Lighttpd webserver wordpress image uploading problem – offers inline.php as download options

Posted on in Categories lighttpd, Linux, RedHat/Fedora Linux, Tips, Troubleshooting, UNIX last updated June 9, 2007

You can easily upload small files but large upload fails and offers inline.php as download option.

This error is caused because of improper php configuration. Make sure upload_tmp_dir is set and webserver user such as httpd/nobody/lighttpd can write to this directory.
$ grep upload_tmp_dir /etc/php.ini
OR
$ grep -iR upload_tmp_dir /etc/php/
Set upload_tmp_dir to /tmp or /var/tmp:
upload_tmp_dir = /var/tmp
Also set:
session.save_path = "/var/lib/php/sessions"
Next make sure web sever can write to temporary upload directory (only use this in chrooted jail):
# chown lighttpd:lighttpd /var/tmp
Now you should able to upload files. A final note if you need to upload files larger than 2MB set maximum allowed size for uploaded files using upload_max_filesize directive:
upload_max_filesize = 5M
Save and close the file. As usual restart lighttpd to make changes:
# /etc/init.d/lighttpd restart
OR
# systemctl restart lighttpd
Verify it:
# tail -f /var/log/messages
# tail -f /var/log/lighttpd/error.log

Can someone steal my PHP script without hacking server?

Posted on in Categories Apache, Howto, lighttpd, Linux distribution, Networking, php, Security, Tips, Troubleshooting last updated May 2, 2007

Adarsh asks:

Can someone steal my PHP code or program without hacking my Linux box? Can someone snoop script over plain HTTP session?

Short answer is no. PHP is server side thingy.

However a misconfigured webserver can easily give out php file to all end users. You need to make sure that mod_php / mod_fastcgi loaded and correct MIME type is setup. To avoid such problem always test your server before moving to production environment. Most Linux distro configures both Apache and PHP out of box.

How do I stop downloading php source code?

The first step should be stopping a webserver.
# /etc/init.d/httpd stop
OR
# /etc/init.d/lighttpd stop

If you are using Lighttpd…

Next bind webserver to 127.0.0.1 for testing purpose. Open lighttpd websever config file and bind server address to 127.0.0.1
# vi /etc/lighttpd/lighttpd.conf
Bind to localhost/127.0.0.1:
server.bind = "127.0.0.1"
Start lighttpd:
# /etc/init.d/lighttpd start
Now follow these instructions to configure php as fastcgi module. Now test your configuration using url http://127.0.0.1/test.php. PHP should work on server. If not working, refer to server log file.

If you are using Apache…

Open httpd.conf file and bind apache to 127.0.0.1:
# vi httpd.conf
The Listen directive instructs Apache to listen to more than one IP address or port; by default it responds to requests on all IP interfaces, but only on the port given by the Port directive.
Listen 127.0.0.1:80
Start apache:
# /etc/init.d/httpd start
Now make sure php is installed use apt-get or rpm command to verify the same:
# rpm -qa | grep -i php
OR
# dpkg --list | grep -i php
If PHP is not installed just follow these instructions to install PHP. Next make sure httpd.conf or php.conf has following directives:
LoadModule php4_module modules/libphp4.so
AddType application/x-httpd-php .php

Note: the path may differ in your setup. Now restart httpd:
# /etc/init.d/httpd restart
A sample php code:

<HTML><HEAD>PHP</TITLE></HEAD>
<BODY>
<?php   phpinfo(); ?>
</BODY>
</HTML>

Finally when php started to work properly, make sure you bind back a server IP address from 127.0.0.1 to public IP address.

Another option is keep your source code out of webroot and server all php requests from php application server using mod_proxy and multiple back-end servers.

Turbo charge lighttpd with Linux AIO – Gain more performance

Posted on in Categories Howto, lighttpd, Linux, Networking, RedHat/Fedora Linux, Tuning last updated April 4, 2007

Support for Linux kernel AIO (Asynchronous I/O) has been included in the version 2.6. By enabling Lighttpd AIO you can gain good performance gain. But what is AIO?

Usually your application needs to wait till I/O call is finished. AIO enables even a single application thread to overlap I/O operations with other processing, by providing an interface for submitting one or more I/O requests in one system call without waiting for completion, and a separate interface to reap completed I/O operations associated with a given completion group (see Linux AIO home page for more details).

