lighttpd: do not overwrite /etc/lighttpd/lighttpd.conf (On new installs) (#5075)
This commit is contained in:
commit
ec1d4c5500
|
@ -1,81 +0,0 @@
|
|||
<?php
|
||||
/* Pi-hole: A black hole for Internet advertisements
|
||||
* (c) 2017 Pi-hole, LLC (https://pi-hole.net)
|
||||
* Network-wide ad blocking via your own hardware.
|
||||
*
|
||||
* This file is copyright under the latest version of the EUPL.
|
||||
* Please see LICENSE file for your rights under this license. */
|
||||
|
||||
// Sanitize SERVER_NAME output
|
||||
$serverName = htmlspecialchars($_SERVER["SERVER_NAME"]);
|
||||
// Remove external ipv6 brackets if any
|
||||
$serverName = preg_replace('/^\[(.*)\]$/', '${1}', $serverName);
|
||||
|
||||
// Set landing page location, found within /var/www/html/
|
||||
$landPage = "../landing.php";
|
||||
|
||||
// Define array for hostnames to be accepted as self address for splash page
|
||||
$authorizedHosts = [ "localhost" ];
|
||||
if (!empty($_SERVER["FQDN"])) {
|
||||
// If setenv.add-environment = ("fqdn" => "true") is configured in lighttpd,
|
||||
// append $serverName to $authorizedHosts
|
||||
array_push($authorizedHosts, $serverName);
|
||||
} else if (!empty($_SERVER["VIRTUAL_HOST"])) {
|
||||
// Append virtual hostname to $authorizedHosts
|
||||
array_push($authorizedHosts, $_SERVER["VIRTUAL_HOST"]);
|
||||
}
|
||||
|
||||
// Determine block page type
|
||||
if ($serverName === "pi.hole"
|
||||
|| (!empty($_SERVER["VIRTUAL_HOST"]) && $serverName === $_SERVER["VIRTUAL_HOST"])) {
|
||||
// Redirect to Web Interface
|
||||
header("Location: /admin");
|
||||
exit();
|
||||
} elseif (filter_var($serverName, FILTER_VALIDATE_IP) || in_array($serverName, $authorizedHosts)) {
|
||||
// When directly browsing via IP or authorized hostname
|
||||
// Render splash/landing page based off presence of $landPage file
|
||||
// Unset variables so as to not be included in $landPage or $splashPage
|
||||
unset($authorizedHosts);
|
||||
// If $landPage file is present
|
||||
if (is_file(getcwd()."/$landPage")) {
|
||||
unset($serverName, $viewPort); // unset extra variables not to be included in $landpage
|
||||
include $landPage;
|
||||
exit();
|
||||
}
|
||||
// If $landPage file was not present, Set Splash Page output
|
||||
$splashPage = <<<EOT
|
||||
<!doctype html>
|
||||
<html lang='en'>
|
||||
<head>
|
||||
<meta charset='utf-8'>
|
||||
<meta name='viewport' content='width=device-width, initial-scale=1'>
|
||||
<title>● $serverName</title>
|
||||
<link rel='shortcut icon' href='/admin/img/favicons/favicon.ico' type='image/x-icon'>
|
||||
<style>
|
||||
html, body { height: 100% }
|
||||
body { margin: 0; font: 13pt "Source Sans Pro", "Helvetica Neue", Helvetica, Arial, sans-serif; }
|
||||
body { background: #222; color: rgba(255, 255, 255, 0.7); text-align: center; }
|
||||
p { margin: 0; }
|
||||
a { color: #3c8dbc; text-decoration: none; }
|
||||
a:hover { color: #72afda; text-decoration: underline; }
|
||||
#splashpage { display: flex; align-items: center; justify-content: center; }
|
||||
#splashpage img { margin: 5px; width: 256px; }
|
||||
#splashpage b { color: inherit; }
|
||||
</style>
|
||||
</head>
|
||||
<body id='splashpage'>
|
||||
<div>
|
||||
<img src='/admin/img/logo.svg' alt='Pi-hole logo' width='256' height='377'>
|
||||
<br>
|
||||
<p>Pi-<strong>hole</strong>: Your black hole for Internet advertisements</p>
|
||||
<a href='/admin'>Did you mean to go to the admin panel?</a>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
EOT;
|
||||
exit($splashPage);
|
||||
}
|
||||
|
||||
header("HTTP/1.1 404 Not Found");
|
||||
exit();
|
||||
?>
|
|
@ -26,7 +26,6 @@ server.modules = (
|
|||
)
|
||||
|
||||
server.document-root = "/var/www/html"
|
||||
server.error-handler-404 = "/pihole/index.php"
|
||||
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
|
||||
