[FEATURE REQUEST] Asuswrt-Merlin Lighttpd Webdav Postconf

[garycnew]

All:

Does anyone know whether it's possible to create a Postconf for Lighttpd (Webdav) in Asuswrt-Merlin 384.19? If so, how should it be named?

I need to force Lighttpd (Webdav) to use a specific listening address instead of the any address for port 443.

EDIT: I am aware that I am able to change the lighttpd (webdav) ports via the AiCloud settings. However, I assume there is good reason for assigning the original listening ports and would prefer to leave them for interpretability purposes. I would simply like to confine the lighttpd (webdav) process to a single address (opposed to the any address) for the best of both worlds.

Much Appreciated!

Gary

 

[garycnew]

It appears that /jffs/scripts/lighttpd.postconf is not one of the "available" postconf scripts, so I created my own. I'd like to submit a feature request to include it in the next firmware build or some process to run AiCloud on a specified address opposed to the any address.

# cat /jffs/scripts/lighttpd.postconf
#!/bin/sh

# Force Lighttpd (Webdav) to Reload Modified Config
/usr/bin/killall lighttpd; sed -i 's/":443"/"192.168.0.1:443"/g' /tmp/lighttpd.conf && /usr/sbin/lighttpd -f /tmp/lighttpd.conf -D &
logger "Running /jffs/scripts/lighttpd.postconf"

As a workaround, I did notice that /jffs/scripts/nat-start being run during the service restart_webdav, so I took advantage of this hook and injected the following one-liner as a temporary workaround.

# cat /jffs/scripts/nat-start
#!/bin/sh

# Force Lighttpd (Webdav) to Reload Modified Config
. /jffs/scripts/lighttpd.postconf

The results are Lighttpd listening on the specified address of 192.168.0.1, which is its intended AiCloud address, and allows other Web Services to run within the same address space.

# netstat -anp|grep :443
tcp        0      0 192.168.0.3:443         0.0.0.0:*               LISTEN      14271/nginx: master
tcp        0      0 192.168.0.2:443         0.0.0.0:*               LISTEN      14271/nginx: master
tcp        0      0 192.168.0.1:443         0.0.0.0:*               LISTEN      12795/lighttpd

Hope this helps someone else in the future.

Respectfully,


Gary

 

[SomeWhereOverTheRainBow]

It appears that /jffs/scripts/lighttpd.postconf is not one of the "available" postconf scripts. I'd like to submit a feature request to include it in the next firmware build or some process to run AiCloud on a specified address opposed to the any address.

As a workaround, I did notice that /jffs/scripts/nat-start being run during the service restart_webdav, so I took advantage of this hook and injected the following one-liner as a temporary workaround.

# cat /jffs/scripts/nat-start

# Force Lighttpd (Webdav) to Reload Modified Config
/sbin/service stop_webdav && sleep 5 && sed -i 's/":443"/"192.168.0.1:443"/g' /tmp/lighttpd.conf && /usr/sbin/lighttpd -f /tmp/lighttpd.conf -D &
logger "Running /jffs/scripts/lighttpd.postconf

# netstat -anp|grep :443
tcp        0      0 192.168.0.2:443         0.0.0.0:*               LISTEN      14271/nginx: master
tcp        0      0 192.168.0.1:443         0.0.0.0:*               LISTEN      12795/lighttpd

Hope this helps someone else in the future.

Respectfully,


Gary

Let me know, what do you mean when you say the best of both worlds? Are you only accessing these addresses LAN side? Tell us more about your experiences once you get well acquainted with this configuration.

 

[garycnew]

Let me know, what do you mean when you say the best of both worlds? Are you only accessing these addresses LAN side? Tell us more about your experiences once you get well acquainted with this configuration.

SomeWhereOverTheRainBow,

This Lighttpd (Webdev) configuration allows for AiCloud to be accessed externally over 443, but also permits direct internal 443 access to Nginix at the same time. Best of both Worlds over port 443.

BTW... The Nginx side of the equation is OpenVPN Split-Tunneling specified Websites in DNSMasq through Nginx as a Reverse Proxy. I simply add a desired Website to the DNSMasq config and it gets Reverse Proxied through the OpenVPN Split-Tunnel. It's light-years better than NATing through iptables. The rest of my traffic defaults out my Internet route. Amazing for a Home Router configuration.

Thanks for asking.

Respectfully,


Gary

 

[SomeWhereOverTheRainBow]

SomeWhereOverTheRainBow,

This Lighttpd (Webdev) configuration allows for AiCloud to be accessed externally over 443, but also permits direct internal 443 access to Nginix at the same time. Best of both Worlds over port 443.

BTW... The Nginx side of the equation is OpenVPN Split-Tunneling specified websites in DNSMasq through Nginx as a Reverse Proxy. I simply add a desired website to the DNSMasq config and it gets Reverse Proxied through the OpenVPN Split-Tunnel. It's light-years better than NATing through iptables. The rest of my traffic defaults out my Internet route. Amazing for a Home Router configuration.

Thanks for asking.

Respectfully,


Gary

If you ever feel interested in writing up example guides of sorts, you sound like you might enjoy doing it. I am glad you have something that works for your platform.

 

[garycnew]

If you ever feel interested in writing up example guides of sorts, you sound like you might enjoy doing it. I am glad you have something that works for your platform.

SomeWhereOverTheRainBow,

I authored a post on how to create an OpenVPN Client Split-Tunnel for BitTorrent Traffic and am planning to write a post related to this OpenVPN Client Split-Tunnel for Web Traffic via Nginx, DNSMasq, and IPTables; once, I have everything finalized. I have the basics of this implementation working and am just making a few last tweaks (i.e., file download).

Appreciate your interest.

Respectfully,


Gary

 

[garycnew]

SomeWhereOverTheRainBow,

The following is the final solution developed as part of this post:

[SOLUTION] OpenVPN Client Split Tunnel Reverse Proxy Web Traffic using Nginx, DNSMasq, and IPTables

Perhaps, it will give you a better idea of what I was attempting to achieve. It Works Great!

Hopefully, Merlin will see my Feature Request for a Lighttpd.postconf and include it in a future firmware build.

Thanks, again, for your interest.

Respectfully,


Gary

 

[garycnew]

@RMerlin Would it be possible for you to include a Lighttpd.postconf in future releases of the Asuswrt-Merlin firmware? Thank You!

 

[SomeWhereOverTheRainBow]

@RMerlin I second this proposal.

 

[RMerlin]

No. The included lighttpd should NOT be used for anything else than AiCloud, because it was extensively modded by Asus. If you need lighttpd, you should install a "clean" version from Entware.