lighttpd: do not overwrite /etc/lighttpd/lighttpd.conf (On new installs) (#5075)

This commit is contained in:
Adam Warner 2022-12-19 23:36:23 +00:00 committed by GitHub
commit ec1d4c5500
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 54 additions and 174 deletions

View File

@ -1,81 +0,0 @@
<?php
/* Pi-hole: A black hole for Internet advertisements
* (c) 2017 Pi-hole, LLC (https://pi-hole.net)
* Network-wide ad blocking via your own hardware.
*
* This file is copyright under the latest version of the EUPL.
* Please see LICENSE file for your rights under this license. */
// Sanitize SERVER_NAME output
$serverName = htmlspecialchars($_SERVER["SERVER_NAME"]);
// Remove external ipv6 brackets if any
$serverName = preg_replace('/^\[(.*)\]$/', '${1}', $serverName);
// Set landing page location, found within /var/www/html/
$landPage = "../landing.php";
// Define array for hostnames to be accepted as self address for splash page
$authorizedHosts = [ "localhost" ];
if (!empty($_SERVER["FQDN"])) {
// If setenv.add-environment = ("fqdn" => "true") is configured in lighttpd,
// append $serverName to $authorizedHosts
array_push($authorizedHosts, $serverName);
} else if (!empty($_SERVER["VIRTUAL_HOST"])) {
// Append virtual hostname to $authorizedHosts
array_push($authorizedHosts, $_SERVER["VIRTUAL_HOST"]);
}
// Determine block page type
if ($serverName === "pi.hole"
|| (!empty($_SERVER["VIRTUAL_HOST"]) && $serverName === $_SERVER["VIRTUAL_HOST"])) {
// Redirect to Web Interface
header("Location: /admin");
exit();
} elseif (filter_var($serverName, FILTER_VALIDATE_IP) || in_array($serverName, $authorizedHosts)) {
// When directly browsing via IP or authorized hostname
// Render splash/landing page based off presence of $landPage file
// Unset variables so as to not be included in $landPage or $splashPage
unset($authorizedHosts);
// If $landPage file is present
if (is_file(getcwd()."/$landPage")) {
unset($serverName, $viewPort); // unset extra variables not to be included in $landpage
include $landPage;
exit();
}
// If $landPage file was not present, Set Splash Page output
$splashPage = <<<EOT
<!doctype html>
<html lang='en'>
<head>
<meta charset='utf-8'>
<meta name='viewport' content='width=device-width, initial-scale=1'>
<title> $serverName</title>
<link rel='shortcut icon' href='/admin/img/favicons/favicon.ico' type='image/x-icon'>
<style>
html, body { height: 100% }
body { margin: 0; font: 13pt "Source Sans Pro", "Helvetica Neue", Helvetica, Arial, sans-serif; }
body { background: #222; color: rgba(255, 255, 255, 0.7); text-align: center; }
p { margin: 0; }
a { color: #3c8dbc; text-decoration: none; }
a:hover { color: #72afda; text-decoration: underline; }
#splashpage { display: flex; align-items: center; justify-content: center; }
#splashpage img { margin: 5px; width: 256px; }
#splashpage b { color: inherit; }
</style>
</head>
<body id='splashpage'>
<div>
<img src='/admin/img/logo.svg' alt='Pi-hole logo' width='256' height='377'>
<br>
<p>Pi-<strong>hole</strong>: Your black hole for Internet advertisements</p>
<a href='/admin'>Did you mean to go to the admin panel?</a>
</div>
</body>
</html>
EOT;
exit($splashPage);
}
header("HTTP/1.1 404 Not Found");
exit();
?>

View File

@ -26,7 +26,6 @@ server.modules = (
)
server.document-root = "/var/www/html"
server.error-handler-404 = "/pihole/index.php"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error-pihole.log"
server.pid-file = "/run/lighttpd.pid"
@ -72,7 +71,4 @@ include "external*.conf"
# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
# Prevent Lighttpd from enabling Let's Encrypt SSL for every blocked domain
#include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
include_shell "find /etc/lighttpd/conf-enabled -name '*.conf' -a ! -name 'letsencrypt.conf' -printf 'include \"%p\"\n' 2>/dev/null"
include "/etc/lighttpd/conf-enabled/*.conf"

View File

@ -27,7 +27,6 @@ server.modules = (
)
server.document-root = "/var/www/html"
server.error-handler-404 = "/pihole/index.php"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error-pihole.log"
server.pid-file = "/run/lighttpd.pid"

View File

@ -65,11 +65,5 @@ $HTTP["host"] == "pi.hole" {
}
}
# (safe to enable after pihole ceases to support Debian 10 (Buster))
# (For lighttpd 1.4.56+ which ignores duplicated server.modules entries)
#server.modules += (
# "mod_access",
# "mod_redirect",
# "mod_fastcgi",
# "mod_setenv",
#)
# (keep this on one line for basic-install.sh filtering during install)
server.modules += ( "mod_access", "mod_redirect", "mod_fastcgi", "mod_setenv" )

