self signed sertificate

Joulinar · 6 December 2021 20:13

You can verify the failed configuration as follow

/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf

willis936 · 6 December 2021 20:15

# /usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf
2021-12-06 15:14:18: plugin.c.195) dlopen() failed for: /usr/lib/lighttpd/mod_openssl.so /usr/lib/lighttpd/mod_openssl.so: cannot open shared object file: No such file or directory
2021-12-06 15:14:18: server.c.1238) loading plugins finally failed

It looks like the openssl module for lighttpd is missing.

Edit: upon searching I found this solution that works for me:

# apt install lighttpd-mod-openssl

https://dietpi.com/forum/t/enabling-ssl-for-internal-network/5861/9

Now I get a 400 Bad Request response when going to the /admin webpage in a browser. I’ll poke around the settings more.

Joulinar · 6 December 2021 20:26

Can you open the default site on the web server without any sub folder?

willis936 · 6 December 2021 20:31

Yes. It returns the lighttpd placeholder page. I remember in the past this used to have some landing page.

Here is the contents of /etc/lighttpd/conf-enabled.

10-fastcgi.conf
15-fastcgi-php.conf
50-dietpi-https.conf
98-dietpi-https_redirect.conf
99-dietpi-pihole-block_public_admin.conf
99-dietpi-pihole.conf
99-unconfigured.conf

Also, I can confirm pihole is installing and running.

# pihole status
  [✓] DNS service is listening
     [✓] UDP (IPv4)
     [✓] TCP (IPv4)
     [✓] UDP (IPv6)
     [✓] TCP (IPv6)

  [✓] Pi-hole blocking is enabled

Joulinar · 6 December 2021 21:02

pihole status is displaying the status of your AdBlocker. It has nothing to do with the web gui shown via web server. PiHole core is working even without web server totally fine

can you check following

ls -la /var/www/
cat /etc/lighttpd/lighttpd.conf

willis936 · 6 December 2021 21:24

# ls -la /var/www/
total 132
drwxr-xr-x  3 root root  4096 Nov 30 21:32 .
drwxr-xr-x 12 root root  4096 Nov 30 00:22 ..
lrwxrwxrwx  1 root root    19 Nov 30 21:32 admin -> /var/www/html/admin
-rw-r--r--  1 root root 38294 Nov 30 21:28 apc.php
drwxr-xr-x  4 root root  4096 Nov 30 21:30 html
-rw-r--r--  1 root root  3388 Nov 30 00:24 index.lighttpd.html
-rw-r--r--  1 root root 71038 Nov 30 21:28 opcache.php
-rw-r--r--  1 root root    20 Nov 30 21:28 phpinfo.php
lrwxrwxrwx  1 root root    20 Nov 30 21:32 pihole -> /var/www/html/pihole

# cat /etc/lighttpd/lighttpd.conf
server.modules = (
        "mod_indexfile",
        "mod_setenv",
        "mod_access",
        "mod_alias",
        "mod_redirect",
)

server.document-root = "/var/www"
server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
server.errorlog             = "/var/log/lighttpd/error.log"
server.pid-file             = "/run/lighttpd.pid"
server.username             = "www-data"
server.groupname            = "www-data"
server.port                 = 80

# features
#https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_feature-flagsDetails
server.feature-flags       += ("server.h2proto" => "enable")
server.feature-flags       += ("server.h2c"     => "enable")
server.feature-flags       += ("server.graceful-shutdown-timeout" => 5)
#server.feature-flags       += ("server.graceful-restart-bg" => "enable")

# strict parsing and normalization of URL for consistency and security
# https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails
# (might need to explicitly set "url-path-2f-decode" = "disable"
#  if a specific application is encoding URLs inside url-path)
server.http-parseopts = (
  "header-strict"           => "enable",# default
  "host-strict"             => "enable",# default
  "host-normalize"          => "enable",# default
  "url-normalize-unreserved"=> "enable",# recommended highly
  "url-normalize-required"  => "enable",# recommended
  "url-ctrls-reject"        => "enable",# recommended
  "url-path-2f-decode"      => "enable",# recommended highly (unless breaks app)
 #"url-path-2f-reject"      => "enable",
  "url-path-dotseg-remove"  => "enable",# recommended highly (unless breaks app)
 #"url-path-dotseg-reject"  => "enable",
 #"url-query-20-plus"       => "enable",# consistency in query string
)

index-file.names            = ( "index.php", "index.html" )
url.access-deny             = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.conf.pl"
include "/etc/lighttpd/conf-enabled/*.conf"

#server.compat-module-load   = "disable"
server.modules += (
        "mod_dirlisting",
        "mod_staticfile",
)

Did I bork lighttpd.conf along the way? I’ll try an uninstall/reinstall of pi-hole and LLSP.

Joulinar · 6 December 2021 21:35

did you tried to use a different browser or to clear cache / cookies?

willis936 · 6 December 2021 21:50

I started from scratch and observed the same behavior. It is indeed a cached page. When browsing the page from a private tab I get a page not found error from the browser for both the base page and /admin.

Joulinar · 6 December 2021 22:15

is the web server working in a standard setup, without the modifications on SSL?

willis936 · 7 December 2021 00:05

Yes. When the dietpi-https and dietpi-https_redirect are disabled and external.conf removed the /admin interface works as expected.

Edit: The strangest thing. I undid the changes in order to go back to https and everything now works as expected.

Joulinar · 7 December 2021 14:47

hmm maybe some typo or config issue on one of the files you adjusted?