lighttpd: Unable to configure vhost that also maps to "/login"
I have a few services that are using the new docker support in Turris 6, like home assistant and a custom nextcloud install. I dropped a new configuration file in /etc/lighttpd/conf.d/
with some vhost definitions:
$HTTP["host"] == "home.lan" {
ssl.pemfile = "/etc/ssl/certs/home.lan.crt"
ssl.privkey = "/etc/ssl/private/home.lan.key"
proxy.server = ( "" => ( "" => ( "host" => "172.17.0.5", "port" => 8123)))
proxy.forwarded = ( "for" => 1, "proto" => 1)
proxy.header = ( "upgrade" => "enable" )
}
$HTTP["host"] == "cloud.lan" {
server.name = "cloud.lan"
ssl.pemfile = "/etc/ssl/certs/cloud.lan.crt"
ssl.privkey = "/etc/ssl/private/cloud.lan.key"
proxy.server = ( "" => ( "nextcloud" => ( "host" => "172.17.0.4", "port" => 80)))
proxy.forwarded = ( "for" => 1, "proto" => 1)
proxy.header = ( "upgrade" => "enable" )
}
It kinda work but because the default Turris OS apps are not wrapped in a $HTTP["host"]
conditional, when hitting https://cloud.lan/login
I end up in the Reforis login page. To fix this, I have to update the lighttpd config file with
include "/etc/lighttpd/mime.conf"
include "conf.d/10-redirect.conf"
include "conf.d/20-auth.conf"
include "conf.d/20-authn_pam.conf"
include "conf.d/30-access.conf"
include "conf.d/30-alias.conf"
include "conf.d/30-cgi.conf"
include "conf.d/30-fastcgi.conf"
include "conf.d/30-openssl.conf"
include "conf.d/30-php-fpm.conf"
include "conf.d/30-proxy.conf"
include "conf.d/30-setenv.conf"
include "conf.d/40-ssl-enable.conf"
include "conf.d/45-srv.conf"
$HTTP["host"] =~ "^192\.168\.0\.1|turris.lan$" {
include "conf.d/50-turris-auth.conf"
include "conf.d/70-foris-ws.conf"
include "conf.d/70-theme.conf"
include "conf.d/80-diagnostics.conf"
include "conf.d/80-luci.conf"
include "conf.d/80-netdata.conf"
include "conf.d/80-nextcloud.conf"
include "conf.d/80-reforis.conf"
include "conf.d/80-snapshots.conf"
include "conf.d/90-turris-root.conf"
} else {
include "conf.d/90-my-apps.conf"
}
Otherwise I could see in the lighttpd logs that the request was handled to fastcgi:
2022-12-27 15:23:54: (../src/response.c.420) -- parsed Request-URI
2022-12-27 15:23:54: (../src/response.c.422) Request-URI : /login
2022-12-27 15:23:54: (../src/response.c.424) URI-scheme : https
2022-12-27 15:23:54: (../src/response.c.426) URI-authority : cloud.lan
2022-12-27 15:23:54: (../src/response.c.428) URI-path (clean): /login
2022-12-27 15:23:54: (../src/response.c.430) URI-query :
2022-12-27 15:23:54: (../src/configfile-glue.c.598) === start of condition block ===
2022-12-27 15:23:54: (../src/configfile-glue.c.529) $SERVER["socket"] == "0.0.0.0:443" compare to 0.0.0.0:443
2022-12-27 15:23:54: (../src/configfile-glue.c.385) 3 (uncached) result: true (cond: global / $SERVER["socket"] == "0.0.0.0:443")
2022-12-27 15:23:54: (../src/configfile-glue.c.598) === start of condition block ===
2022-12-27 15:23:54: (../src/configfile-glue.c.529) $SERVER["socket"] == "[::]:443" compare to 0.0.0.0:443
2022-12-27 15:23:54: (../src/configfile-glue.c.385) 4 (uncached) result: false (cond: global / $SERVER["socket"] == "[::]:443")
2022-12-27 15:23:54: (../src/configfile-glue.c.598) === start of condition block ===
2022-12-27 15:23:54: (../src/configfile-glue.c.529) $HTTP["host"] == "home.lan" compare to cloud.lan
2022-12-27 15:23:54: (../src/configfile-glue.c.385) 20 (uncached) result: false (cond: global / $HTTP["host"] == "home.lan")
2022-12-27 15:23:54: (../src/configfile-glue.c.598) === start of condition block ===
2022-12-27 15:23:54: (../src/configfile-glue.c.529) $HTTP["host"] == "cloud.lan" compare to cloud.lan