Lighttpd 1.5.x support AIO. First make sure you have libaio installed:
# yum install libaio-devel

Next grab lighttpd source code and compile with –with-linux-aio option:
# ./configure --with-openssl --with-linux-aio

Install lighttpd
# make; make install

Create configuration file and put following directive in lighttpd.conf file:
server.network-backend = "linux-aio-sendfile"

Save and close the file. Restart lighttpd:
# /etc/init.d/lighttpd restart

Use httpd_load / ab command Performance Benchmarks a Web server.

Please note that I’ve tested above instructions on Redhat Enterprise Linux 4/5 and Cent OS.

How to optimize a web page for faster and better experience

Posted on in Categories Apache, High performance computing, Howto, lighttpd, Linux, Tips, Tuning, UNIX last updated March 21, 2007

You may have noticed that most my webpage are loading bit faster. Here is what I did:

a) CSS code moved to its own file and included CSS at the top

b) Removed unnecessary (read as fancy web 2.0 stupid stuff) external javascript snippets

c) I’ve moved external javascript to bottom of page/template engine. For example google analytics JS code moved to bottom of webpage.

d) Turn on Apache gzip/mod_deflate compression

e) Turn on WordPress caching

f) Turn on php script caching (I’m using eAccelerator)

g) Tweak MySQL for optimization. Turn on query cache and other settings.

h) If possible switch to lighttpd or use squid / lighttpd as caching server for old good Apache.

If you have tons of cash to burn (assuming that your web app demands performance):

  • Consider using CDN (Content Delivery Network) such as Akamai or SAVVIS.
  • Server load balancing

However there are some external JS script snippets such as Google Adsense which slows down loading of a webpage. In few months I may roll out a new template and I will try to fix this issue 🙂

I’m interested to know what other people’s experiences with web page optimization. Feel free to share your tips.

Lighttpd restrict or deny access by IP address

Posted on in Categories Howto, lighttpd, Linux, News, Security, UNIX last updated December 12, 2006
Lighttpd logo

So how do you restrict or deny access by IP address using Lighttpd web server?

Lighttpd has mod_access module. The access module is used to deny access to files with given trailing path names. You need to combine this with remoteip conditional configuration. Syntax is as follows:

$HTTP[“remoteip”] == “IP” : Match on the remote IP
$HTTP[“remoteip”] !~ “IP1|IP2” : Do not match on the remote IP (perl style regular expression not match)
$HTTP[“remoteip”] =~ “IP1|IP2” : Match on the remote IP (perl style regular expression match)

Task: Match on the remote IP

For example block access to http://theos.in/stats/ url if IP address is NOT 192.168.1.5 and 192.168.1.10 (restrict access to these 2 IPs only):

Open /etc/lighttpd/lighttpd.conf file
# vi /etc/lighttpd/lighttpd.conf
Append following configuration directive:

$HTTP["remoteip"] !~ "200.19.1.5|210.45.2.7" {
    $HTTP["url"] =~ "^/stats/" {
      url.access-deny = ( "" )
    }
 }

Save and restart lighttpd:
# /etc/init.d/lighttpd restart

Task: Block single remote IP

Do not allow IP address 202.54.1.1 to access our site:

$HTTP["remoteip"] == "202.54.1.1" {
       url.access-deny = ( "" )
  }

Do not allow IP address 202.54.1.1,202.54.2.5 to access our site:
Do not allow IP address 202.54.1.1 to access our site:

$HTTP["remoteip"] =~ "202.54.1.1|202.54.2.5" {
       url.access-deny = ( "" )
  }

See also

=> Lighttpd deny access to certain files

Red Hat enterprise Linux Install lighttpd and Fastcgi PHP

Posted on in Categories Howto, lighttpd, RedHat/Fedora Linux last updated October 2, 2006
Lighttpd logo

I have received many queries regarding how to configure and install Lighttpd web server under Red Hat Enterprise Linux version 4.0. Mark asks:

RHEL 64 bit v4.0 does not support PHP as FastCGI. Lighttpd is not available from RHN (up2date command). How do I configure and install lighttpd with FastCGI?

Ok let me answer these questions and other queries systematically. I have installed Lighttpd under both RHEL v4.0 32/64 bit version couple of times. In all cases, you need to compile both PHP and Lightttpd. Do not worry steps are quite easy.