server.errorlog = "/var/log/lighttpd/error-pihole.log"
|
||||
server.pid-file = "/run/lighttpd.pid"
|
||||
|
@ -72,7 +71,4 @@ include "external*.conf"
|
|||
|
||||
# default listening port for IPv6 falls back to the IPv4 port
|
||||
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
|
||||
|
||||
# Prevent Lighttpd from enabling Let's Encrypt SSL for every blocked domain
|
||||
#include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
|
||||
include_shell "find /etc/lighttpd/conf-enabled -name '*.conf' -a ! -name 'letsencrypt.conf' -printf 'include \"%p\"\n' 2>/dev/null"
|
||||
include "/etc/lighttpd/conf-enabled/*.conf"
|
||||
|
|
|
@ -27,7 +27,6 @@ server.modules = (
|
|||
)
|
||||
|
||||
server.document-root = "/var/www/html"
|
||||
server.error-handler-404 = "/pihole/index.php"
|
||||
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
|
||||
server.errorlog = "/var/log/lighttpd/error-pihole.log"
|
||||
server.pid-file = "/run/lighttpd.pid"
|
||||
|
|
|
@ -65,11 +65,5 @@ $HTTP["host"] == "pi.hole" {
|
|||
}
|
||||
}
|
||||
|
||||
# (safe to enable after pihole ceases to support Debian 10 (Buster))
|
||||
# (For lighttpd 1.4.56+ which ignores duplicated server.modules entries)
|
||||
#server.modules += (
|
||||
# "mod_access",
|
||||
# "mod_redirect",
|
||||
# "mod_fastcgi",
|
||||
# "mod_setenv",
|
||||
#)
|
||||
# (keep this on one line for basic-install.sh filtering during install)
|
||||
server.modules += ( "mod_access", "mod_redirect", "mod_fastcgi", "mod_setenv" )
|
||||
|
|
|
@ -82,7 +82,6 @@ PI_HOLE_FILES=(chronometer list piholeDebug piholeLogFlush setupLCD update versi
|
|||
PI_HOLE_INSTALL_DIR="/opt/pihole"
|
||||
PI_HOLE_CONFIG_DIR="/etc/pihole"
|
||||
PI_HOLE_BIN_DIR="/usr/local/bin"
|
||||
PI_HOLE_404_DIR="${webroot}/pihole"
|
||||
FTL_CONFIG_FILE="${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf"
|
||||
if [ -z "$useUpdateVars" ]; then
|
||||
useUpdateVars=false
|
||||
|
@ -1401,42 +1400,59 @@ installConfigs() {
|
|||
|
||||
# If the user chose to install the dashboard,
|
||||
if [[ "${INSTALL_WEB_SERVER}" == true ]]; then
|
||||
# and if the Web server conf directory does not exist,
|
||||
if [[ ! -d "/etc/lighttpd" ]]; then
|
||||
# make it and set the owners
|
||||
install -d -m 755 -o "${USER}" -g root /etc/lighttpd
|
||||
# Otherwise, if the config file already exists
|
||||
elif [[ -f "${lighttpdConfig}" ]]; then
|
||||
# back up the original
|
||||
mv "${lighttpdConfig}"{,.orig}
|
||||
fi
|
||||
# and copy in the config file Pi-hole needs
|
||||
install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/advanced/${LIGHTTPD_CFG} "${lighttpdConfig}"
|
||||
# If there is a custom block page in the html/pihole directory, replace 404 handler in lighttpd config
|
||||
if [[ -f "${PI_HOLE_404_DIR}/custom.php" ]]; then
|
||||
sed -i 's/^\(server\.error-handler-404\s*=\s*\).*$/\1"\/pihole\/custom\.php"/' "${lighttpdConfig}"
|
||||
if grep -q -F "FILE AUTOMATICALLY OVERWRITTEN BY PI-HOLE" "${lighttpdConfig}"; then
|
||||
# Attempt to preserve backwards compatibility with older versions
|
||||
install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/advanced/${LIGHTTPD_CFG} "${lighttpdConfig}"
|
||||
# Make the directories if they do not exist and set the owners
|
||||
mkdir -p /run/lighttpd
|
||||
chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /run/lighttpd
|
||||
mkdir -p /var/cache/lighttpd/compress
|
||||
chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/cache/lighttpd/compress
|
||||
mkdir -p /var/cache/lighttpd/uploads
|
||||
chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/cache/lighttpd/uploads
|
||||
fi
|
||||
# Copy the config file to include for pihole admin interface
|
||||
if [[ -d "/etc/lighttpd/conf.d" ]]; then
|
||||
install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/advanced/pihole-admin.conf /etc/lighttpd/conf.d/pihole-admin.conf
