From 0d5d3a1b2209bacbbdb09c069ce81cf2f3dafb28 Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Wed, 14 Dec 2022 22:22:52 -0500 Subject: [PATCH 1/4] lighttpd: remove obsolete exclusion of letsencrypt.conf Signed-off-by: Glenn Strauss --- advanced/lighttpd.conf.debian | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/advanced/lighttpd.conf.debian b/advanced/lighttpd.conf.debian index 706b00a8..0bc1ae11 100644 --- a/advanced/lighttpd.conf.debian +++ b/advanced/lighttpd.conf.debian @@ -72,7 +72,4 @@ include "external*.conf" # default listening port for IPv6 falls back to the IPv4 port include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port - -# Prevent Lighttpd from enabling Let's Encrypt SSL for every blocked domain -#include_shell "/usr/share/lighttpd/include-conf-enabled.pl" -include_shell "find /etc/lighttpd/conf-enabled -name '*.conf' -a ! -name 'letsencrypt.conf' -printf 'include \"%p\"\n' 2>/dev/null" +include "/etc/lighttpd/conf-enabled/*.conf" From c6342ed84c6b433019fb3277df662e0c02c22381 Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Mon, 19 Dec 2022 02:52:29 -0500 Subject: [PATCH 2/4] lighttpd: do not overwrite /etc/lighttpd/lighttpd.conf Signed-off-by: Glenn Strauss --- advanced/pihole-admin.conf | 10 +--- automated install/basic-install.sh | 74 +++++++++++++++++------------- automated install/uninstall.sh | 11 +++++ test/test_any_automated_install.py | 2 +- 4 files changed, 57 insertions(+), 40 deletions(-) diff --git a/advanced/pihole-admin.conf b/advanced/pihole-admin.conf index 7d321831..8e3508da 100644 --- a/advanced/pihole-admin.conf +++ b/advanced/pihole-admin.conf @@ -65,11 +65,5 @@ $HTTP["host"] == "pi.hole" { } } -# (safe to enable after pihole ceases to support Debian 10 (Buster)) -# (For lighttpd 1.4.56+ which ignores duplicated server.modules entries) -#server.modules += ( -# "mod_access", -# "mod_redirect", -# "mod_fastcgi", -# "mod_setenv", -#) +# (keep this on one line for basic-install.sh filtering during install) +server.modules += ( "mod_access", "mod_redirect", "mod_fastcgi", "mod_setenv" ) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 39d7ced4..a65bbdc7 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1401,42 +1401,63 @@ installConfigs() { # If the user chose to install the dashboard, if [[ "${INSTALL_WEB_SERVER}" == true ]]; then - # and if the Web server conf directory does not exist, - if [[ ! -d "/etc/lighttpd" ]]; then - # make it and set the owners - install -d -m 755 -o "${USER}" -g root /etc/lighttpd - # Otherwise, if the config file already exists - elif [[ -f "${lighttpdConfig}" ]]; then - # back up the original - mv "${lighttpdConfig}"{,.orig} - fi - # and copy in the config file Pi-hole needs - install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/advanced/${LIGHTTPD_CFG} "${lighttpdConfig}" - # If there is a custom block page in the html/pihole directory, replace 404 handler in lighttpd config - if [[ -f "${PI_HOLE_404_DIR}/custom.php" ]]; then - sed -i 's/^\(server\.error-handler-404\s*=\s*\).*$/\1"\/pihole\/custom\.php"/' "${lighttpdConfig}" + if grep -q -F "FILE AUTOMATICALLY OVERWRITTEN BY PI-HOLE" "${lighttpdConfig}"; then + # Attempt to preserve backwards compatibility with older versions + install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/advanced/${LIGHTTPD_CFG} "${lighttpdConfig}" + # If there is a custom block page in the html/pihole directory, replace 404 handler in lighttpd config + if [[ -f "${PI_HOLE_404_DIR}/custom.php" ]]; then + sed -i 's/^\(server\.error-handler-404\s*=\s*\).