Install and configure Lighttpd under RHEL

RedHat Linux use RHN to provide stable version of all software(s) including PHP/Apache and for some weird reasons it does not come with lighttpd web server. However, I have tested RHEL v.5.0 (beta) which comes with lots of goodies such as caching software, fastcgi etc.

Step #1: Install and configure Lighttpd under RHEL 64 bit v4.0

First, you need to remove installed PHP version. Use rpm -qa | grep php command to find out list of all installed PHP rpm files:
# rpm -qa | grep phpRemove all PHP files:# rpm -e php php-devel php-imap php-ldap php-pear

Step #2: Download lighttpd source code

There is no official RPM file available from Red Hat itself for 64/32 bit version. You can download and compile Lighttpd as follows:
# wget http://lighttpd.net/download/lighttpd-1.4.16.tar.gz
# tar -zxvf lighttpd-1.4.16.tar.gz
# cd lighttpd-1.4.16

Step #3: Compile and install lighttpd:

Following commands will compile lighttpd with OpenSSL support. First, configure lighttpd:
# ./configure --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man --infodir=/usr/share/info --with-openssl

Now compile lighttpd
# make

Install lighttpd:
# make install

Step #4: Build PHP RPM as FastCGI

Now recompile PHP and build PHP RPM as FastCGI. Download PHP SRPM from official Red Hat Site or use following command to download PHP source RPM (recommended):
# cd /opt
# up2date -d --src php

Now install downloaded source RPM file:
# rpm -ivh php-4.3.9-3.1.src.rpm

First, install all necessary development libraries:
# up2date aspell-devel libjpeg-devel libpng-devel libc-client-devel mysql-devel postgresql-devel unixODBC-devel net-snmp-devel elfutils-devel libxslt-devel freetype-devel

Open php rpm configuration file:
# cd /usr/src/redhat/SPECS/
Open php.spec file:
# vi php.spec
Find out line, which read as follows:
--enable-force-cgi-redirect

Before that line add:
--enable-fastcgi \
Save and close the file.

Compile and build RPM file:
# rpmbuild -bb php.spec

Now install all newly rebuild RPM files. Go to /usr/src/redhat/RPMS/x86_64 directory, where all newly build RPMs are stored:
# cd /usr/src/redhat/RPMS/x86_64
# rpm -ivh php-4.3.9-3.18.x86_64.rpm php-gd-4.3.9-3.18.x86_64.rpm php-imap-4.3.9-3.18.x86_64.rpm php-mysql-4.3.9-3.18.x86_64.rpm php-mbstring-4.3.9-3.18.x86_64.rpm php-pear-4.3.9-3.18.x86_64.rpm

Make sure php is installed with fastcgi:
# php -vOutput:

PHP 4.3.9 (cgi-fcgi) (built: Oct  2 2006 15:31:07)
Copyright (c) 1997-2004 The PHP Group
Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies

If you do not have development environment installed or if you are too lazy to compile download AMD x86_64 RPM files. Please note that these files are provided as it is.

