#lighttpd — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #lighttpd, aggregated by home.social.
-
Had a good evening with music and chat via the Doof, pottering around with some CI builds and container hosting, and fixing @bright_helpings 's laptop which had run out of disk space for some reason.
Finally have a live Django app using
gunicornfor the app code and a separatelighttpdcontainer for the static assets. -
Oof, the most popular #lighttpd container on Docker Hub with >10 million downloads is 4 years old, running v1.4.64.
This means it's vulnerable to https://app.opencve.io/cve/CVE-2025-12642 with a CVE score of 9.1 (critical).
I just set up a quick CI job based off that popular container which doesn't pin to a specific version and rebuilds every week. Should look at publishing it too... and maybe doing some automated static security testing on it.
-
@AndiBarth when I did the setup for my small virtual server, I decided for #lighttpd, mainly because it's called light and supposedly it is; php seems to work just as well as with apache, but most of my content is static files. I have no complaints but I'm really just a casual user/admin, so probably wouldn't notice many things. https://en.wikipedia.org/wiki/Lighttpd notes: No HTTP/3 support.
I have too little experience to say use it instead of apache, just wanted to mention it. -
NetBSD: вторая жизнь Nintendo Wii. Как и зачем я установил эту ОС на игровую консоль
Привет, Хабр! Мое плотное знакомство с консолями Nintendo началось с Wii U. Так уж получилось, что лучшей серией слешеров я считаю Bayonetta. А поскольку вторая часть вышла как эксклюзив для Wii U, мне пришлось приобрести приставку. Потом заодно познакомился с The Legend of Zelda — и понеслось. Примерно то же самое случилось и с выходом Bayonetta 3 — обзавелся Nintendo Switch. Что самое интересное, у меня никогда не было обычной Wii. Волей случая мне в руки попался замечательный экземпляр, но на него я решил посмотреть с точки зрения железа. Внутри меня ждал любопытный конфиг из PowerPC процессора IBM Broadway + SoC производства ATI, который отвечает за графику, а также устройств ввода-вывода.
https://habr.com/ru/companies/ru_mts/articles/984492/
#NetBSD #софт #гаджеты #Nintendo_Wii #Homebrew #ретрожелезо #PowerPC_750CL #lighttpd #bsdfetch
-
Well, it seems like I needed a refresher on linux directory perms (esp regarding parent dir perms with respect to listing and traversal) to successfully configure my webserver like I wanted. I've lost hours on this though.
I first did a lot of tests to identify possible causes to the problem, which in turn led me to this SO link : https://unix.stackexchange.com/questions/13858/do-the-parent-directorys-permissions-matter-when-accessing-a-subdirectory
Everything is fine now. Funny how with *nix systems it all comes down to the basics 😁
-
#lighttpd 1.4.80 has been released (#http / #https / #httpd / #Web / #Webserver) https://lighttpd.net/
-
Serving a simple website from a Jail with Bastille
In this short little howto we will be setting up a simple Jail via Bastille and host a static website.
Beware: The article assumes that sudo is configured. You can of course also use doas or switch to root, if you so desire. Some commands need root rights to work – keep that in mind as you go along!
First, we need to install Bastille itself.
$ sudo pkg install -y bastille
After installing, we enable the bastille service.
$ sudo sysrc bastille_enable=YES
And finally we start it.
$ sudo […]
https://journal.bsd.cafe/2025/08/13/serving-a-simple-website-from-a-jail-with-bastille/
-
Doing some yak shaving today. I am trying to run a #lighttpd container alongside #gunicorn to serve up a #Django app with static resources, but there's no official build on Dockerhub and mostly the community ones are out of date.
So I'm setting up my own CI project to rebuild a fresh
lighttpdcontainer weekly which I can then use as a base for my web app... -
Оказывается lighttpd просто настраивается.
