2020-12-01 10:44:12 +01:00
|
|
|
@comment $NetBSD: PLIST,v 1.22 2020/12/01 09:44:12 schmonz Exp $
|
Initial import of lighttpd-1.4.3 as www/lighttpd.
LightTPD is a secure, fast, compliant, and very flexible web-server
which designed and optimized for for high-performance environments.
With a small memory footprint compared to other webservers, effective
management of the CPU load, and advanced feature set (FastCGI, CGI,
Auth, Output-Compression, URL-Rewriting and many more), LightTPD is
the perfect solution for every server that is suffering load problems.
This is loosely based on the lighttpd package from pkgsrc-wip by
Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
|
|
|
lib/lighttpd/mod_access.la
|
|
|
|
|
lib/lighttpd/mod_accesslog.la
|
|
|
|
|
lib/lighttpd/mod_alias.la
|
|
|
|
|
lib/lighttpd/mod_auth.la
|
2020-12-01 10:44:12 +01:00
|
|
|
${PLIST.libdbi}lib/lighttpd/mod_authn_dbi.la
|
Updated lighttpd to version 1.4.42.
Added geoip build option.
Changelog:
* [TLS] SSL_shutdown() only if handshake finished
* [mod_proxy,mod_scgi] shutdown remote only if local (#2743)
* [core] check if client half-closed TCP if POLLHUP (#2743)
* [core] enforce wait for POLLWR after EINPROGRESS (fixes #2744)
* [core] do not enter handler twice after read body
* [core] proxy,scgi omit shutdown() to backend (fixes #2743)
* [mod_dirlisting] dirlist does not handle POST
* [mod_dirlisting] js column sort for dirlist table (fixes #613, fixes #2315)
* [mod_auth] Digest auth fails after rewrite (fixes #2745)
* [mod_auth] refactor out auth backend code
* [mod_auth] extensible interface for auth backends
* [core] better DragonFlyBSD support (fixes #2746)
* [mod_auth] include base.h for USE_OPENSSL def
* [mod_auth] support CRYPT-MD5-NTLM algorithm (fixes #1743)
* [mod_auth] terminate salt for CRYPT-MD5-NTLM
* [core] fix crash if ready events on abandoned fd (fixes #2748)
* [mod_auth] http_auth_md5_hex2bin()
* [mod_auth] remove empty mod_auth.h
* [mod_auth] mod_authn_mysql.c MySQL auth backend (fixes #752, fixes #1845)
* [mod_cgi] permit CGI exec of unreadable files (fixes #2374)
* [mod_uploadprogress] add to default build
* [mod_geoip] add to default build (fixes #2705, fixes #2101, fixes #2092,
fixes #2025, fixes #1962, fixes #1938)
* [mod_fastcgi] Authorizer support with Responder (fixes #321, fixes #322)
* [tests] test coverage for issues (#321, #322)
* dynamic handlers store debug flag in handler_ctx
* [mod_fastcgi] allow authorizer, responder for same path/ext (#321)
* backport mod_deflate to lighttpd 1.4 (fixes #1824, fixes #2753)
* [autobuild] test_configfile might need vector.c (fixes #2752)
* [mod_deflate] fix longjmp clobber compiler warning
* remove unused array type TYPE_COUNT data_count
* [mod_auth] structured data, register auth schemes
* [mod_auth] mod_authn_gssapi Kerberos auth backend (fixes #1899)
* [autobuild] skip two new tests if no fcgi-auth
* [SCons] define with_krb5 for SCons build
* [SCons] fix syntax error in SConstruct
* [SCons] define with_geoip for SCons build
* [CMake] fix clang -Wcast-align warnings in lemon.c
* remove excess initializers (fix compiler warnings)
* fix errors detected by Coverity Scan
* performance: use Linux extended syscalls and flags
* [mod_scgi] add uwsgi protocol support
* [mod_auth] refactor LDAP code into smaller funcs
* [mod_auth] HTTP Basic auth backends also do authz (#1817)
* [mod_auth] ldap filter subst user for multiple '$' (fixes #1508)
* [mod_auth] permit specifying ldap DN; skip search (fixes #1248)
* [autobuild] update module/feature report
* [cmake] build mod_authn_gssapi if WITH_KRB5
* [mod_auth] fix printing of IP in error trace
* [mod_mysql_vhost] support multiple '?' replacement (fixes #2163)
* [core] make server.max-request-size scopeable (#1901)
* [core] server.max-request-field-size (fixes #2130)
* [core] optional condition in config "else" clause (fixes #1268)
* [core] restrict where config "else" clauses occur (#1268)
* silence warnings from clang ccc-analyzer
* consistent, shared code to create CGI env
* [TLS] replace env entries in https_add_ssl_entries
* [TLS] set SSL_CLIENT_M_SERIAL w/ client cert SN (fixes #2268)
* [TLS] set SSL_CLIENT_VERIFY w/ client cert (#1288, #2693)
* [TLS] set SSL_PROTOCOL, SSL_CIPHER* (fixes #2511)
* [core] rand.[ch] to use better RNGs when available
* [mod_cgi] fix pipe_cloexec() when no O_CLOEXEC
* ignore return value from fcntl() FD_CLOEXEC
* build w/o compiler warnings if no zlib or bz2lib
2016-10-18 00:00:22 +02:00
|
|
|
lib/lighttpd/mod_authn_file.la
|
2017-01-03 15:31:13 +01:00
|
|
|
${PLIST.gssapi}lib/lighttpd/mod_authn_gssapi.la
|
|
|
|
|
${PLIST.ldap}lib/lighttpd/mod_authn_ldap.la
|
|
|
|
|
${PLIST.mysql}lib/lighttpd/mod_authn_mysql.la
|
Initial import of lighttpd-1.4.3 as www/lighttpd.
LightTPD is a secure, fast, compliant, and very flexible web-server
which designed and optimized for for high-performance environments.
With a small memory footprint compared to other webservers, effective
management of the CPU load, and advanced feature set (FastCGI, CGI,
Auth, Output-Compression, URL-Rewriting and many more), LightTPD is
the perfect solution for every server that is suffering load problems.
This is loosely based on the lighttpd package from pkgsrc-wip by
Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
|
|
|
lib/lighttpd/mod_cgi.la
|
2017-01-03 15:31:13 +01:00
|
|
|
${PLIST.lua}lib/lighttpd/mod_cml.la
|
Updated lighttpd to version 1.4.42.
Added geoip build option.
