NSLU2-Linux
view · edit · print · history

If you want to use the existing built-in thttpd for your personal web-server, you can by running a second instance of the server under a different program name (to avoid any conflicts) and on a seperate port. The exact procedure will vary depending upon the firmware you are using, but here are the basic steps:

  1. If you intend running your second server on port 80 then set your existing admin web port to something other than 80 (e.g. 8080). This change must be done through the standard Linksys configuration page (last option on the Administration-->System page). If you just try to change the setting in the thttpd.conf file, it will be overwritten at boot. Note - Recommend setting the port number for your second server to an unused high port number such as 9000 (ie, above 1024).
  2. Create a home directory for your web pages that you want shared: /opt/share/www is the recommended directory because it is compatible with many Optware packages.
  3. Copy and rename the thttpd executable cp /usr/sbin/thttpd /opt/sbin/mythttpd (or the WatchDog utility will become very confused). As an alternative on unslung (arguably better, since it does not include the custom Linksys code; arguably worse, since it is more sensitive to file and directory permissions), install the thttpd package (which gets you /opt/sbin/thttpd, so you will need to adjust the paths below). (If the second thttpd is installed, then note that the installed startup script [/opt/etc/init.d/S80thttpd] contains a "killall thttpd" which may cause the admin pages server to be taken down.)
  4. Copy and rename the thttpd config file cp /etc/thttpd.conf /opt/etc/mythttpd.conf then edit /opt/etc/mythttpd.conf using a text editor such as vi changing the port number, home directory, log file to logfile=/opt/var/log/mythttpd.log and pid file to pidfile=/opt/var/run/mythttpd.pid
  5. Create the directory /opt/var/log.
  6. To launch your new (secondary) web server use: /opt/sbin/mythttpd -C /opt/etc/mythttpd.conf
  7. Put your web pages in the directory you created above. You might need to use chmod to set files attributes to follow this schema: -rwxr--r--
  8. You can check that the second server is running on your lan using http://192.168.1.77:9000 - this assumes that your second server is running on port 9000 and the default Slug IP address. Note that the server software expects an index.html file to be present in the home folder to work correctly.
  9. To open your web server to the internet open up incomming port 80 on your router and forward it to port 9000 on your NSLU2, most routers allow port forwarding across ports, config page for this is often hidden away under "UPNP forwarding" or "virtual servers".
  10. If you want your second web server instance to automaticaly start after a reboot of the slug then create a startup file in the folder /opt/etc/init.d using a script such as echo "/opt/sbin/mythttpd -C /opt/etc/mythttpd.conf" > /opt/etc/init.d/S81mythttpd. Note - don't forget to chmod +x /opt/etc/init.d/S81mythttpd.

For opeNSLUg users ONLY! If you want your second web server instance to automaticaly start after a reboot of the slug:

  • Create a startup file in the folder /etc/init.d using a script such as echo "/usr/sbin/mythttpd -C /etc/mythttpd.conf" > /etc/init.d/mythttpd. Don't forget to chmod +x /etc/init.d/mythttpd.
  • Run update-rc.d mythttpd defaults 60

Otherwise the second server will not start!!

A start up script that kills the existing instance and restart the server would look like other start up scripts (not requiring reboot to restart thttpd):

#!/bin/sh
if [ -n "`pidof mythttpd`" ]; then
killall mythttpd 2>/dev/null
fi
/opt/sbin/mythttpd -C /opt/etc/mythttpd.conf

Notes:

  • There seems to be some built-in code for browsing empty directories, so you may want to make sure you always have an index.htm file.
  • You may want to enable chroot (in the mythttpd.conf file) for security purposes, and set your uid to nobody.
  • See the man page of thttpd on the net for more info on command line options and config file options:
  • Renaming of the thttpd binary is needed to allow the /usr/sbin/WatchDog script to work correctly.
  • A clean build of a newer version of thttpd would be a better solution, but this works and is easy.
  • You can build your own version of thttpd for NSLU2. See MakeThttpdOnYourNSLU2Box or BuildANewerThttpdOrOtherUtilityByCrossCompiling.
  • The NSLU2's built in Thttpd web server does not support the PHP script language. Users that need this functionality should install one of the Optware Web Server packages such as the PHP enabled Php-Thttpd or Apache or the PHP-FCGI enabled Cherokee or Lighttpd.

A fully commented conf file /opt/etc/thttpd.conf to refer to:

  
# Configuration file for thttpd (defined for NSLU2 ipkg thttpdphp)

# Specifies an alternate port number to listen on. The default is 80.
port=80

# Specifies a directory to chdir() to at startup. This is merely a convenience 
# you could just as easily do a cd in the shell script that invokes the program.
dir=/opt/share/www

# Specifies what user to switch to after initialization when started as root. 
# The default is "nobody"
user=nobody

# Do a chroot() at initialization time, restricting file access to the program's 
# current directory.
nochroot
#chroot=

# Specifies a directory to chdir() to after chrooting. If you're not chrooting, 
# you might as well do a single chdir(). If you are chrooting, this lets you put 
# the web files in a subdirectory of the chroot tree, instead of in the top level 
# mixed in with the chroot files.
#datadir=

# Don't do explicit symbolic link checking. Normally, thttpd explicitly expands 
# any symbolic links in filenames, to check that the resulting path stays within 
# the original document tree. If you want to turn off this check and save some 
# CPU time, you can use this option, however this is not recommended. 
# Note, though, that if you are using the chroot option, the symlink checking is 
# unnecessary and is turned off, so the safe way to save those CPU cycles is to 
# use chroot. 
#symlinkcheck   <-- docs say this should be used from v 2.24 onwards,
# but they seem to be wrong
#nosymlinkcheck <-- docs say this should be used from v 2.24 onwards,
# but they seem to be wrong
#symlink
nosymlink