Достаточно конфига:server.document-root = "/var/www/"
server.port = 80index-file.names = ( "index.html" )
dir-listing.activate = "enable"server.modules += ( "mod_cgi" )
$HTTP["url"] =~ "^/cgi-bin/" { cgi.assign = ( "" => "" ) }И можно отдавать статику и запускать простые скрипты на bash.
Теперь понятно почему lighttpd является сильным конкурентом nginx.
-
Note to self ... reload lighttpd when you make a new letsencrypt cert or else you'll start muttering oaths at the computer gods and get all irritable.
-
@[email protected] I feel like a move from #lighttpd to #nginx is in order for @[email protected] lol. Maybe even putting it behind a CDN too (though preferably not Cloudflare of course), since latency really matters for spotty internet connections (like being in mobile data for example)
@[email protected] @[email protected] -
@markusr ich hab gerade nachgeschaut, #lighttpd hatte sowas auch: CVE-2018-19052, ist schon seit geraumer Zeit gefixt.
Aber fieserweise war vorher die Doku so, dass man es genau schlecht schreiben sollte: https://redmine.lighttpd.net/projects/lighttpd/wiki/Mod_alias/diff?utf8=%E2%9C%93&version=16&version_from=15&commit=Unterschiede+anzeigen (die vorher vertretene Logik "das willst du nicht" ist schwach, das andere will ich auch nicht) -
-
Hackable #Intel and #Lenovo hardware that went undetected for 5 years won’t ever be fixed
For years, #BMC from multiple manufacturers have incorporated vulnerable versions of #opensource software known as #lighttpd. In 2018, lighttpd developers released a new version that fixed “various use-after-free scenarios,” but didn’t include a #CVE vulnerability tracking number as is customary. BMC makers including #AMI and #ATEN were using affected versions of this software.
https://arstechnica.com/security/2024/04/supply-chain-snafu-causes-intel-and-others-to-ship-hackable-hardware-for-5-years/ -
Hackable #Intel and #Lenovo hardware that went undetected for 5 years won’t ever be fixed
For years, #BMC from multiple manufacturers have incorporated vulnerable versions of #opensource software known as #lighttpd. In 2018, lighttpd developers released a new version that fixed “various use-after-free scenarios,” but didn’t include a #CVE vulnerability tracking number as is customary. BMC makers including #AMI and #ATEN were using affected versions of this software.
https://arstechnica.com/security/2024/04/supply-chain-snafu-causes-intel-and-others-to-ship-hackable-hardware-for-5-years/ -
Hackable #Intel and #Lenovo hardware that went undetected for 5 years won’t ever be fixed
For years, #BMC from multiple manufacturers have incorporated vulnerable versions of #opensource software known as #lighttpd. In 2018, lighttpd developers released a new version that fixed “various use-after-free scenarios,” but didn’t include a #CVE vulnerability tracking number as is customary. BMC makers including #AMI and #ATEN were using affected versions of this software.
https://arstechnica.com/security/2024/04/supply-chain-snafu-causes-intel-and-others-to-ship-hackable-hardware-for-5-years/ -
Hackable #Intel and #Lenovo hardware that went undetected for 5 years won’t ever be fixed
For years, #BMC from multiple manufacturers have incorporated vulnerable versions of #opensource software known as #lighttpd. In 2018, lighttpd developers released a new version that fixed “various use-after-free scenarios,” but didn’t include a #CVE vulnerability tracking number as is customary. BMC makers including #AMI and #ATEN were using affected versions of this software.
https://arstechnica.com/security/2024/04/supply-chain-snafu-causes-intel-and-others-to-ship-hackable-hardware-for-5-years/ -
Hackable #Intel and #Lenovo hardware that went undetected for 5 years won’t ever be fixed
For years, #BMC from multiple manufacturers have incorporated vulnerable versions of #opensource software known as #lighttpd. In 2018, lighttpd developers released a new version that fixed “various use-after-free scenarios,” but didn’t include a #CVE vulnerability tracking number as is customary. BMC makers including #AMI and #ATEN were using affected versions of this software.
https://arstechnica.com/security/2024/04/supply-chain-snafu-causes-intel-and-others-to-ship-hackable-hardware-for-5-years/ -
#Intel and #Lenovo servers impacted by 6-year-old #BMC flaw
During recent scans of Baseboard Management Controllers, Binarly firmware security firm discovered a remotely exploitable heap out-of-bounds read vulnerability through the #Lighttpd web server processing "folded" HTTP request headers.
