Bullseye update fine but lighttpd is failing Topic is solved

Having issues with your DietPi installation or found a bug? Post it here.
mcnahum
Posts: 32
Joined: Mon Oct 19, 2020 7:25 pm

Bullseye update fine but lighttpd is failing

Post by mcnahum »

Hi,
I need some help on lighttpd troubleshooting.
after the bullseye update (without issue) I noticed that I cannot access my Pi-hole Webconsole anymore.
Pi-hole is running
diet-service show me that lighttpd failed to start and log is:

Code: Select all

lighttpd.service - Lighttpd Daemon                                                                                 
                                                 │      Loaded: loaded (/lib/systemd/system/lighttpd.service; disabled; vendor preset: enabled)                         
                                                 │      Active: failed (Result: exit-code) since Tue 2021-11-09 12:22:00 CET; 1h 17min ago                              │ 
                                                 │     Process: 9326 ExecStartPre=/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf (code=exited,                   
                                                 │ status=255/EXCEPTION)                                                                                                │ 
                                                 │         CPU: 152ms                                                                                                   │ 
                                                 │                                                                                                                      │ 
                                                 │ Nov 09 12:22:00 DietPi systemd[1]: lighttpd.service: Scheduled restart job, restart counter is at 5.                 
                                                 │ Nov 09 12:22:00 DietPi systemd[1]: Stopped Lighttpd Daemon.                                                          │ 
                                                 │ Nov 09 12:22:00 DietPi systemd[1]: lighttpd.service: Start request repeated too quickly.                             │ 
                                                 │ Nov 09 12:22:00 DietPi systemd[1]: lighttpd.service: Failed with result 'exit-code'.           
I need some clues to move the troubleshooting to the next step

(side note: Pi-hole has been installed manually not with diet-pi software...)
User avatar
Joulinar
Posts: 6441
Joined: Sat Nov 16, 2019 12:49 am

Re: Bullseye update fine but lighttpd is failing

Post by Joulinar »

You would like to check configuration file. Can be done as follow

Code: Select all

/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf 
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
mcnahum
Posts: 32
Joined: Mon Oct 19, 2020 7:25 pm

Re: Bullseye update fine but lighttpd is failing

Post by mcnahum »

I got this ... but when I'm editing "etc/lighttpd/lighttpd.conf" I don't see duplicated information...

Code: Select all

root@DietPi:~# /usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf 
Duplicate config variable in conditional 5 global / $SERVER["socket"] == "[::]:443": ssl.engine
2021-11-09 16:19:03: configfile.c.1970) source: /usr/share/lighttpd/use-ipv6.pl 443 line: 3 pos: 1 parser failed somehow near here: (EOL)
2021-11-09 16:19:03: configfile.c.1970) source: /etc/lighttpd/conf-enabled/10-ssl.conf line: 14 pos: 1 parser failed somehow near here: (EOL)
2021-11-09 16:19:03: configfile.c.1970) source: find /etc/lighttpd/conf-enabled -name '*.conf' -a ! -name 'letsencrypt.conf' -printf 'include "%p"\n' 2>/dev/null line: 6 pos: 8 parser failed somehow near here: (EOL)
2021-11-09 16:19:03: configfile.c.1970) source: /etc/lighttpd/lighttpd.conf line: 75 pos: 1 parser failed somehow near here: (EOL)

:?
User avatar
Joulinar
Posts: 6441
Joined: Sat Nov 16, 2019 12:49 am

Re: Bullseye update fine but lighttpd is failing

Post by Joulinar »

there are more configuration files available inside /etc/lighttpd/conf-enabled/
I guess something got activated that is not needed. Do you use SSL? If not you could remove symbolic link of 10-ssl.conf. This should fix some of the issues.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
mcnahum
Posts: 32
Joined: Mon Oct 19, 2020 7:25 pm

Re: Bullseye update fine but lighttpd is failing

Post by mcnahum »

