Re: lighttpd server configs

To: Debian-User <debian-user@lists.debian.org>
Subject: Re: lighttpd server configs
From: Scott Ferguson <scott.ferguson.debian.user@gmail.com>
Date: Fri, 21 Mar 2014 08:28:45 +1100
Message-id: <[🔎] 532B5D8D.5090001@gmail.com>
In-reply-to: <[🔎] 1395346177.19476.7.camel@beast.physicswiki.net>
References: <[🔎] 1395268819.15049.3@ssh> <[🔎] 1395284905.14932.29.camel@beast.physicswiki.net> <[🔎] 532A83A2.40401@gmail.com> <[🔎] 1395346177.19476.7.camel@beast.physicswiki.net>

On 21/03/14 07:09, John W. Foster wrote:
> On Thu, 2014-03-20 at 16:58 +1100, Scott Ferguson wrote: 
>> On 20/03/14 14:08, John Foster wrote:
>>> On Wed, 2014-03-19 at 22:40 +0000, Steve wrote: 
>>>>> nginx which was too hard to manage also. I now have lighttpd installed
>>>>> which seems simple to manage but out of the box Debian install does not
>>>>> work properly.
>>>>
>>>>   Be specific.  What fails? 
>>>
>>> Sorry I thought I was being VERY specific: 
>>
>> Actually - no.
>> You have mod_rewrite installed, you want the base URL rewritten, but you
>> haven't posted .htaccess
>> Please do.
> 
> Now that is why I came to the list :-)
> 
> I have no .htaccess file in the directory

That'll be why apache is not rewriting the path to mediawiki

> /var/www which is the root doc directory for the server.
> I've read nothing about one for that directory.

It's best practice use .htaccess with a webserver to:-
;rewrite paths when mod_rewrite is installed[*2]
;block access conditionally (e.g. *enforce* indexing instead of politely
requesting with robots.txt)[*.2]
;redirect conditionally (or unconditionally)[*.2]
;force a passwd[*1]
;enable/disable certain wiki/cms options
;serve different browsers differently

[*1](in this instance to restrict access to awestats logs served by the
web server, note that htpasswd is whole 'nuther subject)
cat ~/public_html/cgi-bin/.htacess
AuthUserFile "/home/scottfer/public_html/cgi-bin/htusers"
AuthType Basic
AuthName "Digital Ebola Labs"
require valid-user
<Files htusers>
deny from all
</Files>



> I'm aware of what they
> are for but the debian installer for lighttpd did not provide one.
> Should I put one in place? Please site an example.

I can "cite" some ;)

https://wiki.archlinux.org/index.php/Mediawiki
http://www.mediawiki.org/wiki/Manual:Short_URL/Apache
http://meta.wikimedia.org/wiki/Talk:Eliminating_index.php_from_the_url
http://stackoverflow.com/questions/18829706/unable-to-get-mediawiki-htaccess-short-url-to-work
http://stackoverflow.com/questions/8232738/modrewrite-to-lighttpd
https://www.google.com/search?q=lightttpd+mediawiki+rewrite+.htaccess

> 
> Also what about those double slashes that end up in the url? Any notions
> on that.

Yes. See above.
Your primary reference should be the mediawiki site, for additional,
authoritative information see lighttpd docs:-
http://redmine.lighttpd.net/projects/lighttpd/wiki
site:http://redmine.lighttpd.net/projects/lighttpd/wiki .htaccess
http://redmine.lighttpd.net/projects/lighttpd/wiki/FrequentlyAskedQuestions/70/diff
http://redmine.lighttpd.net/projects/lighttpd/wiki/TutorialLighttpdAndPHP/80


> Thanks 
> John
> 
> 

[*2]This example is not for mediawiki, and is used with an apache
server, refer to the above references if it's not clear what I'm doing:-

cat ~/public_html/.htaccess
# Deactivate compression for buggy browsers
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

# compress css, text...
<FilesMatch “\.(js|css|html|htm|php|xml|htc|eot)$”>
SetOutputFilter DEFLATE
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
</FilesMatch>
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml
application/xml application/xhtml+xml text/javascript text/css
application/x-javascript image/gif text/x-js application/javascript
image/x-icon
</IfModule>

# set expires headers
<ifModule mod_expires.c>
  ExpiresActive On
  ExpiresDefault "access plus 1 seconds"
  ExpiresByType text/html "access plus 1 seconds"
  ExpiresByType image/gif "access plus 2592000 seconds"
  ExpiresByType image/jpeg "access plus 2592000 seconds"
  ExpiresByType image/png "access plus 2592000 seconds"
  ExpiresByType text/css "access plus 604800 seconds"
  ExpiresByType text/javascript "access plus 216000 seconds"
  ExpiresByType application/x-javascript "access plus 216000 seconds"
  ExpiresByType text/x-component "access plus 1 years 1 days"
</ifModule>