Basic Lighttpd configuration

a) Add a lighttpd user
# adduser -s /sbin/nologin lighttpd

b) Create a lighttpd.conf file
# mkdir /etc/lighttpd
# cd /etc/lighttpd
# vi lighttpd.conf
Add following config code:
server.modules = (
"mod_rewrite",
"mod_redirect",
"mod_alias",
"mod_access",
"mod_auth",
"mod_status",
"mod_fastcgi",
"mod_cgi",
"mod_compress",
"mod_accesslog" )
index-file.names = ( "index.php", "index.html",
"index.htm", "default.htm" )
mimetype.assign = (
".rpm" => "application/x-rpm",
".pdf" => "application/pdf",
".sig" => "application/pgp-signature",
".spl" => "application/futuresplash",
".class" => "application/octet-stream",
".ps" => "application/postscript",
".torrent" => "application/x-bittorrent",
".dvi" => "application/x-dvi",
".gz" => "application/x-gzip",
".pac" => "application/x-ns-proxy-autoconfig",
".swf" => "application/x-shockwave-flash",
".tar.gz" => "application/x-tgz",
".tgz" => "application/x-tgz",
".tar" => "application/x-tar",
".zip" => "application/zip",
".mp3" => "audio/mpeg",
".m3u" => "audio/x-mpegurl",
".wma" => "audio/x-ms-wma",
".wax" => "audio/x-ms-wax",
".ogg" => "application/ogg",
".wav" => "audio/x-wav",
".gif" => "image/gif",
".jpg" => "image/jpeg",
".jpeg" => "image/jpeg",
".png" => "image/png",
".xbm" => "image/x-xbitmap",
".xpm" => "image/x-xpixmap",
".xwd" => "image/x-xwindowdump",
".css" => "text/css",
".html" => "text/html",
".htm" => "text/html",
".js" => "text/javascript",
".asc" => "text/plain",
".c" => "text/plain",
".cpp" => "text/plain",
".log" => "text/plain",
".conf" => "text/plain",
".text" => "text/plain",
".txt" => "text/plain",
".dtd" => "text/xml",
".xml" => "text/xml",
".mpeg" => "video/mpeg",
".mpg" => "video/mpeg",
".mov" => "video/quicktime",
".qt" => "video/quicktime",
".avi" => "video/x-msvideo",
".asf" => "video/x-ms-asf",
".asx" => "video/x-ms-asf",
".wmv" => "video/x-ms-wmv",
".bz2" => "application/x-bzip",
".tbz" => "application/x-bzip-compressed-tar",
".tar.bz2" => "application/x-bzip-compressed-tar"
)
########## BASE CONFIG - EDIT BELOW #########################
server.tag = "lighttpd (RedHat)"
accesslog.filename = "/var/log/lighttpd/access_log"
server.errorlog = "/var/log/lighttpd/error_log"
server.document-root = "/var/www/html/"
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
server.port = 80
server.bind = "202.54.xxx.xxx"
server.error-handler-404 = "/errorr404.php"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "lighttpd"
server.groupname = "lighttpd"
compress.cache-dir = "/tmp/lighttpd/cache/compress/"
compress.filetype = ("text/plain", "text/html")
$HTTP["url"] =~ "\.pdf$" {
server.range-requests = "disable"
}
fastcgi.server = ( ".php" =>
( "localhost" =>
(
"socket" => "/tmp/php-fastcgi.socket",
"bin-path" => "/usr/bin/php",
"max-procs" => 2,
)
)
)

c) Create a lighttpd sysconfig file:
# vi /etc/sysconfig/lighttpd
Add following line:
LIGHTTPD_CONF_PATH=/etc/lighttpd/lighttpd.conf
Save and close the file.

d) Create a lighttpd startup file (init.d script)
# vi /etc/init.d/lighttpd
Append following line:
#!/bin/sh
#
# lighttpd Startup script for the lighttpd server
#
# chkconfig: - 85 15
# description: Lighttpd web server
#
# processname: lighttpd
# config: /etc/lighttpd/lighttpd.conf
# config: /etc/sysconfig/lighttpd
# pidfile: /var/run/lighttpd.pid
#
# Source function library
. /etc/rc.d/init.d/functions
if [ -f /etc/sysconfig/lighttpd ]; then
. /etc/sysconfig/lighttpd
fi
if [ -z "$LIGHTTPD_CONF_PATH" ]; then
LIGHTTPD_CONF_PATH="/etc/lighttpd/lighttpd.conf"
fi
prog="lighttpd"
lighttpd="/usr/sbin/lighttpd"
RETVAL=0
start() {
echo -n $"Starting $prog: "
daemon $lighttpd -f $LIGHTTPD_CONF_PATH
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
return $RETVAL
}
stop() {
echo -n $"Stopping $prog: "
killproc $lighttpd
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog
return $RETVAL
}
reload() {
echo -n $"Reloading $prog: "
killproc $lighttpd -HUP
RETVAL=$?
echo
return $RETVAL
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
condrestart)
if [ -f /var/lock/subsys/$prog ]; then
stop
start
fi
;;
reload)
reload;;
status)
status $lighttpd
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|restart|condrestart|reload|status}"
RETVAL=1
esac
exit $RETVAL

Save and close the file.

e) Create necessary directories and set correct permissions:
# mkdir -p /var/log/lighttpd
# mkdir -p /tmp/lighttpd/cache/compress/
# chown lighttpd:lighttpd /var/log/lighttpd
# chown lighttpd:lighttpd /tmp/lighttpd/cache/compress/

f) Start the lighttpd, but first stop Apache if running:
# chkconfig httpd off
# /etc/init.d/httpd stop
# chkconfig --add lighttpd
# chkconfig lighttpd on
# /etc/init.d/lighttpd start

Verify that Lighttpd is running:
# netstat -tulpn | grep :80

Update: See how to use lighttpd and FastCGI configuration under RHEL 5.0 / CentOS 5.0.

