20190619_jeffrey - silenceuncrio/diary GitHub Wiki
開始進行 M330 上的 Change web server to avoid https unstable
source code 下最外層利用 make menuconfig 進 OpenWrt Configuration
lighttpd 在 Network > Web Servers/Proxies > lighttpd
另外從 source base 的 package/feeds/packages/lighttpd/Makefile 可以看到
PKG_NAME:=lighttpd
PKG_VERSION:=1.4.30
PKG_RELEASE:=2
M300 的 lighttpd 版本為 1.4.36
該版本在 file upload 時會有問題
所以我才在 M300 上把 lighttpd 從 1.4.36 升級到 1.4.53
M330 上現成的 lighttpd package 版本 1.4.30 比 M300 還舊
我想 M330 先保持在版本 1.4.30
先讓 lighttpd 能在 M330 上執行再看看有沒有 file upload 的問題
回到 OpenWrt Configuration
lighttpd 還有很多 module 提供給我們做選擇
我們需要
- lighttpd-mod-cgi - CGI module
- lighttpd-mod-rewrite - URL rewriting module
--- lighttpd........................... A flexible and lightweight web server
[*] SSL support (NEW)
< > lighttpd-mod-access........................... Access restrictions module (NEW)
< > lighttpd-mod-accesslog............................. Access logging module (NEW)
< > lighttpd-mod-alias................................ Directory alias module (NEW)
< > lighttpd-mod-auth.................................. Authentication module (NEW)
<*> lighttpd-mod-cgi.............................................. CGI module
< > lighttpd-mod-cml.............................. Cache Meta Language module (NEW)
< > lighttpd-mod-compress............................. Compress output module (NEW)
< > lighttpd-mod-evasive...................................... Evasive module (NEW)
< > lighttpd-mod-evhost..................... Exnhanced Virtual-Hosting module (NEW)
< > lighttpd-mod-expire........................................ Expire module (NEW)
< > lighttpd-mod-extforward......................... Extract client IP module (NEW)
< > lighttpd-mod-fastcgi...................................... FastCGI module (NEW)
< > lighttpd-mod-flv-streaming.......................... flv streaming module (NEW)
< > lighttpd-mod-magnet........................................ magnet module (NEW)
< > lighttpd-mod-proxy.......................................... Proxy module (NEW)
< > lighttpd-mod-redirect............................. URL redirection module (NEW)
<*> lighttpd-mod-rewrite................................ URL rewriting module
< > lighttpd-mod-rrdtool...................................... rrdtool module (NEW)
< > lighttpd-mod-scgi............................................ SCGI module (NEW)
< > lighttpd-mod-secdownload................. Secure and fast download module (NEW)
< > lighttpd-mod-setenv.................. Environment variable setting module (NEW)
< > lighttpd-mod-simple-vhost.................. Simple virtual hosting module (NEW)
< > lighttpd-mod-ssi.............................................. SSI module (NEW)
< > lighttpd-mod-status......................... Server status display module (NEW)
< > lighttpd-mod-trigger-b4-dl................ Trigger before download module (NEW)
< > lighttpd-mod-userdir............................... User directory module (NEW)
< > lighttpd-mod-usertrack.............................. User tracking module (NEW)
< > lighttpd-mod-webdav........................................ WebDAV module (NEW)
存檔並退出 OpenWrt Configuration 我們在最外層可以從 .config 看到 lighttpd 相關的 compiler flag
...