Changelog:
* [TLS] SSL_shutdown() only if handshake finished
* [mod_proxy,mod_scgi] shutdown remote only if local (#2743)
* [core] check if client half-closed TCP if POLLHUP (#2743)
* [core] enforce wait for POLLWR after EINPROGRESS (fixes #2744)
* [core] do not enter handler twice after read body
* [core] proxy,scgi omit shutdown() to backend (fixes #2743)
* [mod_dirlisting] dirlist does not handle POST
* [mod_dirlisting] js column sort for dirlist table (fixes #613, fixes #2315)
* [mod_auth] Digest auth fails after rewrite (fixes #2745)
* [mod_auth] refactor out auth backend code
* [mod_auth] extensible interface for auth backends
* [core] better DragonFlyBSD support (fixes #2746)
* [mod_auth] include base.h for USE_OPENSSL def
* [mod_auth] support CRYPT-MD5-NTLM algorithm (fixes #1743)
* [mod_auth] terminate salt for CRYPT-MD5-NTLM
* [core] fix crash if ready events on abandoned fd (fixes #2748)
* [mod_auth] http_auth_md5_hex2bin()
* [mod_auth] remove empty mod_auth.h
* [mod_auth] mod_authn_mysql.c MySQL auth backend (fixes #752, fixes #1845)
* [mod_cgi] permit CGI exec of unreadable files (fixes #2374)
* [mod_uploadprogress] add to default build
* [mod_geoip] add to default build (fixes #2705, fixes #2101, fixes #2092,
fixes #2025, fixes #1962, fixes #1938)
* [mod_fastcgi] Authorizer support with Responder (fixes #321, fixes #322)
* [tests] test coverage for issues (#321, #322)
* dynamic handlers store debug flag in handler_ctx
* [mod_fastcgi] allow authorizer, responder for same path/ext (#321)
* backport mod_deflate to lighttpd 1.4 (fixes #1824, fixes #2753)
* [autobuild] test_configfile might need vector.c (fixes #2752)
* [mod_deflate] fix longjmp clobber compiler warning
* remove unused array type TYPE_COUNT data_count
* [mod_auth] structured data, register auth schemes
* [mod_auth] mod_authn_gssapi Kerberos auth backend (fixes #1899)
* [autobuild] skip two new tests if no fcgi-auth
* [SCons] define with_krb5 for SCons build
* [SCons] fix syntax error in SConstruct
* [SCons] define with_geoip for SCons build
* [CMake] fix clang -Wcast-align warnings in lemon.c
* remove excess initializers (fix compiler warnings)
* fix errors detected by Coverity Scan
* performance: use Linux extended syscalls and flags
* [mod_scgi] add uwsgi protocol support
* [mod_auth] refactor LDAP code into smaller funcs
* [mod_auth] HTTP Basic auth backends also do authz (#1817)
* [mod_auth] ldap filter subst user for multiple '$' (fixes #1508)
* [mod_auth] permit specifying ldap DN; skip search (fixes #1248)
* [autobuild] update module/feature report
* [cmake] build mod_authn_gssapi if WITH_KRB5
* [mod_auth] fix printing of IP in error trace
* [mod_mysql_vhost] support multiple '?' replacement (fixes #2163)
* [core] make server.max-request-size scopeable (#1901)
* [core] server.max-request-field-size (fixes #2130)
* [core] optional condition in config "else" clause (fixes #1268)
* [core] restrict where config "else" clauses occur (#1268)
* silence warnings from clang ccc-analyzer
* consistent, shared code to create CGI env
* [TLS] replace env entries in https_add_ssl_entries
* [TLS] set SSL_CLIENT_M_SERIAL w/ client cert SN (fixes #2268)
* [TLS] set SSL_CLIENT_VERIFY w/ client cert (#1288, #2693)
* [TLS] set SSL_PROTOCOL, SSL_CIPHER* (fixes #2511)
* [core] rand.[ch] to use better RNGs when available
* [mod_cgi] fix pipe_cloexec() when no O_CLOEXEC
* ignore return value from fcntl() FD_CLOEXEC
* build w/o compiler warnings if no zlib or bz2lib
2016-10-18 00:00:22 +02:00
|
|
|
lib/lighttpd/mod_deflate.la
|
Initial import of lighttpd-1.4.3 as www/lighttpd.
LightTPD is a secure, fast, compliant, and very flexible web-server
which designed and optimized for for high-performance environments.
With a small memory footprint compared to other webservers, effective
management of the CPU load, and advanced feature set (FastCGI, CGI,
Auth, Output-Compression, URL-Rewriting and many more), LightTPD is
the perfect solution for every server that is suffering load problems.
This is loosely based on the lighttpd package from pkgsrc-wip by
Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
|
|
|
lib/lighttpd/mod_dirlisting.la
|
2006-02-15 22:15:45 +01:00
|
|
|
lib/lighttpd/mod_evasive.la
|
Initial import of lighttpd-1.4.3 as www/lighttpd.
LightTPD is a secure, fast, compliant, and very flexible web-server
which designed and optimized for for high-performance environments.
With a small memory footprint compared to other webservers, effective
management of the CPU load, and advanced feature set (FastCGI, CGI,
Auth, Output-Compression, URL-Rewriting and many more), LightTPD is
the perfect solution for every server that is suffering load problems.
This is loosely based on the lighttpd package from pkgsrc-wip by
Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
|
|
|
lib/lighttpd/mod_evhost.la
|
|
|
|
|
lib/lighttpd/mod_expire.la
|
2007-04-19 18:16:17 +02:00
|
|
|
lib/lighttpd/mod_extforward.la
|
Initial import of lighttpd-1.4.3 as www/lighttpd.
LightTPD is a secure, fast, compliant, and very flexible web-server
which designed and optimized for for high-performance environments.
With a small memory footprint compared to other webservers, effective
management of the CPU load, and advanced feature set (FastCGI, CGI,
Auth, Output-Compression, URL-Rewriting and many more), LightTPD is
the perfect solution for every server that is suffering load problems.
This is loosely based on the lighttpd package from pkgsrc-wip by
Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
|
|
|
lib/lighttpd/mod_fastcgi.la
|
2006-04-10 14:07:18 +02:00
|
|
|
lib/lighttpd/mod_flv_streaming.la
|
Initial import of lighttpd-1.4.3 as www/lighttpd.
LightTPD is a secure, fast, compliant, and very flexible web-server
which designed and optimized for for high-performance environments.
With a small memory footprint compared to other webservers, effective
management of the CPU load, and advanced feature set (FastCGI, CGI,
Auth, Output-Compression, URL-Rewriting and many more), LightTPD is
the perfect solution for every server that is suffering load problems.
This is loosely based on the lighttpd package from pkgsrc-wip by
Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
|
|
|
lib/lighttpd/mod_indexfile.la
|
2017-01-03 15:31:13 +01:00
|
|
|
${PLIST.lua}lib/lighttpd/mod_magnet.la
|
lighttpd: Update to 1.4.54.
pkgsrc changes:
Replace use of legacy GeoIP library with libmaxminddb.
Uses a different module.