Yes I'm using certificate

By following this: https://discourse.pi-hole.net/t/webinte ... ed/40593/8 I know have:

Code: Select all

root@DietPi:/mnt/RPiBackup#  /usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf 
Duplicate config variable in conditional 3 global / $SERVER["socket"] == "[::]:443": ssl.engine
2021-11-09 18:47:27: configfile.c.1970) source: /etc/lighttpd/conf-enabled/50-dietpi-https.conf line: 32 pos: 13 parser failed somehow near here: (EOL)
2021-11-09 18:47:27: configfile.c.1970) source: /etc/lighttpd/lighttpd.conf line: 47 pos: 15 parser failed somehow near here: (EOL)

Code: Select all

root@DietPi:/mnt/RPiBackup# ls -l /etc/lighttpd/conf-enabled/
total 0
lrwxrwxrwx 1 root root 33 19 oct  2020 10-fastcgi.conf -> ../conf-available/10-fastcgi.conf
lrwxrwxrwx 1 root root 29  9 nov 12:19 10-ssl.conf -> ../conf-available/10-ssl.conf
lrwxrwxrwx 1 root root 37 19 oct  2020 15-fastcgi-php.conf -> ../conf-available/15-fastcgi-php.conf
lrwxrwxrwx 1 root root 38 16 sep 12:57 50-dietpi-https.conf -> ../conf-available/50-dietpi-https.conf
lrwxrwxrwx 1 root root 47 16 sep 12:57 98-dietpi-https_redirect.conf -> ../conf-available/98-dietpi-https_redirect.conf
lrwxrwxrwx 1 root root 38 19 oct  2020 99-unconfigured.conf -> ../conf-available/99-unconfigured.conf
root@DietPi:/mnt/RPiBackup# cp /etc/lighttpd/conf-enabled/50-dietpi-https.conf ./tst/50-dietpi-https.conf
User avatar
MichaIng
Site Admin
Posts: 3514
Joined: Sat Nov 18, 2017 6:21 pm

Re: Bullseye update fine but lighttpd is failing

Post by MichaIng »

Please show the content of /etc/lighttpd/lighttpd.conf and /etc/lighttpd/conf-available/50-dietpi-https.conf.

Did you install Pi-hole with the official installer or via dietpi-software?
User avatar
Joulinar
Posts: 6441
Joined: Sat Nov 16, 2019 12:49 am

Re: Bullseye update fine but lighttpd is failing

Post by Joulinar »

PiHole installer as stated on first post @MichaIng ;)
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
mcnahum
Posts: 32
Joined: Mon Oct 19, 2020 7:25 pm

Re: Bullseye update fine but lighttpd is failing

Post by mcnahum »

find the 2 files below, I just obfuscated the certificates name

/etc/lighttpd/lighttpd.conf

Code: Select all

server.modules = (
	"mod_indexfile",
	"mod_access",
	"mod_alias",
 	"mod_redirect",
)

server.document-root = "/var/www"
server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
server.errorlog             = "/var/log/lighttpd/error.log"
server.pid-file             = "/var/run/lighttpd.pid"
server.username             = "www-data"
server.groupname            = "www-data"
server.port                 = 80

# strict parsing and normalization of URL for consistency and security
# https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails
# (might need to explicitly set "url-path-2f-decode" = "disable"
#  if a specific application is encoding URLs inside url-path)
server.http-parseopts = (
  "header-strict"           => "enable",# default
  "host-strict"             => "enable",# default
  "host-normalize"          => "enable",# default
  "url-normalize-unreserved"=> "enable",# recommended highly
  "url-normalize-required"  => "enable",# recommended
  "url-ctrls-reject"        => "enable",# recommended
  "url-path-2f-decode"      => "enable",# recommended highly (unless breaks app)
 #"url-path-2f-reject"      => "enable",
  "url-path-dotseg-remove"  => "enable",# recommended highly (unless breaks app)
 #"url-path-dotseg-reject"  => "enable",
 #"url-query-20-plus"       => "enable",# consistency in query string
)

index-file.names            = ( "index.php", "index.html" )
url.access-deny             = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

compress.cache-dir          = "/var/cache/lighttpd/compress/"
compress.filetype           = ( "application/javascript", "text/css", "text/html", "text/plain" )

# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.conf.pl"
include "/etc/lighttpd/conf-enabled/*.conf"

#server.compat-module-load   = "disable"
server.modules += (
	"mod_compress",
	"mod_dirlisting",
	"mod_staticfile",
)
-------------------------------------------------------------------

/etc/lighttpd/conf-available/50-dietpi-https.conf

Code: Select all

# Based on: https://ssl-config.mozilla.org/#server=lighttpd
server.modules += ( "mod_openssl" )
# IPv4
$SERVER["socket"] == ":443" {
	protocol = "https://"
	ssl.engine = "enable"

	# pemfile is cert+privkey, ca-file is the intermediate chain in one file
	ssl.pemfile = "/etc/letsencrypt/live/pi-hole.mydomain.net/combined.pem"
	ssl.ca-file = "/etc/letsencrypt/live/pi-hole.e-mydomain.net/fullchain.pem"

	# For DH/DHE ciphers, dhparam should be >= 2048-bit
	#ssl.dh-file = "/path/to/dhparam.pem"
	# ECDH/ECDHE ciphers curve strength, see "openssl ecparam -list_curves"
	ssl.ec-curve = "secp384r1"

	# Environment flag for HTTPS enabled
	setenv.add-environment = ( "HTTPS" => "on" )

	# Intermediate configuration, tweak to your needs
	ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1.2", "Options" => "-SessionTicket")
	ssl.cipher-list = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
	ssl.honor-cipher-order = "disable"
	ssl.disable-client-renegotiation = "enable"
}
# IPv6
$SERVER["socket"] == "[::]:443" {
	protocol = "https://"
	ssl.engine = "enable"

	# pemfile is cert+privkey, ca-file is the intermediate chain in one file
	ssl.pemfile = "/etc/letsencrypt/live/pi-hole.mydomain.net/combined.pem"
	ssl.ca-file = "/etc/letsencrypt/live/pi-hole.mydomain.net/fullchain.pem"

	# For DH/DHE ciphers, dhparam should be >= 2048-bit
	#ssl.dh-file = "/path/to/dhparam.pem"
	# ECDH/ECDHE ciphers curve strength, see "openssl ecparam -list_curves"
	ssl.ec-curve = "secp384r1"

	# Environment flag for HTTPS enabled
	setenv.add-environment = ( "HTTPS" => "on" )

	# Intermediate configuration, tweak to your needs
	ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1.2", "Options" => "-SessionTicket")
	ssl.cipher-list = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
	ssl.honor-cipher-order = "disable"
	ssl.disable-client-renegotiation = "enable"
}
User avatar
Joulinar
Posts: 6441
Joined: Sat Nov 16, 2019 12:49 am

Re: Bullseye update fine but lighttpd is failing

Post by Joulinar »

pls can you share as well following

Code: Select all

/etc/lighttpd/conf-enabled/10-ssl.conf
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
mcnahum
Posts: 32
Joined: Mon Oct 19, 2020 7:25 pm

Re: Bullseye update fine but lighttpd is failing

Post by mcnahum »

of course:

10-ssl.conf

Code: Select all

server.modules += ( "mod_openssl" )

# ssl.* in global scope gets inherited by
#   $SERVER["socket"] == "..." { ssl.engine = "enable" }
ssl.pemfile = "/etc/lighttpd/server.pem"
ssl.cipher-list = "HIGH"

$SERVER["socket"] == "0.0.0.0:443" {
	ssl.engine  = "enable"
}
include_shell "/usr/share/lighttpd/use-ipv6.pl 443"
Post Reply