TWiki on Lighttpd

Setup in 2 minutes (TWiki 4.2.x/Lighttpd 1.4.x)

$HTTP["host"] =~ "your.site" {
   server.document-root = "/usr/local/www/twiki"
   $HTTP["url"] !~ "^/(bin|pub)/" { url.access-deny = ( "" ) }
   $HTTP["url"] =~ "^/bin/" { cgi.assign = ( ""  => "" ) }
   url.rewrite-once = ( "^/($|([A-Z].*))" => "/bin/view/$1" )
}

chmod a-x /usr/local/www/twiki/bin/configure

Authenticated attachments

$HTTP["url"] !~ "^/bin/" { url.access-deny = ( "" ) }
url.rewrite-once = ( "^/($|([A-Z].*))" => "/bin/view/$1",
   "^/pub/(.*?)/([^/]+)$" => "/bin/viewfile/$1?filename=$2" )

Longer/older setup with HTTP Authentication

What's Working

• Browsing/editing of topics as guest user in default (open) setup.
• User authentication (with patched lighttpd)

Relevant sections of the configuration: (full listing in attached files)

/etc/lighttpd/lighttpd.conf:

# {{{ variables
var.basedir  = "/var/www/localhost"
var.logdir   = "/var/log/lighttpd"
var.statedir = "/var/lib/lighttpd"
# }}}

# {{{ modules
# At the very least, mod_access and mod_accesslog should be enabled.
# All other modules should only be loaded if necessary.
# NOTE: the order of modules is important.
server.modules = (
    "mod_alias",
    "mod_access",
    "mod_accesslog"
)
# }}}

# {{{ includes
 include "mime-types.conf" # Note: this file has not been uploaded yet, your default lighttpd conf file probably has a mime section already, use that.
# uncomment for cgi support
   include "mod_cgi.conf"
# uncomment for php/fastcgi support
#   include "mod_fastcgi.conf"
# }}}

# {{{ server settings
 server.username      = "lighttpd"
server.groupname     = "lighttpd"

server.document-root = var.basedir + "/htdocs"
server.pid-file      = "/var/run/lighttpd.pid"

server.errorlog      = var.logdir  + "/error.log"
# log errors to syslog instead
#   server.errorlog-use-syslog = "enable"

server.indexfiles    = ("index.php", "index.html",
      "index.htm", "default.htm")

# server.tag           = "lighttpd"

server.follow-symlink = "enable"

# {{{ mod_staticfile

# which extensions should not be handled via static-file transfer
# (extensions that are usually handled by mod_cgi, mod_fastcgi, etc).
static-file.exclude-extensions = (".php", ".pl", ".cgi", ".fcgi")
# }}}

# {{{ mod_accesslog
 accesslog.filename   = var.logdir + "/access.log"
# }}}

# {{{ mod_access
# see access.txt
 url.access-deny = ("~", ".inc")
# }}}

# vim: set ft=conf foldmethod=marker et :

/etc/lighttpd/mod_cgi.conf:

#
# see cgi.txt for more information on using mod_cgi
#

# Some older version of lighttpd seem to have a problem with this type of command.
# If you have trouble, just uncomment mod_cgi in the initial server.modules section (above, in lighttpd.conf).
server.modules += ("mod_cgi") 

# NOTE: this requires mod_alias
 alias.url = (
     "/twiki/bin/"          =>      var.basedir + "/htdocs/twiki/bin/"
)

$HTTP["url"] =~ "^/twiki/bin/" {
    # disable directory listings
    dir-listing.activate = "disable"
    # only allow cgi's in this directory
    cgi.assign = (
  ".pl"  =>  "/usr/bin/perl"
 )
}