View File

@ -82,7 +82,6 @@ PI_HOLE_FILES=(chronometer list piholeDebug piholeLogFlush setupLCD update versi
PI_HOLE_INSTALL_DIR="/opt/pihole"
PI_HOLE_CONFIG_DIR="/etc/pihole"
PI_HOLE_BIN_DIR="/usr/local/bin"
PI_HOLE_404_DIR="${webroot}/pihole"
FTL_CONFIG_FILE="${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf"
if [ -z "$useUpdateVars" ]; then
useUpdateVars=false
@ -1401,42 +1400,59 @@ installConfigs() {
# If the user chose to install the dashboard,
if [[ "${INSTALL_WEB_SERVER}" == true ]]; then
# and if the Web server conf directory does not exist,
if [[ ! -d "/etc/lighttpd" ]]; then
# make it and set the owners
install -d -m 755 -o "${USER}" -g root /etc/lighttpd
# Otherwise, if the config file already exists
elif [[ -f "${lighttpdConfig}" ]]; then
# back up the original
mv "${lighttpdConfig}"{,.orig}
fi
# and copy in the config file Pi-hole needs
install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/advanced/${LIGHTTPD_CFG} "${lighttpdConfig}"
# If there is a custom block page in the html/pihole directory, replace 404 handler in lighttpd config
if [[ -f "${PI_HOLE_404_DIR}/custom.php" ]]; then
sed -i 's/^\(server\.error-handler-404\s*=\s*\).*$/\1"\/pihole\/custom\.php"/' "${lighttpdConfig}"
if grep -q -F "FILE AUTOMATICALLY OVERWRITTEN BY PI-HOLE" "${lighttpdConfig}"; then
# Attempt to preserve backwards compatibility with older versions
install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/advanced/${LIGHTTPD_CFG} "${lighttpdConfig}"
# Make the directories if they do not exist and set the owners
mkdir -p /run/lighttpd
chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /run/lighttpd
mkdir -p /var/cache/lighttpd/compress
chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/cache/lighttpd/compress
mkdir -p /var/cache/lighttpd/uploads
chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/cache/lighttpd/uploads
fi
# Copy the config file to include for pihole admin interface
if [[ -d "/etc/lighttpd/conf.d" ]]; then
install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/advanced/pihole-admin.conf /etc/lighttpd/conf.d/pihole-admin.conf
if grep -q -F 'include "/etc/lighttpd/conf.d/pihole-admin.conf"' "${lighttpdConfig}"; then
:
else
echo 'include "/etc/lighttpd/conf.d/pihole-admin.conf"' >> "${lighttpdConfig}"
fi
# Avoid some warnings trace from lighttpd, which might break tests
conf=/etc/lighttpd/conf.d/pihole-admin.conf
if lighttpd -f "${lighttpdConfig}" -tt 2>&1 | grep -q -F "WARNING: unknown config-key: dir-listing\."; then
echo '# Avoid some warnings trace from lighttpd, which might break tests' >> $conf
echo 'server.modules += ( "mod_dirlisting" )' >> $conf
fi
if lighttpd -f "${lighttpdConfig}" -tt 2>&1 | grep -q -F "warning: please use server.use-ipv6"; then
echo '# Avoid some warnings trace from lighttpd, which might break tests' >> $conf
echo 'server.use-ipv6 := "disable"' >> $conf
fi
elif [[ -d "/etc/lighttpd/conf-available" ]]; then
conf=/etc/lighttpd/conf-available/15-pihole-admin.conf
install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/advanced/pihole-admin.conf $conf
# disable server.modules += ( ... ) in $conf to avoid module dups
# (needed until Debian 10 no longer supported by pi-hole)
# (server.modules duplication is ignored in lighttpd 1.4.56+)
if awk '!/^server\.modules/{print}' $conf > $conf.$$ && mv $conf.$$ $conf; then
:
else
rm $conf.$$
fi
chmod 644 $conf
if is_command lighty-enable-mod ; then
lighty-enable-mod pihole-admin > /dev/null || true
lighty-enable-mod pihole-admin access redirect fastcgi setenv > /dev/null || true
else
# Otherwise, show info about installing them
printf " %b Warning: 'lighty-enable-mod' utility not found\\n" "${INFO}"
printf " Please ensure fastcgi is enabled if you experience issues\\n"
fi
else
# lighttpd config include dir not found
printf " %b Warning: lighttpd config include dir not found\\n" "${INFO}"
printf " Please manually install pihole-admin.conf\\n"
fi
# Make the directories if they do not exist and set the owners
mkdir -p /run/lighttpd
chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /run/lighttpd
mkdir -p /var/cache/lighttpd/compress
chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/cache/lighttpd/compress
mkdir -p /var/cache/lighttpd/uploads
chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/cache/lighttpd/uploads
fi
}
@ -1687,30 +1703,6 @@ install_dependent_packages() {
# Install the Web interface dashboard
installPiholeWeb() {
printf "\\n %b Installing 404 page...\\n" "${INFO}"
local str="Creating directory for 404 page, and copying files"
printf " %b %s..." "${INFO}" "${str}"
# Install the directory
install -d -m 0755 ${PI_HOLE_404_DIR}
# and the 404 handler
install -D -m 644 ${PI_HOLE_LOCAL_REPO}/advanced/index.php ${PI_HOLE_404_DIR}/
printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}"
local str="Backing up index.lighttpd.html"
printf " %b %s..." "${INFO}" "${str}"
# If the default index file exists,
if [[ -f "${webroot}/index.lighttpd.html" ]]; then
# back it up
mv ${webroot}/index.lighttpd.html ${webroot}/index.lighttpd.orig
printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}"
else
# Otherwise, don't do anything
printf "%b %b %s\\n" "${OVER}" "${INFO}" "${str}"
printf " No default index.lighttpd.html file found... not backing up\\n"
fi
# Install Sudoers file
local str="Installing sudoer file"
printf "\\n %b %s..." "${INFO}" "${str}"
@ -1913,15 +1905,6 @@ installPihole() {
# Give lighttpd access to the pihole group so the web interface can
# manage the gravity.db database
usermod -a -G pihole ${LIGHTTPD_USER}
# If the lighttpd command is executable,
if is_command lighty-enable-mod ; then
# enable fastcgi and fastcgi-php
lighty-enable-mod fastcgi fastcgi-php > /dev/null || true
else
# Otherwise, show info about installing them
printf " %b Warning: 'lighty-enable-mod' utility not found\\n" "${INFO}"
printf " Please ensure fastcgi is enabled if you experience issues\\n"
fi
fi
fi
# Install base files and web interface

