SSL + Lighty + SCGI Beginner's Help Please

Hi everyone,

I tried looking around google and found not too many clear and elaborate
tutorials for a absolute beginner. I knew I could count on all the
people here. Here is what I want to do. I want to have a SSL
connection for logging in and for transactions. I did not actually
start yet, just trying to get the know how first. I read at places the
things to have are Lighty and SCGI which I have downloaded. The db I
wanted to use was MySQL. Now here is where I need help. How do you
configure lighty and SCGI to work with my app. Also, how do you start
using SSL? Configuring Lighty and/or SCGI to use SSL. Create a
certificate to use during development? Start Lighty and my app. Also
sample code for controllers to handle a login with https.

I do appreciate your help and time on my problem. If there are other
avenues other then lighty & SCGI, please recommend them to me.

On 31/01/2008, at 3:52 PM, Dl Lo wrote:

things to have are Lighty and SCGI which I have downloaded. The db I

are you a beginner in all aspects or just configuring the 3 to work
together.
ie do you have experience with rails,mysql or lighty ???

Dl Lo wrote:

Hi everyone,

I tried looking around google and found not too many clear and elaborate
tutorials for a absolute beginner. I knew I could count on all the
people here. Here is what I want to do. I want to have a SSL
connection for logging in and for transactions. I did not actually
start yet, just trying to get the know how first. I read at places the
things to have are Lighty and SCGI which I have downloaded.

The Lighty-SCGI combination is not really recommended any more (and I
say that as the maintainer for ruby-scgi), but it does work fine.

The db I
wanted to use was MySQL. Now here is where I need help. How do you
configure lighty and SCGI to work with my app.

Assuming you are using the latest scgi gem (0.9.0) you should be
deploying with ruby-style (the successor to scgi_ctrl). Read the README
to both the scgi and ruby-style gems.

Also, how do you start
using SSL? Configuring Lighty and/or SCGI to use SSL.

Read Lighty’s documentation:

Create a
certificate to use during development?

Lighty’s SSL documentation page has an example

Start Lighty and my app.

Read the ruby-style gem’s README for starting Rails. The lighty
documentation probably has an exampe for starting lighty.

Also
sample code for controllers to handle a login with https.

Controller code is no different. The link in your view should specify
https (preferably you should be using https on the page that contains
the login form as well). If you want to only allow logins via SSL,
check out the ssl_requirement plugin.

I do appreciate your help and time on my problem. If there are other
avenues other then lighty & SCGI, please recommend them to me.

Mongrel+(Nginx or Apache 2 mod_proxy_balancer) seems to be the recommend
production deployment setup these days. I’d recommend using ruby-style
for clustering, though there are other options (mongrel_cluster,
seesaw).

Jeremy,

Thanks for the quick reply. I’m still lost on ruby-style gems? What is
that? Could you provide a link please.

d

Dl Lo wrote:

Thanks for the quick reply. I’m still lost on ruby-style gems? What is
that? Could you provide a link please.

http://code.jeremyevans.net/doc/ruby-style/README.txt

Ok everyone,

I tried my best and this is as far as I got. I can see the “Welcome
Rails” screen when I type in 127.0.0.1. But I can’t see any of my
controller/views. Here is my lighttpd-inc.conf file. It is currently
located in “C:\Program Files\LightTPD\conf”

LightTPD Configuration file (INCLUDE)

Use it as a base for LightTPD 1.0.0 and above.

This version is built for WLMP Project - http://wlmp.dtech.hu/

$Id: lighttpd-inc.conf,v 1.7 2004/11/03 22:26:05 weigon Exp $

############ Options you really have to take care of
####################

modules to load

at least mod_access and mod_accesslog should be loaded

all other module should only be loaded if really neccesary

- saves some time

- saves memory

server.modules = (
“mod_access”,
“mod_accesslog”,
“mod_alias”,

“mod_auth”,

“mod_cgi”,

“mod_cml”,

“mod_compress”,

“mod_dirlisting”,

“mod_evasive”,

“mod_evhost”,

“mod_expire”,

“mod_extforward”,

“mod_fastcgi”,

“mod_flv_streaming”,

“mod_indexfile”,

“mod_magnet”,

“mod_mysql_vhost”,

“mod_proxy”,

“mod_redirect”,

“mod_rewrite”,

“mod_rrdtool”,

                           "mod_scgi",

“mod_secdownload”,

“mod_setenv”,

“mod_simple_vhost”,

                            "mod_ssi",

“mod_staticfile”,

                            "mod_status",

“mod_trigger_b4_dl”,

“mod_userdir”,

“mod_usertrack”,

“mod_webdav”

                           )

a static document-root, for virtual-hosting take look at the

server.virtual-* options

server.document-root = “C:\rails\timetracker\public”

