Openwrt 路由设置(三):使用Lighttpd作Web服务器
将openwrt默认uhttpd替换为lighttpd;强制https;并实现WebDAV功能。

Openwrt 路由设置(三):使用Lighttpd作Web服务器

(Lighttpd + WebDAV 配置)

一、基本

Lighttpd 是一个德国人领导的开源Web服务器软件,具有非常低的内存开销、cpu占用率低、效能好以及丰富的模块等特点。

  • Lighttpd目前不支持https的反向代理。

WebDAV 基于 HTTP 协议的通信协议,在GET、POST、HEAD等几个HTTP标准方法以外添加了一些新的方法,使应用程序可对Web Server直接读写,并支持写文件锁定(Locking)及解锁(Unlock),还可以支持文件的版本控制。
因为基于HTTP,在广域网上共享文件有天然的优势,但要注意安全,通过http将明文传输密码;Windows系统现在默认已不支持http的WebDAV。使用HTTPS能保安全性。

Openwrt官方配置Documentation https://openwrt.org/docs/guide-user/luci/luci.on.lighttpd

Lighttpd官方配置Documentation https://redmine.lighttpd.net/projects/lighttpd/wiki

二、配置

(一)安装软件包

$ opkg install lighttpd luci-mod-admin-full libiwinfo
$ opkg install lighttpd-mod-cgi lighttpd-mod-alias lighttpd-mod-openssl
$ opkg install lighttpd-mod-webdav lighttpd-mod-auth lighttpd-mod-authn_file
$ opkg install lighttpd-mod-accesslog lighttpd-mod-redirect

(二)配置 Lighttpd

说明:= 有值不更新;:= 不论是否有值,强制更新。

  1. 编辑 /etc/lighttpd/lighttpd.conf
server.modules += ("mod_redirect")
server.modules += ("mod_openssl")
$SERVER["socket"] == ":443" {
    ssl.engine  = "enable"
    ssl.privkey = "/path/to/private_key"
    ssl.pemfile = "/path/to/signed_cert_followed_by_intermediates"
} else $HTTP["scheme"] == "http" {
  $HTTP["host"] !~ "^(192\.168\.|127\.0\.0\.1|localhost)" {
    $HTTP["host"] =~ "(.*)(\:[0-9]*)?$" {  ## %1 hostname without port
      url.redirect = (".*" => "https://%1$0")
    }
  }
}

server.document-root  = "/www/"    # 设置web的根目录。/www/为openwrt默认
server.upload-dirs    = ( "/tmp" )
# server.username  = "http"      # openwrt必须用root,不设置
# server.groupname = "www-data"  # openwrt必须用root,不设置
index-file.names      = ( "index.php", "index.html",
                          "index.htm", "default.htm",
                        )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

server.pid-file             := "/var/run/lighttpd.pid"
server.errorlog             := "/var/log/lighttpd/error.log"
server.errorlog-use-syslog  := "enable"
server.modules              += ( "mod_accesslog" )
accesslog.filename          := "/var/log/lighttpd/access.log"

include "/etc/lighttpd/mime.conf"
include "/etc/lighttpd/conf.d/*.conf"
  1. 新建 /etc/lighttpd/conf.d/cgi.conf(访问openwrt后台需要)
server.modules += ( "mod_cgi" )
static-file.exclude-extensions += ( ".lua" )

cgi.assign = ( ".pl"  => "/usr/bin/perl",
               ".cgi" => "/usr/bin/perl",
               ".rb"  => "/usr/bin/ruby",
               ".erb" => "/usr/bin/eruby",
               ".py"  => "/usr/bin/python",
               ".lua" => "/usr/bin/lua",
               "/cgi-bin/luci" => "",
               "/cgi-bin/cgi-backup" => "",
               "/cgi-bin/cgi-download" => "",
               "/cgi-bin/cgi-exec" => "",
               "/cgi-bin/cgi-upload" => "",
              )
$HTTP["url"] =~ "^/cgi-bin" {
    cgi.assign += ( "" => "" )
}

(三)WebDAV配置

  1. 编辑 /etc/lighttpd/conf.d/20-auth.conf
##  Authentication Module
server.modules += ( "mod_auth" )
auth.debug = 2
auth.cache = ("max-age" => "180")    # 3分钟内使用缓存的授权
  1. 新建 /etc/lighttpd/conf.d/99-disk.conf
##  WebDAV Module
##  Override the /dav/ folder configured in 30-webdav.conf
server.modules += ( "mod_webdav" )

$HTTP["url"] =~ "^/dav($|/)" {    # 如果注释掉,用于将整个webroot目录共享

  webdav.activate       = "enable"
# webdav.is-readonly    = "enable"    # 只读
  server.document-root  = "/mnt/mmcblk0p4/"    # /dav文件夹是在其中的
  server.dir-listing    = "enable"    # 可以通过浏览器访问
  dir-listing.encoding  = "utf-8"

  auth.backend                 = "plain"    # 明文密码
  auth.backend.plain.userfile  = "/etc/lighttpd/webdav.shadow" # 存密码的文件
  auth.require = (
      ""=>("method"=>"basic","realm"=>"webdav","require"=>"valid-user")
  )
# auth.require = (
#     "/dav/home/user1/"=>("method"=>"basic","realm"=>"webdav","require"=>"user=user1"),
#     "/dav/home/user2/"=>("method"=>"basic","realm"=>"webdav","require"=>"user=user2"),
#     "/dav/"=>("method"=>"basic","realm"=>"webdav","require"=>"user=admin|user=sync")
# )

  # 为防止上传文件冲突,用sqlite db文件作锁。
  webdav.sqlite-db-name = "/tmp/webdav.db"
  # 放在/tmp里,在内存里,频繁读写减少对硬盘的损耗。
}
  1. 编辑 /etc/lighttpd/webdav.shadow 写入明文用户名密码
admin1:password1
admin2:password2

(四)将openwrt原uhttpd替换为Lighttpd

$ /etc/init.d/uhttpd stop
$ /etc/init.d/uhttpd disable
$ /etc/init.d/lighttpd enable
$ /etc/init.d/lighttpd start

最后修改于 2024-02-24