Changes:
Highlights
behavior change: strict URL parsing and normalization (configurable)
behavior change: mod_webdav now rejects partial PUT (configurable)
mod_auth: HTTP Auth Digest algorithm=SHA-256
mod_webdav: major rewrite: robustness, performance, RFC compliance
mod_maxminddb: new; obsoletes discontinued mod_geoip
Changes from 1.4.53
[mod_evhost] handle IPv6 literal addr; add tests
[core] separate server_main_loop() func, mark hot
[core] mark startup/shutdown funcs cold
[core] some server_main_loop() cleanup
[core] fdevent_process()
[core] srv→max_fds_lowat and srv→max_fds_hiwat
[core] remove server.h
[mod_staticfile] search ext array if not empty
[core] store joblist pointer on stack
[core] quickly clear request buffer for reuse
[core] helper funcs for connection_state_machine()
[core] perf: optimize connection_read_header()
[core] parse request in connection_read_header()
[core] log_request_header_on_error in one place
[core] copy request only if might need for logging
[core] make parse_request,request.request same buf
[core] prefer buffer_caseless_compare()
[core] pass req hdrs buffer to http_request_parse
[core] replace con→response.keep_alive
[core] mark log_error_write*() funcs cold
[core] http_request_parse() mark error paths cold
[core] lift code out of request line parse loop
[core] get_http_method_key() match by strlen first
[core] RFC7230 HTTP-version parse
[mod_accesslog] attempt to reconstruct req line
[multiple] minor: remove duplicated conditions
[mod_deflate] honor request for x-gzip, x-bzip2
[mod_auth] minor: adjust config validation
[core] discard oversized trailers
[core] no keep-alive if POLLRDHUP,empty read queue
[core] fix gw_backend spelling of directive in err
[multiple] reduce code dup in list resizing
[core] con→is_ssl_sock
[core] connection_handle_write() updates con state
[core] skip plugins_call_cleanup if not init’ed
[core] simpler loops to run plugin hooks
[core] fix mixed use of srv→split_vals array (fixes #2932)
[core] dispatch events from within event framework
[core] don’t call fd event handlers more than once, they might already be gone (fixes segfault)
[core] poll: fdarray uses fd as index, not fde_ndx
[core] map FDEVENT_* to OS system event frameworks
[core] prefer memchr() over strchr()
[core] use openssl to read,discard request body
[mod_openssl] inherit cipherlist from global scope
[mod_openssl] default: ssl.cipher-list = “HIGH”
[mod_proxy] pass Content-Length to backend if > 0
[core] config option to allow GET w/ request body
[core] some fdevent code streamlining
[core] remove fde_ndx member outside fdevents
[core] remove redundant check for allow_http11
[mod_openssl] use 16k static buffer instead of 64k
[core] pull server load checks out of main loop
[core] isolate fdevent processing
[core] release empty chunk buf when nothing read
[core] perf: pass (fdnode *) to epoll and kqueue
[core] modify config parser to handle multiple }
[core] pass (fdnode *) for registered fdevent fd
[mod_auth] http_auth_digest_hex2bin()
[mod_auth] http_auth_info_t digest abstraction
[mod_auth] pass http_auth_require_t for 401 Unauth
[core] no SOCK_NONBLOCK on QNX 7.0
[mod_auth] HTTP Auth Digest algorithm=SHA-256
[core] silence coverity warning
[mod_magnet] fix invalid script return-type crash (fixes #2938)
[build] remove -Wdeclaration-after-statement
[core] pass conf.follow_symlink in more places
[core] fix assertion with server.error-handler (fixes #2941)
[core] extend dir redirection to take HTTP status
[doc] minor adjust create-mime.conf.pl regex match (#2942)
[core] attribute((fallthrough)) for GCC 7.0
[core] fdevent_mkstemp_append() (shared)
[core] off_t upload_temp_file_size
[core] clear FDEVENT_RDHUP if no POLLRDHUP
[mod_wstunnel] fix ping-interval for big-endian (fixes #2944)
[core] fix abort in http-parseopts (fixes #2945)
[core] remove repeated slashes in http-parseopts
[core] fix 1.4.52 regression in mem use with POST (fixes #2948)
[multiple] cleaner calloc use in SETDEFAULTS_FUNC
[core] add const to some etag prototypes
[core] attribute((format …))
[core] struct log_error_st for error logging
[core] log_error, log_perror using printf-like fmt
[core] new worker_init hook to follow parent fork
[core] replace open() with fdevent_open_cloexec()
[mod_webdav] major rewrite (fixes #1818)
[core] 200 for OPTIONS /non-existent/path HTTP/1.1 (fixes #2939)
[mod_webdav] surround Lock-Token with “<…>”
[mod_webdav] fix uuid detection macro
[mod_webdav] fix misbehavior on blank nodes in PROPPATCH
[mod_webdav] clean up resources after do{}while(0)
[mod_webdav] check If-Match, If-Unmodified-Since (#1818)
[mod_webdav] deprecated unsafe partial PUT compat
[mod_webdav] provide ETag in more responses
[mod_webdav] platform portability fixes
[mod_webdav] disable elftc_copyfile() on FreeBSD
[mod_webdav] special-case If: ()
[mod_webdav] check If-None-Match (#1818)
[stat_cache] separate func for symlink policy chk
[stat_cache] separate symlink pol from data struct
[stat_cache] store entries without trailing slash
[stat_cache] pass age param for stat cache cleanup
[stat_cache] remove splaytree ins/del debug code
[stat_cache] FAM: reduce string copying
[stat_cache] FAM: check FAMNextEvent() return code
[stat_cache] FAM: use entry hash index as userdata
[stat_cache] FAM: improve handling modified file
[stat_cache] FAM: ignore follow-symlink config
[stat_cache] FAM: check hash collision before add
[stat_cache] FAM: ignore event with no valid match
[stat_cache] FAM: funcs to invalidate entries
[stat_cache] interfaces to invalidate entries
[mod_webdav] update stat_cache after file mod
[core] use high precision stat timestamp in etag
[scons] adjustment for static build under CentOS
[core] emit trace using path before clearing path
[core] http_chunk_append_file_fd()
[multiple] open target file earlier in some cases
[stat_cache] no longer stat() and open() for stat
[stat_cache] FAM: improve monitoring, cache 16 sec
[stat_cache] FAM: separate routine for FDEVENT_IN
[stat_cache] FAM: whitespace-only change
[mod_webdav] quiet coverity warnings
[doc] highlight relevance of module load order (fixes #2946)
[core] behavior change: stricter URL normalization
[stat_cache] fix compilation error for cmake
[cmake] help cmake on FreeBSD find sys/event.h
[scons] help scons on FreeBSD find sys/event.h
[build] detect FreeBSD elftc_copyfile()
[mod_openssl] use SSL_CTX_set_client_hello_cb()
[core] support weak etags with If-None-Match
[core] store log_state_handling flag on stack
[core] check if splay_tree NULL before invalidate
[mod_webdav] workaround Microsoft-WebDAV-MiniRedir
[mod_webdav] doc Microsoft-WebDAV-MiniRedir bugs
[mod_webdav] invalidate parent dir in stat_cache
[doc] systemd socket activation config example
[core] chunkqueue perf: code reuse
[core] chunkqueue perf: specialized buffer.h funcs
[core] chunkqueue perf: skip opening 0-length file
[core] chunkqueue perf: read small files into mem
[core] buffer_reset() should not be passed NULL
[tests] has_feature() helper func
[tests] skip mod-secdownload HMAC-SHA1,HMAC-SHA256
[core] use high precision stat timestamp on OS X
[mod_magnet] expose server addr (local IP) to lua
[core] adjust http_chunk read() retry loop
[mod_maxminddb] MaxMind GeoIP2 support
[mod_authn_ldap] ldap_set_option LDAP_OPT_RESTART (fixes #2940)
2019-05-29 12:01:28 +02:00
|
|
|
${PLIST.geoip}lib/lighttpd/mod_maxminddb.la
|
2017-01-03 15:31:13 +01:00
|
|
|
${PLIST.mysql}lib/lighttpd/mod_mysql_vhost.la
|
2017-10-29 02:34:29 +02:00
|
|
|
${PLIST.ssl}lib/lighttpd/mod_openssl.la
|
Initial import of lighttpd-1.4.3 as www/lighttpd.
LightTPD is a secure, fast, compliant, and very flexible web-server
which designed and optimized for for high-performance environments.
With a small memory footprint compared to other webservers, effective
management of the CPU load, and advanced feature set (FastCGI, CGI,
Auth, Output-Compression, URL-Rewriting and many more), LightTPD is
the perfect solution for every server that is suffering load problems.
