Joined: 26 Mar 2013 Posts: 1858 Location: Hung Hom, Hong Kong
Posted: Mon Apr 24, 2023 7:11 Post subject: [SOLVED]Lighttpd Web Server WAN Access interface binding bug
After choosing "Enable" for "WAN Access" in Services->Services->Lighttpd Web Server,
option "server.bind" of /tmp/lighttpd.conf did NOT change from "192.168.1.1" to
"0.0.0.0"! As a result, you could not access Lighttpd from outside world when
pointing the browser to "http://my_ddns:80".
I tested this using some free web proxy servers, not just from my own LAN.
My current solution is to disable "WAN Access", then add a port-forwarding
rule from port 80 of all intefaces to port 80 of DD-WRT's LAN IP address.
Also note that you need to move "HTTP Port" away from 80 in order to test
Lighttpd because the port was completely controlled by WEBUI's httpd daemon!
The better solution is to move the port of WEBUI by setting NVRAM
variables "https_lanport" to number other than 80 and commit change.
This really fixed a lot of conflicts between Lighttpd and httpd (WebUI).
I suspected that the firewall or even the kernel deliberately give priority
to process httpd (WEBUI) over process lighttpd. I cannot prove this,
just a hunch. Or maybe the 2 processes were competing for same memory
addresses? I dunno...
Port 443 did work with Lighttpd, as long as you didn't enable WEBUI's
HTTPS access. _________________ Router: Asus RT-N18U (rev. A1)
Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!
Joined: 26 Mar 2013 Posts: 1858 Location: Hung Hom, Hong Kong
Posted: Mon Apr 24, 2023 10:01 Post subject:
ho1Aetoo wrote:
Seems to be swapped.
If you disable "WAN Access" then bindhost 0.0.0.0 is used.
Yesterday, I did see a flash of "0.0.0.0" in /tmp/lighttpd.conf, but I was NOT so sure. Let me test again....
Quote:
Port 80 is not of interest, it is not the default port that is preconfigured.
If WEBUI httpd port stayed at 80, the HTTP port of Lighttpd Web Server would never respond, even if it's moved to ports other than 80. I might have been confused by the firewall though, because if you didn't enable Lighttpd WAN Access, its HTTP port would be closed. _________________ Router: Asus RT-N18U (rev. A1)
Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!
Joined: 26 Mar 2013 Posts: 1858 Location: Hung Hom, Hong Kong
Posted: Mon Apr 24, 2023 10:16 Post subject:
mwchang wrote:
ho1Aetoo wrote:
Seems to be swapped.
If you disable "WAN Access" then bindhost 0.0.0.0 is used.
Yesterday, I did see a flash of "0.0.0.0" in /tmp/lighttpd.conf, but I was NOT so sure. Let me test again....
Oh well, need to cold boot the router to really reflect the change to WAN Access of Lighttpd Web Server! Hitting <Apply> at that page was not enough.
AND yes, when WAN Access was disabled, server.bind of Lighttpd was "0.0.0.0"!
Let me enable it and soft reboot... Hang on...
After soft reboot, when WAN Access was enabled, server.bind of Lighttpd was "192.168.1.1"!!
Hitting <Apply> of Services->Services didn't alter /tmp/lighttpd.conf immediately! Not sure whether Lighttpd was restarted regardless. And don't forget about the firewall.
Maybe I should wait for a quick fix in the next build before re-testing port 80? _________________ Router: Asus RT-N18U (rev. A1)
Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!
Joined: 26 Mar 2013 Posts: 1858 Location: Hung Hom, Hong Kong
Posted: Mon Apr 24, 2023 10:47 Post subject:
ho1Aetoo wrote:
everything works as long as the 2 servers do not use the same port
default:
httpd = port 80
lighthttpd = port 8000+443
or
httpd = port 443
lighthttpd = Port 80+4433
or whatever, common sense should explain it
A Javascript error message would be good!
Or if it's too much work, just ignore/refuse those changes and keep the old values in the user interface, regardless of hitting <Apply>, soft reboot, or cold boot. _________________ Router: Asus RT-N18U (rev. A1)
Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!
Lighttpd's SSL port _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
When lighttpd_wan was "1", bind all interfaces (LAN + WAN) by using "0.0.0.0". When lighttpd_wan was "0", bind only to the LAN interface with lan_ipaddr!
Lighttpd by default bind to all interfaces. There is no need add the "server.bind" clause and set it to "0.0.0.0". But this change will be more complicated than just correcting the value.