lighttpd doesn't support loading a module more than once. If you attempt
to load a module again, lighttpd prints an error message:
(plugin.c.131) Cannot load plugin mod_cgi more than once, please fix your config (we may not accept such configs in future releases
And it's not just the error message. The module isn't loaded (or is
messed up somehow) so that neither sub-service will work properly after
this.
This is bad news for the current approach to sub-services, where each
sub-service lists the needed modules in a server.modules += (...) block.
When two sub-services need the same module we get the above issue. (And,
AFAIK, there is no way to check if a module is already loaded either.)
First I thought about an approach where each sub-service specifies the
list of plugins it needs, and that a common server.modules = (...) list
is built from the union of those lists. That would loosly couple the
sub-services with the main lighttpd nixos module expression. But I think
this is a bad idea because lighttpd module loading order matters[1], and
the module order in the global server.modules = (...) list would be
somewhat cumbersome to control.
Here is an example:
Sub-service A needs mod_fastcgi. Sub-service B needs mod_auth and
mod_fastcgi. Note that mod_auth must be loaded *before* mod_fastcgi to
take effect. The union of those modules may either be ["mod_auth"
"mod_fastcgi"] or ["mod_fastcgi" "mod_auth"] depending on the evaluation
order. The first order will work, the latter will not.
So instead of the above, this commit moves the modules from
service.modules += (...) snippets in each sub-service to a global
server.modules = (...) list in the main lighttpd module expression. The
module loading order is fixed and each module is included only if any of
the sub-services that needs it is enabled.
The downside to this approach is that sub-services need a (tiny) bit of
change to the main lighttpd nixos module expression. But I think it is
the only sane way to do it (as long as lighttpd is written the way it
is).
References:
[1] http://redmine.lighttpd.net/projects/1/wiki/Server_modulesDetails
[2] http://redmine.lighttpd.net/issues/2337
At least the Zabbix 2.x web installer requires max_input_time to be set to 300
seconds. As it doesn't hurt to set it for the 1.x versions, I'm including it
here.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
If option is left by its default value, behaviour is the same as before, using
the configuration file created by the web interface.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
(cgit is "a hyperfast web frontend for git repositories written in C")
cgit is enabled like this (assuming lighttpd is already enabled):
services.lighttpd.cgit.enable = true;
and configured verbatim like this (contents of the cgitrc file):
services.lighttpd.cgit.configText = ''
cache-size=1000
scan-path=/srv/git
'';
cgit will be available from this URL: http://yourserver/cgit
In lighttpd, I've ensured that the cache dir for cgit is created if cgit
is enabled.
Now you can access gitweb at http://yourserver/gitweb by simply adding
this to configuration.nix (assuming services.lighttpd.enable = true);
services.lighttpd.gitweb.enable = true;
The path to all bare repositories served by gitweb can be set with this
option (default value below):
services.lighttpd.gitweb.projectroot = "/srv/git";
Based on patch contributed by Bjørn Forsman.
If true, show server status overview at /server-status, statistics at
/server-statistics and list of loaded modules at /server-config.
Patch contributed by Bjørn Forsman.
If true, requests in the form /~user/page.html are rewritten to take
the file public_html/page.html from the home directory of the user.
Default is off.
Patch contributed by Bjørn Forsman.
Instead of forcing users to configure lighttpd manually, make it an
option. The current services.lighttpd.configText option can still be
used for manual configuration, but if it is left blank (default) we'll
use the new generated config file.
The generated config file ensures that the server drops root priveleges
and runs as the "lighttpd" user. It pulls in some new config params that
can be set in configuration.nix (here with default values):
services.lighttpd.document-root = "/srv/www"
services.lighttpd.port = 80
services.lighttpd.extraConfig = "" # appended to the generated file
And it enables access and error logging to the systemd journal.
Patch contributed by Bjørn Forsman.
We don't need to set $TZ, because we have /etc/localtime. In fact,
setting $TZ without $TZDIR doesn't work anymore since Glibc no longer
contains zone info.
Using /etc/lighttpd.conf "hides" the config file from NixOS so that it
will not automatically restart the service when its config file changes.
So don't do that.
We now just have a simple attribute called "version24" which replaces all those
pesky versionOlder that were spreading throughout the file and makes things way
more readable.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
By default the path is determined related to ServerRoot. Unfortunately
ServerRoot is pointing to the Nix store and the web server can't write to it.
We now create a directory called "runtime" withen the stateDir and point
DefaultRuntimeDir to it.
For more information on the DefaultRuntimeDir directive, please see:
http://httpd.apache.org/docs/2.4/mod/core.html#defaultruntimedir
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
NameVirtualHost no longer has any effect on version 2.4 and just emits ugly
warnings, so let's not use it if we use 2.4.
More information: http://httpd.apache.org/docs/2.4/upgrading.html#misc
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
The Order/Deny directives are deprecated in version 2.4, so we're going to
define two wrappers for allDenied and allGranted in order to properly generate
configurations for both version 2.2 and 2.4.
For more information an access control changes, see:
http://httpd.apache.org/docs/2.4/upgrading.html#access
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Now, MPMs can be loaded at runtime and it's no longer required to compile in one
of the MPM modules statically. So, if version is >= 2.4, load the MPM module
corresponding to the multiProcessingModule value of the service module.
For details, please see: http://httpd.apache.org/docs/2.4/mpm.html
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Beginning with version 2.3, the authn were refactored. As a result, authn_alias
is now part of the new module authn_core, so let's use authn_core instead of
authn_alias.
For details please see: http://httpd.apache.org/docs/2.4/upgrading.html#misc
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
The option is disabled by default so that previously existing installations
aren't affected.
If you'd like to migrate to the fixed numeric id for Apache, set "fixUidAndGid
= true", edit the file "/etc/groups" and replace the old GID value with 54.
(NixOS can't do that for you because it refuses to change a GID that identifies
the primary group of a user.) Then run
find / -xdev -uid $oldUID -exec chown 54 {} +
find / -xdev -gid $oldGID -exec chgrp 54 {} +
to update ownership of all files that are supposed to be owned by Apache.
- The new option 'apacheHttpd' determines the version of the Apache
HTTP Server that's being used by this module. The default version
is Apache 2.2.x, as before.
- The new option 'configFile' allows users specify their own custom
config file for the web server instead of being limited to the one
that this module generates.
