lighttpd

1.4.24 - now with TLS SNI and money back guarantee

October 25th, 2009

Update: There is a small regression in mod_magnet, see #1307

We finally added TLS SNI, and many other small improvements. We also fixed pipelining (that should fix problem with lighty as debian mirror) and some mod_fastcgi bugs – this should result in improved handling of overloaded and crashed backends (you know which one :D).

Important changes

  • Connection state handling (pipelining should work now)
  • FastCGI fixes: improved disabled-time handling, fixed bug in active-backends counter.
  • TLS SNI support

Downloads

Changes from 1.4.23

  • Add T_CONFIG_INT for bigger integers from the config (needed for #1966)
  • Use unsigned int (and T_CONFIG_INT) for max_request_size
  • Use unsigned int for secdownload.timeout (fixes #1966)
  • Keep url/host values from connection to display information while keep-alive in mod_status (fixes #1202)
  • Add server.breakagelog, a “special” stderr (fixes #1863)
  • Fix config evaluation for debug.log-timeouts option (#1529)
  • Add “cgi.execute-x-only” to mod_cgi, requires +x for cgi scripts (fixes #2013)
  • Fix FD_SETSIZE comparision warnings
  • Add “lua-5.1” to searched pkg-config names for lua
  • Fix unused function webdav_lockdiscovery in mod_webdav
  • cmake: Fix crypt lib check
  • cmake: Add -export-dynamic to link flags, fixes build on FreeBSD
  • Set FD_CLOEXEC for bound sockets before pipe-logger forks (fixes #2026)
  • Reset ignored signals to SIG_DFL before exec() in fastcgi/scgi (fixes #2029)
  • Show “no uri specified -> 400” error only when “debug.log-request-header-on-error” is enabled (fixes #2030)
  • Fix hanging connection in mod_scgi (fixes #2024)
  • Allow digits in hostnames in more places (fixes #1148)
  • Use connection_reset instead of handle_request_done for cleanup callbacks
  • Change mod_expire to append Cache-Control instead of overwriting it (fixes #1997)
  • Allow all comparisons for $SERVER[“socket”] – only bind for ”==”
  • Remove strptime failed message (fixes #2031)
  • Fix issues found with clang analyzer
  • Try to fix server.tag issue with localized svnversion
  • Fix handling network-write return values (#2024)
  • Use disable-time in fastcgi for all disables after errors, default is 1sec (fixes #2040)
  • Remove adaptive spawning code from fastcgi (was disabled for a long time)
  • Allow mod_mysql_vhost to use stored procedures (fixes #2011, thx Ben Brown)
  • Fix ipv6 in mod_proxy (fixes #2043)
  • Print errors from include_shell to stderr
  • Set tm.tm_isdst = 0 before mktime() (fixes #2047)
  • Use linux-epoll by default if available (fixes #2021, thx Olaf van der Spek)
  • Print an error if you use too many captures in a regex pattern (fixes #2059)
  • Combine Cache-Control header value in mod_expire to existing HTTP header if header already added by other modules (fixes #2068)
  • Remember keep-alive-idle in separate variable (fixes #1988)
  • Fix header inclusion order, always include “config.h” before any system header
  • mod_webdav: Patch to skip login information for domain part of Destination field (fixes #1793)
  • mod_webdav: Delete old properties before updating new for MOVE (fixes #1317)
  • Read hostname from absolute uris in the request line (fixes #1937)
  • mod_fastcgi: don’t disable backend if disable-time is 0 (fixes #1825)
  • mod_compress: match partial+full content-type (fixes #1552)
  • mod_fastcgi: fix is_local detection, respawn backends if bin-path is set (fixes #897)
  • Fix linger-on-close behaviour to avoid rare failure conditions (was r2636, fixes #657)
  • mod_fastcgi: restart local procs immediately after they terminated, fix local procs handling
  • Fix segfault on invalid config “duplicate else conditions” (fixes #2065)
  • mod_usertrack: Use T_CONFIG_INT for max-age, solves range problem (#1455)
  • mod_accesslog: configurable timestamp logging (fixes #1479)
  • always define _GNU_SOURCE
  • Add some iterators for mod_magnet (fixes #1307)
  • Fix close_timeout_ts trigger (should finally fix lingering close)
  • mod_rewrite: add url.rewrite-[repeat-]if-not-file to rewrite if file doesn’t exist or is not a regular file (fixes #985, thx lucas aerbeydt)
  • Add TLS servername indication (SNI) support (fixes #386, thx Peter Colberg )
  • Add SSL Client Certificate verification (#1288)
  • mod_fastcgi: Fix host->active_procs counter, return 503 if connect wasn’t successful after 5 tries (fixes #1825)
  • mod_accesslog: escape special characters (fixes #1551, thx icy)
  • fix mod_webdav crash from #1793 (fixes #2084, thx hiroya)
  • Don’t print ssl error if client didn’t support TLS SNI
  • Fix linger close timeout handling, drop timeout to 5 seconds (fixes #2086)
  • Fix broken return values from int to enum in mod_fastcgi