#directory for file uploads
server.upload-dirs = ( “TMP/” )

files to check for if …/ is requested

index-file.names = ( “index.php”, “index.pl”, “index.cgi”,
“index.html”, “index.htm”, “default.htm”
)

set the event-handler (read the performance section in the manual)

server.event-handler = “freebsd-kqueue” # needed on OS X

from webpage

server.errorlog =
“C:\rails\timetracker\log\lighttpd-errors.log”
accesslog.filename =
“C:\rails\timetracker\log\lighttpd-access.log”

mimetype mapping

mimetype.assign = (
“.pdf” => “application/pdf”,
“.sig” => “application/pgp-signature”,
“.spl” => “application/futuresplash”,
“.class” => “application/octet-stream”,
“.ps” => “application/postscript”,
“.torrent” => “application/x-bittorrent”,
“.dvi” => “application/x-dvi”,
“.gz” => “application/x-gzip”,
“.pac” => “application/x-ns-proxy-autoconfig”,
“.swf” => “application/x-shockwave-flash”,
“.tar.gz” => “application/x-tgz”,
“.tgz” => “application/x-tgz”,
“.tar” => “application/x-tar”,
“.zip” => “application/zip”,
“.mp3” => “audio/mpeg”,
“.m3u” => “audio/x-mpegurl”,
“.wma” => “audio/x-ms-wma”,
“.wax” => “audio/x-ms-wax”,
“.ogg” => “application/ogg”,
“.wav” => “audio/x-wav”,
“.gif” => “image/gif”,
“.jpg” => “image/jpeg”,
“.jpeg” => “image/jpeg”,
“.png” => “image/png”,
“.xbm” => “image/x-xbitmap”,
“.xpm” => “image/x-xpixmap”,
“.xwd” => “image/x-xwindowdump”,
“.css” => “text/css”,
“.html” => “text/html”,
“.htm” => “text/html”,
“.js” => “text/javascript”,
“.asc” => “text/plain”,
“.c” => “text/plain”,
“.cpp” => “text/plain”,
“.log” => “text/plain”,
“.conf” => “text/plain”,
“.text” => “text/plain”,
“.txt” => “text/plain”,
“.dtd” => “text/xml”,
“.xml” => “text/xml”,
“.mpeg” => “video/mpeg”,
“.mpg” => “video/mpeg”,
“.mov” => “video/quicktime”,
“.qt” => “video/quicktime”,
“.avi” => “video/x-msvideo”,
“.asf” => “video/x-ms-asf”,
“.asx” => “video/x-ms-asf”,
“.wmv” => “video/x-ms-wmv”,
“.bz2” => “application/x-bzip”,
“.tbz” => “application/x-bzip-compressed-tar”,
“.tar.bz2” => “application/x-bzip-compressed-tar”
)

Use the “Content-Type” extended attribute to obtain mime type if

possible
mimetype.use-xattr = “enable”

deny access the file-extensions

~ is for backupfiles from vi, emacs, joe, …

.inc is often used for code includes which should in general not be

part

of the document-root

url.access-deny = ( “~”, “.inc” )

$HTTP[“url”] =~ “.pdf$” {
server.range-requests = “disable”
}

which extensions should not be handle via static-file transfer

.php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi

static-file.exclude-extensions = ( “.php”, “.pl”, “.cgi”, “.fcgi”,
“.scgi” )

######### Options that are good to be but not neccesary to be changed
#######

bind to port (default: 80)

Server.port = 81

bind to localhost (default: all interfaces)

Server.bind = “mydomain.org

error-handler for status 404

server.error-handler-404 = “/dispatch.scgi”
Server.error-handler-404 = “/error-handler.html”
Server.error-handler-404 = “/error-handler.php”

virtual hosts

If you want name-based virtual hosting add the next three settings

and load

mod_simple_vhost

document-root =

virtual-server-root + virtual-server-default-host +

virtual-server-docroot

or

virtual-server-root + http-host + virtual-server-docroot

#simple-vhost.server-root = “HTDOCS/”
#simple-vhost.default-host = “vhost.mydomain.org
#simple-vhost.document-root = “/vhost/”

alias

#alias.url = ( “/logs” => “logs” )

Format: .html

→ …/status-404.html for ‘File not found’

Server.errorfile-prefix = “errors/status-”

virtual directory listings

dir-listing.activate = “enable”
#dir-listing.encoding = “iso-8859-2”
#dir-listing.external-css = “style/oldstyle.css”

enable debugging

#debug.log-request-header = “enable”
#debug.log-response-header = “enable”
#debug.log-request-handling = “enable”
#debug.log-file-not-found = “enable”

only root can use these options

chroot() to directory (default: no chroot() )

Server.chroot = “/”

change uid to (default: don’t care)

Server.username = “wwwrun”

change uid to (default: don’t care)

