20190416_jeffrey - silenceuncrio/diary GitHub Wiki
繼續 lighttpd
來搞定 CGI
lighttpd 相關文件可以看到
-
server.document-root
- document-root of the webserver
-
server.modules option
- 怎麼 load CGI module
-
The CGI-Module
- 怎麼 使用 CGI module
先把執行中的 lighttpd 砍掉
root@Cellular Router:~# ps aux | grep ligh
root 708 0.0 0.0 4288 180 ? S Apr15 0:06 /usr/sbin/lighttpd -f /etc/lighttpd.conf
root 15583 0.0 0.0 1772 320 ttymxc0 S+ 01:27 0:00 grep ligh
root@Cellular Router:~# killall lighttpd
root@Cellular Router:~# ps aux | grep ligh
root 18623 0.0 0.0 1768 320 ttymxc0 S+ 01:28 0:00 grep ligh
另存 configuration 來做實驗
root@Cellular Router:~# cp /etc/lighttpd.conf /etc/lighttpd.00.conf
root@Cellular Router:~# cp /etc/lighttpd.conf /etc/lighttpd.01.conf
修改 /etc/lighttpd.01.conf 如下
m300.bin
➜ images git:(develop) ✗ diff lighttpd.00.conf lighttpd.01.conf
29c29
< # "mod_cgi",
---
> "mod_cgi",
41c41
< server.document-root = "/www/pages/"
---
> server.document-root = "/www/"
224,226c224
< #cgi.assign = ( ".pl" => "/usr/bin/perl",
< # ".cgi" => "/usr/bin/perl" )
< #
---
> cgi.assign = ( ".cgi" => "" )看一下怎麼來執行 lighttpd
root@Cellular Router:/etc# lighttpd -h
lighttpd/1.4.36 (ssl) (Apr 15 2019 06:32:08) - a light and fast webserver
usage:
-f <name> filename of the config-file
-m <name> module directory (default: /usr/lib)
-p print the parsed config-file in internal form, and exit
-t test the config-file, and exit
-D don't go to background (default: go to background)
-v show version
-V show compile-time features
-h show this help
執行 lighttpd並套用修改過的 /etc/lighttpd.01.conf - lighttpd -f /etc/lighttpd.01.conf
root@Cellular Router:/etc# lighttpd -f /etc/lighttpd.01.conf
2019-04-16 01:46:12: (/home/user/build_small/tmp/work/cortexa7hf-vfp-neon-poky-linux-gnueabi/lighttpd/1.4.36-r0/lighttpd-1.4.36/src/plugin.c.169) dlopen() failed for: /usr/lib/mod_cgi.so /usr/lib/mod_cgi.so: cannot open shared object file: No such file or directory
2019-04-16 01:46:12: (/home/user/build_small/tmp/work/cortexa7hf-vfp-neon-poky-linux-gnueabi/lighttpd/1.4.36-r0/lighttpd-1.4.36/src/server.c.679) loading plugins finally failed
失敗了
看一下 lighttpd 的 recipe file - lighttpd_1.4.36.bb
➜ sources git:(develop) ✗ cat ./poky/meta/recipes-extended/lighttpd/lighttpd_1.4.36.bb
SUMMARY = "Lightweight high-performance web server"
HOMEPAGE = "http://www.lighttpd.net/"
BUGTRACKER = "http://redmine.lighttpd.net/projects/lighttpd/issues"
LICENSE = "BSD"
LIC_FILES_CHKSUM = "file://COPYING;md5=e4dac5c6ab169aa212feb5028853a579"
SECTION = "net"
DEPENDS = "zlib libpcre"
RDEPENDS_${PN} += " \
lighttpd-module-access \
lighttpd-module-accesslog \
lighttpd-module-indexfile \
lighttpd-module-dirlisting \
lighttpd-module-staticfile \
"
SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.tar.xz \
file://index.html.lighttpd \
file://lighttpd.conf \
file://lighttpd \
file://lighttpd.service \