2022-12-27 15:23:54: (../src/configfile-glue.c.385) 22 (uncached) result: true (cond: global / $HTTP["host"] == "cloud.lan")
2022-12-27 15:23:54: (../src/configfile-glue.c.598) === start of condition block ===
2022-12-27 15:23:54: (../src/configfile-glue.c.529) $HTTP["host"] == "network.lan" compare to cloud.lan
2022-12-27 15:23:54: (../src/configfile-glue.c.385) 23 (uncached) result: false (cond: global / $HTTP["host"] == "network.lan")
2022-12-27 15:23:54: (../src/configfile-glue.c.598) === start of condition block ===
2022-12-27 15:23:54: (../src/configfile-glue.c.529) $HTTP["url"] == "/netdata" compare to /login
2022-12-27 15:23:54: (../src/configfile-glue.c.385) 10 (uncached) result: false (cond: global / $HTTP["url"] == "/netdata")
2022-12-27 15:23:54: (../src/configfile-glue.c.598) === start of condition block ===
2022-12-27 15:23:54: (../src/configfile-glue.c.529) $HTTP["scheme"] == "http" compare to https
2022-12-27 15:23:54: (../src/configfile-glue.c.385) 25 (uncached) result: false (cond: global / $HTTP["scheme"] == "http")
2022-12-27 15:23:54: (../src/configfile-glue.c.598) === start of condition block ===
2022-12-27 15:23:54: (../src/configfile-glue.c.529) $HTTP["url"] =^ "/baseauth/diagnostics" compare to /login
2022-12-27 15:23:54: (../src/configfile-glue.c.385) 7 (uncached) result: false (cond: global / $HTTP["url"] =^ "/baseauth/diagnostics")
2022-12-27 15:23:54: (../src/configfile-glue.c.598) === start of condition block ===
2022-12-27 15:23:54: (../src/configfile-glue.c.529) $HTTP["url"] =^ "/baseauth/snapshot" compare to /login
2022-12-27 15:23:54: (../src/configfile-glue.c.385) 16 (uncached) result: false (cond: global / $HTTP["url"] =^ "/baseauth/snapshot")
2022-12-27 15:23:54: (../src/configfile-glue.c.598) === start of condition block ===
2022-12-27 15:23:54: (../src/configfile-glue.c.529) $HTTP["url"] =~ "^/nextcloud/(build|tests|config|lib|3rdparty|templates|data)" compare to /login
2022-12-27 15:23:54: (../src/configfile-glue.c.385) 11 (uncached) result: false (cond: global / $HTTP["url"] =~ "^/nextcloud/(build|tests|config|lib|3rdparty|templates|data)")
2022-12-27 15:23:54: (../src/configfile-glue.c.598) === start of condition block ===
2022-12-27 15:23:54: (../src/configfile-glue.c.529) $HTTP["url"] == "/foris-ws" compare to /login
2022-12-27 15:23:54: (../src/configfile-glue.c.385) 5 (uncached) result: false (cond: global / $HTTP["url"] == "/foris-ws")
2022-12-27 15:23:54: (../src/configfile-glue.c.598) === start of condition block ===
2022-12-27 15:23:54: (../src/configfile-glue.c.529) $HTTP["url"] =^ "/diagnostics" compare to /login
2022-12-27 15:23:54: (../src/configfile-glue.c.385) 6 (uncached) result: false (cond: global / $HTTP["url"] =^ "/diagnostics")
2022-12-27 15:23:54: (../src/configfile-glue.c.598) === start of condition block ===
2022-12-27 15:23:54: (../src/configfile-glue.c.529) $HTTP["url"] =^ "/netdata/" compare to /login
2022-12-27 15:23:54: (../src/configfile-glue.c.385) 9 (uncached) result: false (cond: global / $HTTP["url"] =^ "/netdata/")
2022-12-27 15:23:54: (../src/configfile-glue.c.598) === start of condition block ===
2022-12-27 15:23:54: (../src/configfile-glue.c.529) $HTTP["url"] =^ "/snapshot" compare to /login
2022-12-27 15:23:54: (../src/configfile-glue.c.385) 15 (uncached) result: false (cond: global / $HTTP["url"] =^ "/snapshot")
2022-12-27 15:23:54: (../src/gw_backend.c.528) connect /tmp/fastcgi.turris_auth.socket-0: Connection refused
2022-12-27 15:23:54: (../src/gw_backend.c.2713) handling the request using fastcgi
2022-12-27 15:23:54: (../src/configfile-glue.c.598) === start of condition block ===
It would be nice if the default lighttpd configuration could be made more friendly towards virtual hosts.
Thanks!