This is loosely based on the lighttpd package from pkgsrc-wip by
Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
|
|
|
lib/lighttpd/mod_proxy.la
|
|
|
|
|
lib/lighttpd/mod_redirect.la
|
|
|
|
|
lib/lighttpd/mod_rewrite.la
|
|
|
|
|
lib/lighttpd/mod_rrdtool.la
|
|
|
|
|
lib/lighttpd/mod_scgi.la
|
|
|
|
|
lib/lighttpd/mod_secdownload.la
|
|
|
|
|
lib/lighttpd/mod_setenv.la
|
|
|
|
|
lib/lighttpd/mod_simple_vhost.la
|
lighttpd: update to 1.4.50.
- 1.4.50 - 2018-08-13
* [mod_extforward] allow explict IPs to be untrusted (#2860)
* [core] fix crash if 'host' empty in config (fixes #2876)
* [mod_magnet] fix regression in lighty.stat (fixes #2877)
* [core] minor code cleanup in gw_recv_response()
* [core] fix rare race condition from backends (fixes #2878)
* [mod_proxy] fix segfault in Set-Cookie reverse map (fixes #2879)
* [core] fdevent_accept_listenfd() nonblock cloexec
* [build] remove m4 AC_PATH_PROG for PKG_CONFIG
* [core] some header cleanup
* [mod_wstunnel] better Sec-WebSocket-Protocol parse
* [mod_magnet] code reuse
* [mod_magnet] reduce buffer copies
* [mod_fastcgi,mod_scgi] fastcgi.balance,scgi.balance (fixes #2882)
* [core] check if SOCK_NONBLOCK is ignored (fixes #2883)
* [core] buffer_append_string_encoded_hex_lc()
* [core] more efficient hex2int()
* [mod_secdownload] compare bin MAC instead of hex
* [core] li_tohex_lc() explicitly uses lc hex chars
* [core] buffer_append_uint_hex_lc() uses lc hex
* [core] buffer_append_string_encoded() uc hex
* [tests] reduce test_base64 brute force tests
* [tests] remove test_buffer output, except on error
* [core] check for continuation in server.tag
* [core] CONNECT must be handled before fs hooks
* [mod_redirect, mod_rewrite] code reuse (sharing)
* [core] data_config_pcre_compile,exec()
* [tests] test_request unit tests
* [core] http_kv.[ch] method, status, version str
* [core] remove unused get_http_status_body_name()
* [core] remove proc_open.[ch], reduce stdio.h use
* [tests] move src/test_*.c to src/t/
* [core] server.http-parseopts URL normalization opt (fixes #1720)
* [core] inline some buffer.[ch] routines
* [core] remove some duplicative code in log.c
* [core] debug server.log-request-header-on-error
* [mod_redirect,mod_rewrite] short-circuit earlier
* [core] fix buffer_to_upper()
* [mod_cgi] handle CGI partial response header write
* [mod_redirect,mod_rewrite] pass request URI info
* [mod_redirect,mod_rewrite] encoding options (fixes #443, fixes #911)
* [mod_redirect,mod_rewrite] fix segfault w/ invalid syntax (fixes #2892)
* [mod_fastcgi] fix memleak with FastCGI auth,resp (fixes #2894)
* [mod_alias] security: potential path traversal with specific configs
* [mod_wstunnel] quiet 32-bit compiler warnings
* [core] POLLRDHUP handling for transparent proxying
* [mod_redirect,mod_rewrite] support up to 19 match
* [core] add missing includes to quiet compiler warn
* [mod_redirect,mod_rewrite] base64url encoding opt
* [mod_rewrite] require rewrite result to begin '/'
* [core] security: use-after-free invalid Range req
* [core] reset var if FAMMonitorDirectory() fails
* [core] option to propagate TCP FIN to backend host
* mod_sockproxy - socket forwarding
* [core] workaround Coverity cov-build bug with gcc7
* [build] add missing file for test_burl
* [core] quell insignificant coverity warning
* [core] extend server.http-parseopts
2018-08-14 08:24:54 +02:00
|
|
|
lib/lighttpd/mod_sockproxy.la
|
Initial import of lighttpd-1.4.3 as www/lighttpd.
LightTPD is a secure, fast, compliant, and very flexible web-server
which designed and optimized for for high-performance environments.
With a small memory footprint compared to other webservers, effective
management of the CPU load, and advanced feature set (FastCGI, CGI,
Auth, Output-Compression, URL-Rewriting and many more), LightTPD is
the perfect solution for every server that is suffering load problems.
This is loosely based on the lighttpd package from pkgsrc-wip by
Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
|
|
|
lib/lighttpd/mod_ssi.la
|
|
|
|
|
lib/lighttpd/mod_staticfile.la
|
|
|
|
|
lib/lighttpd/mod_status.la
|
2017-01-03 15:31:13 +01:00
|
|
|
${PLIST.gdbm}lib/lighttpd/mod_trigger_b4_dl.la
|
2018-04-17 22:11:15 +02:00
|
|
|
${PLIST.memcached}lib/lighttpd/mod_trigger_b4_dl.la
|
Updated lighttpd to version 1.4.42.
Added geoip build option.