file://pkgconfig.patch \
file://0001-mod_cgi-buffers-data-without-bound.patch \
"
SRC_URI[md5sum] = "1843daffcb018aa528f6d15d43544654"
SRC_URI[sha256sum] = "897ab6b1cc7bd51671f8af759e7846245fbbca0685c30017e93a5882a9ac1a53"
PACKAGECONFIG ??= "openssl"
PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl"
EXTRA_OECONF = " \
--without-bzip2 \
--without-ldap \
--without-lua \
--without-memcache \
--with-pcre \
--without-webdav-props \
--without-webdav-locks \
--disable-static \
"
inherit autotools pkgconfig update-rc.d gettext systemd
INITSCRIPT_NAME = "lighttpd"
INITSCRIPT_PARAMS = "defaults 70"
SYSTEMD_SERVICE_${PN} = "lighttpd.service"
do_install_append() {
install -d ${D}${sysconfdir}/init.d ${D}${sysconfdir}/lighttpd.d ${D}/www/pages/dav
install -m 0755 ${WORKDIR}/lighttpd ${D}${sysconfdir}/init.d
install -m 0644 ${WORKDIR}/lighttpd.conf ${D}${sysconfdir}
install -m 0644 ${WORKDIR}/index.html.lighttpd ${D}/www/pages/index.html
install -d ${D}${systemd_unitdir}/system
install -m 0644 ${WORKDIR}/lighttpd.service ${D}${systemd_unitdir}/system
sed -i -e 's,@SBINDIR@,${sbindir},g' \
-e 's,@SYSCONFDIR@,${sysconfdir},g' \
-e 's,@BASE_BINDIR@,${base_bindir},g' \
${D}${systemd_unitdir}/system/lighttpd.service
#For FHS compliance, create symbolic links to /var/log and /var/tmp for logs and temporary data
ln -sf ${localstatedir}/log ${D}/www/logs
ln -sf ${localstatedir}/tmp ${D}/www/var
}
FILES_${PN} += "${sysconfdir} /www"
CONFFILES_${PN} = "${sysconfdir}/lighttpd.conf"
PACKAGES_DYNAMIC += "^lighttpd-module-.*"
python populate_packages_prepend () {
lighttpd_libdir = d.expand('${libdir}')
do_split_packages(d, lighttpd_libdir, '^mod_(.*)\.so$', 'lighttpd-module-%s', 'Lighttpd module for %s', extra_depends='')
}
注意到
RDEPENDS_${PN} += " \
lighttpd-module-access \
lighttpd-module-accesslog \
lighttpd-module-indexfile \
lighttpd-module-dirlisting \
lighttpd-module-staticfile \
"
這剛好對應到 M300 上 /usr/lib/ 裡的 lighttpd modules
root@Cellular Router:/# ls -al /usr/lib/mod_*
-rwxr-xr-x 1 root root 5156 Apr 15 06:32 /usr/lib/mod_access.so
-rwxr-xr-x 1 root root 13288 Apr 15 06:32 /usr/lib/mod_accesslog.so
-rwxr-xr-x 1 root root 15872 Apr 15 06:32 /usr/lib/mod_dirlisting.so
-rwxr-xr-x 1 root root 5868 Apr 15 06:32 /usr/lib/mod_indexfile.so
-rwxr-xr-x 1 root root 10116 Apr 15 06:32 /usr/lib/mod_staticfile.so
root@Cellular Router:/#
所以我需要在 M300 的 /usr/lib/ 裡新增 mod_cgi.so 的話
應該修改 lighttpd 的 recipe file - lighttpd_1.4.36.bb 的 RDEPENDS_${PN}
再加上 lighttpd-module-cgi
新增 M300/meta-proscend/recipes-extended/lighttpd/lighttpd_1.4.36.bbappend
RDEPENDS_${PN} += " \
lighttpd-module-cgi \
"
# DISABLING INIT SCRIPT START LINKS
INITSCRIPT_PARAMS = "disable"
除了在 RDEPENDS_${PN} 加上 lighttpd-module-cgi 之外
再加上 INITSCRIPT_PARAMS = "disable" 蓋掉 lighttpd_1.4.36.bb 裡的 INITSCRIPT_PARAMS = "defaults 70"
這樣 lighttpd 就不會在 M300 開機後自己跑起來了