Configure lighttpd alias (mod_alias)

Posted on in Categories Howto, lighttpd, Linux, UNIX last updated July 25, 2006

This lighttpd module provides for mapping different parts of the host filesystem in the document tree. You can use it for mapping various directories. For example cgi-bin directory mapped to /var/lib/cgi-bin. The alias module is used to specify a special document-root for a given url-subset.

Configuration

Open your lighttpd configuration file:
vi /etc/lighttpd/lighttpd.conf

Append/add mod_ alias to list of server modules:
server.modules += ( "mod_alias" )

Examples

Add cgi-bin alias for doamin theos.in
alias.url = ( "/cgi-bin/" => "/home/lighttpd/theos.in/cgi-bin/" )

Browse all documents installed at /usr/share/doc/ directory with following alias:
alias.url = ( "/docs/" => "/usr/share/doc/" )
alias.url += ( "/stats/" => "/home/theos.in/http/webalizer/" )

Open a browser and type url http://theos.in/docs/ or http://your-domain.com/docs/

Lighttpd rotating log files with logrotate tool

Posted on in Categories CentOS, Debian Linux, File system, FreeBSD, Gentoo Linux, Howto, lighttpd, Linux, RedHat/Fedora Linux, Storage, Ubuntu Linux, UNIX last updated July 8, 2006
Lighttpd logo

Last time I wrote about setting up virtual hosting for Lighttpd web server. Naturally next step is to setup log rotating with logrotate which rotates, compresses log files.

Our setup

Our sample setup has total 6 log files:
Default domain/IP log files:
/var/log/lighttpd/access.log
/var/log/lighttpd/error.log

nixcraft.com virtual domain log files:
/var/log/lighttpd/nixcraft.com/access.log
/var/log/lighttpd/error.log

theos.in virtual domain log files:
/var/log/lighttpd/theos.in/access.log
/var/log/lighttpd/theos.in/error.log

logrotate Configuration

All you need to do is open/create logrotate configuration file for lighttpd. Open file /etc/logrotate.d/lighttpd:
# vi /etc/logrotate.d/lighttpd

Append following text:
"/var/log/lighttpd/*.log" "/var/log/lighttpd/nixcraft.com/*.log " "/var/log/lighttpd/theos.in/*.log " {
missingok
copytruncate
rotate 7
compress
notifempty
sharedscripts
postrotate
/etc/init.d/lighttpd reload
endscript
}

Where,

  • “/var/log/lighttpd/*.log” “/var/log/lighttpd/nixcraft.com/*.log ” “/var/log/lighttpd/theos.in/*.log “: Log files with wild card specification as per our setup.
  • missingok: If the log file is missing, go on to the next log file without issuing an error message.
  • copytruncate: Truncate the original log file to zero size in place after creating a copy, instead of moving the old log file and optionally creating a new one
  • rotate 7: Log files are rotated 7 times before being removed or mailed to the address specified in a mail directive. If count is 0, old versions are removed rather then rotated.
  • compress: Old versions of log files are compressed with gzip to save disk space.
  • notifempty: Do not rotate the log if it is empty
  • sharedscripts
    postrotate
    /etc/init.d/lighttpd reload
    endscript:
    The lines between postrotate and endscript (both of which must appear on lines by themselves) are executed after the log file is rotated. These directives may only appear inside a log file definition. In our case we are reloading lighttpd. Other opting could be send –HUP single using kill command.

Make sure crond runs automatically after system reboot

Now your logs will rotate with logrotate command which is called from cronjob (/etc/cron.daily/logrotate) everyday. So make sure crond is running all the time:
# /etc/init.d/crond start
# chkconfig --list crond
# chkconfig crond on

Alternatively, run text based GUI tool for same purpose (Redhat/CentOS/Fedora and friends):
# ntsysv

If you are using Debian Linux, type the following command to configure crond using text based GUI tools:
# rcconf

Alternatively you can use update-rc.d command (Debian / Ubuntu Linux) to start crond automatically after system reboot:
# update-rc.d crond defaults