Changelog:
* [TLS] SSL_shutdown() only if handshake finished
* [mod_proxy,mod_scgi] shutdown remote only if local (#2743)
* [core] check if client half-closed TCP if POLLHUP (#2743)
* [core] enforce wait for POLLWR after EINPROGRESS (fixes #2744)
* [core] do not enter handler twice after read body
* [core] proxy,scgi omit shutdown() to backend (fixes #2743)
* [mod_dirlisting] dirlist does not handle POST
* [mod_dirlisting] js column sort for dirlist table (fixes #613, fixes #2315)
* [mod_auth] Digest auth fails after rewrite (fixes #2745)
* [mod_auth] refactor out auth backend code
* [mod_auth] extensible interface for auth backends
* [core] better DragonFlyBSD support (fixes #2746)
* [mod_auth] include base.h for USE_OPENSSL def
* [mod_auth] support CRYPT-MD5-NTLM algorithm (fixes #1743)
* [mod_auth] terminate salt for CRYPT-MD5-NTLM
* [core] fix crash if ready events on abandoned fd (fixes #2748)
* [mod_auth] http_auth_md5_hex2bin()
* [mod_auth] remove empty mod_auth.h
* [mod_auth] mod_authn_mysql.c MySQL auth backend (fixes #752, fixes #1845)
* [mod_cgi] permit CGI exec of unreadable files (fixes #2374)
* [mod_uploadprogress] add to default build
* [mod_geoip] add to default build (fixes #2705, fixes #2101, fixes #2092,
fixes #2025, fixes #1962, fixes #1938)
* [mod_fastcgi] Authorizer support with Responder (fixes #321, fixes #322)
* [tests] test coverage for issues (#321, #322)
* dynamic handlers store debug flag in handler_ctx
* [mod_fastcgi] allow authorizer, responder for same path/ext (#321)
* backport mod_deflate to lighttpd 1.4 (fixes #1824, fixes #2753)
* [autobuild] test_configfile might need vector.c (fixes #2752)
* [mod_deflate] fix longjmp clobber compiler warning
* remove unused array type TYPE_COUNT data_count
* [mod_auth] structured data, register auth schemes
* [mod_auth] mod_authn_gssapi Kerberos auth backend (fixes #1899)
* [autobuild] skip two new tests if no fcgi-auth
* [SCons] define with_krb5 for SCons build
* [SCons] fix syntax error in SConstruct
* [SCons] define with_geoip for SCons build
* [CMake] fix clang -Wcast-align warnings in lemon.c
* remove excess initializers (fix compiler warnings)
* fix errors detected by Coverity Scan
* performance: use Linux extended syscalls and flags
* [mod_scgi] add uwsgi protocol support
* [mod_auth] refactor LDAP code into smaller funcs
* [mod_auth] HTTP Basic auth backends also do authz (#1817)
* [mod_auth] ldap filter subst user for multiple '$' (fixes #1508)
* [mod_auth] permit specifying ldap DN; skip search (fixes #1248)
* [autobuild] update module/feature report
* [cmake] build mod_authn_gssapi if WITH_KRB5
* [mod_auth] fix printing of IP in error trace
* [mod_mysql_vhost] support multiple '?' replacement (fixes #2163)
* [core] make server.max-request-size scopeable (#1901)
* [core] server.max-request-field-size (fixes #2130)
* [core] optional condition in config "else" clause (fixes #1268)
* [core] restrict where config "else" clauses occur (#1268)
* silence warnings from clang ccc-analyzer
* consistent, shared code to create CGI env
* [TLS] replace env entries in https_add_ssl_entries
* [TLS] set SSL_CLIENT_M_SERIAL w/ client cert SN (fixes #2268)
* [TLS] set SSL_CLIENT_VERIFY w/ client cert (#1288, #2693)
* [TLS] set SSL_PROTOCOL, SSL_CIPHER* (fixes #2511)
* [core] rand.[ch] to use better RNGs when available
* [mod_cgi] fix pipe_cloexec() when no O_CLOEXEC
* ignore return value from fcntl() FD_CLOEXEC
* build w/o compiler warnings if no zlib or bz2lib
2016-10-18 00:00:22 +02:00
|
|
|
lib/lighttpd/mod_uploadprogress.la
|
Initial import of lighttpd-1.4.3 as www/lighttpd.
LightTPD is a secure, fast, compliant, and very flexible web-server
which designed and optimized for for high-performance environments.
With a small memory footprint compared to other webservers, effective
management of the CPU load, and advanced feature set (FastCGI, CGI,
Auth, Output-Compression, URL-Rewriting and many more), LightTPD is
the perfect solution for every server that is suffering load problems.
This is loosely based on the lighttpd package from pkgsrc-wip by
Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
|
|
|
lib/lighttpd/mod_userdir.la
|
|
|
|
|
lib/lighttpd/mod_usertrack.la
|
2017-10-24 09:27:34 +02:00
|
|
|
lib/lighttpd/mod_vhostdb.la
|
2020-12-01 10:44:12 +01:00
|
|
|
${PLIST.libdbi}lib/lighttpd/mod_vhostdb_dbi.la
|
2017-12-25 16:56:29 +01:00
|
|
|
${PLIST.ldap}lib/lighttpd/mod_vhostdb_ldap.la
|
lighttpd: Update to 1.4.54.
pkgsrc changes:
Replace use of legacy GeoIP library with libmaxminddb.
Uses a different module.
Changes:
Highlights
behavior change: strict URL parsing and normalization (configurable)
behavior change: mod_webdav now rejects partial PUT (configurable)
mod_auth: HTTP Auth Digest algorithm=SHA-256
mod_webdav: major rewrite: robustness, performance, RFC compliance
mod_maxminddb: new; obsoletes discontinued mod_geoip
Changes from 1.4.53
[mod_evhost] handle IPv6 literal addr; add tests
[core] separate server_main_loop() func, mark hot
[core] mark startup/shutdown funcs cold
[core] some server_main_loop() cleanup
[core] fdevent_process()
[core] srv→max_fds_lowat and srv→max_fds_hiwat
[core] remove server.h
[mod_staticfile] search ext array if not empty
[core] store joblist pointer on stack
[core] quickly clear request buffer for reuse
[core] helper funcs for connection_state_machine()
[core] perf: optimize connection_read_header()
[core] parse request in connection_read_header()
[core] log_request_header_on_error in one place
[core] copy request only if might need for logging
[core] make parse_request,request.request same buf
[core] prefer buffer_caseless_compare()
[core] pass req hdrs buffer to http_request_parse
[core] replace con→response.keep_alive
[core] mark log_error_write*() funcs cold
[core] http_request_parse() mark error paths cold
[core] lift code out of request line parse loop
[core] get_http_method_key() match by strlen first
[core] RFC7230 HTTP-version parse
[mod_accesslog] attempt to reconstruct req line
[multiple] minor: remove duplicated conditions
[mod_deflate] honor request for x-gzip, x-bzip2
[mod_auth] minor: adjust config validation
[core] discard oversized trailers
[core] no keep-alive if POLLRDHUP,empty read queue
[core] fix gw_backend spelling of directive in err
[multiple] reduce code dup in list resizing
[core] con→is_ssl_sock
[core] connection_handle_write() updates con state
[core] skip plugins_call_cleanup if not init’ed
[core] simpler loops to run plugin hooks
[core] fix mixed use of srv→split_vals array (fixes #2932)
[core] dispatch events from within event framework
[core] don’t call fd event handlers more than once, they might already be gone (fixes segfault)
[core] poll: fdarray uses fd as index, not fde_ndx
[core] map FDEVENT_* to OS system event frameworks
[core] prefer memchr() over strchr()
[core] use openssl to read,discard request body
[mod_openssl] inherit cipherlist from global scope
[mod_openssl] default: ssl.cipher-list = “HIGH”
[mod_proxy] pass Content-Length to backend if > 0
[core] config option to allow GET w/ request body
[core] some fdevent code streamlining
[core] remove fde_ndx member outside fdevents
[core] remove redundant check for allow_http11
[mod_openssl] use 16k static buffer instead of 64k
[core] pull server load checks out of main loop
[core] isolate fdevent processing
[core] release empty chunk buf when nothing read
[core] perf: pass (fdnode *) to epoll and kqueue
[core] modify config parser to handle multiple }
