Handle ntp pool in webserver

[tlhackque]

When joining the ntp pool, one can get http(s) requests intended for www.ntppool.org or www.pool.ntp.org (users type urls without the www).

https://www.ntppool.org/join.html recommends that such requests be redirected to https://www.ntppool.org/join.html

The NTP2x0 servers should implement this. The web page shows one possible apache configuration, but as you use lighttpd, you'll want something like (untested):

global {
  server.modules += ("mod_redirect")
}
$HTTP["host"] =~ "^(?:(?:.*\.)?(?:pool\.ntp|ntppool)\.org)$" {
  url.redirect-code = 301
  url.redirect = ( "" => "https://www.ntppool.org${url.path}${qsa}" )
}

This should not prevent access to the NTP2x0's own web pages, but since this exposes the server to the wild, wild internet: an option to make them password-protected and/or restricted to known addresses would be a good thing. You don't want the script kiddies attacking the server either looking for vulnerabilities or simply doing a DOS attack (which could also affect timekeeping).

Note that while it is usually possible to do port forwarding for IPv4, it's generally not possible for IPv6; thus the NTP2x0 servers need to handle the redirections. (IPv6 port mapping/NAT exists, but is discouraged, fragile, often not implemented and/or broken.)

Also, to test this, you can temporarily modify your /etc/hosts (on windows: C:\Windows\System32\drivers\etc\hosts.txt) on your web browser's machine to point pool.ntp.org and ntppool.org to your NTP2x0's IPv4 and IPv6 addresses.

192.0.2.2 pool.ntp.org
192.0.2.2 ntppool.org
192.0.2.2 a.pool.ntp.org
192.0.2.2 a.ntppool.org
2001:0db8::2 pool.ntp.org
2001:0db8::2 ntppool.org
2001:0db8::2 a.pool.ntp.org
2001:0db8::2 b.ntppool.org

Don't forget to remove (or comment out) these lines when done testing.