|
||||
if grep -q -F 'include "/etc/lighttpd/conf.d/pihole-admin.conf"' "${lighttpdConfig}"; then
|
||||
:
|
||||
else
|
||||
echo 'include "/etc/lighttpd/conf.d/pihole-admin.conf"' >> "${lighttpdConfig}"
|
||||
fi
|
||||
# Avoid some warnings trace from lighttpd, which might break tests
|
||||
conf=/etc/lighttpd/conf.d/pihole-admin.conf
|
||||
if lighttpd -f "${lighttpdConfig}" -tt 2>&1 | grep -q -F "WARNING: unknown config-key: dir-listing\."; then
|
||||
echo '# Avoid some warnings trace from lighttpd, which might break tests' >> $conf
|
||||
echo 'server.modules += ( "mod_dirlisting" )' >> $conf
|
||||
fi
|
||||
if lighttpd -f "${lighttpdConfig}" -tt 2>&1 | grep -q -F "warning: please use server.use-ipv6"; then
|
||||
echo '# Avoid some warnings trace from lighttpd, which might break tests' >> $conf
|
||||
echo 'server.use-ipv6 := "disable"' >> $conf
|
||||
fi
|
||||
elif [[ -d "/etc/lighttpd/conf-available" ]]; then
|
||||
conf=/etc/lighttpd/conf-available/15-pihole-admin.conf
|
||||
install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/advanced/pihole-admin.conf $conf
|
||||
# disable server.modules += ( ... ) in $conf to avoid module dups
|
||||
# (needed until Debian 10 no longer supported by pi-hole)
|
||||
# (server.modules duplication is ignored in lighttpd 1.4.56+)
|
||||
if awk '!/^server\.modules/{print}' $conf > $conf.$$ && mv $conf.$$ $conf; then
|
||||
:
|
||||
else
|
||||
rm $conf.$$
|
||||
fi
|
||||
chmod 644 $conf
|
||||
if is_command lighty-enable-mod ; then
|
||||
lighty-enable-mod pihole-admin > /dev/null || true
|
||||
lighty-enable-mod pihole-admin access redirect fastcgi setenv > /dev/null || true
|
||||
else
|
||||
# Otherwise, show info about installing them
|
||||
printf " %b Warning: 'lighty-enable-mod' utility not found\\n" "${INFO}"
|
||||
printf " Please ensure fastcgi is enabled if you experience issues\\n"
|
||||
fi
|
||||
else
|
||||
# lighttpd config include dir not found
|
||||
printf " %b Warning: lighttpd config include dir not found\\n" "${INFO}"
|
||||
printf " Please manually install pihole-admin.conf\\n"
|
||||
fi
|
||||
# Make the directories if they do not exist and set the owners
|
||||
mkdir -p /run/lighttpd
|
||||
chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /run/lighttpd
|
||||
mkdir -p /var/cache/lighttpd/compress
|
||||
chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/cache/lighttpd/compress
|
||||
mkdir -p /var/cache/lighttpd/uploads
|
||||
chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/cache/lighttpd/uploads
|
||||
fi
|
||||
}
|
||||
|
||||
|
@ -1687,30 +1703,6 @@ install_dependent_packages() {
|
|||
|
||||
# Install the Web interface dashboard
|
||||
installPiholeWeb() {
|
||||
printf "\\n %b Installing 404 page...\\n" "${INFO}"
|
||||
|
||||
local str="Creating directory for 404 page, and copying files"
|
||||
printf " %b %s..." "${INFO}" "${str}"
|
||||
# Install the directory
|
||||
install -d -m 0755 ${PI_HOLE_404_DIR}
|
||||
# and the 404 handler
|
||||
install -D -m 644 ${PI_HOLE_LOCAL_REPO}/advanced/index.php ${PI_HOLE_404_DIR}/
|
||||
|
||||
printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}"
|
||||
|
||||
local str="Backing up index.lighttpd.html"
|
||||
printf " %b %s..." "${INFO}" "${str}"
|
||||
# If the default index file exists,
|
||||
if [[ -f "${webroot}/index.lighttpd.html" ]]; then
|
||||
# back it up
|
||||
mv ${webroot}/index.lighttpd.html ${webroot}/index.lighttpd.orig
|
||||
printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}"
|
||||
else
|
||||
# Otherwise, don't do anything
|
||||
printf "%b %b %s\\n" "${OVER}" "${INFO}" "${str}"
|
||||
printf " No default index.lighttpd.html file found... not backing up\\n"
|
||||
fi
|
||||
|
||||
# Install Sudoers file
|
||||
local str="Installing sudoer file"
|
||||
printf "\\n %b %s..." "${INFO}" "${str}"
|
||||
|
