Webinterface not accessable - lighttpd not started

v_a_u · November 19, 2020, 3:07pm

I installed dietpi with pihole on a raspberrypi 1B.

Everything worked fine until I tried to setup a few other things (remote desktop and dns of other services).

Now lighttpd does not start anymore and I don't understand the error messages. Maybe you can help me on that.

Expected Behaviour:

lighttpd is running fine.

Actual Behaviour:

It is not. Trying to start it manually results in an error.

Debug Token:

https://tricorder.pi-hole.net/suro6fqdp4

I was using journalctl -u lighttpd -l which responded:

Nov 19 15:22:52 DietPi systemd[1]: Starting Lighttpd Daemon...
Nov 19 15:22:53 DietPi lighttpd[342]: Duplicate config variable in conditional 0 global: server.error-handler-404
Nov 19 15:22:53 DietPi lighttpd[342]: 2020-11-19 18:02:20: (configfile.c.1296) source: /etc/lighttpd/conf-enabled/99-dietpi-pihole.conf line: 31 pos: 1 parser failed somehow near here: (EOL)
Nov 19 15:22:53 DietPi lighttpd[342]: 2020-11-19 18:02:20: (configfile.c.1296) source: find /etc/lighttpd/conf-enabled -name '*.conf' -a ! -name 'letsencrypt.conf' -printf 'include "%p"\n' 2>/dev/null line: 4 pos: 8 parser failed somehow
 near here: (EOL)
Nov 19 15:22:53 DietPi lighttpd[1105]: 2020-11-19 15:22:52: (configfile.c.1296) source: /etc/lighttpd/lighttpd.conf line: 92 pos: 1 parser failed somehow near here: (EOL)
Nov 19 15:22:53 DietPi systemd[1]: lighttpd.service: Control process exited, code=exited, status=255/EXCEPTION
Nov 19 15:22:53 DietPi systemd[1]: lighttpd.service: Failed with result 'exit-code'.
Nov 19 15:22:53 DietPi systemd[1]: Failed to start Lighttpd Daemon.
Nov 19 15:22:53 DietPi systemd[1]: lighttpd.service: Service RestartSec=100ms expired, scheduling restart.
Nov 19 15:22:53 DietPi systemd[1]: lighttpd.service: Scheduled restart job, restart counter is at 5.
Nov 19 15:22:53 DietPi systemd[1]: Stopped Lighttpd Daemon.
Nov 19 15:22:53 DietPi systemd[1]: lighttpd.service: Start request repeated too quickly.
Nov 19 15:22:53 DietPi systemd[1]: lighttpd.service: Failed with result 'exit-code'.
Nov 19 15:22:53 DietPi systemd[1]: Failed to start Lighttpd Daemon.

EDIT: put in the missing first lines of the journal output.

jfb · November 19, 2020, 3:10pm

MichaIng · November 19, 2020, 6:00pm

First of all, did you install Pi-hole via dietpi-software or via via the official installer (e.g. curl -sSL https://install.pi-hole.net | bash)?

Can you please paste the content of the Lighttpd config file? There seem to be a syntax error:

cat /etc/lighttpd/lighttpd.conf

Please obfuscate any private values, like domain, mail or similar, if added.

v_a_u · November 19, 2020, 6:32pm

I installed it via dietpi configurator on dietpi first boot.

In /etc/lighttpd/ there is also a lighttpd.conf.orig file with the same content. and an empty external.conf
file.

# Pi-hole: A black hole for Internet advertisements
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
# Network-wide ad blocking via your own hardware.
#
# Lighttpd config for Pi-hole
#
# This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license.

###############################################################################
#     FILE AUTOMATICALLY OVERWRITTEN BY PI-HOLE INSTALL/UPDATE PROCEDURE.     #
# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
#                                                                             #
#              CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE:              #
#                         /etc/lighttpd/external.conf                         #
###############################################################################

server.modules = (
    "mod_access",
    "mod_accesslog",
    "mod_auth",
    "mod_expire",
    "mod_compress",
    "mod_redirect",
    "mod_setenv",
    "mod_rewrite"
)

server.document-root        = "/var/www/html"
server.error-handler-404    = "/pihole/index.php"
server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
server.errorlog             = "/var/log/lighttpd/error.log"
server.pid-file             = "/run/lighttpd.pid"
server.username             = "www-data"
server.groupname            = "www-data"
server.port                 = 80
accesslog.filename          = "/var/log/lighttpd/access.log"
accesslog.format            = "%{%s}t|%V|%r|%s|%b"