#
# Web Servers/Proxies
#
# CONFIG_PACKAGE_apache is not set
# CONFIG_PACKAGE_appweb is not set
# CONFIG_PACKAGE_axhttpd is not set
# CONFIG_PACKAGE_axtlswrap is not set
# CONFIG_PACKAGE_crowdcontrol is not set
# CONFIG_PACKAGE_dansguardian is not set
# CONFIG_PACKAGE_haproxy is not set
# CONFIG_PACKAGE_hiawatha is not set
CONFIG_PACKAGE_lighttpd=y
CONFIG_LIGHTTPD_SSL=y
# CONFIG_PACKAGE_lighttpd-mod-access is not set
# CONFIG_PACKAGE_lighttpd-mod-accesslog is not set
# CONFIG_PACKAGE_lighttpd-mod-alias is not set
# CONFIG_PACKAGE_lighttpd-mod-auth is not set
CONFIG_PACKAGE_lighttpd-mod-cgi=y
# CONFIG_PACKAGE_lighttpd-mod-cml is not set
# CONFIG_PACKAGE_lighttpd-mod-compress is not set
# CONFIG_PACKAGE_lighttpd-mod-evasive is not set
# CONFIG_PACKAGE_lighttpd-mod-evhost is not set
# CONFIG_PACKAGE_lighttpd-mod-expire is not set
# CONFIG_PACKAGE_lighttpd-mod-extforward is not set
# CONFIG_PACKAGE_lighttpd-mod-fastcgi is not set
# CONFIG_PACKAGE_lighttpd-mod-flv-streaming is not set
# CONFIG_PACKAGE_lighttpd-mod-magnet is not set
# CONFIG_PACKAGE_lighttpd-mod-proxy is not set
# CONFIG_PACKAGE_lighttpd-mod-redirect is not set
CONFIG_PACKAGE_lighttpd-mod-rewrite=y
# CONFIG_PACKAGE_lighttpd-mod-rrdtool is not set
# CONFIG_PACKAGE_lighttpd-mod-scgi is not set
# CONFIG_PACKAGE_lighttpd-mod-secdownload is not set
# CONFIG_PACKAGE_lighttpd-mod-setenv is not set
# CONFIG_PACKAGE_lighttpd-mod-simple-vhost is not set
# CONFIG_PACKAGE_lighttpd-mod-ssi is not set
# CONFIG_PACKAGE_lighttpd-mod-status is not set
# CONFIG_PACKAGE_lighttpd-mod-trigger-b4-dl is not set
# CONFIG_PACKAGE_lighttpd-mod-userdir is not set
# CONFIG_PACKAGE_lighttpd-mod-usertrack is not set
# CONFIG_PACKAGE_lighttpd-mod-webdav is not set
...
我們不能直接使用 .config
而是要參考該檔案來修改 M330_defconfig
先作以下修改
diff --git a/M330_defconfig b/M330_defconfig
old mode 100755
new mode 100644
index d1c3307..05bc678
--- a/M330_defconfig
+++ b/M330_defconfig
@@ -3528,7 +3528,10 @@ CONFIG_PACKAGE_strongswan-mod-updown=y
# CONFIG_PACKAGE_dansguardian is not set
# CONFIG_PACKAGE_haproxy is not set
# CONFIG_PACKAGE_hiawatha is not set
-# CONFIG_PACKAGE_lighttpd is not set
+CONFIG_PACKAGE_lighttpd=y
+CONFIG_LIGHTTPD_SSL=y
+CONFIG_PACKAGE_lighttpd-mod-cgi=y
+CONFIG_PACKAGE_lighttpd-mod-rewrite=y
# CONFIG_PACKAGE_mini-httpd is not set
# CONFIG_PACKAGE_mini-httpd-htpasswd is not set
# CONFIG_PACKAGE_mini-httpd-matrixssl is not set退出 M330 build 的 docker container 後再進入
cd /home/user
source proenv.sh
直接在外層下 make
外層 build 好了
進 proscend 再 build
透過 uboot 做 firmware upgrade 後進 linux
root@M330:~# lighttpd -h
lighttpd/1.4.30 (ssl) (Jun 19 2019 01:51:39) - a light and fast webserver
usage:
-f <name> filename of the config-file
-m <name> module directory (default: /usr/lib/lighttpd)
-p print the parsed config-file in internal form, and exit
-t test the config-file, and exit
-D don't go to background (default: go to background)
-v show version
-V show compile-time features
-h show this help
從 M300 抄個 config 確認 lighttpd 是否可執行
順便測一下 HTTPS
記得 M300 產生 certification 的 shell script - /usr/sbin/icos/web_x509_lighttpd.sh
#!/bin/bash
openssl req -x509 -newkey rsa:2048 -keyout /tmp/icos/web/lighttpd.pem -out /tmp/icos/web/lighttpd.pem -days 3650 -nodes -subj '/CN=localhost'
mv /tmp/icos/web/lighttpd.pem /etc/icos/web/lighttpd.pem
syncM300 上 lighttpd 的 config - /tmp/icos/web/lighttpd.conf
server.document-root = "/www/"
server.bind = "0.0.0.0"
server.port = 80
$SERVER["socket"] == "[::]:80" { }
$SERVER["socket"] == "0.0.0.0:443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/icos/web/lighttpd.pem"
}
$SERVER["socket"] == "[::]:443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/icos/web/lighttpd.pem"
}
server.modules = ( "mod_rewrite", "mod_access", "mod_cgi", "mod_openssl", "mod_accesslog" )
index-file.names = ( "index.html" )
mimetype.assign = (
".gif" => "image/gif",
".jpg" => "image/jpeg",
".jpeg" => "image/jpeg",
".png" => "image/png",
".css" => "text/css",
".html" => "text/html",
".htm" => "text/html",
".txt" => "text/plain",
)
cgi.assign = ( ".cgi" => "" )
url.rewrite = (
"^/api/([a-zA-Z]+)[0-9a-zA-Z=.?]*$" => "/cgi-bin/api.cgi?act=$1",
"^/(DO_ON|DO_OFF|DO_PULSE|RESTORE_DO_ALARM)$" => "/cgi-bin/api.cgi?act=$1",
)
在 M330 上利用 M300 目前的 /usr/sbin/icos/web_x509_lighttpd.sh 來產生 certification
一樣產出在 /etc/icos/web
root@M330:/tmp# ls -al /etc/icos/web/
drwxr-xr-x 2 root root 376 Jan 1 00:02 .