*$/\1"\/pihole\/custom\.php"/' "${lighttpdConfig}" + fi + # Make the directories if they do not exist and set the owners + mkdir -p /run/lighttpd + chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /run/lighttpd + mkdir -p /var/cache/lighttpd/compress + chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/cache/lighttpd/compress + mkdir -p /var/cache/lighttpd/uploads + chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/cache/lighttpd/uploads fi # Copy the config file to include for pihole admin interface if [[ -d "/etc/lighttpd/conf.d" ]]; then install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/advanced/pihole-admin.conf /etc/lighttpd/conf.d/pihole-admin.conf + if grep -q -F 'include "/etc/lighttpd/conf.d/pihole-admin.conf"' "${lighttpdConfig}"; then + : + else + echo 'include "/etc/lighttpd/conf.d/pihole-admin.conf"' >> "${lighttpdConfig}" + fi + # Avoid some warnings trace from lighttpd, which might break tests + conf=/etc/lighttpd/conf.d/pihole-admin.conf + if lighttpd -f "${lighttpdConfig}" -tt 2>&1 | grep -q -F "WARNING: unknown config-key: dir-listing\."; then + echo '# Avoid some warnings trace from lighttpd, which might break tests' >> $conf + echo 'server.modules += ( "mod_dirlisting" )' >> $conf + fi + if lighttpd -f "${lighttpdConfig}" -tt 2>&1 | grep -q -F "warning: please use server.use-ipv6"; then + echo '# Avoid some warnings trace from lighttpd, which might break tests' >> $conf + echo 'server.use-ipv6 := "disable"' >> $conf + fi elif [[ -d "/etc/lighttpd/conf-available" ]]; then conf=/etc/lighttpd/conf-available/15-pihole-admin.conf install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/advanced/pihole-admin.conf $conf + # disable server.modules += ( ... ) in $conf to avoid module dups + # (needed until Debian 10 no longer supported by pi-hole) + # (server.modules duplication is ignored in lighttpd 1.4.56+) + if awk '!/^server\.modules/{print}' $conf > $conf.$$ && mv $conf.$$ $conf; then + : + else + rm $conf.$$ + fi + chmod 644 $conf if is_command lighty-enable-mod ; then - lighty-enable-mod pihole-admin > /dev/null || true + lighty-enable-mod pihole-admin access redirect fastcgi setenv > /dev/null || true + else + # Otherwise, show info about installing them + printf " %b Warning: 'lighty-enable-mod' utility not found\\n" "${INFO}" + printf " Please ensure fastcgi is enabled if you experience issues\\n" fi else # lighttpd config include dir not found printf " %b Warning: lighttpd config include dir not found\\n" "${INFO}" printf " Please manually install pihole-admin.conf\\n" fi - # Make the directories if they do not exist and set the owners - mkdir -p /run/lighttpd - chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /run/lighttpd - mkdir -p /var/cache/lighttpd/compress - chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/cache/lighttpd/compress - mkdir -p /var/cache/lighttpd/uploads - chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/cache/lighttpd/uploads fi } @@ -1913,15 +1934,6 @@ installPihole() { # Give lighttpd access to the pihole group so the web interface can # manage the gravity.db database usermod -a -G pihole ${LIGHTTPD_USER} - # If the lighttpd command is executable, - if is_command lighty-enable-mod ; then - # enable fastcgi and fastcgi-php - lighty-enable-mod fastcgi fastcgi-php > /dev/null || true - else - # Otherwise, show info about installing them - printf " %b Warning: 'lighty-enable-mod' utility not found\\n" "${INFO}" - printf " Please ensure fastcgi is enabled if you experience issues\\n" - fi fi fi # Install base files and web interface diff --git a/automated install/uninstall.sh b/automated install/uninstall.sh index 541c0a76..c36027fc 100755 --- a/automated install/uninstall.sh +++ b/automated install/uninstall.sh @@ -131,6 +131,7 @@ removeNoPurge() { fi if package_check lighttpd > /dev/null; then + # Attempt to preserve backwards compatibility with older versions if [[ -f /etc/lighttpd/lighttpd.conf.orig ]]; then ${SUDO} mv /etc/lighttpd/lighttpd.conf.orig /etc/lighttpd/lighttpd.conf fi @@ -142,6 +143,16 @@ removeNoPurge() { # Fedora-based if [[ -f /etc/lighttpd/conf.d/pihole-admin.conf ]]; then ${SUDO} rm /etc/lighttpd/conf.d/pihole-admin.conf + conf=/etc/lighttpd/lighttpd.conf + tconf=/tmp/lighttpd.conf.$$ + if awk '!