[FEATURE REQUEST] Asuswrt-Merlin Lighttpd Webdav Postconf

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

garycnew

Occasional Visitor
All:

Does anyone know whether it's possible to create a Postconf for Lighttpd (Webdav) in Asuswrt-Merlin 384.19? If so, how should it be named?

I need to force Lighttpd (Webdav) to use a specific listening address instead of the any address for port 443.

EDIT: I am aware that I am able to change the lighttpd (webdav) ports via the AiCloud settings. However, I assume there is good reason for assigning the original listening ports and would prefer to leave them for interpretability purposes. I would simply like to confine the lighttpd (webdav) process to a single address (opposed to the any address) for the best of both worlds.

Much Appreciated!

Gary
 
Last edited:

garycnew

Occasional Visitor
It appears that /jffs/scripts/lighttpd.postconf is not one of the "available" postconf scripts, so I created my own. I'd like to submit a feature request to include it in the next firmware build or some process to run AiCloud on a specified address opposed to the any address.
Code:
# cat /jffs/scripts/lighttpd.postconf
#!/bin/sh

# Force Lighttpd (Webdav) to Reload Modified Config
/usr/bin/killall lighttpd; sed -i 's/":443"/"192.168.0.1:443"/g' /tmp/lighttpd.conf && /usr/sbin/lighttpd -f /tmp/lighttpd.conf -D &
logger "Running /jffs/scripts/lighttpd.postconf"
As a workaround, I did notice that /jffs/scripts/nat-start being run during the service restart_webdav, so I took advantage of this hook and injected the following one-liner as a temporary workaround.
Code:
# cat /jffs/scripts/nat-start
#!/bin/sh

# Force Lighttpd (Webdav) to Reload Modified Config
. /jffs/scripts/lighttpd.postconf
The results are Lighttpd listening on the specified address of 192.168.0.1, which is its intended AiCloud address, and allows other Web Services to run within the same address space.
Code:
# netstat -anp|grep :443
tcp        0      0 192.168.0.3:443         0.0.0.0:*               LISTEN      14271/nginx: master
tcp        0      0 192.168.0.2:443         0.0.0.0:*               LISTEN      14271/nginx: master
tcp        0      0 192.168.0.1:443         0.0.0.0:*               LISTEN      12795/lighttpd
Hope this helps someone else in the future.

Respectfully,


Gary
 
Last edited:

SomeWhereOverTheRainBow

Very Senior Member
It appears that /jffs/scripts/lighttpd.postconf is not one of the "available" postconf scripts. I'd like to submit a feature request to include it in the next firmware build or some process to run AiCloud on a specified address opposed to the any address.

As a workaround, I did notice that /jffs/scripts/nat-start being run during the service restart_webdav, so I took advantage of this hook and injected the following one-liner as a temporary workaround.

Code:
# cat /jffs/scripts/nat-start

# Force Lighttpd (Webdav) to Reload Modified Config
/sbin/service stop_webdav && sleep 5 && sed -i 's/":443"/"192.168.0.1:443"/g' /tmp/lighttpd.conf && /usr/sbin/lighttpd -f /tmp/lighttpd.conf -D &
logger "Running /jffs/scripts/lighttpd.postconf

# netstat -anp|grep :443
tcp        0      0 192.168.0.2:443         0.0.0.0:*               LISTEN      14271/nginx: master
tcp        0      0 192.168.0.1:443         0.0.0.0:*               LISTEN      12795/lighttpd

Hope this helps someone else in the future.

Respectfully,


Gary
Let me know, what do you mean when you say the best of both worlds? Are you only accessing these addresses LAN side? Tell us more about your experiences once you get well acquainted with this configuration.
 

garycnew

Occasional Visitor
Let me know, what do you mean when you say the best of both worlds? Are you only accessing these addresses LAN side? Tell us more about your experiences once you get well acquainted with this configuration.

SomeWhereOverTheRainBow,

This Lighttpd (Webdev) configuration allows for AiCloud to be accessed externally over 443, but also permits direct internal 443 access to Nginix at the same time. Best of both Worlds over port 443.

BTW... The Nginx side of the equation is OpenVPN Split-Tunneling specified Websites in DNSMasq through Nginx as a Reverse Proxy. I simply add a desired Website to the DNSMasq config and it gets Reverse Proxied through the OpenVPN Split-Tunnel. It's light-years better than NATing through iptables. The rest of my traffic defaults out my Internet route. Amazing for a Home Router configuration.

Thanks for asking.

Respectfully,


Gary
 
Last edited:

SomeWhereOverTheRainBow

Very Senior Member
SomeWhereOverTheRainBow,

This Lighttpd (Webdev) configuration allows for AiCloud to be accessed externally over 443, but also permits direct internal 443 access to Nginix at the same time. Best of both Worlds over port 443.

BTW... The Nginx side of the equation is OpenVPN Split-Tunneling specified websites in DNSMasq through Nginx as a Reverse Proxy. I simply add a desired website to the DNSMasq config and it gets Reverse Proxied through the OpenVPN Split-Tunnel. It's light-years better than NATing through iptables. The rest of my traffic defaults out my Internet route. Amazing for a Home Router configuration.

Thanks for asking.

Respectfully,


Gary
If you ever feel interested in writing up example guides of sorts, you sound like you might enjoy doing it. I am glad you have something that works for your platform.
 

garycnew

Occasional Visitor
If you ever feel interested in writing up example guides of sorts, you sound like you might enjoy doing it. I am glad you have something that works for your platform.

SomeWhereOverTheRainBow,

I authored a post on how to create an OpenVPN Client Split-Tunnel for BitTorrent Traffic and am planning to write a post related to this OpenVPN Client Split-Tunnel for Web Traffic via Nginx, DNSMasq, and IPTables; once, I have everything finalized. I have the basics of this implementation working and am just making a few last tweaks (i.e., file download).

Appreciate your interest.

Respectfully,


Gary
 
Last edited:

garycnew

Occasional Visitor

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top