diff --git a/SOURCES/favicon.ico b/SOURCES/favicon.ico new file mode 100644 index 0000000..ff71111 Binary files /dev/null and b/SOURCES/favicon.ico differ diff --git a/SOURCES/index.html b/SOURCES/index.html new file mode 100644 index 0000000..1660d0e --- /dev/null +++ b/SOURCES/index.html @@ -0,0 +1,29 @@ + + + + +
++ +
+ + + + + diff --git a/SOURCES/light_button.png b/SOURCES/light_button.png new file mode 100644 index 0000000..6f7a55b Binary files /dev/null and b/SOURCES/light_button.png differ diff --git a/SOURCES/light_logo.png b/SOURCES/light_logo.png new file mode 100644 index 0000000..0c7e3b3 Binary files /dev/null and b/SOURCES/light_logo.png differ diff --git a/SOURCES/lighttpd-1.4.35-system-crypto-policy.patch b/SOURCES/lighttpd-1.4.35-system-crypto-policy.patch new file mode 100644 index 0000000..580d7ba --- /dev/null +++ b/SOURCES/lighttpd-1.4.35-system-crypto-policy.patch @@ -0,0 +1,11 @@ +--- lighttpd-1.4.35/doc/config/lighttpd.conf~ 2014-03-12 11:40:36.000000000 -0500 ++++ lighttpd-1.4.35/doc/config/lighttpd.conf 2014-07-07 08:22:46.934838985 -0500 +@@ -417,7 +417,7 @@ + ## # Check your cipher list with: openssl ciphers -v '...' (use single quotes as your shell won't like ! in double quotes) + ## # + ## # If you know you have RSA keys (standard), you can use: +-## ssl.cipher-list = "aRSA+HIGH !3DES +kEDH +kRSA !kSRP !kPSK" ++## ssl.cipher-list = "PROFILE=SYSTEM" + ## # The more generic version (without the restriction to RSA keys) is + ## # ssl.cipher-list = "HIGH !aNULL !3DES +kEDH +kRSA !kSRP !kPSK" + ## # diff --git a/SOURCES/lighttpd-1.4.39-defaultconf.patch b/SOURCES/lighttpd-1.4.39-defaultconf.patch new file mode 100644 index 0000000..fa4f574 --- /dev/null +++ b/SOURCES/lighttpd-1.4.39-defaultconf.patch @@ -0,0 +1,35 @@ +--- doc/config/lighttpd.conf~ 2016-03-01 10:14:50.000000000 -0500 ++++ doc/config/lighttpd.conf 2016-03-01 10:17:59.194568947 -0500 +@@ -14,7 +14,7 @@ + ## chroot example aswell. + ## + var.log_root = "/var/log/lighttpd" +-var.server_root = "/srv/www" ++var.server_root = "/var/www" + var.state_dir = "/var/run" + var.home_dir = "/var/lib/lighttpd" + var.conf_dir = "/etc/lighttpd" +--- doc/config/lighttpd.conf.orig 2016-07-19 09:09:39.000000000 -0500 ++++ doc/config/lighttpd.conf 2016-07-19 09:25:40.282577966 -0500 +@@ -204,7 +204,9 @@ + ## By default lighttpd would not change the operation system default. + ## But setting it to 2048 is a better default for busy servers. + ## +-server.max-fds = 2048 ++## With SELinux enabled, this is denied by default and needs to be allowed ++## by running the following once : setsebool -P httpd_setrlimit on ++#server.max-fds = 2048 + + ## + ## listen-backlog is the size of the listen() backlog queue requested when +--- doc/config/lighttpd.conf~ 2016-08-05 08:24:07.000000000 -0500 ++++ doc/config/lighttpd.conf 2016-08-05 08:26:43.914683962 -0500 +@@ -112,7 +112,7 @@ + ## + ## Document root + ## +-server.document-root = server_root + "/htdocs" ++server.document-root = server_root + "/lighttpd" + + ## + ## The value for the "Server:" response field. diff --git a/SOURCES/lighttpd-1.4.39-socket.patch b/SOURCES/lighttpd-1.4.39-socket.patch new file mode 100644 index 0000000..bd3b392 --- /dev/null +++ b/SOURCES/lighttpd-1.4.39-socket.patch @@ -0,0 +1,11 @@ +--- doc/config/lighttpd.conf~ 2016-06-28 12:32:10.000000000 -0500 ++++ doc/config/lighttpd.conf 2016-06-28 12:41:50.478761160 -0500 +@@ -67,7 +67,7 @@ + ## conf.d/fastcgi.conf + ## conf.d/scgi.conf + ## +-var.socket_dir = home_dir + "/sockets" ++var.socket_dir = state_dir + "/sockets" + + ## + ####################################################################### diff --git a/SOURCES/lighttpd-empty.png b/SOURCES/lighttpd-empty.png new file mode 100644 index 0000000..0e4b6d3 Binary files /dev/null and b/SOURCES/lighttpd-empty.png differ diff --git a/SOURCES/lighttpd.init b/SOURCES/lighttpd.init new file mode 100644 index 0000000..1d6fd8b --- /dev/null +++ b/SOURCES/lighttpd.init @@ -0,0 +1,113 @@ +#!