/^include "\/etc\/lighttpd\/conf\.d\/pihole-admin\.conf"$/{print}' \ + $conf > $tconf && mv $tconf $conf; then + : + else + rm $tconf + fi + ${SUDO} chown root:root $conf + ${SUDO} chmod 644 $conf fi # Debian-based diff --git a/test/test_any_automated_install.py b/test/test_any_automated_install.py index 0b039593..98a9f8f7 100644 --- a/test/test_any_automated_install.py +++ b/test/test_any_automated_install.py @@ -416,7 +416,7 @@ def test_installPihole_fresh_install_readableBlockpage(host, test_webpage): usergroup="${{LIGHTTPD_USER}}:${{LIGHTTPD_GROUP}}", chmodarg="{{}}", config="/etc/lighttpd/lighttpd.conf", - run="/var/run/lighttpd", + run="/run/lighttpd", cache="/var/cache/lighttpd", uploads="/var/cache/lighttpd/uploads", compress="/var/cache/lighttpd/compress", From 539f9d4da07281cb25683dec9edafe7eb0d89e4c Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Wed, 14 Dec 2022 22:26:17 -0500 Subject: [PATCH 3/4] lighttpd: remove pihole block page error handler remove obsolete pihole block page error handler x-ref: Remove the advanced functionality of the 404 page (Blockpage) https://github.com/pi-hole/pi-hole/pull/3910 Signed-off-by: Glenn Strauss --- advanced/lighttpd.conf.debian | 1 - advanced/lighttpd.conf.fedora | 1 - 2 files changed, 2 deletions(-) diff --git a/advanced/lighttpd.conf.debian b/advanced/lighttpd.conf.debian index 0bc1ae11..06c284fe 100644 --- a/advanced/lighttpd.conf.debian +++ b/advanced/lighttpd.conf.debian @@ -26,7 +26,6 @@ server.modules = ( ) server.document-root = "/var/www/html" -server.error-handler-404 = "/pihole/index.php" server.upload-dirs = ( "/var/cache/lighttpd/uploads" ) server.errorlog = "/var/log/lighttpd/error-pihole.log" server.pid-file = "/run/lighttpd.pid" diff --git a/advanced/lighttpd.conf.fedora b/advanced/lighttpd.conf.fedora index 05dfc7ec..04f3ee01 100644 --- a/advanced/lighttpd.conf.fedora +++ b/advanced/lighttpd.conf.fedora @@ -27,7 +27,6 @@ server.modules = ( ) server.document-root = "/var/www/html" -server.error-handler-404 = "/pihole/index.php" server.upload-dirs = ( "/var/cache/lighttpd/uploads" ) server.errorlog = "/var/log/lighttpd/error-pihole.log" server.pid-file = "/run/lighttpd.pid" From 34f45d011db3ca11ecc4b4de5b2a278d4eb0edba Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Thu, 15 Dec 2022 00:06:37 -0500 Subject: [PATCH 4/4] lighttpd: do not install obsolete 404 handler (/var/www/html/pihole/ dir and contents are still removed in uninstall) (/var/www/html/index.lighttpd.orig is still removed in uninstall) Signed-off-by: Glenn Strauss --- advanced/index.php | 81 ------------------------------ automated install/basic-install.sh | 29 ----------- test/test_any_automated_install.py | 22 -------- 3 files changed, 132 deletions(-) delete mode 100644 advanced/index.php diff --git a/advanced/index.php b/advanced/index.php deleted file mode 100644 index f3f2ce1c..00000000 --- a/advanced/index.php +++ /dev/null @@ -1,81 +0,0 @@ - "true") is configured in lighttpd, - // append $serverName to $authorizedHosts - array_push($authorizedHosts, $serverName); -} else if (!empty($_SERVER["VIRTUAL_HOST"])) { - // Append virtual hostname to $authorizedHosts - array_push($authorizedHosts, $_SERVER["VIRTUAL_HOST"]); -} - -// Determine block page type -if ($serverName === "pi.hole" - || (!empty($_SERVER["VIRTUAL_HOST"]) && $serverName === $_SERVER["VIRTUAL_HOST"])) { - // Redirect to Web Interface - header("Location: /admin"); - exit(); -} elseif (filter_var($serverName, FILTER_VALIDATE_IP) || in_array($serverName, $authorizedHosts)) { - // When directly browsing via IP or authorized hostname - // Render splash/landing page based off presence of $landPage file - // Unset variables so as to not be included in $landPage or $splashPage - unset($authorizedHosts); - // If $landPage file is present - if (is_file(getcwd()."/$landPage")) { - unset($serverName, $viewPort); // unset extra variables not to be included in $landpage - include $landPage; - exit(); - } - // If $landPage file was not present, Set Splash Page output - $splashPage = << - - - - - ● $serverName - - - - -
- Pi-hole logo -
-

Pi-hole: Your black hole for Internet advertisements

- Did you mean to go to the admin panel? -
