From 716ca530e1c4515d8683c9d5be3d56b301758b66 Mon Sep 17 00:00:00 2001 From: James <> Date: Wed, 4 Nov 2015 11:49:21 +0000 Subject: trunk-47381 --- package/network/services/uhttpd/files/ubus.default | 8 ++ .../network/services/uhttpd/files/uhttpd.config | 122 +++++++++++++++++ package/network/services/uhttpd/files/uhttpd.init | 149 +++++++++++++++++++++ 3 files changed, 279 insertions(+) create mode 100644 package/network/services/uhttpd/files/ubus.default create mode 100644 package/network/services/uhttpd/files/uhttpd.config create mode 100755 package/network/services/uhttpd/files/uhttpd.init (limited to 'package/network/services/uhttpd/files') diff --git a/package/network/services/uhttpd/files/ubus.default b/package/network/services/uhttpd/files/ubus.default new file mode 100644 index 0000000..f0f71e9 --- /dev/null +++ b/package/network/services/uhttpd/files/ubus.default @@ -0,0 +1,8 @@ +#!/bin/sh + +if [ -z "$(uci -q get uhttpd.main.ubus_prefix)" ]; then + uci set uhttpd.main.ubus_prefix=/ubus + uci commit uhttpd +fi + +exit 0 diff --git a/package/network/services/uhttpd/files/uhttpd.config b/package/network/services/uhttpd/files/uhttpd.config new file mode 100644 index 0000000..61f8a49 --- /dev/null +++ b/package/network/services/uhttpd/files/uhttpd.config @@ -0,0 +1,122 @@ +# Server configuration +config uhttpd main + + # HTTP listen addresses, multiple allowed + list listen_http 0.0.0.0:80 + list listen_http [::]:80 + + # HTTPS listen addresses, multiple allowed + list listen_https 0.0.0.0:443 + list listen_https [::]:443 + + # Redirect HTTP requests to HTTPS if possible + option redirect_https 1 + + # Server document root + option home /www + + # Reject requests from RFC1918 IP addresses + # directed to the servers public IP(s). + # This is a DNS rebinding countermeasure. + option rfc1918_filter 1 + + # Maximum number of concurrent requests. + # If this number is exceeded, further requests are + # queued until the number of running requests drops + # below the limit again. + option max_requests 3 + + # Maximum number of concurrent connections. + # If this number is exceeded, further TCP connection + # attempts are queued until the number of active + # connections drops below the limit again. + option max_connections 100 + + # Certificate and private key for HTTPS. + # If no listen_https addresses are given, + # the key options are ignored. + option cert /etc/uhttpd.crt + option key /etc/uhttpd.key + + # CGI url prefix, will be searched in docroot. + # Default is /cgi-bin + option cgi_prefix /cgi-bin + + # List of extension->interpreter mappings. + # Files with an associated interpreter can + # be called outside of the CGI prefix and do + # not need to be executable. +# list interpreter ".php=/usr/bin/php-cgi" +# list interpreter ".cgi=/usr/bin/perl" + + # Lua url prefix and handler script. + # Lua support is disabled if no prefix given. +# option lua_prefix /luci +# option lua_handler /usr/lib/lua/luci/sgi/uhttpd.lua + + # Specify the ubus-rpc prefix and socket path. +# option ubus_prefix /ubus +# option ubus_socket /var/run/ubus.sock + + # CGI/Lua timeout, if the called script does not + # write data within the given amount of seconds, + # the server will terminate the request with + # 504 Gateway Timeout response. + option script_timeout 60 + + # Network timeout, if the current connection is + # blocked for the specified amount of seconds, + # the server will terminate the associated + # request process. + option network_timeout 30 + + # HTTP Keep-Alive, specifies the timeout for persistent + # HTTP/1.1 connections. Setting this to 0 will disable + # persistent HTTP connections. + option http_keepalive 20 + + # TCP Keep-Alive, send periodic keep-alive probes + # over established connections to detect dead peers. + # The value is given in seconds to specify the + # interval between subsequent probes. + # Setting this to 0 will disable TCP keep-alive. + option tcp_keepalive 1 + + # Basic auth realm, defaults to local hostname +# option realm OpenWrt + + # Configuration file in busybox httpd format +# option config /etc/httpd.conf + + # Do not follow symlinks that point outside of the + # home directory. +# option no_symlinks 0 + + # Do not produce directory listings but send 403 + # instead if a client requests an url pointing to + # a directory without any index file. +# option no_dirlists 0 + + # Do not