It was addressed in August 2018, the maintainers of Lighthttpd patched it silently in version 1.4.51 but #AMI #MegaRAC BMC to missed the fix, possibly because no #CVE was assigned.
https://www.bleepingcomputer.com/news/security/intel-and-lenovo-servers-impacted-by-6-year-old-bmc-flaw/ -
#Intel and #Lenovo servers impacted by 6-year-old #BMC flaw
During recent scans of Baseboard Management Controllers, Binarly firmware security firm discovered a remotely exploitable heap out-of-bounds read vulnerability through the #Lighttpd web server processing "folded" HTTP request headers.
It was addressed in August 2018, the maintainers of Lighthttpd patched it silently in version 1.4.51 but #AMI #MegaRAC BMC to missed the fix, possibly because no #CVE was assigned.
https://www.bleepingcomputer.com/news/security/intel-and-lenovo-servers-impacted-by-6-year-old-bmc-flaw/ -
#Intel and #Lenovo servers impacted by 6-year-old #BMC flaw
During recent scans of Baseboard Management Controllers, Binarly firmware security firm discovered a remotely exploitable heap out-of-bounds read vulnerability through the #Lighttpd web server processing "folded" HTTP request headers.
It was addressed in August 2018, the maintainers of Lighthttpd patched it silently in version 1.4.51 but #AMI #MegaRAC BMC to missed the fix, possibly because no #CVE was assigned.
https://www.bleepingcomputer.com/news/security/intel-and-lenovo-servers-impacted-by-6-year-old-bmc-flaw/ -
#Intel and #Lenovo servers impacted by 6-year-old #BMC flaw
During recent scans of Baseboard Management Controllers, Binarly firmware security firm discovered a remotely exploitable heap out-of-bounds read vulnerability through the #Lighttpd web server processing "folded" HTTP request headers.
It was addressed in August 2018, the maintainers of Lighthttpd patched it silently in version 1.4.51 but #AMI #MegaRAC BMC to missed the fix, possibly because no #CVE was assigned.
https://www.bleepingcomputer.com/news/security/intel-and-lenovo-servers-impacted-by-6-year-old-bmc-flaw/ -
#Intel and #Lenovo servers impacted by 6-year-old #BMC flaw
During recent scans of Baseboard Management Controllers, Binarly firmware security firm discovered a remotely exploitable heap out-of-bounds read vulnerability through the #Lighttpd web server processing "folded" HTTP request headers.
It was addressed in August 2018, the maintainers of Lighthttpd patched it silently in version 1.4.51 but #AMI #MegaRAC BMC to missed the fix, possibly because no #CVE was assigned.
https://www.bleepingcomputer.com/news/security/intel-and-lenovo-servers-impacted-by-6-year-old-bmc-flaw/ -
Been following further the rabbit hole of setting up simple things for small scale networks. This time tackling file sharing on LAN with WebDAV.
https://things.bleu255.com/runyourown/Simple_LAN_filesharing_with_WebDAV
🧵 2/?
-
@xylophilist Nginx is so fast, it's amazing
I never actually learned Apache in the first place 'cause I took one look at how slow it is and said nope lol
I've used #lighttpd before too, and I'm currently trying #caddy as my main reverse proxy / web server
-
Don’t try this at home, but #lighttpd makes it real easy to create lightweight http-endpoints for shell scripts:
index-file.names = ( "index.sh" )
server.modules += ( "mod_cgi" )
cgi.assign = (".sh" => "/bin/sh")
(.conf) off you go -
Can anyone give me a minimal conf for #lighttpd that only serves on port 80 and only does http, no SSL?