root@Cellular Router:~# cd /tmp
root@Cellular Router:/tmp# tftp -g -r lighttpd.01.conf 192.168.1.113
root@Cellular Router:/tmp# lighttpd -f /tmp/lighttpd.01.conf
2019-04-16 05:19:36: (/home/user/build_small/tmp/work/cortexa7hf-vfp-neon-poky-linux-gnueabi/lighttpd/1.4.36-r0/lighttpd-1.4.36/src/plugin.c.169) dlopen() failed for: /usr/lib/mod_cgi.so /usr/lib/mod_cgi.so: undefined symbol: chunkqueue_written
2019-04-16 05:19:36: (/home/user/build_small/tmp/work/cortexa7hf-vfp-neon-poky-linux-gnueabi/lighttpd/1.4.36-r0/lighttpd-1.4.36/src/server.c.679) loading plugins finally failed
不一樣的錯誤
這篇文章表示 lighttpd_1.4.36.bb 這個 recipe 的 patch 0001-mod_cgi-buffers-data-without-bound.patch
The patch uses internal API functions from older versions of lighttpd which don't exist in this version.
Remove the patch, pending a better fix.
一樣是利用 lighttpd_1.4.36.bbappend 再定義 SRC_URI 來蓋掉 lighttpd_1.4.36.bb 裡的定義
SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.tar.xz \
file://index.html.lighttpd \
file://lighttpd.conf \
file://lighttpd \
file://lighttpd.service \
file://pkgconfig.patch \
"
root@Cellular Router:/# cd /tmp
root@Cellular Router:/tmp# tftp -g -r lighttpd.01.conf 192.168.1.113
root@Cellular Router:/tmp# lighttpd -f /tmp/lighttpd.01.conf
root@Cellular Router:/tmp# ps aux | grep lig
root 5661 0.0 0.0 4372 224 ? S 05:53 0:00 lighttpd -f /tmp/lighttpd.01.conf
root 6276 0.0 0.0 1768 320 ttymxc0 S+ 05:53 0:00 grep lig
終於成功了
試一下 CGI http://192.168.1.1/cgi-bin/dmz.cgi?act=config
沒問題
再來是 HTTPS
這才是關鍵
lighttpd 的 HTTPS 要夠穩定才行
HTTPS 一樣有參考文件可以看
照這份文件的說法
If lighty has successfully compiled SSL the command
lighttpd -vShould display (Keep in mind that this new lighty version now has (ssl) after lightys name)lighttpd-1.4.11 (ssl) - a light and fast webserver Build-Date: Sep 1 2006 19:09:15
那 M300 目前的 lighttpd 就已經有 ssl 了
uter:/usr/lib/ssl# lighttpd -h
lighttpd/1.4.36 (ssl) (Apr 16 2019 05:47:09) - a light and fast webserver
usage:
-f <name> filename of the config-file
-m <name> module directory (default: /usr/lib)
-p print the parsed config-file in internal form, and exit
-t test the config-file, and exit
-D don't go to background (default: go to background)
-v show version
-V show compile-time features
-h show this help
參考 Setting up a simple SSL configuration 來試試
再另存一份 configuration - lighttpd.02.conf
修改後與原本的 config 差異如下
29c29
< # "mod_cgi",
---
> "mod_cgi",
41c41
< server.document-root = "/www/pages/"
---
> server.document-root = "/www/"
224,226c224
< #cgi.assign = ( ".pl" => "/usr/bin/perl",
< # ".cgi" => "/usr/bin/perl" )
< #
---
> cgi.assign = ( ".cgi" => "" )
230a229,233
>
> $SERVER["socket"] == ":443" {
> ssl.engine = "enable"
> ssl.pemfile = "/etc/lighttpd/certs/lighttpd.pem"
> }依照文件來產生 lighttpd.pem
root@Cellular Router:/usr/lib/ssl# mkdir /etc/lighttpd/certs -p
root@Cellular Router:/usr/lib/ssl# cd /etc/lighttpd/certs/