<ifModule mod_headers.c>
  <filesMatch "\\.(ico|pdf|flv|jpg|jpeg|png|gif|swf|ttf|eot|woff|svg)$">
    Header set Cache-Control "max-age=2592000, public"
  </filesMatch>
  <filesMatch "\\.(css)$">
    Header set Cache-Control "max-age=604800, public"
  </filesMatch>
  <filesMatch "\\.(js|htc)$">
    Header set Cache-Control "max-age=216000, private"
  </filesMatch>
  <filesMatch "\\.(xml|txt)$">
    Header set Cache-Control "max-age=216000, public, must-revalidate"
  </filesMatch>
  <filesMatch "\\.(html|htm|php)$">
    Header set Cache-Control "max-age=1, private, must-revalidate"
  </filesMatch>
</ifModule>

# enable gzip
<ifModule mod_gzip.c>
  mod_gzip_on Yes
  mod_gzip_dechunk Yes
  mod_gzip_item_include file
\.(html?|txt|css|js|php|pl|htc|eot|ttf|woff|svg|ico|pdf|flv)$
  mod_gzip_item_include handler ^cgi-script$
  mod_gzip_item_include mime ^text/.*
  mod_gzip_item_include mime ^application/x-javascript.*
  mod_gzip_item_exclude mime ^image/.*
  mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</ifModule>

# BEGIN Optional settings

# Turns off directory browsing
# not absolutely essential, but keeps people from snooping around without
# needing empty index.html files everywhere
Options -Indexes

# Deny access to config.php
# This can be useful if php ever breaks or dies
# Use with caution, this may break other functions of CMSs that use a
config.php
# file.  This may also break other programs you have running under your CMSs
# install that use config.php.  You may need to add another .htaccess
file to those
# directories to specifically allow config.php.
<Files "config.php">
order allow,deny
deny from all
</Files>

# Deny  access from certain IP addresses
order allow,deny
deny from 69.43.160.13
deny from 173.199.115.
deny from 108.171.180.144
deny from 208.115.113.89
deny from 173.199.114.3
deny from 91.198.39.55
allow from all

# Sets your 403 error document
# not absolutely essential to have,
# or you may already have error pages defined elsewhere
ErrorDocument 403 /forbidden403.shtml

# Have phun scriptkiddies
Redirect 301 /admin http://www.ahtcc.gov.au/
Redirect 301 /administration http://www.ahtcc.gov.au/
Redirect 301 /shop http://goatse.info/
Redirect 301 /oscommerce http://goatse.info/
Redirect 301 /ipb http://goatse.info/
Redirect 301 /forum http://goatse.info/
Redirect 301 /user http://goatse.info/
Redirect 301 /manager http://goatse.info/
Redirect 301 /_vti_bin http://goatse.info/
Redirect 301 /admn/scripts/setup.php http://goatse.info/
Redirect 301 /w00tw00t.at.blackhats.romanian.anti-sec http://goatse.info/
Redirect 301 /manager/status http://goatse.info/


# No sense advertising what we are running
ServerSignature Off

# END Optional Settings

# BEGIN CMS and Rewrite Rules
# Make sure you have Options FollowSymLinks
# and Allow on

RewriteEngine On

# Might be needed in a subdirectory
RewriteBase /

# URL Filtering helps stop some hack attempts
#IF the URI contains a "http:"
RewriteCond %{QUERY_STRING} http\: [OR]
#OR if the URI contains a "["
RewriteCond %{QUERY_STRING} \[ [OR]
#OR if the URI contains a "]"
RewriteCond %{QUERY_STRING} \] [OR]
#OR if the URI contains a "<script>"
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
#OR script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
#OR any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^.*$ - [F,L]
# END Filtering
#
# Botlove
RewriteCond %{HTTP_USER_AGENT} ^Anarchie [OR]
RewriteCond %{HTTP_USER_AGENT} ^ASPSeek [OR]
RewriteCond %{HTTP_USER_AGENT} ^AhrefsBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^Morfeus [OR]
RewriteCond %{HTTP_USER_AGENT} ^mShot [OR]
RewriteCond %{HTTP_USER_AGENT} ^Snappy [OR]
RewriteCond %{HTTP_USER_AGENT} ^Ezooms [OR]
RewriteCond %{HTTP_USER_AGENT} ^Exabot [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mail.ru [OR]
RewriteCond %{HTTP_USER_AGENT} ^WordPress.com [OR]
RewriteCond %{HTTP_USER_AGENT} ^MJ12bot [OR]
RewriteCond %{HTTP_USER_AGENT} ^ZmEu [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailCollector
RewriteRule ^.* - [F,L]

# CMS Rewriting
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ index.php?page=$1 [QSA]
# END CMS

# END Rewrite rules


Kind regards

Reply to:

Follow-Ups:
- Re: lighttpd server configs
  - From: Jonathan Dowland <jmtd@debian.org>

References:
- Re: lighttpd server configs
  - From: Steve <steve@steve.org.uk>
- Re: lighttpd server configs
  - From: John Foster <jfoster81747@verizon.net>
- Re: lighttpd server configs
  - From: Scott Ferguson <scott.ferguson.debian.user@gmail.com>
- Re: lighttpd server configs
  - From: "John W. Foster" <jfoster81747@gmail.com>

Prev by Date: Re: Debian Testing Gnome Wallpaper Missing #731239
Next by Date: Re: Great Debian experience
Previous by thread: Re: lighttpd server configs
Next by thread: Re: lighttpd server configs
Index(es):
- Date
- Thread