/bin/sh +# +# lighttpd Lightning fast webserver with light system requirements +# +# chkconfig: - 85 15 +# description: Secure, fast, compliant and very flexible web-server which has \ +# been optimized for high-performance environments. It has a \ +# very low memory footprint compared to other web servers and \ +# takes care of cpu-load. + +### BEGIN INIT INFO +# Provides: httpd +# Required-Start: $local_fs $network +# Required-Stop: $local_fs $network +# Should-Start: $named +# Should-Stop: $named +# Default-Start: +# Default-Stop: 0 1 2 3 4 5 6 +# Short-Description: Lightning fast webserver with light system requirements +# Description: Secure, fast, compliant and very flexible web-server which +# has been optimized for high-performance environments. It +# has a very low memory footprint compared to other web +# servers and takes care of cpu-load. +### END INIT INFO + +# Source function library. +. /etc/rc.d/init.d/functions + +exec="/usr/sbin/lighttpd" +prog="lighttpd" +config="/etc/lighttpd/lighttpd.conf" + +[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog + +lockfile=/var/lock/subsys/$prog + +start() { + [ -x $exec ] || exit 5 + [ -f $config ] || exit 6 + echo -n $"Starting $prog: " + daemon $exec -f $config + retval=$? + echo + [ $retval -eq 0 ] && touch $lockfile + return $retval +} + +stop() { + echo -n $"Stopping $prog: " + killproc $prog + retval=$? + echo + [ $retval -eq 0 ] && rm -f $lockfile + return $retval +} + +restart() { + stop + start +} + +reload() { + echo -n $"Reloading $prog: " + killproc $prog -HUP + retval=$? + echo + return $retval +} + +force_reload() { + restart +} + +rh_status() { + status $prog +} + +rh_status_q() { + rh_status &>/dev/null +} + + +case "$1" in + start) + rh_status_q && exit 0 + $1 + ;; + stop) + rh_status_q || exit 0 + $1 + ;; + restart) + $1 + ;; + reload) + rh_status_q || exit 7 + $1 + ;; + force-reload) + force_reload + ;; + status) + rh_status + ;; + condrestart|try-restart) + rh_status_q || exit 0 + restart + ;; + *) + echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" + exit 2 +esac +exit $? diff --git a/SOURCES/lighttpd.logrotate b/SOURCES/lighttpd.logrotate new file mode 100644 index 0000000..8ab2dc1 --- /dev/null +++ b/SOURCES/lighttpd.logrotate @@ -0,0 +1,8 @@ +/var/log/lighttpd/*log { + missingok + notifempty + sharedscripts + postrotate + /usr/bin/killall -HUP lighttpd &>/dev/null || : + endscript +} diff --git a/SOURCES/lighttpd.service b/SOURCES/lighttpd.service new file mode 100644 index 0000000..ef7a08c --- /dev/null +++ b/SOURCES/lighttpd.service @@ -0,0 +1,11 @@ +[Unit] +Description=Lightning Fast Webserver With Light System Requirements +After=syslog.target network-online.target + +[Service] +PIDFile=/var/run/lighttpd.pid +EnvironmentFile=-/etc/sysconfig/lighttpd +ExecStart=/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf + +[Install] +WantedBy=multi-user.target diff --git a/SOURCES/php.d-lighttpd.ini b/SOURCES/php.d-lighttpd.ini new file mode 100644 index 0000000..494900c --- /dev/null +++ b/SOURCES/php.d-lighttpd.ini @@ -0,0 +1,3 @@ +; Required so that PHP_SELF gets set correctly when using PHP through +; FastCGI with lighttpd (see main php.ini for more about this option) +cgi.fix_pathinfo = 1 diff --git a/SPECS/lighttpd.spec b/SPECS/lighttpd.spec new file mode 100644 index 0000000..5b1f2f3 --- /dev/null +++ b/SPECS/lighttpd.spec @@ -0,0 +1,812 @@ +%define webroot /var/www/lighttpd + +%global _hardened_build 1 + +# We have an bunch of --with/--without options to pass, make it easy with bcond +%define confswitch() %{expand:%%{?with_%{1}:--with-%{1}}%%{!?with_%{1}:--without-%{1}}} + +%bcond_without mysql +%bcond_without ldap +%bcond_without attr +%bcond_without openssl +%bcond_without kerberos5 +%bcond_without pcre +%bcond_without fam +%bcond_without lua +%bcond_without geoip +%bcond_without krb5 +# We can't have bcond names with hyphens +%bcond_with webdavprops +%bcond_with webdavlocks +%bcond_without gdbm +%bcond_with memcache + +# No poweredby.png image in EL5 and earlier (it's in Fedora and EL6+) +%if 0%{?el5} +%bcond_without systemlogos +%else +%bcond_without systemlogos +%endif + +# The /var/run/lighttpd directory uses tmpfiles.d when mounted using tmpfs +%if 0%{?fedora} >= 15 +%bcond_without tmpfiles +%else +%bcond_with tmpfiles +%endif + +# Replace sysvinit script with systemd service file for RHEL7+ +%if 0%{?fedora} || 0%{?rhel} >= 7 +%bcond_without systemd +%else +%bcond_with systemd +%endif + +Summary: Lightning fast webserver with light system requirements +Name: lighttpd +Version: 1.4.49 +Release: 1%{?dist} +License: BSD +Group: System Environment/Daemons +URL: http://www.lighttpd.net/ +Source0: http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-%{version}.tar.gz +Source1: lighttpd.logrotate +Source2: php.d-lighttpd.ini +Source3: lighttpd.init +Source4: lighttpd.service +Source10: index.html +Source11: http://www.lighttpd.net/favicon.ico +Source12: http://www.lighttpd.net/light_button.png +Source13: http://www.lighttpd.net/light_logo.png +Source14: lighttpd-empty.png +#Source100: lighttpd-mod_geoip.c +#Source101: lighttpd-mod_geoip.txt +Patch0: lighttpd-1.4.39-defaultconf.patch +#Patch1: lighttpd-1.4.40-mod_geoip.patch +Patch2: lighttpd-1.4.35-system-crypto-policy.patch +Patch3: lighttpd-1.4.39-socket.patch +#Patch4: changeset_rcd33554b74fd39ecd2e7c367070534da178d5147.diff +#Patch5: changeset_rcb468d333cd029b7b7463a17409e16ebf01f5711.diff +#Patch6: changeset_r779c133c16f9af168b004dce7a2a64f16c1cb3a4.diff +#Patch7: lighttpd-1.4.42-bignum.patch +#Patch8: lighttpd-1.4.43-mysql.patch +#Patch9: lighttpd-1.4.48-autoconf.patch +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root +# For the target poweredby.png image (skip requirement + provide image on EL5) +%if %{with systemlogos} +Requires: system-logos >= 7.92.1 +%endif +Requires(pre): /usr/sbin/useradd +%if %{with systemd} +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +BuildRequires: systemd +%else +Requires(post): /sbin/chkconfig +Requires(preun): /sbin/service, /sbin/chkconfig +Requires(postun): /sbin/service +%endif +Provides: webserver +BuildRequires: openssl-devel, pcre-devel, bzip2-devel, zlib-devel, autoconf, automake, libtool +BuildRequires: /usr/bin/awk, libattr-devel +%{?with_ldap:BuildRequires: openldap-devel} +%{?with_fam:BuildRequires: gamin-devel} +%{?with_webdavprops:BuildRequires: libxml2-devel} +%{?with_webdavlocks:BuildRequires: sqlite-devel} +%{?with_gdbm:BuildRequires: gdbm-devel} +%{?with_memcache:BuildRequires: memcached-devel} +%{?with_lua:BuildRequires: lua-devel} +# On EL5 we still need this because of the "broken" lua +%if 0%{?el5} +BuildRequires: readline-devel +%endif +Requires: psmisc + +%description +Secure, fast, compliant and very flexible web-server which has been optimized +for high-performance environments. It has a very low memory footprint compared +to other webservers and takes care of cpu-load. Its advanced feature-set +(FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make +it the perfect webserver-software for every server that is suffering load +problems. + + +%package fastcgi +Summary: FastCGI module and spawning helper for lighttpd and PHP configuration +Group: System Environment/Daemons +Requires: %{name} = %{version}-%{release} +# Not really a requirement, but it used to be included (until 1.4.20-5) +Requires: spawn-fcgi + +%description fastcgi +This package contains the spawn-fcgi helper for lighttpd's automatic spawning +of local FastCGI programs. Included is also a PHP .ini file to change a few +defaults needed for correct FastCGI behavior. + + +%package mod_geoip +Summary: GeoIP module for lighttpd to use for location lookups +Group: System Environment/Daemons +Requires: %{name} = %{version}-%{release} +BuildRequires: GeoIP-devel + +%description mod_geoip +GeoIP module for lighttpd to use for location lookups. + + +%package mod_mysql_vhost +Summary: Virtual host module for lighttpd that uses a MySQL database +Group: System Environment/Daemons +Requires: %{name} = %{version}-%{release} +BuildRequires: mysql-devel + +%description mod_mysql_vhost +Virtual host module for lighttpd that uses a MySQL database. + +%package mod_authn_mysql +Summary: Authentication module for lighttpd that uses a MySQL database +Group: System Environment/Daemons +Requires: %{name} = %{version}-%{release} +BuildRequires: mysql-devel + +%description mod_authn_mysql +Authentication module for lighttpd that uses a MySQL database. + +%package mod_authn_gssapi +Summary: Authentication module for lighttpd that uses GSSAPI +Group: System Environment/Daemons +Requires: %{name} = %{version}-%{release} + +%description mod_authn_gssapi +Authentication module for lighttpd that uses GSSAPI + + +%prep +%setup -q +%patch0 -p0 -b .defaultconf +#%patch1 -p0 -b .mod_geoip +%patch2 -p1 -b .crypto_policy +%patch3 -p0 -b .socket +#%patch4 -p1 -b .ipv6block +#%patch5 -p1 -b .conn_state +#%patch6 -p1 -b .http_proxy +#%patch7 -p0 -b .bignum +#%patch8 -p0 -b .mysql +#%patch9 -p0 -b .autoconf +#install -p -m 0644 %{SOURCE100} src/mod_geoip.c +#install -p -m 0644 %{SOURCE101} mod_geoip.txt + + +%build +#./autogen.sh +autoreconf -if +%configure \ + --libdir='%{_libdir}/lighttpd' \ + %{confswitch mysql} \ + %{confswitch ldap} \ + %{confswitch attr} \ + %{confswitch openssl} \ + %{confswitch kerberos5} \ + %{confswitch pcre} \ + %{confswitch fam} \ + %{?with_webdavprops:--with-webdav-props} \ + %{?with_webdavlocks:--with-webdav-locks} \ + %{confswitch gdbm} \ + %{confswitch memcache} \ + %{confswitch lua} \ + %{confswitch geoip} \ + %{confswitch krb5} +make %{?_smp_mflags} + + +%install +rm -rf %{buildroot} +make install DESTDIR=%{buildroot} + +# Install our own logrotate entry +install -D -p -m 0644 %{SOURCE1} \ + %{buildroot}%{_sysconfdir}/logrotate.d/lighttpd + +# Install our own php.d ini file +install -D -p -m 0644 %{SOURCE2} \ + %{buildroot}%{_sysconfdir}/php.d/lighttpd.ini + +# Install our own init script (included one is old style) or systemd service +%if %{with systemd} +install -D -p -m 0644 %{SOURCE4} \ + %{buildroot}%{_unitdir}/lighttpd.service +%else +install -D -p -m 0755 %{SOURCE3} \ + %{buildroot}%{_sysconfdir}/rc.d/init.d/lighttpd +%endif + +# Install our own default web page and images +mkdir -p %{buildroot}%{webroot} +install -p -m 0644 %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} \ + %{buildroot}%{webroot}/ + +# Symlink for the powered-by-$DISTRO image (install empty image on EL5) +%if %{with systemlogos} +ln -s %{_datadir}/pixmaps/poweredby.png \ +%else +install -p -m 0644 %{SOURCE14} \ +%endif + %{buildroot}%{webroot}/poweredby.png + +# Example configuration to be included