I’m working on snapping Lighttpd (web server) and I’ve come to a halt.
The snap apps / command is defined as a simple deamon so it should just run without issues once installed. Which it does, without actually serving up the directory defined in the config file.
Snapcraft reports no issues, and the snap installs without issues. If I try to run the deamon via snap start lighttpd it happily reports back started. Yet it does not serve up anything.
If I manually run the binary inside the snap using
it serves up the static test site without issues (to localhost:3080). So it seems like there’s no problem with the config file for the server itself, nor the binary.
Anyone have any pointers as to what I’m missing?
Have included a quick info dump and the full YAML for the project below.
Snap logs / services dump
kjell@utviklerpc:~$ sudo snap start lighttpd
Started.
kjell@utviklerpc:~$ sudo snap services
Service Startup Current Notes
conftest.hellod enabled inactive -
lighttpd.lighttpd enabled inactive -
lxd.activate enabled inactive -
lxd.daemon enabled active socket-activated
multipass.multipassd enabled active -
kjell@utviklerpc:~$ sudo snap logs lighttpd
2021-11-19T12:46:18Z systemd[1]: snap.lighttpd.lighttpd.service: Failed with result 'exit-code'.
2021-11-19T12:46:18Z systemd[1]: snap.lighttpd.lighttpd.service: Scheduled restart job, restart counter is at 5.
2021-11-19T12:46:18Z systemd[1]: Stopped Service for snap application lighttpd.lighttpd.
2021-11-19T12:46:18Z systemd[1]: snap.lighttpd.lighttpd.service: Start request repeated too quickly.
2021-11-19T12:46:18Z systemd[1]: snap.lighttpd.lighttpd.service: Failed with result 'exit-code'.
2021-11-19T12:46:18Z systemd[1]: Failed to start Service for snap application lighttpd.lighttpd.
2021-11-19T12:47:28Z systemd[1]: Started Service for snap application lighttpd.lighttpd.
2021-11-19T12:47:28Z systemd[1]: snap.lighttpd.lighttpd.service: Succeeded.
2021-11-19T12:50:55Z systemd[1]: Started Service for snap application lighttpd.lighttpd.
2021-11-19T12:50:55Z systemd[1]: snap.lighttpd.lighttpd.service: Succeeded.
full snapcraft.yaml
name: lighttpd
base: core20
version: '1.4.61'
summary: Lighttpd, the light, fast and secure webserver.
description: |
<removed for brevity>
grade: devel
confinement: devmode
apps:
lighttpd:
command: usr/bin/lighttpd -m $SNAP/usr/local/lib/ -f $SNAP_COMMON/config/lighttpd.conf
daemon: simple
plugs: [network, network-bind, removable-media]
parts:
lighttpd:
plugin: autotools
source: src/lighttpd1.4 # from https://git.lighttpd.net/lighttpd/lighttpd1.4.git
build-packages:
- zlib1g
- zlib1g-dev
- git
- gcc
- autoconf
- automake
- libltdl-dev
- libtool
- m4
- libghc-regex-pcre-dev
- libpcre3-dev
- pkg-config
- openssl
stage-packages: # additional packages needed to use certain modules. see lighttpd docs.
- libpcre3-dev
- pkg-config
- openssl
- gamin
organize: # move binaries to bin from sbin
'usr/local/sbin/lighttpd': usr/bin/lighttpd
'usr/local/sbin/lighttpd-angel': usr/bin/lighttpd-angel
'lighttpd.conf': config/lighttpd.conf
lighttpd-config-files: # config files used by lighttpdf
plugin: dump
source: src/lighttpd1.4/doc/config/
stage:
- lighttpd.conf
- modules.conf
- conf.d/* # not working...
scripts: # wrapper/manager/... scripts -- not currently implemented/in use
plugin: dump
source: src/utility_scripts
It looks like you’re installing the config file to $SNAP/config/lighttpd.conf. It also does not appear that you have any scripts to copy the file from that location to $SNAP_COMMON/config/lighttpd.conf. From these two things, I think you want to change your command line:
Though this will mean that the config file cannot be modified by the users of your snap, so you might want it in $SNAP_COMMON. If you want to copy it to $SNAP_COMMON before your daemon launches, you can add a script file named snap/hooks/install that copies the file to the correct location. This hook script will run once, when the snap is first installed. For completeness, there is also another hook called post-refresh that you can use if you need to make modifications to the installed config file when the snap updates - you will still want the install hook if you utilise this because the install hook is for the first installation time while the post-refresh hook fires when an already installed snap is updated by snapd.
Apologies, forgot to mention, I’ve got an install hook that copies the config script to $SNAP_COMMON. In future it will edit the script to a basic config as well, but for now it does a bit of an ugly hack just to get the basic service up for testing.
