aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services/uhttpd/files
Commit message (Collapse)AuthorAgeFilesLines
* uhttpd: Execute uci commit and reload_config onceHauke Mehrtens2021-03-211-4/+6
| | | | | | | | | Instead of doing uci commit and reload_config for each setting do it only once when one of these options was changed. This should make it a little faster when both conditions are taken. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 501221af542b5154fbf8788f8426bc7f5443764a)
* uhttpd: Reload config after uhttpd-mod-ubus was addedHauke Mehrtens2021-03-211-0/+2
| | | | | | | | | | | | | Without this change the config is only committed, but the uhttpd daemon is not reloaded. This reload is needed to apply the config. Without the reload of uhttpd, the ubus server is not available over http and returns a Error 404. This caused problems when installing luci on the snapshots and accessing it without reloading uhttpd. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit d25d281fd6686bda67636f6c1df918145b6cb738)
* uhttpd: don't redirect to HTTPS by defaultPetr Štetiar2020-12-201-1/+1
| | | | | | | | | | | | | | | | | | | So we can ship px5g-wolfssl by default in the release image, but still make the HTTPS for LuCI optional. This small change with addition of `CONFIG_PACKAGE_px5g-wolfssl=y` into the buildbot's seed config for the next release should provide optional HTTPS in the next release. Disabling the current default automatic uhttpd's redirect to HTTPS should make the HTTPS optional. That's it, user would either need to switch to HTTPS by manually switching to https:// protocol in the URL or by issuing the following commands to make the HTTPS automatic redirect permanent: $ uci set uhttpd.main.redirect_https=1 $ uci commit uhttpd $ service uhttpd reload Signed-off-by: Petr Štetiar <ynezz@true.cz>
* uhttpd: use P-256 for certsPaul Spooren2020-11-091-2/+2
| | | | | | | | | | | | The uhttpd package takes care of creating self-signed certificates if px5g is installed. This improves the security of router management as it encrypts the LuCI connection. The EC P-256 curve is faster than RSA which which improves the user experience on embedded devices. EC P-256 is support for as old devices as Android 4.4. Signed-off-by: Paul Spooren <mail@aparcar.org>
* uhttpd: adapt defaults for changes ubus.sock pathDaniel Golle2020-10-222-1/+6
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* uhttpd: add enable instance optionFlorian Eckert2020-01-151-0/+4
| | | | | | | | With this change it is now possible to switch off single instances of the uhttpd config. Until now it was only possible to switch all instances of uhttpd on or off. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* uhttpd: add support to generate EC keysEneas U de Queiroz2019-09-012-1/+13
| | | | | | | | This adds the key_type and ec_curve options to enable the generation of EC keys during initialization, using openssl or the new options added to px5g. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* Revert "uhttpd: disable concurrent requests by default"Jo-Philipp Wich2019-04-231-1/+1
| | | | | | | | | | This reverts commit c6aa9ff38870a30dbe6da17e4edad6039fe10ddf. Further testing has revealed that we will need to allow concurrent requests after all, especially for situations where CGI processes initiate further HTTP requests to the local host. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uhttpd: disable concurrent requests by defaultJo-Philipp Wich2019-01-301-1/+1
| | | | | | | | In order to avoid straining CPU and memory resources on lower end devices, avoid running multiple CGI requests in parallel. Ref: https://forum.openwrt.org/t/high-load-fix-on-openwrt-luci/29006 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uhttpd: support multiple Lua prefixesJo-Philipp Wich2018-08-232-8/+29
| | | | | | | | | | | | | | | | | | | Update to latest git HEAD in order to support configuring multiple concurrent Lua prefixes in a single uhttpd instance: b741dec lua: support multiple Lua prefixes Additionally rework the init script and update the default configuration example to treat the lua_prefix option as key=value uci list, similar to the interpreter extension mapping. Support for the old "option lua_prefix" plus "option lua_handler" notation is still present. Finally drop the sed postinstall hack in uhttpd-mod-lua to avoid mangling files belonging to other packages. Since Lua prefixes have precedence over CGI prefixes, simply register `/cgi-bin/luci` as Lua handler which will only become active if both luci-base and uhttpd-mod-lua is installed. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* merge: uhttpd: update cert generation to match system defaultsZoltan HERPAI2017-12-081-1/+1
| | | | Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* merge: packages: update branding in core packagesZoltan HERPAI2017-12-081-1/+1
| | | | Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* uhttpd: Enable integrated Lua by defaultAnsuel Smith2017-05-161-2/+2
| | | | | | We enabled lua interpreter by default as it doesn't make any problem in the uhttpd config file and we modify the index page to use it. Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
* uhttpd: use sha256 when generating certificates with openssl (FS#512)Felix Fietkau2017-02-171-1/+1
| | | | | | Patch from attachment to FS#512 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* uhttpd: Add Basic Auth configDaniel Dickinson2016-10-312-1/+38
| | | | | | | | | | | | | | | | | We add an 'httpauth' section type that contains the options: prefix: What virtual or real URL is being protected username: The username for the Basic Auth dialogue password: Hashed (crypt()) or plaintext password for the Basic Auth dialogue httpauth section names are given included as list items to the instances to which they are to be applied. Further any existing httpd.conf file (really whatever is configured in the instance, but default of /etc/httpd.conf) is appended to the per-instance httpd.conf Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
* uhttpd: create self-signed certificates with unique subjectsHannu Nyman2016-10-261-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | Add a partially random O= item to the certificate subject in order to make the automatically generated certificates' subjects unique. Firefox has problems when several self-signed certificates with CA:true attribute and identical subjects have been seen (and stored) by the browser. Reference to upstream bugs: https://bugzilla.mozilla.org/show_bug.cgi?id=1147544 https://bugzilla.mozilla.org/show_bug.cgi?id=1056341 https://bugzilla.redhat.com/show_bug.cgi?id=1204670#c34 Certificates created by the OpenSSL one-liner fall into that category. Avoid identical certificate subjects by including a new 'O=' item with CommonName + a random part (8 chars). Example: /CN=LEDE/O=LEDEb986be0b/L=Unknown/ST=Somewhere/C=ZZ That ensures that the browser properly sees the accumulating certificates as separate items and does not spend time trying to form a trust chain from them. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* uhttpd: prefer px5g for certificate creationHannu Nyman2016-10-261-2/+2
| | | | | | | Prefer the old default 'px5g' for certificate creation as Firefox seems to dislike OpenSSL-created certs. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* uhttpd: rename certificate defaults sectionJo-Philipp Wich2016-10-061-2/+2
| | | | | | | Now that the uhttpd init script can generate certificates using openssl as well, update the section name and related comment to be more generic. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uhttpd: support using OpenSSL for certificate generationHannu Nyman2016-10-051-2/+7
| | | | | | | | | | | | | | | | | | Support the usage of the OpenSSL command-line tool for generating the SSL certificate for uhttpd. Traditionally 'px5g' based on PolarSSL (or mbedTLS in LEDE), has been used for the creation. uhttpd init script is enhanced by adding detection of an installed openssl command-line binary (provided by 'openssl-util' package), and if found, the tool is used for certificate generation. Note: After this patch the script prefers to use the OpenSSL tool if both it and px5g are installed. This enables creating a truly OpenSSL-only version of LuCI without dependency to PolarSSL/mbedTLS based px5g. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* uhttpd: use configured distribution name for SSL certificate CNFelix Fietkau2016-05-211-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* branding: add LEDE brandingJohn Crispin2016-03-242-3/+3
| | | | Signed-off-by: John Crispin <blogic@openwrt.org>
* package/uhttpd: generate 2048 bit RSA keyFelix Fietkau2016-01-252-2/+2
| | | | | | | | | | RSA keys should be generated with sufficient length. Using 1024 bits is considered unsafe. In other packages the used key length is 2048 bits. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> SVN-Revision: 48494
* uhttpd: fix typo in default config for px5gFelix Fietkau2016-01-191-1/+1
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48385