[core] pass (fdnode *) for registered fdevent fd
[mod_auth] http_auth_digest_hex2bin()
[mod_auth] http_auth_info_t digest abstraction
[mod_auth] pass http_auth_require_t for 401 Unauth
[core] no SOCK_NONBLOCK on QNX 7.0
[mod_auth] HTTP Auth Digest algorithm=SHA-256
[core] silence coverity warning
[mod_magnet] fix invalid script return-type crash (fixes #2938)
[build] remove -Wdeclaration-after-statement
[core] pass conf.follow_symlink in more places
[core] fix assertion with server.error-handler (fixes #2941)
[core] extend dir redirection to take HTTP status
[doc] minor adjust create-mime.conf.pl regex match (#2942)
[core] attribute((fallthrough)) for GCC 7.0
[core] fdevent_mkstemp_append() (shared)
[core] off_t upload_temp_file_size
[core] clear FDEVENT_RDHUP if no POLLRDHUP
[mod_wstunnel] fix ping-interval for big-endian (fixes #2944)
[core] fix abort in http-parseopts (fixes #2945)
[core] remove repeated slashes in http-parseopts
[core] fix 1.4.52 regression in mem use with POST (fixes #2948)
[multiple] cleaner calloc use in SETDEFAULTS_FUNC
[core] add const to some etag prototypes
[core] attribute((format …))
[core] struct log_error_st for error logging
[core] log_error, log_perror using printf-like fmt
[core] new worker_init hook to follow parent fork
[core] replace open() with fdevent_open_cloexec()
[mod_webdav] major rewrite (fixes #1818)
[core] 200 for OPTIONS /non-existent/path HTTP/1.1 (fixes #2939)
[mod_webdav] surround Lock-Token with “<…>”
[mod_webdav] fix uuid detection macro
[mod_webdav] fix misbehavior on blank nodes in PROPPATCH
[mod_webdav] clean up resources after do{}while(0)
[mod_webdav] check If-Match, If-Unmodified-Since (#1818)
[mod_webdav] deprecated unsafe partial PUT compat
[mod_webdav] provide ETag in more responses
[mod_webdav] platform portability fixes
[mod_webdav] disable elftc_copyfile() on FreeBSD
[mod_webdav] special-case If: ()
[mod_webdav] check If-None-Match (#1818)
[stat_cache] separate func for symlink policy chk
[stat_cache] separate symlink pol from data struct
[stat_cache] store entries without trailing slash
[stat_cache] pass age param for stat cache cleanup
[stat_cache] remove splaytree ins/del debug code
[stat_cache] FAM: reduce string copying
[stat_cache] FAM: check FAMNextEvent() return code
[stat_cache] FAM: use entry hash index as userdata
[stat_cache] FAM: improve handling modified file
[stat_cache] FAM: ignore follow-symlink config
[stat_cache] FAM: check hash collision before add
[stat_cache] FAM: ignore event with no valid match
[stat_cache] FAM: funcs to invalidate entries
[stat_cache] interfaces to invalidate entries
[mod_webdav] update stat_cache after file mod
[core] use high precision stat timestamp in etag
[scons] adjustment for static build under CentOS
[core] emit trace using path before clearing path
[core] http_chunk_append_file_fd()
[multiple] open target file earlier in some cases
[stat_cache] no longer stat() and open() for stat
[stat_cache] FAM: improve monitoring, cache 16 sec
[stat_cache] FAM: separate routine for FDEVENT_IN
[stat_cache] FAM: whitespace-only change
[mod_webdav] quiet coverity warnings
[doc] highlight relevance of module load order (fixes #2946)
[core] behavior change: stricter URL normalization
[stat_cache] fix compilation error for cmake
[cmake] help cmake on FreeBSD find sys/event.h
[scons] help scons on FreeBSD find sys/event.h
[build] detect FreeBSD elftc_copyfile()
[mod_openssl] use SSL_CTX_set_client_hello_cb()
[core] support weak etags with If-None-Match
[core] store log_state_handling flag on stack
[core] check if splay_tree NULL before invalidate
[mod_webdav] workaround Microsoft-WebDAV-MiniRedir
[mod_webdav] doc Microsoft-WebDAV-MiniRedir bugs
[mod_webdav] invalidate parent dir in stat_cache
[doc] systemd socket activation config example
[core] chunkqueue perf: code reuse
[core] chunkqueue perf: specialized buffer.h funcs
[core] chunkqueue perf: skip opening 0-length file
[core] chunkqueue perf: read small files into mem
[core] buffer_reset() should not be passed NULL
[tests] has_feature() helper func
[tests] skip mod-secdownload HMAC-SHA1,HMAC-SHA256
[core] use high precision stat timestamp on OS X
[mod_magnet] expose server addr (local IP) to lua
[core] adjust http_chunk read() retry loop
[mod_maxminddb] MaxMind GeoIP2 support
[mod_authn_ldap] ldap_set_option LDAP_OPT_RESTART (fixes #2940)
2019-05-29 12:01:28 +02:00
|
|
|
${PLIST.mysql}lib/lighttpd/mod_vhostdb_mysql.la
|
Initial import of lighttpd-1.4.3 as www/lighttpd.
LightTPD is a secure, fast, compliant, and very flexible web-server
which designed and optimized for for high-performance environments.
With a small memory footprint compared to other webservers, effective
management of the CPU load, and advanced feature set (FastCGI, CGI,
Auth, Output-Compression, URL-Rewriting and many more), LightTPD is
the perfect solution for every server that is suffering load problems.
This is loosely based on the lighttpd package from pkgsrc-wip by
Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
|
|
|
lib/lighttpd/mod_webdav.la
|
2017-10-24 09:27:34 +02:00
|
|
|
lib/lighttpd/mod_wstunnel.la
|
2017-01-03 15:31:13 +01:00
|
|
|
man/man8/lighttpd-angel.8
|
2010-02-08 15:47:54 +01:00
|
|
|
man/man8/lighttpd.8
|
Initial import of lighttpd-1.4.3 as www/lighttpd.
LightTPD is a secure, fast, compliant, and very flexible web-server
which designed and optimized for for high-performance environments.
With a small memory footprint compared to other webservers, effective
management of the CPU load, and advanced feature set (FastCGI, CGI,
Auth, Output-Compression, URL-Rewriting and many more), LightTPD is
the perfect solution for every server that is suffering load problems.
This is loosely based on the lighttpd package from pkgsrc-wip by
Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
|
|
|
sbin/lighttpd
|
2007-09-10 15:59:50 +02:00
|
|
|
sbin/lighttpd-angel
|
Initial import of lighttpd-1.4.3 as www/lighttpd.
LightTPD is a secure, fast, compliant, and very flexible web-server
which designed and optimized for for high-performance environments.
With a small memory footprint compared to other webservers, effective
management of the CPU load, and advanced feature set (FastCGI, CGI,
Auth, Output-Compression, URL-Rewriting and many more), LightTPD is
the perfect solution for every server that is suffering load problems.
This is loosely based on the lighttpd package from pkgsrc-wip by
Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
|
|
|
share/doc/lighttpd/access.txt
|
|
|
|
|
share/doc/lighttpd/accesslog.txt
|
|
|
|
|
share/doc/lighttpd/alias.txt
|
|
|
|
|
share/doc/lighttpd/authentication.txt
|
|
|
|
|
share/doc/lighttpd/cgi.txt
|
|
|
|
|
share/doc/lighttpd/cml.txt
|
|
|
|
|
share/doc/lighttpd/compress.txt
|
|
|
|
|
share/doc/lighttpd/configuration.txt
|
2006-04-10 14:07:18 +02:00
|
|
|
share/doc/lighttpd/dirlisting.txt
|
|
|
|
|
share/doc/lighttpd/evhost.txt
|
2005-11-06 17:47:33 +01:00
|
|
|
share/doc/lighttpd/expire.txt
|
2007-04-19 18:16:17 +02:00
|
|
|
share/doc/lighttpd/extforward.txt
|
Initial import of lighttpd-1.4.3 as www/lighttpd.
LightTPD is a secure, fast, compliant, and very flexible web-server
which designed and optimized for for high-performance environments.
With a small memory footprint compared to other webservers, effective
management of the CPU load, and advanced feature set (FastCGI, CGI,
Auth, Output-Compression, URL-Rewriting and many more), LightTPD is
the perfect solution for every server that is suffering load problems.