# Do el-cheapo virtual hosting. This sends each incoming request to a subdirectory 
# based on the hostname it's intended for. All you have to do in order to set things
# up is to create those subdirectories in the directory where thttpd will run.
#novhost
vhost

# Use a global passwd file. This means that every file in the entire document tree 
# is protected by the single .htpasswd file at the top of the tree. Otherwise the 
# semantics of the .htpasswd file are the same. If this option is set but there is 
# no .htpasswd file in the top-level directory, then thttpd proceeds as if the option 
# was not set - first looking for a local .htpasswd file, and if that doesn't exist 
# either then serving the file without any password. 
#globalpasswd
#noglobalpasswd

# Specifies what user to switch to after initialization when started as root. 
# The default is "nobody".
#user=

# Specifies a wildcard pattern for CGI programs, for instance "**.cgi" or "/cgi-bin/*". 
#cgipat=

# Specifies a file of throttle settings.
#throttles=

# Specifies a hostname to bind to, for multihoming. The default is to bind to all 
# hostnames supported on the local machine. 
#host=

# Specifies a file for logging. If no -l argument is specified, thttpd logs via 
# syslog(). If "-l /dev/null" is specified, thttpd doesn't log at all.
logfile=/var/log/thttpd.log

# Specifies a file to write the process-id to. If no file is specified, 
# no process-id is written. You can use this file to send signals to thttpd.
pidfile=/var/run/thttpd.pid

# Specifies the character set to use with text MIME types. The default is iso-8859-1. 
#charset=

# Specifies a P3P server privacy header to be returned with all responses. 
# See http://www.w3.org/P3P/ for details. Thttpd doesn't do anything at all with the 
# string except put it in the P3P: response header. 
#p3p=

# Specifies the number of seconds to be used in a "Cache-Control: max-age" header to 
# be returned with all responses. An equivalent "Expires" header is also generated. 
# The default is no Cache-Control or Expires headers, which is just fine for most sites. 
#max_age=


Web Servers and File Permissions

Users of Thttpd, Php-Thttpd, Cherokee, Lighttpd, Apache and other Optware web servers may find that they have difficulty serving some types of web page, in many cases this can be due to the individual file permissions settings. For a detailed discussion for the Thttpd server consult the web page :-

http://www.acme.com/software/thttpd/thttpd_man.html

Most of the working Web based Optware packages for the NSLU2 e.g. dokuwiki, mediawiki, phpmyadmin have adopted the following rules during instalation.

  1. Flag all files and Directories with owner and group set to - root
  2. Flag all Data files such as html, PHP and picture files - 644
  3. Flag all Directories - 2755
  4. Flag all executables such as CGI, Perl, Python, Shell scripts etc. - 755

The following script sections can be used to flag large directory structures.

The scripts assume that the data files are stored in the folder structure /opt/share/www/mywebpages - modify this directory name as required.

Login as user root.

 
#! /bin/sh
# Diversion script: to set file permissions for web pages and directories
#
# 1. Start by globaly setting all files and directories with owner and group set to root.
# Note that some users prefer to use different user and groups
# to improve server security, such as nobody and everyone
chown -R root:root /opt/share/www/mywebpages
#
# 2. Then globaly chmod all files and directories to permission 644
chmod -R 0644 /opt/share/www/mywebpages
#
# 3. Then chmod all Directories to permission 2755
find /opt/share/www/mywebpages -type d -exec chmod 2755 {} \; -print
#

If your web folder tree contains any executable files with extensions such as .cgi, .pl, .py or .sh then flag these using the script below. Change the file extension as required.

 
# 4. For CGI executable files, chmod all to permission 755
find /opt/share/www/mywebpages -name *.cgi -exec chmod 0755 {} \; -print
#

Hope that these script sections prove useful to users. Note that -print just displays the progress on the console screen so can be omitted from the script sections if required.

RobHam - Jan 2006 - expanded May 2007


thttpd, password authentication, file permissions and NTFS/UFSD drives

I tried to setup password authentication with the thttpd binary (in /usr/sbin) that comes with the nlsu. It recognizes .htpasswd files but there's no htpasswd binary included to create them. I couldn't create .htpasswd files manually.

I downloaded the ACME httpd binary package(ipkg install httpd, the new binary is in /opt/sbin/) This binary has an advantage and a drawback when compared to the linksys binary. Advantage: the package includes a htpasswd utility Drawback : it is very picky about file permissions. It requires that all files (html/pictures...) be world readable in order to display them.

The htpasswd utility that comes with the acme thttpd package is not compatible with the thttpd binary from Linksys.

Using the acme httpd package I could setup password authentication on my web server. However most of my content is stored on a NTFS drive on disk1. It is mounted on /dev/sdb1 by the nslu using a nfsd driver (comes with the nslu). NTFS doesn't support per file world permission information. Using chmod I couldn't make my files and directories world readable on the NTFS drive. The only way to do it would be to specify umask=0000 when the drive is mounted, but I couldn't modify the mounting options for /dev/sdb1. I tried to mount the disk a second time on another mount point (using /etc/fstab), with umount=0000, but even in that mount, the files would have no world permission.

The only way around I found was to:

  1. Download the thttpd source code of the ACME thttpd binary (see MakeThttpdOnYourNSLU2Box)
  2. Edit the libhttpd.c file and remove the few lines of code that do check for the world read permission flag.
  3. Compile the binary as indicated in MakeThttpdOnYourNSLU2Box

The new binary:

  1. supports password authentication (using the htpasswd utility from the acme package)
  2. does not bother me with world read permissions

Olivier.


Page last modified on December 13, 2010, at 04:00 AM