authenticate any ubus-rpc requests against + # the ubus session/access procedure. + # This is dangerous and should be always left off + # except for development and debug purposes! +# option no_ubusauth 0 + + +# Certificate defaults for px5g key generator +config cert px5g + + # Validity time + option days 730 + + # RSA key size + option bits 1024 + + # Location + option country ZZ + option state Somewhere + option location Uknown + + # Common name + option commonname OpenWrt diff --git a/package/network/services/uhttpd/files/uhttpd.init b/package/network/services/uhttpd/files/uhttpd.init new file mode 100755 index 0000000..fcde52a --- /dev/null +++ b/package/network/services/uhttpd/files/uhttpd.init @@ -0,0 +1,149 @@ +#!/bin/sh /etc/rc.common +# Copyright (C) 2010 Jo-Philipp Wich + +START=50 + +USE_PROCD=1 + +UHTTPD_BIN="/usr/sbin/uhttpd" +PX5G_BIN="/usr/sbin/px5g" + +append_arg() { + local cfg="$1" + local var="$2" + local opt="$3" + local def="$4" + local val + + config_get val "$cfg" "$var" + [ -n "$val" -o -n "$def" ] && procd_append_param command "$opt" "${val:-$def}" +} + +append_bool() { + local cfg="$1" + local var="$2" + local opt="$3" + local def="$4" + local val + + config_get_bool val "$cfg" "$var" "$def" + [ "$val" = 1 ] && procd_append_param command "$opt" +} + +generate_keys() { + local cfg="$1" + local key="$2" + local crt="$3" + local days bits country state location commonname + + config_get days "$cfg" days + config_get bits "$cfg" bits + config_get country "$cfg" country + config_get state "$cfg" state + config_get location "$cfg" location + config_get commonname "$cfg" commonname + + [ -x "$PX5G_BIN" ] && { + $PX5G_BIN selfsigned -der \ + -days ${days:-730} -newkey rsa:${bits:-1024} -keyout "${UHTTPD_KEY}.new" -out "${UHTTPD_CERT}.new" \ + -subj /C="${country:-DE}"/ST="${state:-Saxony}"/L="${location:-Leipzig}"/CN="${commonname:-OpenWrt}" + sync + mv "${UHTTPD_KEY}.new" "${UHTTPD_KEY}" + mv "${UHTTPD_CERT}.new" "${UHTTPD_CERT}" + } +} + +start_instance() +{ + UHTTPD_CERT="" + UHTTPD_KEY="" + + local cfg="$1" + local realm="$(uci_get system.@system[0].hostname)" + local listen http https interpreter indexes path handler + + procd_open_instance + procd_set_param respawn + procd_set_param stderr 1 + procd_set_param command "$UHTTPD_BIN" -f + + append_arg "$cfg" home "-h" + append_arg "$cfg" realm "-r" "${realm:-OpenWrt}" + append_arg "$cfg" config "-c" + append_arg "$cfg" cgi_prefix "-x" + [ -f /usr/lib/uhttpd_lua.so ] && { + config_get handler "$cfg" lua_handler + [ -f "$handler" ] && append_arg "$cfg" lua_prefix "-l" && { + procd_append_param command "-L" "$handler" + } + } + [ -f /usr/lib/uhttpd_ubus.so ] && { + append_arg "$cfg" ubus_prefix "-u" + append_arg "$cfg" ubus_socket "-U" + } + append_arg "$cfg" script_timeout "-t" + append_arg "$cfg" network_timeout "-T" + append_arg "$cfg" http_keepalive "-k" + append_arg "$cfg" tcp_keepalive "-A" + append_arg "$cfg" error_page "-E" + append_arg "$cfg" max_requests "-n" 3 + append_arg "$cfg" max_connections "-N" + + append_bool "$cfg" no_ubusauth "-a" 0 + append_bool "$cfg" no_symlinks "-S" 0 + append_bool "$cfg" no_dirlists "-D" 0 + append_bool "$cfg" rfc1918_filter "-R" 0 + + config_get alias_list "$cfg" alias + for alias in $alias_list; do + procd_append_param command -y "$alias" + done + + config_get http "$cfg" listen_http + for listen in $http; do + procd_append_param command -p "$listen" + done + + config_get interpreter "$cfg" interpreter + for path in $interpreter; do + procd_append_param command -i "$path" + done + + config_get indexes "$cfg" index_page + for path in $indexes; do + procd_append_param command -I "$path" + done + + config_get https "$cfg" listen_https + config_get UHTTPD_KEY "$cfg" key /etc/uhttpd.key + config_get UHTTPD_CERT "$cfg" cert /etc/uhttpd.crt + + [ -f /lib/libustream-ssl.so ] && [ -n "$https" ] && { + [ -s "$UHTTPD_CERT" -a -s "$UHTTPD_KEY" ] || { + config_foreach generate_keys cert + } + + [ -f "$UHTTPD_CERT" -a -f "$UHTTPD_KEY" ] && { + append_arg "$cfg" cert "-C" + append_arg "$cfg" key "-K" + + for listen in $https; do + procd_append_param command -s "$listen" + done + } + + append_bool "$cfg" redirect_https "-q" 0 + } + + procd_close_instance +} + +service_triggers() +{ + procd_add_reload_trigger "uhttpd" +} + +start_service() { + config_load uhttpd + config_foreach start_instance uhttpd +} -- cgit v1.2.3