@ -1913,15 +1905,6 @@ installPihole() {
|
|||
# Give lighttpd access to the pihole group so the web interface can
|
||||
# manage the gravity.db database
|
||||
usermod -a -G pihole ${LIGHTTPD_USER}
|
||||
# If the lighttpd command is executable,
|
||||
if is_command lighty-enable-mod ; then
|
||||
# enable fastcgi and fastcgi-php
|
||||
lighty-enable-mod fastcgi fastcgi-php > /dev/null || true
|
||||
else
|
||||
# Otherwise, show info about installing them
|
||||
printf " %b Warning: 'lighty-enable-mod' utility not found\\n" "${INFO}"
|
||||
printf " Please ensure fastcgi is enabled if you experience issues\\n"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
# Install base files and web interface
|
||||
|
|
|
@ -131,6 +131,7 @@ removeNoPurge() {
|
|||
fi
|
||||
|
||||
if package_check lighttpd > /dev/null; then
|
||||
# Attempt to preserve backwards compatibility with older versions
|
||||
if [[ -f /etc/lighttpd/lighttpd.conf.orig ]]; then
|
||||
${SUDO} mv /etc/lighttpd/lighttpd.conf.orig /etc/lighttpd/lighttpd.conf
|
||||
fi
|
||||
|
@ -142,6 +143,16 @@ removeNoPurge() {
|
|||
# Fedora-based
|
||||
if [[ -f /etc/lighttpd/conf.d/pihole-admin.conf ]]; then
|
||||
${SUDO} rm /etc/lighttpd/conf.d/pihole-admin.conf
|
||||
conf=/etc/lighttpd/lighttpd.conf
|
||||
tconf=/tmp/lighttpd.conf.$$
|
||||
if awk '!/^include "\/etc\/lighttpd\/conf\.d\/pihole-admin\.conf"$/{print}' \
|
||||
$conf > $tconf && mv $tconf $conf; then
|
||||
:
|
||||
else
|
||||
rm $tconf
|
||||
fi
|
||||
${SUDO} chown root:root $conf
|
||||
${SUDO} chmod 644 $conf
|
||||
fi
|
||||
|
||||
# Debian-based
|
||||
|
|
|
@ -129,20 +129,8 @@ def test_installPiholeWeb_fresh_install_no_errors(host):
|
|||
installPiholeWeb
|
||||
"""
|
||||
)
|
||||
expected_stdout = info_box + " Installing 404 page..."
|
||||
assert expected_stdout in installWeb.stdout
|
||||
expected_stdout = tick_box + (
|
||||
" Creating directory for 404 page, " "and copying files"
|
||||
)
|
||||
assert expected_stdout in installWeb.stdout
|
||||
expected_stdout = info_box + " Backing up index.lighttpd.html"
|
||||
assert expected_stdout in installWeb.stdout
|
||||
expected_stdout = "No default index.lighttpd.html file found... " "not backing up"
|
||||
assert expected_stdout in installWeb.stdout
|
||||
expected_stdout = tick_box + " Installing sudoer file"
|
||||
assert expected_stdout in installWeb.stdout
|
||||
web_directory = host.run("ls -r /var/www/html/pihole").stdout
|
||||
assert "index.php" in web_directory
|
||||
|
||||
|
||||
def get_directories_recursive(host, directory):
|
||||
|
@ -416,7 +404,7 @@ def test_installPihole_fresh_install_readableBlockpage(host, test_webpage):
|
|||
usergroup="${{LIGHTTPD_USER}}:${{LIGHTTPD_GROUP}}",
|
||||
chmodarg="{{}}",
|
||||
config="/etc/lighttpd/lighttpd.conf",
|
||||
run="/var/run/lighttpd",
|
||||
run="/run/lighttpd",
|
||||
cache="/var/cache/lighttpd",
|
||||
uploads="/var/cache/lighttpd/uploads",
|
||||
compress="/var/cache/lighttpd/compress",
|
||||
|
@ -556,16 +544,6 @@ def test_installPihole_fresh_install_readableBlockpage(host, test_webpage):
|
|||
return bool(m)
|
||||
|
||||
if installWebInterface is True:
|
||||
check_pihole = test_cmd.format("r", webroot + "/pihole", webuser)
|
||||
actual_rc = host.run(check_pihole).rc
|
||||
assert exit_status_success == actual_rc
|
||||
check_pihole = test_cmd.format("x", webroot + "/pihole", webuser)
|
||||
actual_rc = host.run(check_pihole).rc
|
||||
assert exit_status_success == actual_rc
|
||||
# check most important files in $webroot for read permission
|
||||
check_index = test_cmd.format("r", webroot + "/pihole/index.php", webuser)
|
||||
actual_rc = host.run(check_index).rc
|
||||
assert exit_status_success == actual_rc
|
||||
if test_webpage is True:
|
||||
# check webpage for unreadable files
|
||||
noPHPfopen = re.compile(
|
||||
|
|
Loading…
Reference in New Issue