as %%doc +rm -rf config +cp -a doc/config config +find config -name 'Makefile*' | xargs rm -f +# Remove +x from scripts to be included as %%doc to avoid auto requirement +chmod -x doc/scripts/*.sh + +# Install (*patched above*) sample config files +mkdir -p %{buildroot}%{_sysconfdir}/lighttpd +cp -a config/*.conf config/*.d %{buildroot}%{_sysconfdir}/lighttpd/ + +# Install empty log directory to include +mkdir -p %{buildroot}%{_var}/log/lighttpd + +# Install empty run directory to include (for the example fastcgi socket) +mkdir -p %{buildroot}%{_var}/run/lighttpd +%if %{with tmpfiles} +# Setup tmpfiles.d config for the above +mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d +echo 'D /var/run/lighttpd 0750 lighttpd lighttpd -' > \ + %{buildroot}%{_sysconfdir}/tmpfiles.d/lighttpd.conf +%endif + + +%clean +rm -rf %{buildroot} + + +%pre +/usr/sbin/useradd -s /sbin/nologin -M -r -d %{webroot} \ + -c 'lighttpd web server' lighttpd &>/dev/null || : + +%post +%if %{with systemd} +%systemd_post lighttpd.service +%else +/sbin/chkconfig --add lighttpd +%endif + +%preun +%if %{with systemd} +%systemd_preun lighttpd.service +%else +if [ $1 -eq 0 ]; then + /sbin/service lighttpd stop &>/dev/null || : + /sbin/chkconfig --del lighttpd +fi +%endif + +%postun +%if %{with systemd} +%systemd_postun_with_restart lighttpd.service +%else +if [ $1 -ge 1 ]; then + /sbin/service lighttpd condrestart &>/dev/null || : +fi +%endif + + +%files +%defattr(-,root,root,-) +%doc AUTHORS COPYING README +%doc config/ doc/scripts/rrdtool-graph.sh +%dir %{_sysconfdir}/lighttpd/ +%dir %{_sysconfdir}/lighttpd/conf.d/ +%dir %{_sysconfdir}/lighttpd/vhosts.d/ +%config(noreplace) %{_sysconfdir}/lighttpd/*.conf +%config(noreplace) %{_sysconfdir}/lighttpd/conf.d/*.conf +%config %{_sysconfdir}/lighttpd/conf.d/mod.template +%config %{_sysconfdir}/lighttpd/vhosts.d/vhosts.template +%config(noreplace) %{_sysconfdir}/logrotate.d/lighttpd +%if %{with systemd} +%{_unitdir}/lighttpd.service +%else +%{_sysconfdir}/rc.d/init.d/lighttpd +%endif +%if %{with tmpfiles} +%config(noreplace) %{_sysconfdir}/tmpfiles.d/lighttpd.conf +%endif +%{_sbindir}/lighttpd +%{_sbindir}/lighttpd-angel +%{_libdir}/lighttpd/ +%exclude %{_libdir}/lighttpd/*.la +%exclude %{_libdir}/lighttpd/mod_fastcgi.so +%exclude %{_libdir}/lighttpd/mod_geoip.so +%exclude %{_libdir}/lighttpd/mod_mysql_vhost.so +%exclude %{_libdir}/lighttpd/mod_authn_mysql.so +%exclude %{_libdir}/lighttpd/mod_authn_gssapi.so +%{_mandir}/man8/lighttpd*8* +%attr(0750, lighttpd, lighttpd) %{_var}/log/lighttpd/ +%if %{with tmpfiles} +%ghost %attr(0750, lighttpd, lighttpd) %{_var}/run/lighttpd/ +%else +%attr(0750, lighttpd, lighttpd) %{_var}/run/lighttpd/ +%endif +%attr(0700, lighttpd, lighttpd) %dir %{webroot}/ +%{webroot}/*.ico +%{webroot}/*.png +# This is not really configuration, but prevent loss of local changes +%config %{webroot}/index.html + +%files fastcgi +%defattr(-,root,root,-) +%doc doc/outdated/fastcgi*.txt doc/scripts/spawn-php.sh +%config(noreplace) %{_sysconfdir}/php.d/lighttpd.ini +%dir %{_libdir}/lighttpd/ +%{_libdir}/lighttpd/mod_fastcgi.so + +%files mod_geoip +%defattr(-,root,root,-) +#%doc mod_geoip.txt +%dir %{_libdir}/lighttpd/ +%{_libdir}/lighttpd/mod_geoip.so + +%files mod_mysql_vhost +%defattr(-,root,root,-) +%doc doc/outdated/mysqlvhost.txt +%dir %{_libdir}/lighttpd/ +%{_libdir}/lighttpd/mod_mysql_vhost.so + +%files mod_authn_mysql +%defattr(-,root,root,-) +%dir %{_libdir}/lighttpd/ +%{_libdir}/lighttpd/mod_authn_mysql.so + +%files mod_authn_gssapi +%defattr(-,root,root,-) +%dir %{_libdir}/lighttpd/ +%{_libdir}/lighttpd/mod_authn_gssapi.so + +%changelog +* Mon Mar 12 2018 Gwyn Ciesla