index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
url.access-deny             = ( "~", ".inc", ".md", ".yml", ".ini" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype  = (
    "application/json",
    "application/vnd.ms-fontobject",
    "application/xml",
    "font/eot",
    "font/opentype",
    "font/otf",
    "font/ttf",
    "image/bmp",
    "image/svg+xml",
    "image/vnd.microsoft.icon",
    "image/x-icon",
    "text/css",
    "text/html",
    "text/javascript",
    "text/plain",
    "text/xml"
)

mimetype.assign = (
    ".ico"   => "image/x-icon",
    ".jpeg"  => "image/jpeg",
    ".jpg"   => "image/jpeg",
    ".png"   => "image/png",
    ".svg"   => "image/svg+xml",
    ".css"   => "text/css; charset=utf-8",
    ".html"  => "text/html; charset=utf-8",
    ".js"    => "text/javascript; charset=utf-8",
    ".json"  => "application/json; charset=utf-8",
    ".map"   => "application/json; charset=utf-8",
    ".txt"   => "text/plain; charset=utf-8",
    ".eot"   => "application/vnd.ms-fontobject",
    ".otf"   => "font/otf",
    ".ttc"   => "font/collection",
    ".ttf"   => "font/ttf",
    ".woff"  => "font/woff",
    ".woff2" => "font/woff2"
)

# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port

# Prevent Lighttpd from enabling Let's Encrypt SSL for every blocked domain
#include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
include_shell "find /etc/lighttpd/conf-enabled -name '*.conf' -a ! -name 'letsencrypt.conf' -printf 'include \"%p\"\n' 2>/dev/null"

# If the URL starts with /admin, it is the Web interface
$HTTP["url"] =~ "^/admin/" {
    # Create a response header for debugging using curl -I
    setenv.add-response-header = (
        "X-Pi-hole" => "The Pi-hole Web interface is working!",
        "X-Frame-Options" => "DENY"
    )

    $HTTP["url"] =~ "\.(eot|otf|tt[cf]|woff2?)$" {
        # Allow Block Page access to local fonts
        setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" )
    }
}

# Block . files from being served, such as .git, .github, .gitignore
$HTTP["url"] =~ "^/admin/\.(.*)" {
    url.access-deny = ("")
}

# Default expire header
expire.url = ( "" => "access plus 0 seconds" )

# Add user chosen options held in external file
# This uses include_shell instead of an include wildcard for compatibility
include_shell "cat external.conf 2>/dev/null"

EDIT: The /etc/lighttpd/conf-enabled/99-dietpi-pihole.conf
EDIT2: also updated the description: I missed two lines of the journal leading me to this file.
It is a bit strange that indent seems to be larger than in the lighttpd.conf while the content is similar to the bottom of lighttpd.conf

# Based on: https://github.com/pi-hole/pi-hole/blob/6b536b7428a1f57ff34ddc444ded6d3a62b00a38/advanced/lighttpd.conf.debian

# Admin panel
$HTTP["url"] =~ "^(/html)?/admin/" {
        # Create response header for Pi-hole debugger
        setenv.add-response-header = (
                "X-Pi-hole" => "The Pi-hole Web interface is working!",
                "X-Frame-Options" => "DENY"
        )

        # Allow admin panel access to local fonts
        $HTTP["url"] =~ "\.(eot|otf|tt[cf]|woff2?)$" {
                setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" )
        }
}

# Block . files from being served, such as .git, .github, .gitignore
$HTTP["url"] =~ "^(/html)?/admin/\." {
        url.access-deny = ("")
}

# Block public access to blocking page
$HTTP["url"] =~ "^(/html)?/pihole/" {
        $HTTP["remoteip"] !~ "^1(27|92\.168|0|72\.(1[6-9]|2[0-9]|3[0-1]))\." {
                url.access-deny = ("")
        }
}

# Enable blocking page via 404 handler
server.error-handler-404 = "/html/pihole/index.php"

v_a_u · November 19, 2020, 7:22pm

Commeting out the last line solved the issue, but i still don't understand why. These files are the defaults after install.