drwxr-xr-x 50 root root 3304 Jan 1 00:00 ..
-rw-r--r-- 1 root root 1094 Jan 1 00:01 iweb_cert.pem
-rw-r--r-- 1 root root 1704 Jan 1 00:01 iweb_key.pem
-rw-r--r-- 1 root root 2798 Jan 1 00:02 lighttpd.pem
參考 M300 的 config 另外寫一隻給 M330 用 - /tmp/icos/web/lighttpd.conf
server.document-root = "/www/"
server.bind = "0.0.0.0"
server.port = 3000
$SERVER["socket"] == "[::]:3000" { }
$SERVER["socket"] == "0.0.0.0:3443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/icos/web/lighttpd.pem"
}
$SERVER["socket"] == "[::]:3443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/icos/web/lighttpd.pem"
}
server.modules = ( "mod_rewrite", "mod_cgi" )
index-file.names = ( "index.html" )
mimetype.assign = (
".gif" => "image/gif",
".jpg" => "image/jpeg",
".jpeg" => "image/jpeg",
".png" => "image/png",
".css" => "text/css",
".html" => "text/html",
".htm" => "text/html",
".txt" => "text/plain",
)
cgi.assign = ( ".cgi" => "" )
url.rewrite = (
"^/api/([a-zA-Z]+)[0-9a-zA-Z=.?]*$" => "/cgi-bin/api.cgi?act=$1",
"^/(DO_ON|DO_OFF|DO_PULSE|RESTORE_DO_ALARM)$" => "/cgi-bin/api.cgi?act=$1",
)
注意到 server.modules 的部分修改如下
server.modules = ( "mod_rewrite", "mod_cgi" )
還有 HTTP/HTTPS port 要閃一下目前正在運行的 iweb 與 nginx
試試看吧
root@M330:/tmp/icos/web# lighttpd -f /tmp/icos/web/lighttpd.conf
root@M330:/tmp/icos/web# 1970-01-01 00:13:21: (log.c.166) server started
root@M330:/tmp/icos/web# ps | grep light
8687 root 3572 S lighttpd -f /tmp/icos/web/lighttpd.conf
9284 root 1856 S grep light
process 跑起來了
直接用 browser 試試
-
http://192.168.1.1:3000- PASS -
http://[2001:b400:e235:ed4f::1]:3000- PASS- 反應很慢
-
https://192.168.1.1:3443- PASS -
https://[2001:b400:e235:ed4f::1]:3443- PASS- 反應很慢
ipv6 反應很慢 是個 issue - 思考一下是否透過 DQA 來回報該 issue
繼續前進
應該可以為了 lighttpd 一樣在 M330 上開一條 git flow feature
➜ m330 git:(develop) ✗ git flow feature start lighttpd
Fatal: Not a gitflow-enabled repo yet. Please run 'git flow init' first.
➜ m330 git:(develop) ✗ git flow init
Which branch should be used for bringing forth production releases?
- develop
- feature/proscend-porting
- master
- release/v0.01
- release/v0.02
- release/v0.03
Branch name for production releases: [master]
Which branch should be used for integration of the "next release"?