< -new -x509 -keyout lighttpd.pem -out lighttpd.pem -days 365 -nodes
Generating a 2048 bit RSA private key
.....................................+++
.........+++
writing new private key to 'lighttpd.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:
root@Cellular Router:/etc/lighttpd/certs# chmod 400 lighttpd.pem
先把剛才 run 起來的 lighttpd process 砍掉後再套用 lighttpd.02.conf
root@Cellular Router:/etc/lighttpd/certs# ps aux | grep lighttpd
root 922 0.0 0.0 1768 320 ttymxc0 S+ 07:13 0:00 grep lightt
root 5661 0.0 0.2 4636 1320 ? S 05:53 0:00 lighttpd -f /tmp/lighttpd.01.conf
root@Cellular Router:/etc/lighttpd/certs# killall lighttpd
root@Cellular Router:/etc/lighttpd/certs# ps aux | grep lightt
root 1251 0.0 0.0 1768 320 ttymxc0 S+ 07:13 0:00 grep lightt
root@Cellular Router:/etc/lighttpd/certs# cd /tmp
root@Cellular Router:/tmp# tftp -g -r lighttpd.02.conf 192.168.1.113
root@Cellular Router:/tmp# lighttpd -f /tmp/lighttpd.02.conf
root@Cellular Router:/tmp# ps aux | grep lighttpd
root 3182 0.0 0.0 4504 352 ? S 07:14 0:00 lighttpd -f /tmp/lighttpd.02.conf
root 7464 0.0 0.0 1768 320 ttymxc0 S+ 07:15 0:00 grep lighttpd
利用 https://192.168.1.1/cgi-bin/dmz.cgi?act=config 做一下實驗
browser 多按幾次 F5 觀察一下會不會死掉
快速的連續按了好幾次都沒有問題
繼續前進之前應該要先利用 git flow feature 建立一個 lighttpd 的 feature branch
起手式 git flow init
➜ M300 git:(develop) ✗ git flow init [15/430]
Which branch should be used for bringing forth production releases?
- develop
- feature/react
- feature/sierra_sdk
- hotfix/v1.70
- hotfix/v1.72
- hotfix/v1.73
- hotfix/v1.74
- hotfix/v1.75
- hotfix/v1.76
- hotfix/v1.76-wifi-eva
- hotfix/v1.77
- master
- release/v1.69
- release/v1.70
- release/v1.71
- release/v1.74
- v1.68-mfg
- v1.69-mfg
- v1.75-mfg
- v1.76-mfg
Branch name for production releases: [master]
Which branch should be used for integration of the "next release"?
- develop
- feature/react
- feature/sierra_sdk
- hotfix/v1.70
- hotfix/v1.72
- hotfix/v1.73
- hotfix/v1.74
- hotfix/v1.75
- hotfix/v1.76
- hotfix/v1.76-wifi-eva
- hotfix/v1.77
- release/v1.69
- release/v1.70
- release/v1.71
- release/v1.74
- v1.68-mfg
- v1.69-mfg
- v1.75-mfg
- v1.76-mfg
Branch name for "next release" development: [develop]
How to name your supporting branch prefixes?
Feature branches? [feature/]
Bugfix branches? [bugfix/]
Release branches? [release/]
Hotfix branches? [hotfix/]
Support branches? [support/]
Version tag prefix? []
Hooks and filters directory? [/home/jeffrey/M300/.git/hooks]
git flow feature start lighttpd
➜ M300 git:(develop) ✗ git flow feature start lighttpd
Switched to a new branch 'feature/lighttpd'
Summary of actions:
- A new branch 'feature/lighttpd' was created, based on 'develop'
- You are now on branch 'feature/lighttpd'
Now, start committing on your feature. When done, use:
git flow feature finish lighttpd
➜ M300 git:(feature/lighttpd) ✗
把剛剛 stash 的再 apply 回來
稍微整理一下等等要 commit 的東西