Lighttpd snap reports all well, but doesn't serve up anything

Kjell · November 19, 2021, 1:02pm

Hey folk,

I’m working on snapping Lighttpd (web server) and I’ve come to a halt.

The snap apps / command is defined as a simple deamon so it should just run without issues once installed. Which it does, without actually serving up the directory defined in the config file.

Snapcraft reports no issues, and the snap installs without issues. If I try to run the deamon via snap start lighttpd it happily reports back started. Yet it does not serve up anything.

If I manually run the binary inside the snap using

/snap/lighttpd/current/usr/bin/lighttpd -m /snap/lighttpd/x1/usr/local/lib/ -f /var/snap/lighttpd/common/config/lighttpd.conf

it serves up the static test site without issues (to localhost:3080). So it seems like there’s no problem with the config file for the server itself, nor the binary.

Anyone have any pointers as to what I’m missing?

Have included a quick info dump and the full YAML for the project below.

Snap logs / services dump

kjell@utviklerpc:~$ sudo snap start lighttpd
Started.

kjell@utviklerpc:~$ sudo snap services
Service               Startup  Current   Notes
conftest.hellod       enabled  inactive  -
lighttpd.lighttpd     enabled  inactive  -
lxd.activate          enabled  inactive  -
lxd.daemon            enabled  active    socket-activated
multipass.multipassd  enabled  active    -

kjell@utviklerpc:~$ sudo snap logs lighttpd
2021-11-19T12:46:18Z systemd[1]: snap.lighttpd.lighttpd.service: Failed with result 'exit-code'.
2021-11-19T12:46:18Z systemd[1]: snap.lighttpd.lighttpd.service: Scheduled restart job, restart counter is at 5.
2021-11-19T12:46:18Z systemd[1]: Stopped Service for snap application lighttpd.lighttpd.
2021-11-19T12:46:18Z systemd[1]: snap.lighttpd.lighttpd.service: Start request repeated too quickly.
2021-11-19T12:46:18Z systemd[1]: snap.lighttpd.lighttpd.service: Failed with result 'exit-code'.
2021-11-19T12:46:18Z systemd[1]: Failed to start Service for snap application lighttpd.lighttpd.
2021-11-19T12:47:28Z systemd[1]: Started Service for snap application lighttpd.lighttpd.
2021-11-19T12:47:28Z systemd[1]: snap.lighttpd.lighttpd.service: Succeeded.
2021-11-19T12:50:55Z systemd[1]: Started Service for snap application lighttpd.lighttpd.
2021-11-19T12:50:55Z systemd[1]: snap.lighttpd.lighttpd.service: Succeeded.

full snapcraft.yaml

name: lighttpd 
base: core20 
version: '1.4.61' 
summary: Lighttpd, the light, fast and secure webserver.
description: |
        <removed for brevity>
grade: devel 
confinement: devmode 

apps:
  lighttpd: 
    command: usr/bin/lighttpd -m $SNAP/usr/local/lib/ -f $SNAP_COMMON/config/lighttpd.conf
    daemon: simple
    plugs: [network, network-bind, removable-media] 

parts:
  lighttpd:
    plugin: autotools
    source: src/lighttpd1.4 # from https://git.lighttpd.net/lighttpd/lighttpd1.4.git
    build-packages:
            - zlib1g
            - zlib1g-dev
            - git
            - gcc
            - autoconf
            - automake
            - libltdl-dev
            - libtool 
            - m4
            - libghc-regex-pcre-dev
            - libpcre3-dev
            - pkg-config
            - openssl
    stage-packages: # additional packages needed to use certain modules. see lighttpd docs.
            - libpcre3-dev
            - pkg-config
            - openssl
            - gamin
    organize: # move binaries to bin from sbin
            'usr/local/sbin/lighttpd': usr/bin/lighttpd 
            'usr/local/sbin/lighttpd-angel': usr/bin/lighttpd-angel
            'lighttpd.conf': config/lighttpd.conf

  lighttpd-config-files: # config files used by lighttpdf
    plugin: dump
    source: src/lighttpd1.4/doc/config/
    stage:
            - lighttpd.conf
            - modules.conf
            - conf.d/* # not working...