View File

@ -131,6 +131,7 @@ removeNoPurge() {
fi
if package_check lighttpd > /dev/null; then
# Attempt to preserve backwards compatibility with older versions
if [[ -f /etc/lighttpd/lighttpd.conf.orig ]]; then
${SUDO} mv /etc/lighttpd/lighttpd.conf.orig /etc/lighttpd/lighttpd.conf
fi
@ -142,6 +143,16 @@ removeNoPurge() {
# Fedora-based
if [[ -f /etc/lighttpd/conf.d/pihole-admin.conf ]]; then
${SUDO} rm /etc/lighttpd/conf.d/pihole-admin.conf
conf=/etc/lighttpd/lighttpd.conf
tconf=/tmp/lighttpd.conf.$$
if awk '!/^include "\/etc\/lighttpd\/conf\.d\/pihole-admin\.conf"$/{print}' \
$conf > $tconf && mv $tconf $conf; then
:
else
rm $tconf
fi
${SUDO} chown root:root $conf
${SUDO} chmod 644 $conf
fi
# Debian-based

View File

@ -129,20 +129,8 @@ def test_installPiholeWeb_fresh_install_no_errors(host):
installPiholeWeb
"""
)
expected_stdout = info_box + " Installing 404 page..."
assert expected_stdout in installWeb.stdout
expected_stdout = tick_box + (
" Creating directory for 404 page, " "and copying files"
)
assert expected_stdout in installWeb.stdout
expected_stdout = info_box + " Backing up index.lighttpd.html"
assert expected_stdout in installWeb.stdout
expected_stdout = "No default index.lighttpd.html file found... " "not backing up"
assert expected_stdout in installWeb.stdout
expected_stdout = tick_box + " Installing sudoer file"
assert expected_stdout in installWeb.stdout
web_directory = host.run("ls -r /var/www/html/pihole").stdout
assert "index.php" in web_directory
def get_directories_recursive(host, directory):
@ -416,7 +404,7 @@ def test_installPihole_fresh_install_readableBlockpage(host, test_webpage):
usergroup="${{LIGHTTPD_USER}}:${{LIGHTTPD_GROUP}}",
chmodarg="{{}}",
config="/etc/lighttpd/lighttpd.conf",
run="/var/run/lighttpd",
run="/run/lighttpd",
cache="/var/cache/lighttpd",
uploads="/var/cache/lighttpd/uploads",
compress="/var/cache/lighttpd/compress",
@ -556,16 +544,6 @@ def test_installPihole_fresh_install_readableBlockpage(host, test_webpage):
return bool(m)
if installWebInterface is True:
check_pihole = test_cmd.format("r", webroot + "/pihole", webuser)
actual_rc = host.run(check_pihole).rc
assert exit_status_success == actual_rc
check_pihole = test_cmd.format("x", webroot + "/pihole", webuser)
actual_rc = host.run(check_pihole).rc
assert exit_status_success == actual_rc
# check most important files in $webroot for read permission
check_index = test_cmd.format("r", webroot + "/pihole/index.php", webuser)
actual_rc = host.run(check_index).rc
assert exit_status_success == actual_rc
if test_webpage is True:
# check webpage for unreadable files
noPHPfopen = re.compile(