Install hook
#!/bin/sh -e
# copy config files to snap common dir for editing by user/use by server
mkdir ${SNAP_COMMON}/config
cp ${SNAP}/lighttpd.conf ${SNAP_COMMON}/config/lighttpd.conf
cp /snap/lighttpd/current/modules.conf ${SNAP_COMMON}/config/modules.conf
printf "\nA blank/default copy of this config file can be found in: ${SNAP}/lighttpd.conf\n" >> ${SNAP_COMMON}/config/lighttpd.conf
printf "\nA blank/default copy of this config file can be found in: ${SNAP}/modules.conf\n" >> ${SNAP_COMMON}/config/modules.conf
# create directories used by server
# may need to chmod 740 the dir/files
# ========== DELETE FOLLOWING / FOR SNAPCRAFT TESTING ONLY ========
# create test dir
webdir="${SNAP_COMMON}/www"
if [ ! -d $webdir ]; then
mkdir $webdir
chmod 740 $webdir
fi
# create a test page - TBC make a proper one that is actually useful for final snap!
echo "<h1>I LIVE!</h1>" > $webdir/index.html
# TBC / TMP - simple config file for testing. REPLACE! (walk through default file?)
testConf="""# TEMPORARY CONFIG FILE -- FOR TESTING ONLY!
server.document-root = \"$webdir\"
server.port = 30888888880
index-file.names = ( \"index.html\" )
mimetype.assign = (
\".html\" => \"text/html\",
\".txt\" => \"text/plain\",
\".jpg\" => \"image/jpeg\",
\".png\" => \"image/png\"
)
dir-listing.activate = \"enable\"
"""
echo "$testConf" > ${SNAP_COMMON}/config/lighttpd.conf
Apologies for the slow reply, currently only working wed-fri, and don’t have access from home.
Thank you for that, must have gone completely code blind to miss that. Changed config to server.port = 3088, but it still doesn’t work unless I manually run the binary. Had a look with systemctl status snap.lightppd.lighttpd and got the following
● snap.lighttpd.lighttpd.service - Service for snap application lighttpd.lighttpd
Loaded: loaded (/etc/systemd/system/snap.lighttpd.lighttpd.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Wed 2021-11-24 10:00:28 CET; 16s ago
Process: 346654 ExecStart=/usr/bin/snap run lighttpd (code=exited, status=0/SUCCESS)
Main PID: 346654 (code=exited, status=0/SUCCESS)
nov. 24 10:00:28 utviklerpc systemd[1]: Started Service for snap application lighttpd.lighttpd.
nov. 24 10:00:28 utviklerpc systemd[1]: snap.lighttpd.lighttpd.service: Succeeded.
So based on this, it seems like it started, then stopped?
Normally, if building lighttpd from source, to run lighttpd as a deamon I’d likely have to play around with an initscript for systemd. But based on the youtube tutorials etc I thought this might not be the case for snap deamons. Have I got it wrong?
lighttpd requires patching to be allowed to run as root
Not actually true. lighttpd runs as the user it was started as, unless lighttpd was started as root and you have set server.username or server.groupname. If those are set in lighttpd.conf, then lighttpd will try to setuid/setgrp to those users. lighttpd currently aborts if you set those to root, since why would you setuid/setgrp to root if you are already root?!? (I might change that error in the future.)
If you want to avoid patching lighttpd, then comment out the lines in lighttpd.conf which set server.username = "root" and server.groupname = "root", and lighttpd will happily run as the user and group under which it was started. lighttpd.conf is simpler when you do not try to overspecify things in lighttpd.conf.
you mean it will not exec setuid/setgrp and happily run with uid 0 when started as root ?
i have not observed that behaviour, no matter how lighttpd.conf looks like … but then i have not touched lighttpd in quite a while, perhaps it changed …
note that the full line the sed command above is matching for in server.c reads: I will not set uid to 0\n … after which it does call: return -1 … is that code gone in a recent version ?
you mean it will not exec setuid/setgrp and happily run with uid 0 when started as root ?
Yes. Just like any normal unix program, lighttpd runs as the user/group under which the process was started, unless you run lighttpd as root and instruct lighttpd to setuid/setgid to a different user/group (via server.username and server.groupname). To my knowledge this has always been the case.
lighttpd tries to detect if the lighttpd executable has the setuid bit set and will refuse to run, and lighttpd will refuse to setuid or setgid to root (if instructed by server.username and server.groupname), since that might be a configuration error if the intention was to run as a non-privileged user or group.
BTW, since lighttpd 1.4.62, please use libpcre2 with lighttpd instead of the end-of-lifed libpcre (--with-pcre2 is now the default). Also, instead of libbz2-dev, I recommend brotli along with zlib for lighttpd mod_deflate. (If available, libdeflate is recommended instead of zlib). To use brotli, need to configure the lighttpd build with --with-brotli. To use libdeflate, you need to configure the lighttpd build --with-libdeflate. Of course, you also need dependencies on the appropriate dev packages.
