Jump to content
Froxlor Forum
  • 0

lighttpd mod_openssl warnung


black-night

Question

Hallo,

ich verwende froxlor 0.9.38.7 mit lighttpd 1.4.48-1 und mod_openssl. In den vhost (/etc/lighttpd/conf-enabled/vhosts/) configs schreibt froxlor bei aktiviertem SSL:

$HTTP["host"] =~ "^domain\.de$" {
  server.document-root = "/var/customers/webs/test/"
  $HTTP["url"] =~ "^/webalizer/" {
    auth.backend = "htpasswd"
    auth.backend.htpasswd.userfile = "/etc/lighttpd/froxlor-htpasswd/1-476459152e5e9e538d6324fe3ede113b.htpasswd"
    auth.require = (
      "/webalizer/" =>
      (
         "method"  => "basic",
         "realm"   => "Restricted Area",
         "require" => "valid-user"
      )
    )
  }
ssl.engine = "enable"
ssl.use-compression = "disable"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
ssl.cipher-list = "ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128"
ssl.honor-cipher-order = "enable"
ssl.pemfile = "/etc/ssl/froxlor-custom/domain.de.crt"
ssl.ca-file = "/etc/ssl/froxlor-custom/domain.de_CA.pem"
$HTTP["scheme"] == "https" { setenv.add-response-header  = ( "Strict-Transport-Security" => "max-age=0") }
  accesslog.filename    = "/var/customers/logs/test-access.log"
}

Das scheint soweit auch zu funktionieren. Beim Starten von lighttpd kommt aber folgenden Meldung:

lighttpd-angel[28248]: 2017-11-17 12:56:44: (mod_openssl.c.1064) ssl.engine is valid only in global scope or $SERVER["socket"] condition

entferne ich die Zeile ssl.engine = "enable" kommt die Meldung nicht mehr. Aber froxlor schreibt die Zeile natürlich wieder rein.

Die Frage, mach ich da was falsch oder ist das ein Fehler von froxlor?

Link to comment
Share on other sites

3 answers to this question

Recommended Posts

ich nehme an, da hat wohl lighttpd sein verhalten geändert.

Versuch mal folgenden Patch und sag mir obs damit klappt:

diff --git a/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php b/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php
index d1ba5d0..a2d5258 100644
--- a/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php
+++ b/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php
@@ -535,7 +535,8 @@ class lighttpd extends HttpConfigBase
 
                        if ($domain['ssl_cert_file'] != '') {
 
-                               $ssl_settings .= 'ssl.engine = "enable"' . "\n";
+                               // ssl.engine only necessary once in the ip/port vhost (SERVER['socket'] condition)
+                               //$ssl_settings .= 'ssl.engine = "enable"' . "\n";
                                $ssl_settings .= 'ssl.use-compression = "disable"' . "\n";
                                $ssl_settings .= 'ssl.use-sslv2 = "disable"' . "\n";
                                $ssl_settings .= 'ssl.use-sslv3 = "disable"' . "\n";

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...