Admin message

Self sign-up has been disabled due to increased spam activity. If you want to get access, please send an email to a project owner (preferred) or at gitlab(at)nic(dot)cz. We apologize for the inconvenience.

lighttpd: Unable to configure vhost that also maps to "/login"
I have a few services that are using the new docker support in Turris 6, like home assistant and a custom nextcloud install. I dropped a new configuration file in `/etc/lighttpd/conf.d/` with some vhost definitions: ``` $HTTP["host"] == "home.lan" { ssl.pemfile = "/etc/ssl/certs/home.lan.crt" ssl.privkey = "/etc/ssl/private/home.lan.key" proxy.server = ( "" => ( "" => ( "host" => "172.17.0.5", "port" => 8123))) proxy.forwarded = ( "for" => 1, "proto" => 1) proxy.header = ( "upgrade" => "enable" ) } $HTTP["host"] == "cloud.lan" { server.name = "cloud.lan" ssl.pemfile = "/etc/ssl/certs/cloud.lan.crt" ssl.privkey = "/etc/ssl/private/cloud.lan.key" proxy.server = ( "" => ( "nextcloud" => ( "host" => "172.17.0.4", "port" => 80))) proxy.forwarded = ( "for" => 1, "proto" => 1) proxy.header = ( "upgrade" => "enable" ) } ``` It kinda work but because the default Turris OS apps are not wrapped in a `$HTTP["host"]` conditional, when hitting `https://cloud.lan/login` I end up in the Reforis login page. To fix this, I have to update the lighttpd config file with ``` include "/etc/lighttpd/mime.conf" include "conf.d/10-redirect.conf" include "conf.d/20-auth.conf" include "conf.d/20-authn_pam.conf" include "conf.d/30-access.conf" include "conf.d/30-alias.conf" include "conf.d/30-cgi.conf" include "conf.d/30-fastcgi.conf" include "conf.d/30-openssl.conf" include "conf.d/30-php-fpm.conf" include "conf.d/30-proxy.conf" include "conf.d/30-setenv.conf" include "conf.d/40-ssl-enable.conf" include "conf.d/45-srv.conf" $HTTP["host"] =~ "^192\.168\.0\.1|turris.lan$" { include "conf.d/50-turris-auth.conf" include "conf.d/70-foris-ws.conf" include "conf.d/70-theme.conf" include "conf.d/80-diagnostics.conf" include "conf.d/80-luci.conf" include "conf.d/80-netdata.conf" include "conf.d/80-nextcloud.conf" include "conf.d/80-reforis.conf" include "conf.d/80-snapshots.conf" include "conf.d/90-turris-root.conf" } else { include "conf.d/90-my-apps.conf" } ``` Otherwise I could see in the lighttpd logs that the request was handled to fastcgi: ``` 2022-12-27 15:23:54: (../src/response.c.420) -- parsed Request-URI 2022-12-27 15:23:54: (../src/response.c.422) Request-URI : /login 2022-12-27 15:23:54: (../src/response.c.424) URI-scheme : https 2022-12-27 15:23:54: (../src/response.c.426) URI-authority : cloud.lan 2022-12-27 15:23:54: (../src/response.c.428) URI-path (clean): /login 2022-12-27 15:23:54: (../src/response.c.430) URI-query : 2022-12-27 15:23:54: (../src/configfile-glue.c.598) === start of condition block === 2022-12-27 15:23:54: (../src/configfile-glue.c.529) $SERVER["socket"] == "0.0.0.0:443" compare to 0.0.0.0:443 2022-12-27 15:23:54: (../src/configfile-glue.c.385) 3 (uncached) result: true (cond: global / $SERVER["socket"] == "0.0.0.0:443") 2022-12-27 15:23:54: (../src/configfile-glue.c.598) === start of condition block === 2022-12-27 15:23:54: (../src/configfile-glue.c.529) $SERVER["socket"] == "[::]:443" compare to 0.0.0.0:443 2022-12-27 15:23:54: (../src/configfile-glue.c.385) 4 (uncached) result: false (cond: global / $SERVER["socket"] == "[::]:443") 2022-12-27 15:23:54: (../src/configfile-glue.c.598) === start of condition block === 2022-12-27 15:23:54: (../src/configfile-glue.c.529) $HTTP["host"] == "home.lan" compare to cloud.lan 2022-12-27 15:23:54: (../src/configfile-glue.c.385) 20 (uncached) result: false (cond: global / $HTTP["host"] == "home.lan") 2022-12-27 15:23:54: (../src/configfile-glue.c.598) === start of condition block === 2022-12-27 15:23:54: (../src/configfile-glue.c.529) $HTTP["host"] == "cloud.lan" compare to cloud.lan 2022-12-27 15:23:54: (../src/configfile-glue.c.385) 22 (uncached) result: true (cond: global / $HTTP["host"] == "cloud.lan") 2022-12-27 15:23:54: (../src/configfile-glue.c.598) === start of condition block === 2022-12-27 15:23:54: (../src/configfile-glue.c.529) $HTTP["host"] == "network.lan" compare to cloud.lan 2022-12-27 15:23:54: (../src/configfile-glue.c.385) 23 (uncached) result: false (cond: global / $HTTP["host"] == "network.lan") 2022-12-27 15:23:54: (../src/configfile-glue.c.598) === start of condition block === 2022-12-27 15:23:54: (../src/configfile-glue.c.529) $HTTP["url"] == "/netdata" compare to /login 2022-12-27 15:23:54: (../src/configfile-glue.c.385) 10 (uncached) result: false (cond: global / $HTTP["url"] == "/netdata") 2022-12-27 15:23:54: (../src/configfile-glue.c.598) === start of condition block === 2022-12-27 15:23:54: (../src/configfile-glue.c.529) $HTTP["scheme"] == "http" compare to https 2022-12-27 15:23:54: (../src/configfile-glue.c.385) 25 (uncached) result: false (cond: global / $HTTP["scheme"] == "http") 2022-12-27 15:23:54: (../src/configfile-glue.c.598) === start of condition block === 2022-12-27 15:23:54: (../src/configfile-glue.c.529) $HTTP["url"] =^ "/baseauth/diagnostics" compare to /login 2022-12-27 15:23:54: (../src/configfile-glue.c.385) 7 (uncached) result: false (cond: global / $HTTP["url"] =^ "/baseauth/diagnostics") 2022-12-27 15:23:54: (../src/configfile-glue.c.598) === start of condition block === 2022-12-27 15:23:54: (../src/configfile-glue.c.529) $HTTP["url"] =^ "/baseauth/snapshot" compare to /login 2022-12-27 15:23:54: (../src/configfile-glue.c.385) 16 (uncached) result: false (cond: global / $HTTP["url"] =^ "/baseauth/snapshot") 2022-12-27 15:23:54: (../src/configfile-glue.c.598) === start of condition block === 2022-12-27 15:23:54: (../src/configfile-glue.c.529) $HTTP["url"] =~ "^/nextcloud/(build|tests|config|lib|3rdparty|templates|data)" compare to /login 2022-12-27 15:23:54: (../src/configfile-glue.c.385) 11 (uncached) result: false (cond: global / $HTTP["url"] =~ "^/nextcloud/(build|tests|config|lib|3rdparty|templates|data)") 2022-12-27 15:23:54: (../src/configfile-glue.c.598) === start of condition block === 2022-12-27 15:23:54: (../src/configfile-glue.c.529) $HTTP["url"] == "/foris-ws" compare to /login 2022-12-27 15:23:54: (../src/configfile-glue.c.385) 5 (uncached) result: false (cond: global / $HTTP["url"] == "/foris-ws") 2022-12-27 15:23:54: (../src/configfile-glue.c.598) === start of condition block === 2022-12-27 15:23:54: (../src/configfile-glue.c.529) $HTTP["url"] =^ "/diagnostics" compare to /login 2022-12-27 15:23:54: (../src/configfile-glue.c.385) 6 (uncached) result: false (cond: global / $HTTP["url"] =^ "/diagnostics") 2022-12-27 15:23:54: (../src/configfile-glue.c.598) === start of condition block === 2022-12-27 15:23:54: (../src/configfile-glue.c.529) $HTTP["url"] =^ "/netdata/" compare to /login 2022-12-27 15:23:54: (../src/configfile-glue.c.385) 9 (uncached) result: false (cond: global / $HTTP["url"] =^ "/netdata/") 2022-12-27 15:23:54: (../src/configfile-glue.c.598) === start of condition block === 2022-12-27 15:23:54: (../src/configfile-glue.c.529) $HTTP["url"] =^ "/snapshot" compare to /login 2022-12-27 15:23:54: (../src/configfile-glue.c.385) 15 (uncached) result: false (cond: global / $HTTP["url"] =^ "/snapshot") 2022-12-27 15:23:54: (../src/gw_backend.c.528) connect /tmp/fastcgi.turris_auth.socket-0: Connection refused 2022-12-27 15:23:54: (../src/gw_backend.c.2713) handling the request using fastcgi 2022-12-27 15:23:54: (../src/configfile-glue.c.598) === start of condition block === ``` It would be nice if the default lighttpd configuration could be made more friendly towards virtual hosts. Thanks!
issue