Server.groupname = “wwwrun”

compress module

#compress.cache-dir = “tmp/”
#compress.filetype = (“text/plain”, “text/html”)

proxy module

read proxy.txt for more info

#proxy.server = ( “.php” =>

( “localhost” =>

(

“host” => “192.168.0.101”,

“port” => 80

)

)

)

fastcgi module

read fastcgi.txt for more info

for PHP don’t forget to set cgi.fix_pathinfo = 1 in the php.ini

#fastcgi.server = ( “.php” =>

( “localhost” =>

(

“socket” =>

“TMP/php-fastcgi.socket”,

“bin-path” => “PHP/php-cgi.exe”

)

)

)

CGI module

#cgi.assign = ( “.php” => “PHP/php-cgi.exe”,

“.pl” => “Perl/perl.exe”,

“.cgi” => “Perl/perl.exe” )

scgi.server = ( “dispatch.scgi” => ((
“host” => “127.0.0.1”,
“port” => 9999,
“check-local” => “enable”
)) )
scgi.debug=3
status.status-url = “/server-status”
status.config-url = “/server-config”

SSL engine

#ssl.engine = “enable”
#ssl.pemfile = “server.pem”

status module

status.status-url = “/server-status”
status.config-url = “/server-config”

auth module

read authentication.txt for more info

#auth.backend = “plain”
#auth.backend.plain.userfile = “conf/lighttpd-auth.conf”
#auth.backend.plain.groupfile = “conf/lighttpd-group.conf”

#auth.backend.ldap.hostname = “localhost”
#auth.backend.ldap.base-dn = “dc=my-domain,dc=com”
#auth.backend.ldap.filter = “(uid=$)”

#auth.require = ( “/server-status” =>

(

“method” => “digest”,

“realm” => “Server status”,

“require” => “user=admin”

),

“/server-config” =>

(

“method” => “digest”,

“realm” => “Server config”,

“require” => “user=admin”

)

)

url handling modules (rewrite, redirect, access)

#url.rewrite = ( “^/$” => “/server-status” )
#url.redirect = ( “^/wishlist/(.+)” =>
http://www.123.org/$1” )

both rewrite/redirect support back reference to regex conditional

using %n
#$HTTP[“host”] =~ “^www.(.*)” {

url.redirect = ( “^/(.*)” => “http://%1/$1” )

#}

define a pattern for the host url finding

%% => % sign

%0 => domain name + tld

%1 => tld

%2 => domain name without tld

%3 => subdomain 1 name

%4 => subdomain 2 name

#evhost.path-pattern = “HTDOCS/”

expire module

#expire.url = ( “/buggy/” => “access 2 hours”,
“/asdhas/” => “access plus 1 seconds 2 minutes”)

ssi

#ssi.extension = ( “.shtml” )

rrdtool

#rrdtool.binary = “rrdtool”
#rrdtool.db-name = “lighttpd.rrd”

setenv

#setenv.add-request-header = ( “TRAV_ENV” => “mysql://user@host/db” )
#setenv.add-response-header = ( “X-Secret-Message” => “42” )

for mod_trigger_b4_dl

trigger-before-download.gdbm-filename = “GDBM/testbase/trigger.db”

trigger-before-download.memcache-hosts = ( “127.0.0.1:11211” )

trigger-before-download.trigger-url = “^/trigger/”

trigger-before-download.download-url = “^/download/”

trigger-before-download.deny-url = “http://127.0.0.1/index.html

trigger-before-download.trigger-timeout = 10

for mod_cml

don’t forget to add index.cml to server.indexfiles

cml.extension = “.cml”

cml.memcache-hosts = ( “127.0.0.1:11211” )

variable usage:

variable name without “.” is auto prefixed by “var.” and becomes

“var.bar”
#bar = 1
#var.mystring = “foo”

integer add

#bar += 1

string concat, with integer cast as string, result: “www.foo1.com

Server.name = “www.” + mystring + var.bar + “.com”

array merge

#index-file.names = (foo + “.php”) + index-file.names
#index-file.names += (foo + “.php”)

include

#include “conf/lighttpd-ext.conf”

same as above if you run: “lighttpd -f conf\lighttpd.conf”

#include “lighttpd-ext.conf”

include_shell

#include_shell “echo var.a=1”

the above is same as:

#var.a=1

Here is my SCGI.yaml.

:disable_signals: true
:password: V3l5RX83reOiY
:host: 127.0.0.1
:config: config/scgi.yaml
:port: 9999
:logfile: log/scgi.log
:control_url: druby://127.0.0.1:8999
:env: development

I want to use lighttpd during development because I want to test SSL.
Can anyone help me answer the question why I am not able to see my
views. I am developing in Windows if that matters. Also using the most
current lighttpd and scgi. Thanks for your help.

d