Tags:
deployment1Add my vote for this tag installation2Add my vote for this tag create new tag
, view all tags

TWiki on Lighttpd

Setup in 2 minutes (TWiki 4.2.x/Lighttpd 1.4.x)

Untar TWiki into a directory of your choice. For example, /usr/local/www/twiki. This is what you need in lighttpd.conf:
$HTTP["host"] =~ "your.site" {
   server.document-root = "/usr/local/www/twiki"
   $HTTP["url"] !~ "^/(bin|pub)/" { url.access-deny = ( "" ) }
   $HTTP["url"] =~ "^/bin/" { cgi.assign = ( ""  => "" ) }
   url.rewrite-once = ( "^/($|([A-Z].*))" => "/bin/view/$1" )
}
Also, make sure mod_access, mod_rewrite, and mod_cgi are enabled in lighttpd.conf. Restart lighttpd, and go to http://your.site/bin/configure. Default authentication settings should suit you just fine. Make sure you secure your configuration afterwards, for example you can do it this way:
chmod a-x /usr/local/www/twiki/bin/configure
. That's it, you're ready to go!

Authenticated attachments

To authenticate attachment downloads and view, you need to forbid direct access and redirect queries to viewfile:
$HTTP["url"] !~ "^/bin/" { url.access-deny = ( "" ) }
url.rewrite-once = ( "^/($|([A-Z].*))" => "/bin/view/$1",
   "^/pub/(.*?)/([^/]+)$" => "/bin/viewfile/$1?filename=$2" )

Longer/older setup with HTTP Authentication

I have succeeded in setting up TWiki 4.0.4 on lighttpd, on Gentoo. I'll document the process in this topic. See also TWikiOnLighttpdUsingFastCgi.

What's Working

  • Browsing/editing of topics as guest user in default (open) setup.
  • User authentication (with patched lighttpd)

Relevant sections of the configuration: (full listing in attached files)

/etc/lighttpd/lighttpd.conf:

More... Close
# {{{ variables
var.basedir  = "/var/www/localhost"
var.logdir   = "/var/log/lighttpd"
var.statedir = "/var/lib/lighttpd"
# }}}

# {{{ modules
# At the very least, mod_access and mod_accesslog should be enabled.
# All other modules should only be loaded if necessary.
# NOTE: the order of modules is important.
server.modules = (
    "mod_alias",
    "mod_access",
    "mod_accesslog"
)
# }}}

# {{{ includes
 include "mime-types.conf" # Note: this file has not been uploaded yet, your default lighttpd conf file probably has a mime section already, use that.
# uncomment for cgi support
   include "mod_cgi.conf"
# uncomment for php/fastcgi support
#   include "mod_fastcgi.conf"
# }}}

# {{{ server settings
 server.username      = "lighttpd"
server.groupname     = "lighttpd"

server.document-root = var.basedir + "/htdocs"
server.pid-file      = "/var/run/lighttpd.pid"

server.errorlog      = var.logdir  + "/error.log"
# log errors to syslog instead
#   server.errorlog-use-syslog = "enable"

server.indexfiles    = ("index.php", "index.html",
      "index.htm", "default.htm")

# server.tag           = "lighttpd"

server.follow-symlink = "enable"

# {{{ mod_staticfile

# which extensions should not be handled via static-file transfer
# (extensions that are usually handled by mod_cgi, mod_fastcgi, etc).
static-file.exclude-extensions = (".php", ".pl", ".cgi", ".fcgi")
# }}}

# {{{ mod_accesslog
 accesslog.filename   = var.logdir + "/access.log"
# }}}

# {{{ mod_access
# see access.txt
 url.access-deny = ("~", ".inc")
# }}}

# vim: set ft=conf foldmethod=marker et :

/etc/lighttpd/mod_cgi.conf:

More... Close
#
# see cgi.txt for more information on using mod_cgi
#

# Some older version of lighttpd seem to have a problem with this type of command.
# If you have trouble, just uncomment mod_cgi in the initial server.modules section (above, in lighttpd.conf).
server.modules += ("mod_cgi") 

# NOTE: this requires mod_alias
 alias.url = (
     "/twiki/bin/"          =>      var.basedir + "/htdocs/twiki/bin/"
)

$HTTP["url"] =~ "^/twiki/bin/" {
    # disable directory listings
    dir-listing.activate = "disable"
    # only allow cgi's in this directory
    cgi.assign = (
  ".pl"  =>  "/usr/bin/perl"
 )
}

# vim: set ft=conf foldmethod=marker et :

Issues

  • Scripts (view, configure etc.) need to be suffixed .pl - this should change when I find out how to pass every file in a particular directory to perl.
  • In the above setup, -T is not passed to the perl interpreter, and so all scripts (e.g. view) with -T set will fail (too late to set -T...). Speedy CGI allows the flag to be set and provides a nice performance increase. If you don't want to use Speedy CGI, lighttpd doesn't support passing arguments to CGI programs (see mod_cgi.c source code in lighttpd), so you will need to use the attached perlTaint.c program. Download and compile the program (gcc -o perlTaint perlTaint.c). Then instead of using "/usr/bin/perl" in your lighttpd.conf file use "/path/to/perlTaint". However, the files configure.pl and logon.pl do not use the taint flag, so your lighttpd.conf file will look more like:

...
    cgi.assign = (
      "configure.pl" => "/usr/bin/perl",
      "logon.pl"     => "/usr/bin/perl",
      ".pl"          => "/path/to/perlTaint"
   )
...
  • how to assign everything in a directory to perl:
....
$HTTP["url"] =~ "^/twiki/bin/" {
  cgi.assign = (
    "" => "/usr/bin/perl"
  )
}
...

Lighttpd and TWiki htpasswd files

The TWiki htpasswd authentication mechanism will work with lighttpd, but you have to make a very minor patch to lighttpd. TWiki creates .htpasswd entries using the following format:

username:cryptedPassword:emailAddress

whereas lighttpd only understand entries that have the form:

username:cryptedPassword

Out of the box lighttpd treats everything after the first colon as the password, instead of treating the password as everything between the first and second colon. Either you can create a new TWiki password manager that doesn't add an extra colon plus the email address to htpasswd entries, or you can patch lighttpd. I chose to patch lighttpd. The following is the patch to http_auth.c for lighttpd 1.4.11:

$ diff http_auth.original.c http_auth.c
 236c236
<                       char *f_user, *f_pwd, *e;
---
>                       char *f_user, *f_pwd, *e, *f_endpwd;
265a266,271
>
>                       /* truncate password at first : for compatibility */
>                       if (p->conf.auth_backend == AUTH_BACKEND_HTPASSWD &&
>                           NULL != (f_endpwd = memchr(f_pwd, ':', pwd_len))) {
>                               pwd_len = f_endpwd - f_pwd;
>                       }

For other versions, simply copy and paste the above code into the http_auth_get_password function in http_auth.c.

Once this patch is in place, you can turn on htpasswd authentication in the lighttpd.conf file. Here is an example of how to do it:

auth.backend = "htpasswd"
auth.backend.htpasswd.userfile = "/path/to/twiki/data/.htpasswd"
auth.require = ( "/twiki" =>
  (
    "method" = "basic",
    "realm" = "My TWiki realm",
    "require" = "valid-user"
  )
)

Performance

  • I am yet to benchmark the setup fully. However, initial tests showed promise and the addition of Speedy CGI nearly doubled performance.

Speedy CGI

Installation of Speedy CGI was from the source tarball and only required changing the shebang lines of the twiki scripts.

In the current setup, perl is called directly by lighttpd, which then invokes speedy to complete the action. This is resulting in a '2006-08-09 12:36:30: (mod_cgi.c.1106) cgi died ?' message in lighttpd's error log for each request. I am hoping to write a simple dispatcher later to avoid this overhead, and remove the error. The error appears to be harmless at this stage (more of a warning) as the page requests are loaded.

Benchmarks

Some benchmarks may be found in TWikiOnLighttpdUsingFastCgi.

-- Contributors: StefanHaflidason - 08 Aug 2006 -- KevinHoffman (user auth) - 25 Sep 2006

Discussion

Thank you Stefan for sharing this with the TWikiCommunity. Some people asked if TWiki runs on lighttpd.

-- PeterThoeny - 08 Aug 2006

I'm working on TWikiStandAlone project. I made many tests with Lighttpd and I'm very satisfied with results. I wrote some configuration tips for both Apache and Lighttpd. There is a primitive benchmark result as well wink

-- GilmarSantosJr - 29 Oct 2007

Hi, I've some trouble with this setup on Debian Etch. The first "<" of the html code will not be send. The rest looks great. All perl / CGI dependencies are met (checked with /bin/configure) Btw.: /bin/configure does not have this problem.

Any idea? Thanks in advance!

wget -O - http://myhost.local/bin/view/TWiki

DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

-- StefanJenkner - 13 Mar 2008

Topic attachments
I Attachment History Action Size Date Who Comment
Unknown file formatconf lighttpd.conf r1 manage 8.0 K 2006-08-09 - 08:34 StefanHaflidason Base lighttpd.conf, compatible with more recent versions of lighttpd
Unknown file formatconf mod_cgi.conf r1 manage 1.2 K 2006-08-09 - 08:37 StefanHaflidason CGI-specific lighttpd configuration (use in conjunction with attached lighttpd.conf).
C source code filec perlTaint.c r1 manage 0.7 K 2006-09-22 - 03:39 KevinHoffman Program to pass -T flag to perl so TWiki can be used with lighttpd and normal CGI
Edit | Attach | Watch | Print version | History: r19 < r18 < r17 < r16 < r15 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r19 - 2008-05-12 - AndrewPantyukhin
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.