Not working with lighttpd anymore

[alzhao]

I am using LEDE trunk. Luci works with uhttpd without problem. But when configured using Lighttpd, it doesn't work. It used to work in OpenWrt CC1505.

I can see the login interface, but there is no way to login. It always stays in the login page. If I start using lighttpd then everything works. After I login, I switch back to lighttpd and I can using Luci without problem. so the problem only happens with login. Is this related to token or something?

[gstrauss]

In lighttpd 1.4.42, lighttpd implemented RFC3875 CGI 1.1 specification section 6.2.2 Local Redirect Response http://www.ietf.org/rfc/rfc3875 for https://redmine.lighttpd.net/issues/2108

However, upon successful login, LuCI sends 302 Found redirect with Location: containing a URL path instead of a fully qualified URI. The LuCI login includes a Set-Cookie, but the redirect is handled internally in lighttpd, so the client never receives the cookie (and does not send it back to LuCI, so LuCI subsequently sends back 403 Forbidden).

See lighttpd patch in https://github.com/CZ-NIC/turris-os-packages/pull/20 which will be in lighttpd 1.4.45 (not yet released).

Another solution would be for LuCI to send back a fully qualified URI. lighttpd puts the original request URi in the REQUEST_URI environment variable in CGI environments, which can be used to construct the URI.

[gstrauss]

A possible fix to LuCI is to edit /usr/lib/lua/luci/http.lua:

--- http.lua    2017-01-07 11:12:23.715932000 -0500
+++ http.lua.new    2017-01-07 11:10:51.505932000 -0500
@@ -241,7 +241,8 @@
 function redirect(url)
    if url == "" then url = "/" end
    status(302, "Found")
-   header("Location", url)
+   local scheme = getenv("HTTPS") and "https" or "http"
+   header("Location", scheme .. "://" .. getenv("SERVER_NAME") .. url)
    close()
 end

However, for it to take effect you need to rm -rf /tmp/luci-modulecache/

[alzhao]

Thanks. This works!!

[gstrauss]

@alzhao, I am glad that works for you. However, instead of closing this issue, shouldn't LuCI developers have a chance to evaluate if the change should be applied to LuCI?

[gstrauss]

(https://github.com/openwrt/luci/blob/master/modules/luci-base/luasrc/http.lua)

[laoshaw]

@gstrauss used the 4 patches from 17.01.4 I could not even see the login page at all. However I can show my testing static html and also run testing cgi-bin/my.cgi scripts just fine. the problem is now luci login page never showed up.

cgi.local-redir = "enable" cgi.assign = ( "cgi-bin/luci" => "", ".cgi" => "" )

error message is below, might be caused by no authentication page shown thus the error is about "sysauth"

usr/lib/lua/luci/dispatcher.lua:460: Failed to execute function dispatcher target for entry '/'. The called action terminated with an exception: /usr/lib/lua/luci/template.lua:97: Failed to execute template 'sysauth'. A runtime error occured: /usr/lib/lua/luci/template.lua:97: Failed to execute template 'header'. A runtime error occured: /usr/lib/lua/luci/template.lua:97: Failed to execute template 'themes/bootstrap/header'. A runtime error occured: [string "/usr/lib/lua/luci/view/themes/bootstrap/hea..."]:150: attempt to index local 'boardinfo' (a nil value) stack traceback: [C]: in function 'assert' /usr/lib/lua/luci/dispatcher.lua:460: in function 'dispatch' /usr/lib/lua/luci/dispatcher.lua:141: in function </usr/lib/lua/luci/dispatcher.lua:140>

I also tried disable your four patches, and tried to change http.lua as described above, no luck. Something is badly broken.

[gstrauss]

@laoshaw my patches worked on the systems I tested over a year ago. I suggested changes to opkg, which were incorporated into LEDE, but not into the then-current version of openwrt. I suggested changes to the luci package, but those were not accepted. I am neither an opkg nor a luci developer, and I do not maintain either package in openwrt. Please don't post in such an old ticket and tag the wrong developers. Open a new issue.

[laoshaw]

will open a new ticket, thanks!