Lighty delivery ssl configuration is recreated with turris update

After updating my turris omnia the lighty configuration file


is written new. That’s unexpected to me; I had removed it because I configured a


of my own instead. This happened with the latest turris update too, so I guess it is the standard behaviour. This recreation of the - as I can see normally unmodified - 40-ssl-enable.conf does hide my setup.

My question:
Is the recreation of 40-ssl-enable.conf intended or is it a bug ? If the recreation is intended, probably I have not understood how to persist my ssl configuration with lighty and I do something wrong.

Additionally I have a setup of my own for


and removed


too. It is the same pattern as I used for the ssl configuration. The 30-proxy.conf is not recreated with a turris update.
I have installed Turris OS 6.4.4.
Thanks in advance.

Have a look inside the newly created file - it is part of a standard package and therefore will be recreated again after most of TOS upgrades. Therefore uninstall the package (which might have consequences I do not know of) and enter it as manual uninstallation to updater config. That is the official way to do it, the file will not appear again.
I deal with that a little bit different: I check after each update if the webinterface is reachable (which means lighttpd service is running so the file was not automatically recreated), and in case of no webif delete the newly created one manually and restart lighttpd. If you want to, you can put the related steps to /etc/rc.local and that way will never get bothered again as the file will be automatically deleted and lighttpd restarted.

Yes, you describe the manual procedure, I have done yesterday after upgrading to 6.4.4. But I did not think of the possibility to automate that via rc.local, which is a pretty good idea.
Thank you very much for your explanation and sharing your solution; I will solve it that way :slight_smile:

Other solution (more straight forward):
create the following file /etc/updater/conf.d/user.lua
add the following lines

-- List below your own installed packages that updater needs to care about

and afterwards run updater once via cli → pkgupdate.
That way the dependencies from lighttpd-https-cert, that are needed for TLS-operations, stay installed.

1 Like

I 'm not familiar with lua; I googled it…
Let me summarize my understanding:

With installing “lighttpd-https-cert” the dependencies
“lighttpd-mod-openssl” and “libseccomp” and the configuration file
“/etc/lighttpd/conf.d/40-ssl-enable.conf” are installed.

With your “/etc/updater/conf.d/user.lua” I get rid of the configuration file
“/etc/lighttpd/conf.d/40-ssl-enable.conf” which is probably deployed with the
installation by “lighttpd-https-cert”. But I keep the depending libs.

That’s a clean and proper solution.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.