.org/$1" ) + +#### both rewrite/redirect support back reference to regex conditional using %n +#$HTTP["host"] =~ "^www\.(.*)" { +# url.redirect = ( "^/(.*)" => "http://%1/$1" ) +#} + +# +# define a pattern for the host url finding +# %% => % sign +# %0 => domain name + tld +# %1 => tld +# %2 => domain name without tld +# %3 => subdomain 1 name +# %4 => subdomain 2 name +# +#evhost.path-pattern = "/home/storage/dev/www/%3/htdocs/" + +#### expire module +#expire.url = ( "/buggy/" => "access 2 hours", "/asdhas/" => "access plus 1 seconds 2 minutes") + +#### ssi +#ssi.extension = ( ".shtml" ) + +#### rrdtool +#rrdtool.binary = "/usr/bin/rrdtool" +#rrdtool.db-name = "/var/www/lighttpd.rrd" + +#### setenv +#setenv.add-request-header = ( "TRAV_ENV" => "mysql://user@host/db" ) +#setenv.add-response-header = ( "X-Secret-Message" => "42" ) + +## for mod_trigger_b4_dl +# trigger-before-download.gdbm-filename = "/home/weigon/testbase/trigger.db" +# trigger-before-download.memcache-hosts = ( "127.0.0.1:11211" ) +# trigger-before-download.trigger-url = "^/trigger/" +# trigger-before-download.download-url = "^/download/" +# trigger-before-download.deny-url = "http://127.0.0.1/index.html" +# trigger-before-download.trigger-timeout = 10 + +## for mod_cml +## don't forget to add index.cml to server.indexfiles +# cml.extension = ".cml" +# cml.memcache-hosts = ( "127.0.0.1:11211" ) + +#### variable usage: +## variable name without "." is auto prefixed by "var." and becomes "var.bar" +#bar = 1 +#var.mystring = "foo" + +## integer add +#bar += 1 +## string concat, with integer cast as string, result: "www.foo1.com" +#server.name = "www." + mystring + var.bar + ".com" +## array merge +#index-file.names = (foo + ".php") + index-file.names +#index-file.names += (foo + ".php") + +#### include +#include /etc/lighttpd/lighttpd-inc.conf +## same as above if you run: "lighttpd -f /etc/lighttpd/lighttpd.conf" +#include "lighttpd-inc.conf" + +#### include_shell +#include_shell "echo var.a=1" +## the above is same as: +#var.a=1 + +# include other config file fragments from lighttpd.d subdir +include_shell "find /etc/lighttpd.d -maxdepth 1 -name '*.conf' -exec cat {} \;" diff --git a/recipes-extended/lighttpd/lighttpd/lighttpd.default b/recipes-extended/lighttpd/lighttpd/lighttpd.default new file mode 100644 index 0000000..0f92640 --- /dev/null +++ b/recipes-extended/lighttpd/lighttpd/lighttpd.default @@ -0,0 +1,2 @@ +# set to "yes" or "no" to control starting on boot +ENABLED="no" diff --git a/recipes-extended/lighttpd/lighttpd/lighttpd.logrotate.conf b/recipes-extended/lighttpd/lighttpd/lighttpd.logrotate.conf new file mode 100644 index 0000000..2a59ec2 --- /dev/null +++ b/recipes-extended/lighttpd/lighttpd/lighttpd.logrotate.conf @@ -0,0 +1,6 @@ +/var/log/lighttpd.error.log /var/log/lighttpd.access.log { + size 512k + rotate 4 + compress + copytruncate +} diff --git a/recipes-extended/lighttpd/lighttpd_1.4.33.bbappend b/recipes-extended/lighttpd/lighttpd_1.4.33.bbappend index 885737e..5ef310b 100644 --- a/recipes-extended/lighttpd/lighttpd_1.4.33.bbappend +++ b/recipes-extended/lighttpd/lighttpd_1.4.33.bbappend @@ -1,5 +1,21 @@ +PR .= "mlinux1" + # build with openssl support DEPENDS += " openssl " -RDEPENDS_${PN} += " openssl " +RDEPENDS_${PN} += " openssl logrotate " EXTRA_OECONF += "--with-openssl" + +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}" + +SRC_URI += "file://lighttpd.logrotate.conf \ + file://lighttpd.default" + +do_install_append() { + install -d ${D}${sysconfdir}/logrotate.d + install -d ${D}${sysconfdir}/default + install -m 0644 ${WORKDIR}/lighttpd.logrotate.conf ${D}${sysconfdir}/logrotate.d/lighttpd.conf + install -m 0644 ${WORKDIR}/lighttpd.default ${D}${sysconfdir}/default/lighttpd +} + +CONFFILES_${PN} += "${sysconfdir}/default/lighttpd ${sysconfdir}/logrotate.d/lighttpd.conf" -- cgit v1.2.3