After Turris OS update, lighttpd is crashing on start, thus I have no Foris/LuCi available.
I realized few hours ago that my Turris is not updating regularly anymore (last update 2018-05-10), and I’ve found out that update process is stuck due to DDNS updater service running. I’ve killed updater processes, stopped and disabled DDNS service and run updater manually (via ssh). Everything went fine, I get update notification e-mail too, but after Omnia reboot I realized that I cannot connect to web admin interface. Soon I realized that lighttpd is not running and crashing on startup.
/var/log/messages says that:
info procd[]: Instance lighttpd::instance1 s in a crash loop 6 crashes, 1 seconds since last crash
lighttpd restart via initd yelded the same again.
Manually running lighttpd showed that it crashes on configuration issue…
I do not understand what is wrong, can somebody help me with this issue, please?
root@turris:~> cat /etc/turris-version
3.10.6
root@turris:~> uname -a
Linux turris 4.4.156-0a333a8e606ab056173befac424900d2-1 #1 SMP Mon Sep 17 16:48:34 CEST 2018 armv7l n
root@turris:~> /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf
2018-09-23 06:48:33: (configfile.c.1231) source: cat /etc/lighttpd/conf.d/*.conf line: 5 pos: 1 invalid character in variable name
2018-09-23 06:48:33: (configfile.c.1286) configfile parser failed at: (EOL)
2018-09-23 06:48:33: (configfile.c.1289) source: /etc/lighttpd/lighttpd.conf line: 38 pos: 1 parser failed somehow near here: (EOL)
root@turris:~> /usr/sbin/lighttpd -v
lighttpd/1.4.50 (ssl) - a light and fast webserver
root@turris:~> cat /etc/lighttpd/lighttpd.conf
server.modules = (
)
server.document-root = “/www”
server.upload-dirs = ( “/tmp” )
server.errorlog = “/var/log/lighttpd/error.log”
server.pid-file = “/var/run/lighttpd.pid”
#server.username = “http”
#server.groupname = “www-data”
index-file.names = ( “index.php”, “index.html”,
“index.htm”, “default.htm”,
“index.lighttpd.html” )
static-file.exclude-extensions = ( “.php”, “.pl”, “.fcgi” )
Options that are useful but not always necessary:
#server.chroot = “/”
server.port = 35080
server.bind = “localhost”
$SERVER[“socket”] == “lan:35080” { }
#server.tag = “lighttpd”
#server.errorlog-use-syslog = “enable”
#server.network-backend = “write”
listen on IPv6
$SERVER[“socket”] == “[::]:35080” { }
Use IPv6 if available
#include_shell “/usr/share/lighttpd/use-ipv6.pl”
#dir-listing.encoding = “utf-8”
#server.dir-listing = “enable”
include “/etc/lighttpd/mime.conf”
include_shell “cat /etc/lighttpd/modules.d/.load"
include_shell "cat /etc/lighttpd/conf.d/.conf”
root@turris:~> cat /etc/lighttpd/conf.d/*.conf
lighttpd include file for Foris - it just calls the script
that generates lighttpd config from UCI settings
include_shell “sh /usr/share/foris/lighttpd-dynamic-conf config”
root page dynamic redirect via script
$HTTP[“url”] =~ “^/*$” {
alias.url = ( “/” => “/usr/share/foris/foris-root-cgi” )
cgi.assign = ( “” => “” )
setenv.add-response-header = ( “Content-Type” => “text/html”)
}
Make sure that wirzard passes during a migration from older image
url.redirect += ( “^/wizard/(.)" => “/foris/wizard/main/$1” )
url.redirect += ( "^/foris/wizard/(step/.)” => “/foris/wizard/main/$1” )
lighttpd include file for Foris - it just calls the script
that generates lighttpd config from UCI settings
include_shell “sh /usr/share/foris/lighttpd-dynamic-conf wizard”
$HTTP[“url”] =~ “^/foris-ws$” {
proxy.server = ( “” => ( ( “host” => “127.0.0.1”, “port” => “9080” ) ) )
proxy.header = ( “upgrade” => “enable” )
}
lighttpd include file for LuCI
Set CGI paths
cgi.assign += (
“/cgi-bin/luci” => “”
)
Set aliases to LuCI install directory
alias.url += (
“/cgi-bin/” => “/www/cgi-bin/”,
“/luci-static/” => “/www/luci-static/”
)
$HTTP[“url”] =~ “^/cgi-bin/luci” {
# Add ‘X-Frame-Options’ header, making sure it the website is not embedded in a frame or iframe.
# This avoids clickjacking, and might be helpfull for HTTPS websites
# As frames are not used nowadays, this should be safe to enable at least SAMEORIGIN
# Other option might be DENY or ALLOW-FROM. DENY is not used as frame is used in some old LuCI modules
setenv.add-response-header += ( “X-Frame-Options” => “SAMEORIGIN”)
setenv.add-environment = ( “PATH” => “/usr/bin:/usr/sbin:/bin:/sbin” )
}
This settings enables https with user-generated self-signed certificate from
package https-cert
$SERVER[“socket”] == “:443” {
ssl.engine = “enable”
ssl.pemfile = “/etc/lighttpd-self-signed.pem”
}
$SERVER[“socket”] == “[::]:443” {
ssl.engine = “enable”
ssl.pemfile = “/etc/lighttpd-self-signed.pem”
}
$HTTP[“scheme”] == “https” {
# Add ‘HTTP Strict Transport Security’ header (HSTS) to sites
# setenv.add-response-header += ( “Strict-Transport-Security” => “max-age=31536000; includeSubDomains” )
}
root@turris:~>