I only need the index.html from /var/www/html/ to be served on 0.0.0.0, port 80, no ssl, nothing more. -
Im trying to set up a reverse proxy so that I can use lighttpd and bind on the same machine, both on port 80.
lighttpd's documentation on this matter is so incredibly vague, that Im considering ditching it altogether, as to be honest, EVERY SINGLE THING is harder to configure in lighttpd.
Is anyone else running DoH via their webserver using bind?
AFAICT, all I need is something like:
$HTTP["url"] =~ "^/dns-query" {
proxy.server = ( "" => ( ( "host" => "127.0.0.1", "port" => "1443" ) ) )
}and indeed, SOMETHING is hitting bind - if I replace it with netcat, I can see the headers, which look like:
00000010 48 54 54 50 2f 31 2e 31 0d 0a 48 6f 73 74 3a 20 |HTTP/1.1..Host: |
00000020 6e 73 31 2e 77 65 79 72 2e 6f 72 67 2e 75 6b 0d |ns1.weyr.org.uk.|
00000030 0a 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 20 61 |.content-type: a|
00000040 70 70 6c 69 63 61 74 69 6f 6e 2f 64 6e 73 2d 6d |pplication/dns-m|
00000050 65 73 73 61 67 65 0d 0a 61 63 63 65 70 74 3a 20 |essage..accept: |
00000060 61 70 70 6c 69 63 61 74 69 6f 6e 2f 64 6e 73 2d |application/dns-|
00000070 6d 65 73 73 61 67 65 0d 0a 63 6f 6e 74 65 6e 74 |message..content|
00000080 2d 6c 65 6e 67 74 68 3a 20 35 34 0d 0a 63 61 63 |-length: 54..cac|
00000090 68 65 2d 63 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 |he-control: no-c|
000000a0 61 63 68 65 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 |ache, no-store, |
000000b0 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 0d |must-revalidate.|
000000c0 0a 58 2d 46 6f 72 77 61 72 64 65 64 2d 46 6f 72 |.X-Forwarded-For|
000000d0 3a 20 38 31 2e 31 38 37 2e 32 34 2e 31 31 35 0d |: 81.187.24.115.|
000000e0 0a 58 2d 48 6f 73 74 3a 20 6e 73 31 2e 77 65 79 |.X-Host: ns1.wey|
000000f0 72 2e 6f 72 67 2e 75 6b 0d 0a 58 2d 46 6f 72 77 |r.org.uk..X-Forw|
00000100 61 72 64 65 64 2d 48 6f 73 74 3a 20 6e 73 31 2e |arded-Host: ns1.|
00000110 77 65 79 72 2e 6f 72 67 2e 75 6b 0d 0a 58 2d 46 |weyr.org.uk..X-F|
00000120 6f 72 77 61 72 64 65 64 2d 50 72 6f 74 6f 3a 20 |orwarded-Proto: |
00000130 68 74 74 70 73 0d 0a 43 6f 6e 6e 65 63 74 69 6f |https..Connectio|
00000140 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a b4 1a 01 20 |n: close....... |
00000150 00 01 00 00 00 00 00 01 06 6d 6f 6c 74 6f 6e 03 |.........molton.|
00000160 6f 72 67 02 75 6b 00 00 0f 00 01 00 00 29 04 d0 |org.uk.......)..|
00000170 00 00 00 00 00 0c 00 0a 00 08 36 76 ac 89 9f 45 |..........6v...E|
00000180 80 c1 |..|
Someone please spare my hair / sanity?Or should I give up and switch to nginx?
-
Je suis fier du résultat de ma fin de semaine. Après avoir découvert la magie du #ReverseProxy avec #nginx le mois dernier, toutes mes applications web sont maintenant protégées avec HTTPS derrière nginx :
#nextcloud #plex #pihole #ZoneMinder #jitsi-meet #TomatoUSB #Transmission #lighttpd et tous mes serveurs web.