This is loosely based on the lighttpd package from pkgsrc-wip by
Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
|
|
|
share/doc/lighttpd/fastcgi-state.dot
|
|
|
|
|
share/doc/lighttpd/fastcgi-state.txt
|
|
|
|
|
share/doc/lighttpd/fastcgi.txt
|
|
|
|
|
share/doc/lighttpd/features.txt
|
2007-02-19 22:31:30 +01:00
|
|
|
share/doc/lighttpd/magnet.txt
|
Initial import of lighttpd-1.4.3 as www/lighttpd.
LightTPD is a secure, fast, compliant, and very flexible web-server
which designed and optimized for for high-performance environments.
With a small memory footprint compared to other webservers, effective
management of the CPU load, and advanced feature set (FastCGI, CGI,
Auth, Output-Compression, URL-Rewriting and many more), LightTPD is
the perfect solution for every server that is suffering load problems.
This is loosely based on the lighttpd package from pkgsrc-wip by
Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
|
|
|
share/doc/lighttpd/mysqlvhost.txt
|
|
|
|
|
share/doc/lighttpd/newstyle.css
|
|
|
|
|
share/doc/lighttpd/oldstyle.css
|
|
|
|
|
share/doc/lighttpd/performance.txt
|
|
|
|
|
share/doc/lighttpd/plugins.txt
|
|
|
|
|
share/doc/lighttpd/proxy.txt
|
|
|
|
|
share/doc/lighttpd/redirect.txt
|
|
|
|
|
share/doc/lighttpd/rewrite.txt
|
|
|
|
|
share/doc/lighttpd/rrdtool.txt
|
|
|
|
|
share/doc/lighttpd/scgi.txt
|
|
|
|
|
share/doc/lighttpd/secdownload.txt
|
|
|
|
|
share/doc/lighttpd/security.txt
|
|
|
|
|
share/doc/lighttpd/setenv.txt
|
|
|
|
|
share/doc/lighttpd/simple-vhost.txt
|
|
|
|
|
share/doc/lighttpd/skeleton.txt
|
|
|
|
|
share/doc/lighttpd/ssi.txt
|
|
|
|
|
share/doc/lighttpd/ssl.txt
|
|
|
|
|
share/doc/lighttpd/state.dot
|
|
|
|
|
share/doc/lighttpd/state.txt
|
|
|
|
|
share/doc/lighttpd/status.txt
|
|
|
|
|
share/doc/lighttpd/traffic-shaping.txt
|
|
|
|
|
share/doc/lighttpd/trigger_b4_dl.txt
|
|
|
|
|
share/doc/lighttpd/userdir.txt
|
|
|
|
|
share/doc/lighttpd/webdav.txt
|
Update to 1.4.56. From the changelog:
# Highlights
- HTTP/2 support
- must be enabled in lighttpd.conf in lighttpd 1.4.56;
may be enabled by default in a future release
- `server.feature-flags += ("server.h2proto" => "enable", "server.h2c" => "enable")`
- TLS library options: OpenSSL, mbedTLS, wolfSSL, GnuTLS, NSS
- mod_openssl (existing)
- mod_mbedtls (experimental)
- mod_wolfssl (experimental)
- mod_gnutls (experimental)
- mod_nss (experimental)
- TLS OCSP stapling
(except mbedTLS; not currently supported by mbedTLS)
- TLS session ticket key rotation control
(except NSS; API limitation in NSS)
- mod_deflate brotli support
- mod_proxy makes HTTP/1.1 requests to backends (change from HTTP/1.0)
- RFC 8297 support for 103 Early Hints produced by backends (scripts)
- graceful restart option to transfer listen fds (minimal pause)
- `server.systemd-socket-activation = "enable"`
- `server.feature-flags += ("server.graceful-restart-bg" => "enable", "server.graceful-shutdown-timeout" => "15")`
# Behavior Changes
- mod_openssl
- default MinProtocol TLSv1.2
TLSv1 and TLSv1.1 are deprecated and no longer supported by major browsers.
<https://news.netcraft.com/archives/2020/03/03/browsers-on-track-to-block-850000-tls-1-0-sites.html>
If prior behavior is required, configure:
`ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1")`
If using openssl <= 1.0.2 (end-of-life)
`ssl.openssl.ssl-conf-cmd = ("Protocol" => "-ALL, TLSv1, TLSv1.1, TLSv1.2")`
- (internal) TLS session cache is disabled by default,
replaced by lighttpd robust TLSv1.2 session ticket support
If backward compatibility is needed:
`server.feature-flags += ("ssl.session-cache" => "enable")`
- (internal) openssl creates a session ticket encryption key per SSL_CTX.
lighttpd 1.4.56 and later assigns a single session ticket encryption key
for the lighttpd server (across all SSL_CTX) for consistency.
- behavior change with ssl.ca-dn-file (uncommon); applies to client
certificate verification and ssl.ca-dn-file (uncommon)
If client certificate verification is enabled
(ssl.verifyclient.activate = "enable"),
all CAs used for client certificate verification must be present in
ssl.ca-file. This is the typical use case when client certificate
verification is enabled. Certificates in (optional) ssl.ca-dn-file
are used to send issuer names to client when the server sends a
client certificate request. These names are use by the client
during certificate selection, and the server requires that the
certificate sent by the client be issued by one of the subjects
in ssl.ca-dn-file.
(Prior behavior merged ssl.ca-file and ssl.ca-dn-file for trusted CAs.
New behavior requires all trusted CAs be listed in ssl.ca-file,
and a subset be duplicated into ssl.ca-dn-file to specify allowed
client cert issuer.)
- mod_deflate: support for bzip2 is now disabled by default in the build
- (enable using `./configure --with-bzip2`)
bzip2 Content-Encoding is not widely supported
Prefer to build `--with-brotli`
brotli Content-Encoding is more widely supported than bzip2
# Future Scheduled Behavior Changes
- HTTP/2 support will be enabled by default in a future release
- graceful restart/shutdown default timeout will change from
0 (infinite/no timeout) to 5 seconds (or some similar non-zero period)
configure an alternative with:
`server.feature-flags += ("server.graceful-shutdown-timeout" => 5)`
- mod_compress is DEPRECATED; use mod_deflate
mod_compress has been subsumed by mod_deflate
Note: mod_compress config options may be removed in a future release
- mod_geoip is DEPRECATED; use mod_maxminddb
Note: mod_geoip will be removed from a future lighttpd release
- mod_authn_mysql is DEPRECATED; use mod_authn_dbi
Note: mod_authn_mysql will be removed from a future lighttpd release
- mod_mysql_vhost is DEPRECATED; use mod_vhostdb_dbi or mod_vhostdb_mysql
Note: mod_mysql_vhost will be removed from a future lighttpd release
- mod_cml is DEPRECATED; use mod_magnet
Note: mod_cml will be removed from a future lighttpd release
2020-11-30 11:28:33 +01:00
|
|
|
share/examples/lighttpd/cert-staple.sh
|
2011-04-05 10:29:26 +02:00
|
|
|
share/examples/lighttpd/conf.d/access_log.conf
|
|
|
|
|
share/examples/lighttpd/conf.d/auth.conf
|
|
|
|
|
share/examples/lighttpd/conf.d/cgi.conf
|
|
|
|
|
share/examples/lighttpd/conf.d/cml.conf
|
|
|
|
|
share/examples/lighttpd/conf.d/debug.conf
|
Update to 1.4.56. From the changelog:
# Highlights
- HTTP/2 support
- must be enabled in lighttpd.conf in lighttpd 1.4.56;
may be enabled by default in a future release
- `server.feature-flags += ("server.h2proto" => "enable", "server.h2c" => "enable")`
- TLS library options: OpenSSL, mbedTLS, wolfSSL, GnuTLS, NSS
- mod_openssl (existing)
- mod_mbedtls (experimental)
- mod_wolfssl (experimental)
- mod_gnutls (experimental)
- mod_nss (experimental)
- TLS OCSP stapling
(except mbedTLS; not currently supported by mbedTLS)
- TLS session ticket key rotation control
(except NSS; API limitation in NSS)
- mod_deflate brotli support
- mod_proxy makes HTTP/1.1 requests to backends (change from HTTP/1.0)
- RFC 8297 support for 103 Early Hints produced by backends (scripts)
- graceful restart option to transfer listen fds (minimal pause)
- `server.systemd-socket-activation = "enable"`
- `server.feature-flags += ("server.graceful-restart-bg" => "enable", "server.graceful-shutdown-timeout" => "15")`
# Behavior Changes
- mod_openssl
- default MinProtocol TLSv1.2
TLSv1 and TLSv1.1 are deprecated and no longer supported by major browsers.