- - -EOT; - exit($splashPage); -} - -header("HTTP/1.1 404 Not Found"); -exit(); -?> diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index a65bbdc7..e29afad9 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -82,7 +82,6 @@ PI_HOLE_FILES=(chronometer list piholeDebug piholeLogFlush setupLCD update versi PI_HOLE_INSTALL_DIR="/opt/pihole" PI_HOLE_CONFIG_DIR="/etc/pihole" PI_HOLE_BIN_DIR="/usr/local/bin" -PI_HOLE_404_DIR="${webroot}/pihole" FTL_CONFIG_FILE="${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf" if [ -z "$useUpdateVars" ]; then useUpdateVars=false @@ -1404,10 +1403,6 @@ installConfigs() { if grep -q -F "FILE AUTOMATICALLY OVERWRITTEN BY PI-HOLE" "${lighttpdConfig}"; then # Attempt to preserve backwards compatibility with older versions install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/advanced/${LIGHTTPD_CFG} "${lighttpdConfig}" - # If there is a custom block page in the html/pihole directory, replace 404 handler in lighttpd config - if [[ -f "${PI_HOLE_404_DIR}/custom.php" ]]; then - sed -i 's/^\(server\.error-handler-404\s*=\s*\).*$/\1"\/pihole\/custom\.php"/' "${lighttpdConfig}" - fi # Make the directories if they do not exist and set the owners mkdir -p /run/lighttpd chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /run/lighttpd @@ -1708,30 +1703,6 @@ install_dependent_packages() { # Install the Web interface dashboard installPiholeWeb() { - printf "\\n %b Installing 404 page...\\n" "${INFO}" - - local str="Creating directory for 404 page, and copying files" - printf " %b %s..." "${INFO}" "${str}" - # Install the directory - install -d -m 0755 ${PI_HOLE_404_DIR} - # and the 404 handler - install -D -m 644 ${PI_HOLE_LOCAL_REPO}/advanced/index.php ${PI_HOLE_404_DIR}/ - - printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" - - local str="Backing up index.lighttpd.html" - printf " %b %s..." "${INFO}" "${str}" - # If the default index file exists, - if [[ -f "${webroot}/index.lighttpd.html" ]]; then - # back it up - mv ${webroot}/index.lighttpd.html ${webroot}/index.lighttpd.orig - printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" - else - # Otherwise, don't do anything - printf "%b %b %s\\n" "${OVER}" "${INFO}" "${str}" - printf " No default index.lighttpd.html file found... not backing up\\n" - fi - # Install Sudoers file local str="Installing sudoer file" printf "\\n %b %s..." "${INFO}" "${str}" diff --git a/test/test_any_automated_install.py b/test/test_any_automated_install.py index 98a9f8f7..4dcb1737 100644 --- a/test/test_any_automated_install.py +++ b/test/test_any_automated_install.py @@ -129,20 +129,8 @@ def test_installPiholeWeb_fresh_install_no_errors(host): installPiholeWeb """ ) - expected_stdout = info_box + " Installing 404 page..." - assert expected_stdout in installWeb.stdout - expected_stdout = tick_box + ( - " Creating directory for 404 page, " "and copying files" - ) - assert expected_stdout in installWeb.stdout - expected_stdout = info_box + " Backing up index.lighttpd.html" - assert expected_stdout in installWeb.stdout - expected_stdout = "No default index.lighttpd.html file found... " "not backing up" - assert expected_stdout in installWeb.stdout expected_stdout = tick_box + " Installing sudoer file" assert expected_stdout in installWeb.stdout - web_directory = host.run("ls -r /var/www/html/pihole").stdout - assert "index.php" in web_directory def get_directories_recursive(host, directory): @@ -556,16 +544,6 @@ def test_installPihole_fresh_install_readableBlockpage(host, test_webpage): return bool(m) if installWebInterface is True: - check_pihole = test_cmd.format("r", webroot + "/pihole", webuser) - actual_rc = host.run(check_pihole).rc - assert exit_status_success == actual_rc - check_pihole = test_cmd.format("x", webroot + "/pihole", webuser) - actual_rc = host.run(check_pihole).rc - assert exit_status_success == actual_rc - # check most important files in $webroot for read permission - check_index = test_cmd.format("r", webroot + "/pihole/index.php", webuser) - actual_rc = host.run(check_index).rc - assert exit_status_success == actual_rc if test_webpage is True: # check webpage for unreadable files noPHPfopen = re.compile(