Openwrt 路由设置(三):使用Lighttpd作Web服务器
将openwrt默认uhttpd替换为lighttpd;强制https;并实现WebDAV功能。
Openwrt 路由设置(三):使用Lighttpd作Web服务器
(Lighttpd + WebDAV 配置)
一、基本
Lighttpd
是一个德国人领导的开源Web服务器软件,具有非常低的内存开销、cpu占用率低、效能好以及丰富的模块等特点。
- Lighttpd目前不支持https的反向代理。
WebDAV
基于 HTTP 协议的通信协议,在GET、POST、HEAD等几个HTTP标准方法以外添加了一些新的方法,使应用程序可对Web Server直接读写,并支持写文件锁定(Locking)及解锁(Unlock),还可以支持文件的版本控制。
因为基于HTTP,在广域网上共享文件有天然的优势,但要注意安全,通过http将明文传输密码;Windows系统现在默认已不支持http的WebDAV。使用HTTPS能保安全性。
Openwrt官方配置Documentation https://openwrt.org/docs/guide-user/luci/luci.on.lighttpd
Lighttpd官方配置Documentation https://redmine.lighttpd.net/projects/lighttpd/wiki
二、配置
(一)安装软件包
$ opkg install lighttpd luci-mod-admin-full libiwinfo
$ opkg install lighttpd-mod-cgi lighttpd-mod-alias lighttpd-mod-openssl
$ opkg install lighttpd-mod-webdav lighttpd-mod-auth lighttpd-mod-authn_file
$ opkg install lighttpd-mod-accesslog lighttpd-mod-redirect
(二)配置 Lighttpd
说明:=
有值不更新;:=
不论是否有值,强制更新。
- 编辑
/etc/lighttpd/lighttpd.conf
server.modules += ("mod_redirect")
server.modules += ("mod_openssl")
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.privkey = "/path/to/private_key"
ssl.pemfile = "/path/to/signed_cert_followed_by_intermediates"
} else $HTTP["scheme"] == "http" {
$HTTP["host"] !~ "^(192\.168\.|127\.0\.0\.1|localhost)" {
$HTTP["host"] =~ "(.*)(\:[0-9]*)?$" { ## %1 hostname without port
url.redirect = (".*" => "https://%1$0")
}
}
}
server.document-root = "/www/" # 设置web的根目录。/www/为openwrt默认
server.upload-dirs = ( "/tmp" )
# server.username = "http" # openwrt必须用root,不设置
# server.groupname = "www-data" # openwrt必须用root,不设置
index-file.names = ( "index.php", "index.html",
"index.htm", "default.htm",
)
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
server.pid-file := "/var/run/lighttpd.pid"
server.errorlog := "/var/log/lighttpd/error.log"
server.errorlog-use-syslog := "enable"
server.modules += ( "mod_accesslog" )
accesslog.filename := "/var/log/lighttpd/access.log"
include "/etc/lighttpd/mime.conf"
include "/etc/lighttpd/conf.d/*.conf"
- 新建
/etc/lighttpd/conf.d/cgi.conf
(访问openwrt后台需要)
server.modules += ( "mod_cgi" )
static-file.exclude-extensions += ( ".lua" )
cgi.assign = ( ".pl" => "/usr/bin/perl",
".cgi" => "/usr/bin/perl",
".rb" => "/usr/bin/ruby",
".erb" => "/usr/bin/eruby",
".py" => "/usr/bin/python",
".lua" => "/usr/bin/lua",
"/cgi-bin/luci" => "",
"/cgi-bin/cgi-backup" => "",
"/cgi-bin/cgi-download" => "",
"/cgi-bin/cgi-exec" => "",
"/cgi-bin/cgi-upload" => "",
)
$HTTP["url"] =~ "^/cgi-bin" {
cgi.assign += ( "" => "" )
}
(三)WebDAV配置
- 编辑
/etc/lighttpd/conf.d/20-auth.conf
## Authentication Module
server.modules += ( "mod_auth" )
auth.debug = 2
auth.cache = ("max-age" => "180") # 3分钟内使用缓存的授权
- 新建
/etc/lighttpd/conf.d/99-disk.conf
## WebDAV Module
## Override the /dav/ folder configured in 30-webdav.conf
server.modules += ( "mod_webdav" )
$HTTP["url"] =~ "^/dav($|/)" { # 如果注释掉,用于将整个webroot目录共享
webdav.activate = "enable"
# webdav.is-readonly = "enable" # 只读
server.document-root = "/mnt/mmcblk0p4/" # /dav文件夹是在其中的
server.dir-listing = "enable" # 可以通过浏览器访问
dir-listing.encoding = "utf-8"
auth.backend = "plain" # 明文密码
auth.backend.plain.userfile = "/etc/lighttpd/webdav.shadow" # 存密码的文件
auth.require = (
""=>("method"=>"basic","realm"=>"webdav","require"=>"valid-user")
)
# auth.require = (
# "/dav/home/user1/"=>("method"=>"basic","realm"=>"webdav","require"=>"user=user1"),
# "/dav/home/user2/"=>("method"=>"basic","realm"=>"webdav","require"=>"user=user2"),
# "/dav/"=>("method"=>"basic","realm"=>"webdav","require"=>"user=admin|user=sync")
# )
# 为防止上传文件冲突,用sqlite db文件作锁。
webdav.sqlite-db-name = "/tmp/webdav.db"
# 放在/tmp里,在内存里,频繁读写减少对硬盘的损耗。
}
- 编辑
/etc/lighttpd/webdav.shadow
写入明文用户名密码
admin1:password1
admin2:password2
(四)将openwrt原uhttpd替换为Lighttpd
$ /etc/init.d/uhttpd stop
$ /etc/init.d/uhttpd disable
$ /etc/init.d/lighttpd enable
$ /etc/init.d/lighttpd start
最后修改于 2024-02-24