Chinaunix首页 | 论坛 | 博客
  • 博客访问: 93738
  • 博文数量: 8
  • 博客积分: 303
  • 博客等级: 二等列兵
  • 技术积分: 112
  • 用 户 组: 普通用户
  • 注册时间: 2006-02-22 20:45
文章分类

全部博文(8)

文章存档

2014年(1)

2012年(2)

2011年(3)

2006年(2)

我的朋友

分类: LINUX

2012-02-12 18:59:57

    lighttpd的chroot方式比较安全,可在简单使用的情况下采用server.chroot方式。
    如果lighttpd使用chroot目录,则实机系统下的目录结构、环境变量将不可用。不作处理的话,lighttpd启动时会找不到脚本,提示child exited with status 2。
    提示child exited with status 1则是脚本找到了,但执行过程中出错,比如flup(是web.py的fastcgi实现)未安装导致出错,或脚本本身语法逻辑等出错。或者是脚本第一行的解释器有误,可用env命令模拟环境(#!/usr/bin/env python),或直接写为#!/usr/local/bin/python.
    提示child exited with status 127错误,是py脚本使用了 windows换行符,重存为unix换行符即可。
    lighttpd的fastcgi设置中,fastcgi.server = ( "myweb.py" =>中的myweb.py位置必须是脚本名,否则显示为403 Forbidden错误。
    web.py和flup(用fastcgi就必须装)的安装脚本,和自定义的目录结构:
srcdir="/mnt/sda7/tinycore/lighttpd.web.py"
cd $srcdir;tar xvf flup-1.0.2.tar.gz -C /opt/www/tmp;
cd /opt/www/tmp/flup-1.0.2;sudo python setup.py install;

cd $srcdir;tar xvf web.py-0.36.tar.gz -C /opt/www/tmp;
cd /opt/www/tmp/web.py-0.36;sudo python setup.py install;

#cd $srcdir;tar xvf wsgilog-0.3.tar.bz2 -C /opt/www/tmp;
#cd /opt/www/tmp/wsgilog-0.3;sudo python setup.py install;

webroot="/opt/www/htdocs/";
sudo mkdir -p ${webroot}/static;sudo mkdir -p /opt/www/tmp;
sudo chmod 777 ${webroot} ${webroot}/static /opt/www/tmp ;

cp_cmd="sudo cp -Lprf /usr/local/share/lighttpd/lighttpd.conf.fastcgi /etc/lighttpd.conf"
if [ ! -f /etc/lighttpd.conf ];then $cp_cmd;fi;
if [ ! "`cat /etc/lighttpd.conf|grep -v "#"|grep -i fastcgi.server`" ];then $cp_cmd;fi;
sudo cp -prf $srcdir/*.py ${webroot}/;
chmod 777 ${webroot}/*.py ;

  带fastcgi的lighttpd.conf:
server.modules = ("mod_access","mod_accesslog","mod_compress","mod_fastcgi","mod_rewrite")
#server.chroot = "/opt/www"
server.document-root = "/opt/www/htdocs"
index-file.names  = ( "index.htm", "index.html","default.htm" ,"index.py")
server.upload-dirs = ( "/opt/www/tmp" )
server.port = 80
server.username = "tc"
server.groupname = "staff"
server.tag                 = "lighttpd@tinycore linux."
dir-listing.activate = "enable"
#dir-listing.encoding = "utf-8"
dir-listing.encoding = "gb18030"
dir-listing.show-readme = "enable"
dir-listing.hide-readme-file = "enable"
dir-listing.auto-layout = "enable"
compress.cache-dir = "/tmp/"
compress.filetype = ("text/plain", "text/html","text/javascript","text/css")
url.access-deny             = ( "~", ".inc" )
mimetype.assign = (".html" => "text/html", ".txt" => "text/plain",".jpg" => "image/jpeg")
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ,".cgi",".py",".sh" )
#accesslog.filename = "| /usr/local/lighttpd/bin/rotatelogs /usr/local/lighttpd/logs/access_%Y%m%d.log 86400"
accesslog.filename = "/opt/www//log/lighttpd_access.log"
#ssl.engine                 = "enable"
#ssl.pemfile                = "/opt/www/log/server.pem"
#server.stat-cache-engine = "fam"

fastcgi.server = ( "myweb.py" =>
 (( "socket" => "/opt/www/tmp/fastcgi.socket",
    "bin-path" => "/opt/www/htdocs/myweb.py",
    "max-procs" => 1,
    "bin-environment" => ( "REAL_SCRIPT_NAME" => "" ),
    "check-local" => "disable"
 ))
)

url.rewrite-once = (
    "^/favicon.ico$" => "/static/favicon.ico",
    "^/upload$" => "/myweb.py",
    "^/(.*)$" => "/static/$1"
)


阅读(3737) | 评论(1) | 转发(1) |
给主人留下些什么吧!~~

我是月老2012-02-15 10:26:13

lighttpd的chroot方式比较安全