# Enable blocking page via 404 handler
#server.error-handler-404 = "/html/pihole/index.php"

dashboard and blockpage in debug output still show "403 Forbidden":

*** [ DIAGNOSING ]: Dashboard and block page
[✗] Block page X-Header: X-Header does not match or could not be retrieved.
HTTP/1.1 403 Forbidden
Content-Type: text/html
Content-Length: 341
Date: Thu, 19 Nov 2020 19:19:52 GMT
Server: lighttpd/1.4.53

[✗] Web interface X-Header: X-Header does not match or could not be retrieved.
HTTP/1.1 403 Forbidden
Content-Type: text/html
Content-Length: 341
Date: Thu, 19 Nov 2020 19:19:52 GMT
Server: lighttpd/1.4.53

MichaIng · November 19, 2020, 7:29pm

Did you repair+reconfigure Pi-hole (pihole -r) and there chose to install Lighttpd? Your lighttpd.conf is the official Pi-hole Lighttpd config which is not installed (and not asked for) the way we invoke the script (--disable-install-webserver option).

Let me gather the steps to revert to the intended setup.
EDIT:

rm -v /etc/lighttpd/{lighttpd,external}.conf* # removes obsolete configs
cat << '_EOF_' > /etc/lighttpd/lighttpd.conf # restores package default config
server.modules = (
	"mod_indexfile",
	"mod_access",
	"mod_alias",
 	"mod_redirect",
)

server.document-root        = "/var/www/html"
server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
server.errorlog             = "/var/log/lighttpd/error.log"
server.pid-file             = "/var/run/lighttpd.pid"
server.username             = "www-data"
server.groupname            = "www-data"
server.port                 = 80

# strict parsing and normalization of URL for consistency and security
# https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails
# (might need to explicitly set "url-path-2f-decode" = "disable"
#  if a specific application is encoding URLs inside url-path)
server.http-parseopts = (
  "header-strict"           => "enable",# default
  "host-strict"             => "enable",# default
  "host-normalize"          => "enable",# default
  "url-normalize-unreserved"=> "enable",# recommended highly
  "url-normalize-required"  => "enable",# recommended
  "url-ctrls-reject"        => "enable",# recommended
  "url-path-2f-decode"      => "enable",# recommended highly (unless breaks app)
 #"url-path-2f-reject"      => "enable",
  "url-path-dotseg-remove"  => "enable",# recommended highly (unless breaks app)
 #"url-path-dotseg-reject"  => "enable",
 #"url-query-20-plus"       => "enable",# consistency in query string
)

index-file.names            = ( "index.php", "index.html" )
url.access-deny             = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

compress.cache-dir          = "/var/cache/lighttpd/compress/"
compress.filetype           = ( "application/javascript", "text/css", "text/html", "text/plain" )

# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.conf.pl"
include "/etc/lighttpd/conf-enabled/*.conf"

#server.compat-module-load   = "disable"
server.modules += (
	"mod_compress",
	"mod_dirlisting",
	"mod_staticfile",
)
_EOF_
G_CONFIG_INJECT 'server.document-root' 'server.document-root = "/var/www"' /etc/lighttpd/lighttpd.conf # restores DietPi document root
G_CONFIG_INJECT 'INSTALL_WEB_SERVER=' 'INSTALL_WEB_SERVER=false' /etc/pihole/setupVars.conf # disable webserver install for Pi-hole updates/repairs
apt purge php-cgi php7.3-cgi # remove obsolete PHP-CGI as we use PHP-FPM
systemctl restart php7.3-fpm lighttpd

Let's see if I didn't forget something .

v_a_u · November 19, 2020, 8:00pm

Yes.

Ok, I am not at an expert level in shell commands. So how can I enter all this Is the second line of your blockquote a command and the lines after it the output? Or do i need to paste all the text to the command? Are the G_CONFIG_INJECT lines also commands?

MichaIng · November 19, 2020, 9:41pm

You should be able to copy&paste that to your console/SSH client, although sometimes tab characters (contained in the lighttpd.conf) create issues. In that case edit /etc/lighttpd/lighttpd.conf manually and copy/replace with the part from server.modules til above _EOF_ (the "here document").

G_CONFIG_INJECT are commands in DietPi bash shells, yes. They alter or add settings or uncomment commented settings, depending on if/how they are present. I wanted a generic way to "add a setting, if it's missing, else, if it is present, but commented, uncomment and set it, and if it is present and active, alter it, print to console what has been done (and respect a few options that can be given, like masking passwords).", especially for our scripts, so created this.

v_a_u · November 22, 2020, 3:28pm

Everything worked fine, I think.

THANK YOU VERY MUCH!

Edit: In debug output the X-Header still shows errors. I suspect, I can ignore that because of here:

system · December 13, 2020, 3:28pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.