Web admin interface inaccessible

Hi,

after a really long time being happy with my Omnia and not using the web interface I needed to use it again. I found out it wasn’t accessible.

After trying to find the root cause via SSH access I found out that lighttpd wasn’t starting. The configuration files instructed it to bind twice to the same port. The first bind was ok but the second failed obviously:

can’t bind to socket: 192.168.1.1:80: Address in use

The problem manifested twice, once for IPv4 and once for IPv6.

After digging around in the configs, I found that the file /etc/lighttpd/conf.d/90-turris-root.conf contains these two lines:

$SERVER[“socket”] == “*:80” { }
$SERVER[“socket”] == “[::]:80” { }

These seem to want to make the web interface accessible via all networks (including WAN). Fortunatelly, the main config file /etc/lighttpd/lighttpd.conf has these lines:

server.bind = “192.168.1.1”
$SERVER[“socket”] == “[IPv6_ADDRESS%br-lan]:80” { }

I don’t remember putting them there, so I guess they must have been generated based on my input via LuCi or Forris. Anyway, as far as I can tell, those two lines make the web server available only on local network (those two addresses are from my br-lan interface). That is what I want and it seems like a sane default to me.

So I commented out the two lines in /etc/lighttpd/conf.d/90-turris-root.conf and lighttpd could start again. I guess this is a temporary fix as my changes in the configuration file might get overwritten by some future update to the file. Can you suggest a permanent solution?

Also, isn’t there a bug in the conf file in the first place? Why would you by default make the web accessible via WAN?

Thanks.

PS: You are making a wonderful job with the Turris project. I love the modular MOX router which I bought recently. I have read somewhere you might not continue with the project because of low demand. I hope that’s not true as MOX is truly unique. It brings the modularity we are used to from the PC world to the router world and that’s something great and a huge step forward and an advantage for the customers. That’s THE way to go, not locking ourselves into monolithic unupgradable unrepairable devices like our phones, most laptops or most other routers.
The Turris OS is also much needed today. Updateable router software without being at the mercy of some manufacturer that decides the router’s EOL much too soon just because they want to sell a newer model. So thanks for that and keep up the good work. The impact of what you do can’t be overstated.

1 Like

FWIW I don’t have those lines in lighttpd.conf. This is the file that I have:

lighttpd.conf
server.document-root        = "/www"
server.upload-dirs          = ( "/tmp" )
server.errorlog             = "/var/log/lighttpd/error.log"
server.pid-file             = "/var/run/lighttpd.pid"
#server.username             = "http"
#server.groupname            = "www-data"

index-file.names            = ( "index.php", "index.html",
                                "index.htm", "default.htm",
                              )

static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

### Features
#https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_feature-flagsDetails
server.feature-flags       += ("server.graceful-shutdown-timeout" => 5)
#server.feature-flags       += ("server.graceful-restart-bg" => "enable")

### Variables needed by module config files
var.home_dir    = "/var/lib/lighttpd"

### Options that are useful but not always necessary:
#server.chroot               = "/"
#server.port                 = 81
#server.bind                 = "localhost"
#server.tag                  = "lighttpd"
#server.errorlog-use-syslog  = "enable"
#server.network-backend      = "writev"

### Use IPv6 if available
#include_shell "/usr/share/lighttpd/use-ipv6.pl"

#dir-listing.encoding        = "utf-8"
#server.dir-listing          = "enable"

include "/etc/lighttpd/mime.conf"
include "/etc/lighttpd/conf.d/*.conf"

I assume it’s configured to listen on all ports by default for simplicity (no need to generate configuration depending on which local networks exist, since the firewall will block WAN access anyway).

I assume the intent of the configuration is that the [::]:80 does not bind a dual-stack socket, and it works as is for me. And from what I can figure out from the lighttpd source, by default it’s supposed to set IPV6_V6ONLY option on the socket. Is the server.set-v6only option set to disabled in your config by chance?

Or, maybe try removing those extra lines you have in lighttpd.conf and restore the original 90-turris-root.conf. Maybe server.bind conflicts with it.