- develop
- feature/proscend-porting
- release/v0.01
- release/v0.02
- release/v0.03
Branch name for "next release" development: [develop]
How to name your supporting branch prefixes?
Feature branches? [feature/]
Bugfix branches? [bugfix/]
Release branches? [release/]
Hotfix branches? [hotfix/]
Support branches? [support/]
Version tag prefix? []
Hooks and filters directory? [/home/jeffrey/m330/.git/hooks]
➜ m330 git:(develop) ✗ git flow feature start lighttpd
Switched to a new branch 'feature/lighttpd'
Summary of actions:
- A new branch 'feature/lighttpd' was created, based on 'develop'
- You are now on branch 'feature/lighttpd'
Now, start committing on your feature. When done, use:
git flow feature finish lighttpd
➜ m330 git:(feature/lighttpd) ✗
OenWrt 的系統在 /etc/init.d 之下有個 lighttpd 在系統一開機的時候會去啟動
/etc/init.d/lighttpd
#!/bin/sh /etc/rc.common
# Copyright (C) 2006-2011 OpenWrt.org
SERVICE_USE_PID=1
START=50
start() {
mkdir -m 0755 -p /var/log/lighttpd
service_start /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf
}
stop() {
service_stop /usr/sbin/lighttpd
}這可以利用 M330 source base 下的 proscend/Makefile 來將其刪除
diff --git a/proscend/Makefile b/proscend/Makefile
index 71bd3ba..2f7bbbd 100755
--- a/proscend/Makefile
+++ b/proscend/Makefile
@@ -170,7 +170,7 @@ prepare: buildenv_check
@echo "================================================"
cd rootfs/lib; rm -rf config wifi
cd rootfs/etc/init.d; rm -f xl2tpd snmpd openvpn pptpd ipsec uhttpd quagga postfix mosquitto qos log keepalived
- cd rootfs/etc/init.d; rm -f firewall sysntpd network
+ cd rootfs/etc/init.d; rm -f firewall sysntpd network lighttpd
#########################################################################################
# Build environment check and generatebuild 個 image 試試
commit 並 publish
commit 4959fe035b0ebc8b31744b4c203f6dbb40cb3938
Refs: [feature/lighttpd], {origin/feature/lighttpd}
Author: jeffrey <[email protected]>
Date: Wed Jun 19 11:33:01 2019 +0800
feature/lighttpd - use lighttpd to replace the current web server iweb(mongoose)
- lighttpd/1.4.30 (ssl) - a light and fast webserver
- lighttpd - A flexible and lightweight web server
- SSL support
- lighttpd-mod-cgi - CGI module
- lighttpd-mod-rewrite - URL rewriting module
-
curret lighttpd can serve for HTTP ans HTTPS with ipv4 and ipv6
M330_defconfig | 5 ++++-
proscend/Makefile | 2 +-
2 files changed, 5 insertions(+), 2 deletions(-)
再來可以 follow M300 的軌跡前進了
因為是 iweb 要被置換掉
所以在 iweb 提供的功能全部要挪到 CGI 去
ariel 花了點時間跟我說一下 M330 上 WAN WiFi 相關的 UI 修改
這次的工作想交給 VIC 做
盤一下該注意什麼
- branch develop
- Products/Vendor
- M330/1_WIFI
- compiler flag -
PROSRC_WIFI_STA打開表示需要顯示 WIFI STA 功能相關的 UI - wiki 我先消化完再幫 VIC 估一下時間
- 四到五個禮拜應該可被容許
M330 先 checkout develop
sourced base 最外層先 make 一次
進 proscend 目錄
Products/Vendor = M330/1_WIFI
build image
透過 uboot upgrade firmware
要注意的是 wifi_sta 這個 icos module
等 VIC M300 compile 完成後可以先讓他寫 wifi_sta 的 CGI
先切回自己的 M330 - feature/lighttpd
source base 最外層 make
進 proscend 目錄
make distclean
幫 VIC 了解 web 的架構
繼續 M330 - feature/lighttpd
make menuconfig
- Products/Vendor = M330/0_GENERIC
make
透過 uboot upgrade...
從 System > Time and Date 出發
該 page 會先發出以下 request
並得到 status code: 401 而導致 front end 開啟 login 畫面
一出門就是需要一個大跨步