   scripts: # wrapper/manager/... scripts -- not currently implemented/in use
     plugin: dump
     source: src/utility_scripts

diddledani · November 19, 2021, 1:13pm

Hi, welcome to the forum,

It looks like you’re installing the config file to $SNAP/config/lighttpd.conf. It also does not appear that you have any scripts to copy the file from that location to $SNAP_COMMON/config/lighttpd.conf. From these two things, I think you want to change your command line:

apps:
  lighttpd: 
    command: usr/bin/lighttpd -m $SNAP/usr/local/lib/ -f $SNAP/config/lighttpd.conf

Though this will mean that the config file cannot be modified by the users of your snap, so you might want it in $SNAP_COMMON. If you want to copy it to $SNAP_COMMON before your daemon launches, you can add a script file named snap/hooks/install that copies the file to the correct location. This hook script will run once, when the snap is first installed. For completeness, there is also another hook called post-refresh that you can use if you need to make modifications to the installed config file when the snap updates - you will still want the install hook if you utilise this because the install hook is for the first installation time while the post-refresh hook fires when an already installed snap is updated by snapd.

Kjell · November 19, 2021, 2:11pm

Hello and thank you for the welcome,

Apologies, forgot to mention, I’ve got an install hook that copies the config script to $SNAP_COMMON. In future it will edit the script to a basic config as well, but for now it does a bit of an ugly hack just to get the basic service up for testing.

Install hook #!/bin/sh -e

# copy config files to snap common dir for editing by user/use by server
mkdir ${SNAP_COMMON}/config
cp ${SNAP}/lighttpd.conf ${SNAP_COMMON}/config/lighttpd.conf
cp /snap/lighttpd/current/modules.conf ${SNAP_COMMON}/config/modules.conf
printf "\nA blank/default copy of this config file can be found in: ${SNAP}/lighttpd.conf\n" >> ${SNAP_COMMON}/config/lighttpd.conf
printf "\nA blank/default copy of this config file can be found in: ${SNAP}/modules.conf\n" >> ${SNAP_COMMON}/config/modules.conf

# create directories used by server
# may need to chmod 740 the dir/files

# ========== DELETE FOLLOWING / FOR SNAPCRAFT TESTING ONLY ========
# create test dir
webdir="${SNAP_COMMON}/www"
if [ ! -d $webdir ]; then
	mkdir $webdir
	chmod 740 $webdir
fi

# create a test page - TBC make a proper one that is actually useful for final snap!
echo "<h1>I LIVE!</h1>" > $webdir/index.html

# TBC / TMP - simple config file for testing. REPLACE! (walk through default file?)
testConf="""# TEMPORARY CONFIG FILE -- FOR TESTING ONLY!
server.document-root = \"$webdir\" 
server.port = 30888888880

index-file.names = ( \"index.html\" )

mimetype.assign = (
  \".html\" => \"text/html\", 
  \".txt\" => \"text/plain\",
  \".jpg\" => \"image/jpeg\",
  \".png\" => \"image/png\"
)

dir-listing.activate = \"enable\"
"""
echo "$testConf" > ${SNAP_COMMON}/config/lighttpd.conf

diddledani · November 19, 2021, 2:15pm

this might be your issue:

server.port = 30888888880

Port numbers must be between 1 and 65535 (inclusive). I think you might have accidentally pasted multiple times or mistyped.

Kjell · November 24, 2021, 9:06am

Apologies for the slow reply, currently only working wed-fri, and don’t have access from home.

Thank you for that, must have gone completely code blind to miss that. Changed config to server.port = 3088, but it still doesn’t work unless I manually run the binary. Had a look with systemctl status snap.lightppd.lighttpd and got the following

● snap.lighttpd.lighttpd.service - Service for snap application lighttpd.lighttpd
     Loaded: loaded (/etc/systemd/system/snap.lighttpd.lighttpd.service; enabled; vendor preset: enabled)
     Active: inactive (dead) since Wed 2021-11-24 10:00:28 CET; 16s ago
    Process: 346654 ExecStart=/usr/bin/snap run lighttpd (code=exited, status=0/SUCCESS)
   Main PID: 346654 (code=exited, status=0/SUCCESS)

nov. 24 10:00:28 utviklerpc systemd[1]: Started Service for snap application lighttpd.lighttpd.
nov. 24 10:00:28 utviklerpc systemd[1]: snap.lighttpd.lighttpd.service: Succeeded.

