Lelo
July 30, 2023, 1:45pm
1
Creating a bug report/issue
Required Information
DietPi version | cat /boot/dietpi/.version
G_DIETPI_VERSION_CORE=8
G_DIETPI_VERSION_SUB=20
G_DIETPI_VERSION_RC=1
G_GITBRANCH=‘master’
G_GITOWNER=‘MichaIng’
Distro version | echo $G_DISTRO_NAME $G_RASPBIAN
buster 1
Kernel version | uname -a
Linux DietPi-RasPi3 5.10.103-v7+ #1529 SMP Tue Mar 8 12:21:37 GMT 2022 armv7l GNU/Linux
Architecture | dpkg --print-architecture
armhf
SBC model | echo $G_HW_MODEL_NAME
or (EG: RPi3)
RPi 3 Model B (armv7l)
Power supply used | (EG: 5V 1A RAVpower)
NoName
SD card used | (EG: SanDisk ultra)
Bootable USB-SSD
Additional Information (if applicable)
Software title | (EG: Nextcloud)
lighttpd/1.4.53 (ssl)
Nextcloud
Steps to reproduce
I successfully updated from v8.19.1 to v8.20.1 with no errors —> “reboot”
Renewed the SSL-certificate like a dozent times before —> “dietpi-letsencrypt” —> Ended with:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
[ OK ] DietPi-LetsEncrypt | Desired setting in /etc/lighttpd/lighttpd.conf was already set: "mod_setenv",
[FAILED] DietPi-LetsEncrypt | systemctl restart lighttpd
Expected behaviour
Lighttpd should start to make Nextcloud accessable.
Actual behaviour
Extra details
“systemctl status lighttpd.service” reports this:
● lighttpd.service - Lighttpd Daemon
Loaded: loaded (/lib/systemd/system/lighttpd.service; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/lighttpd.service.d
└─dietpi.conf
Active: failed (Result: exit-code) since Sun 2023-07-30 15:10:59 CEST; 20s ago
Jul 30 15:10:59 DietPi-RasPi3 systemd[1]: lighttpd.service: Service RestartSec=100ms expired, scheduling restart.
Jul 30 15:10:59 DietPi-RasPi3 systemd[1]: lighttpd.service: Scheduled restart job, restart counter is at 5.
Jul 30 15:10:59 DietPi-RasPi3 systemd[1]: Stopped Lighttpd Daemon.
Jul 30 15:10:59 DietPi-RasPi3 systemd[1]: lighttpd.service: Start request repeated too quickly.
Jul 30 15:10:59 DietPi-RasPi3 systemd[1]: lighttpd.service: Failed with result 'exit-code'.
Jul 30 15:10:59 DietPi-RasPi3 systemd[1]: Failed to start Lighttpd Daemon.
What do I have to do to make Lighttpd running again to access my Nextcloud again?
Thanx in advance,
Lelo
Lelo:
“raspi-letsencrypt”
I guess it is dietpi-letsencrypt
, right?
Can you share following
/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf
Lelo
July 30, 2023, 3:46pm
3
Yes, “dietpi-letsencrypt” of course - I updated my post.Sorry.
/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf
Error: duplicate array-key: Options. Please get rid of the duplicate entry.
2023-07-30 17:43:23: (configfile.c.1296) source: /etc/lighttpd/conf-enabled/50-dietpi-https.conf line: 18 pos: 17 parser failed somehow near here: (COMMA)
2023-07-30 17:43:23: (configfile.c.1296) source: /etc/lighttpd/lighttpd.conf line: 48 pos: 15 parser failed somehow near here: (EOL)
can you share
cat /etc/lighttpd/lighttpd.conf
1 Like
Lelo
July 30, 2023, 4:34pm
5
cat /etc/lighttpd/lighttpd.conf
server.modules = (
"mod_indexfile",
"mod_setenv",
"mod_access",
"mod_alias",
"mod_redirect",
)
server.document-root = "/var/www"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 80
# strict parsing and normalization of URL for consistency and security
# https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails
# (might need to explicitly set "url-path-2f-decode" = "disable"
# if a specific application is encoding URLs inside url-path)
server.http-parseopts = (
"header-strict" => "disable",# default
"host-strict" => "disable",# default
"host-normalize" => "disable",# default
"url-normalize-unreserved"=> "disable",# recommended highly
"url-normalize-required" => "disable",# recommended
"url-ctrls-reject" => "disable",# recommended
"url-path-2f-decode" => "disable",# recommended highly (unless breaks app)
#"url-path-2f-reject" => "disable",
"url-path-dotseg-remove" => "disable",# recommended highly (unless breaks app)
#"url-path-dotseg-reject" => "disable",
#"url-query-20-plus" => "disable",# consistency in query string
)
index-file.names = ( "index.php", "index.html" )
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )
# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.conf.pl"
include "/etc/lighttpd/conf-enabled/*.conf"
#server.compat-module-load = "disable"
server.modules += (
"mod_compress",
"mod_dirlisting",
"mod_staticfile",
)
Jappe
July 30, 2023, 7:13pm
6
This is because of my PR, we changed some things in /etc/lighttpd/conf-available/50-dietpi-https.conf
, but I made a mistake and now there are two options
lines, which lighttpd does not like.
We can delete the “sessionticket” option, recommendation is to use only the -ServerPreference
, see: https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_SSL#Perfect-Forward-Secrecy-PFS .
Note also, that there are two entries in this file, on for IPv4, around line 16, and one for IPv6 around line 33.
The problem now is, you can change this lines in /etc/lighttpd/conf-available/50-dietpi-https.conf
but when you run dietpi-letsencrypt
the file gets newly generated by the script, so we have to edit the script itself for now.
workaround:
sed -i '/"Options" => "-SessionTicket",/d' /boot/dietpi/dietpi-letsencrypt
sed -i '/"Options" => "-SessionTicket",/d' /etc/lighttpd/conf-available/50-dietpi-https.conf
After that you can re-run dietpi-letsencrypt
.
edit: PR is out , apologies for the inconvenience
4 Likes
Lelo
July 30, 2023, 7:36pm
7
That workaround solved my problem. Thanx to Jappe & Joulinar for their help!
2 Likes