* uhttpd: add support for configuration option ubus_corsLuka Perkov2015-11-101-0/+1
| | | | | | Signed-off-by: Luka Perkov <luka@openwrt.org> SVN-Revision: 47448
* uhttpd: update to the latest version, adds support for redirect helper scriptsFelix Fietkau2015-11-081-0/+4
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 47419
* uhttpd: update to latest git revisionJohn Crispin2015-10-191-0/+5
| | | | | | | | adds URL alias support Signed-off-by: John Crispin <blogic@openwrt.org> SVN-Revision: 47206
* uhttpd: fix keep-alive bug (#20607, #20661)Jo-Philipp Wich2015-10-071-5/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | The two commits 5162e3b0ee7bd1d0fd6e75e1ca7993a1834b5291 "allow request handlers to disable chunked reponses" and 618493e378e2239f0d30902e47adfa134e649fdc "file: disable chunked encoding for file responses" broke the chunked transfer encoding handling for proc responses in keep-alive connections that followed a file response with http status 204 or 304. The effect of this bug is that cgi responses following a 204 or 304 one where sent neither in chunked encoding nor with a content-length header, causing browsers to stall until the keep alive timeout was reached. Fix the logic flaw by inverting the chunk prevention flag in the client state and by testing the chunked encoding preconditions every time instead of once upon client (re-)initialization. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 47161
* uhttpd: we don't know where the device is located, so reflect that in the certImre Kaloz2015-08-191-3/+3
| | | | | | Signed-off-by: Imre Kaloz <kaloz@openwrt.org> SVN-Revision: 46688
* uhttpd: add support for enforcing httpsJo-Philipp Wich2015-05-302-0/+5
| | | | | | | | Also set HTTPS environment variable for CGI programs on SSL connections. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 45852
* uhttpd: make generating SSL keys more reliable against interrupted bootsFelix Fietkau2015-03-151-2/+5
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 44772
* uhttpd: relay stderr to syslogJo-Philipp Wich2015-02-261-0/+1
| | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 44548
* uhttpd: fix exit code of mod-ubus postinstall scriptJo-Philipp Wich2015-01-251-0/+2
| | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 44132
* uhttpd: do not configure TLS parameters if libustream-ssl is not presentJo-Philipp Wich2014-08-251-1/+1
| | | | | | | | | | | | A quite frequent problem after sysupgrading from an older, SSL enabled build is that ustream-ssl is not installed so uhttpd fails to come up again due to https listening directives in the preserved configuration. Skip key/cert and ssl listen options when libustream-ssl.so is not present. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 42284
* uhttpd: also bind to IPv6 by defaultSteven Barth2014-06-111-2/+2
| | | | SVN-Revision: 41114
* uhttpd: do not attempt to configure Lua handler if referenced file does not ↵Jo-Philipp Wich2014-04-111-3/+5
| | | | | | | | exist Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 40457
* uhttpd: don't process ubus_* and lua_* options if corresponding plugin is ↵Jo-Philipp Wich2013-12-151-4/+8
| | | | | | not installed (#14618) SVN-Revision: 39057
* uhttpd: return after processing -d switch, only set ubus prefix if not ↵Jo-Philipp Wich2013-11-111-2/+6
| | | | | | already defined SVN-Revision: 38743
* uhttp: add ubus.defaultJohn Crispin2013-11-111-0/+2
| | | | | | Signed-off-by: John Crispin <blogic@openwrt.org> SVN-Revision: 38741
* uhttp: make the service auto respawn if it crashesJohn Crispin2013-11-111-0/+1
| | | | | | Signed-off-by: John Crispin <blogic@openwrt.org> SVN-Revision: 38724
* uhttpd: fix appending https ports to cmdlineFelix Fietkau2013-09-251-1/+1
| | | | | | | | Otherwise it is started only on non-secure ports. Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@neratec.com> SVN-Revision: 38171
* procd: convert various packages to procd style init.d scriptsJohn Crispin2013-09-171-23/+15
| | | | | | Signed-off-by: John Crispin <blogic@openwrt.org> SVN-Revision: 38023
* uhttpd: expose missing options to uciJo-Philipp Wich2013-06-132-0/+35
| | | | SVN-Revision: 36932
* uhttpd: update to latest git head - introduces support for multiple index ↵Jo-Philipp Wich2012-10-151-2/+6
| | | | | | files - fixes build with only the TLS module selected SVN-Revision: 33778
* packages: sort network related packages into package/network/Felix Fietkau2012-10-102-0/+224
SVN-Revision: 33688
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-10 18:59:04 +0000