So based on this, it seems like it started, then stopped?

Normally, if building lighttpd from source, to run lighttpd as a deamon I’d likely have to play around with an initscript for systemd. But based on the youtube tutorials etc I thought this might not be the case for snap deamons. Have I got it wrong?

ogra · November 24, 2021, 1:34pm

lighttpd requires patching to be allowed to run as root (which is the default for snap daemons) … did you apply such a patch ?

something like this should work:

github.com

ogra1/fonto-de-kerno/blob/main/snap/snapcraft.yaml#L96


    - python3-requests
    - python3-six
    - python3-urllib3
lighttpd:
  source: https://github.com/lighttpd/lighttpd1.4.git
  source-tag: lighttpd-1.4.59
  plugin: autotools
  autotools-configure-parameters:
    - --prefix=/usr
  override-build: |
    sed -i 's/I will not set /I have been patched to allow setting /;/I have been patched/{n;s/.*//}' src/server.c
    snapcraftctl build
  build-packages:
    - libbz2-dev
    - libpcre++-dev
    - pkg-config
    - zlib1g-dev

Kjell · November 24, 2021, 1:34pm

ah, did not apply such a patch, no.

Applied it now, and the snap attempts to run the server without issue. Thank you so much.

gstrauss · June 21, 2022, 7:18pm

lighttpd requires patching to be allowed to run as root

Not actually true. lighttpd runs as the user it was started as, unless lighttpd was started as root and you have set server.username or server.groupname. If those are set in lighttpd.conf, then lighttpd will try to setuid/setgrp to those users. lighttpd currently aborts if you set those to root, since why would you setuid/setgrp to root if you are already root?!? (I might change that error in the future.)

If you want to avoid patching lighttpd, then comment out the lines in lighttpd.conf which set server.username = "root" and server.groupname = "root", and lighttpd will happily run as the user and group under which it was started. lighttpd.conf is simpler when you do not try to overspecify things in lighttpd.conf.

ogra · June 21, 2022, 7:36pm

you mean it will not exec setuid/setgrp and happily run with uid 0 when started as root ? i have not observed that behaviour, no matter how lighttpd.conf looks like … but then i have not touched lighttpd in quite a while, perhaps it changed …

note that the full line the sed command above is matching for in server.c reads: I will not set uid to 0\n … after which it does call: return -1 … is that code gone in a recent version ?

gstrauss · June 21, 2022, 7:52pm

you mean it will not exec setuid/setgrp and happily run with uid 0 when started as root ?

Yes. Just like any normal unix program, lighttpd runs as the user/group under which the process was started, unless you run lighttpd as root and instruct lighttpd to setuid/setgid to a different user/group (via server.username and server.groupname). To my knowledge this has always been the case.

lighttpd tries to detect if the lighttpd executable has the setuid bit set and will refuse to run, and lighttpd will refuse to setuid or setgid to root (if instructed by server.username and server.groupname), since that might be a configuration error if the intention was to run as a non-privileged user or group.

gstrauss · June 21, 2022, 7:54pm

I am going to change the error message in lighttpd to “I will not set uid to 0. Perhaps you should comment out server.username in lighttpd.conf”

gstrauss · June 21, 2022, 8:11pm

BTW, since lighttpd 1.4.62, please use libpcre2 with lighttpd instead of the end-of-lifed libpcre (--with-pcre2 is now the default). Also, instead of libbz2-dev, I recommend brotli along with zlib for lighttpd mod_deflate. (If available, libdeflate is recommended instead of zlib). To use brotli, need to configure the lighttpd build with --with-brotli. To use libdeflate, you need to configure the lighttpd build --with-libdeflate. Of course, you also need dependencies on the appropriate dev packages.