# vim: set ft=conf foldmethod=marker et :

Issues

• Scripts (view, configure etc.) need to be suffixed .pl - this should change when I find out how to pass every file in a particular directory to perl.
• In the above setup, -T is not passed to the perl interpreter, and so all scripts (e.g. view) with -T set will fail (too late to set -T...). Speedy CGI allows the flag to be set and provides a nice performance increase. If you don't want to use Speedy CGI, lighttpd doesn't support passing arguments to CGI programs (see mod_cgi.c source code in lighttpd), so you will need to use the attached perlTaint.c program. Download and compile the program (gcc -o perlTaint perlTaint.c). Then instead of using "/usr/bin/perl" in your lighttpd.conf file use "/path/to/perlTaint". However, the files configure.pl and logon.pl do not use the taint flag, so your lighttpd.conf file will look more like:

...
    cgi.assign = (
      "configure.pl" => "/usr/bin/perl",
      "logon.pl"     => "/usr/bin/perl",
      ".pl"          => "/path/to/perlTaint"
   )
...

• how to assign everything in a directory to perl:

....
$HTTP["url"] =~ "^/twiki/bin/" {
  cgi.assign = (
    "" => "/usr/bin/perl"
  )
}
...

Lighttpd and TWiki htpasswd files

username:cryptedPassword:emailAddress

whereas lighttpd only understand entries that have the form:

username:cryptedPassword

Out of the box lighttpd treats everything after the first colon as the password, instead of treating the password as everything between the first and second colon. Either you can create a new TWiki password manager that doesn't add an extra colon plus the email address to htpasswd entries, or you can patch lighttpd. I chose to patch lighttpd. The following is the patch to http_auth.c for lighttpd 1.4.11:

$ diff http_auth.original.c http_auth.c
 236c236
<                       char *f_user, *f_pwd, *e;
---
>                       char *f_user, *f_pwd, *e, *f_endpwd;
265a266,271
>
>                       /* truncate password at first : for compatibility */
>                       if (p->conf.auth_backend == AUTH_BACKEND_HTPASSWD &&
>                           NULL != (f_endpwd = memchr(f_pwd, ':', pwd_len))) {
>                               pwd_len = f_endpwd - f_pwd;
>                       }

For other versions, simply copy and paste the above code into the http_auth_get_password function in http_auth.c.

Once this patch is in place, you can turn on htpasswd authentication in the lighttpd.conf file. Here is an example of how to do it:

auth.backend = "htpasswd"
auth.backend.htpasswd.userfile = "/path/to/twiki/data/.htpasswd"
auth.require = ( "/twiki" =>
  (
    "method" = "basic",
    "realm" = "My TWiki realm",
    "require" = "valid-user"
  )
)

Performance

• I am yet to benchmark the setup fully. However, initial tests showed promise and the addition of Speedy CGI nearly doubled performance.

Speedy CGI

Installation of Speedy CGI was from the source tarball and only required changing the shebang lines of the twiki scripts.

In the current setup, perl is called directly by lighttpd, which then invokes speedy to complete the action. This is resulting in a '2006-08-09 12:36:30: (mod_cgi.c.1106) cgi died ?' message in lighttpd's error log for each request. I am hoping to write a simple dispatcher later to avoid this overhead, and remove the error. The error appears to be harmless at this stage (more of a warning) as the page requests are loaded.

Benchmarks

Some benchmarks may be found in TWikiOnLighttpdUsingFastCgi.

-- Contributors: StefanHaflidason - 08 Aug 2006 -- KevinHoffman (user auth) - 25 Sep 2006

Discussion

Thank you Stefan for sharing this with the TWikiCommunity. Some people asked if TWiki runs on lighttpd.

-- PeterThoeny - 08 Aug 2006

I'm working on TWikiStandAlone project. I made many tests with Lighttpd and I'm very satisfied with results. I wrote some configuration tips for both Apache and Lighttpd. There is a primitive benchmark result as well

-- GilmarSantosJr - 29 Oct 2007

Hi, I've some trouble with this setup on Debian Etch. The first "<" of the html code will not be send. The rest looks great. All perl / CGI dependencies are met (checked with /bin/configure) Btw.: /bin/configure does not have this problem.

Any idea? Thanks in advance!

wget -O - http://myhost.local/bin/view/TWiki

DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

-- StefanJenkner - 13 Mar 2008