<https://news.netcraft.com/archives/2020/03/03/browsers-on-track-to-block-850000-tls-1-0-sites.html>
If prior behavior is required, configure:
`ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1")`
If using openssl <= 1.0.2 (end-of-life)
`ssl.openssl.ssl-conf-cmd = ("Protocol" => "-ALL, TLSv1, TLSv1.1, TLSv1.2")`
- (internal) TLS session cache is disabled by default,
replaced by lighttpd robust TLSv1.2 session ticket support
If backward compatibility is needed:
`server.feature-flags += ("ssl.session-cache" => "enable")`
- (internal) openssl creates a session ticket encryption key per SSL_CTX.
lighttpd 1.4.56 and later assigns a single session ticket encryption key
for the lighttpd server (across all SSL_CTX) for consistency.
- behavior change with ssl.ca-dn-file (uncommon); applies to client
certificate verification and ssl.ca-dn-file (uncommon)
If client certificate verification is enabled
(ssl.verifyclient.activate = "enable"),
all CAs used for client certificate verification must be present in
ssl.ca-file. This is the typical use case when client certificate
verification is enabled. Certificates in (optional) ssl.ca-dn-file
are used to send issuer names to client when the server sends a
client certificate request. These names are use by the client
during certificate selection, and the server requires that the
certificate sent by the client be issued by one of the subjects
in ssl.ca-dn-file.
(Prior behavior merged ssl.ca-file and ssl.ca-dn-file for trusted CAs.
New behavior requires all trusted CAs be listed in ssl.ca-file,
and a subset be duplicated into ssl.ca-dn-file to specify allowed
client cert issuer.)
- mod_deflate: support for bzip2 is now disabled by default in the build
- (enable using `./configure --with-bzip2`)
bzip2 Content-Encoding is not widely supported
Prefer to build `--with-brotli`
brotli Content-Encoding is more widely supported than bzip2
# Future Scheduled Behavior Changes
- HTTP/2 support will be enabled by default in a future release
- graceful restart/shutdown default timeout will change from
0 (infinite/no timeout) to 5 seconds (or some similar non-zero period)
configure an alternative with:
`server.feature-flags += ("server.graceful-shutdown-timeout" => 5)`
- mod_compress is DEPRECATED; use mod_deflate
mod_compress has been subsumed by mod_deflate
Note: mod_compress config options may be removed in a future release
- mod_geoip is DEPRECATED; use mod_maxminddb
Note: mod_geoip will be removed from a future lighttpd release
- mod_authn_mysql is DEPRECATED; use mod_authn_dbi
Note: mod_authn_mysql will be removed from a future lighttpd release
- mod_mysql_vhost is DEPRECATED; use mod_vhostdb_dbi or mod_vhostdb_mysql
Note: mod_mysql_vhost will be removed from a future lighttpd release
- mod_cml is DEPRECATED; use mod_magnet
Note: mod_cml will be removed from a future lighttpd release
2020-11-30 11:28:33 +01:00
|
|
|
share/examples/lighttpd/conf.d/deflate.conf
|
2011-04-05 10:29:26 +02:00
|
|
|
share/examples/lighttpd/conf.d/dirlisting.conf
|
|
|
|
|
share/examples/lighttpd/conf.d/evhost.conf
|
|
|
|
|
share/examples/lighttpd/conf.d/expire.conf
|
|
|
|
|
share/examples/lighttpd/conf.d/fastcgi.conf
|
|
|
|
|
share/examples/lighttpd/conf.d/geoip.conf
|
|
|
|
|
share/examples/lighttpd/conf.d/magnet.conf
|
|
|
|
|
share/examples/lighttpd/conf.d/mime.conf
|
|
|
|
|
share/examples/lighttpd/conf.d/mod.template
|
|
|
|
|
share/examples/lighttpd/conf.d/mysql_vhost.conf
|
|
|
|
|
share/examples/lighttpd/conf.d/proxy.conf
|
|
|
|
|
share/examples/lighttpd/conf.d/rrdtool.conf
|
|
|
|
|
share/examples/lighttpd/conf.d/scgi.conf
|
|
|
|
|
share/examples/lighttpd/conf.d/secdownload.conf
|
|
|
|
|
share/examples/lighttpd/conf.d/simple_vhost.conf
|
|
|
|
|
share/examples/lighttpd/conf.d/ssi.conf
|
|
|
|
|
share/examples/lighttpd/conf.d/status.conf
|
|
|
|
|
share/examples/lighttpd/conf.d/trigger_b4_dl.conf
|
|
|
|
|
share/examples/lighttpd/conf.d/userdir.conf
|
|
|
|
|
share/examples/lighttpd/conf.d/webdav.conf
|
Initial import of lighttpd-1.4.3 as www/lighttpd.
LightTPD is a secure, fast, compliant, and very flexible web-server
which designed and optimized for for high-performance environments.
With a small memory footprint compared to other webservers, effective
management of the CPU load, and advanced feature set (FastCGI, CGI,
Auth, Output-Compression, URL-Rewriting and many more), LightTPD is
the perfect solution for every server that is suffering load problems.
This is loosely based on the lighttpd package from pkgsrc-wip by
Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
|
|
|
share/examples/lighttpd/lighttpd.conf
|
2011-04-05 10:29:26 +02:00
|
|
|
share/examples/lighttpd/modules.conf
|
Initial import of lighttpd-1.4.3 as www/lighttpd.
LightTPD is a secure, fast, compliant, and very flexible web-server
which designed and optimized for for high-performance environments.
With a small memory footprint compared to other webservers, effective
management of the CPU load, and advanced feature set (FastCGI, CGI,
Auth, Output-Compression, URL-Rewriting and many more), LightTPD is
the perfect solution for every server that is suffering load problems.
This is loosely based on the lighttpd package from pkgsrc-wip by
Piotr Stolc <socrtp@soclab.eu.org>.
2005-09-04 08:37:05 +02:00
|
|
|
share/examples/lighttpd/rrdtool-graph.sh
|
|
|
|
|
share/examples/lighttpd/spawn-php.sh
|
2011-04-05 10:29:26 +02:00
|
|
|
share/examples/lighttpd/vhosts.d/vhosts.template
|