17 Responses to “1.4.24 - now with TLS SNI and money back guarantee”

  1. heavy_load Says:
    October 26th, 2009 at 05:23 AM Hope this release will be more stable, my script which detects "backend died" in lighttpd.error.log was restarting webserver couple times a day giving our users nice errors for couple minutes each time. Priorities for light? Should be like this: 1. Performance 2. Stability 3. Else crap :P
  2. icy Says:
    October 26th, 2009 at 08:11 AM heavy_load: the error doesn't come out of nothing, your backend should not be crashing! We didn't handle that situation too well in <1.4.24 but the primary issue is still in the backend, not lighty. Judging by reports we get, PHP is especially prone to crashing, check if there are fixes for that if you use it.
  3. Pierre Says:
    October 26th, 2009 at 08:51 AM Since 1.4.24 I'll see a lot of these entries in my log file: (connections.c.1253) CLOSE-read() 13 37 I get this every few seconds. But I couldn't trigger it myself. Could this be due broken clients and this wasn't reported in earlier versions? (btw: I use ssl) I could open a ticket if this sounds like a possible bug.
  4. Jani Says:
    October 26th, 2009 at 12:36 PM Apparently the new feature #1307 (http://redmine.lighttpd.net/issues/show/1307) is not backwards compatible. It broke my old reliable lua script.. :(
  5. heavy_load Says:
    October 26th, 2009 at 12:41 PM yup im using lighty for PHP, version 5.1.3, you saying update, will try. BTW i was getting after running 1.4.24 thousands of entries like this in error.log "2009-10-26 06:44:39: (connections.c.1253) CLOSE-read() 71 756" ... never get those in before versions, is this something to worry about? Right know i recompilled lighty to not show this entry. PS Thanks for release.
  6. icy Says:
    October 26th, 2009 at 06:18 PM That error shows up when the connection is in CON_STATE_CLOSE state but receives data from the client. Not sure if this is just noise or a real issue yet. Please create an issue for it.
  7. stbuehler Says:
    October 26th, 2009 at 07:25 PM I disabled the "CLOSE-read" message now; as we now wait for EOF or timeout before closing the socket it is too easy to trigger and probably meaningless.
    #1307 is fixed now, too.
  8. esse Says:
    October 27th, 2009 at 07:28 AM Is everything working OK?
  9. Peter Says:
    October 27th, 2009 at 10:56 PM Thanks for yet another great release of the best web server out there ;)
  10. where_to_write_this Says:
    October 28th, 2009 at 03:50 PM I dont know where to write this, but xcache.lighttpd.net dont work since 3 days minimum. Error 503 - Service Unavailable Please fix this, i want use xcache. PS Thanks for release
  11. CyberCr33p Says:
    October 29th, 2009 at 11:01 AM Thank you guys. You did great work :-)
  12. tryme Says:
    October 30th, 2009 at 01:55 PM I still have problem with (connections.c.1253) CLOSE-read() 2009-10-30 14:46:49: (connections.c.1253) CLOSE-read() 100 708 2009-10-30 14:46:50: (connections.c.1253) CLOSE-read() 420 570 2009-10-30 14:46:50: (connections.c.1253) CLOSE-read() 146 617 2009-10-30 14:46:53: (connections.c.1253) CLOSE-read() 389 537 2009-10-30 14:46:53: (connections.c.1253) CLOSE-read() 251 710 2009-10-30 14:46:55: (connections.c.1253) CLOSE-read() 175 731 2009-10-30 14:46:55: (connections.c.1253) CLOSE-read() 455 731 2009-10-30 14:46:56: (connections.c.1253) CLOSE-read() 299 731 2009-10-30 14:46:57: (connections.c.1253) CLOSE-read() 266 748 2009-10-30 14:46:58: (connections.c.1253) CLOSE-read() 294 547 2009-10-30 14:46:58: (connections.c.1253) CLOSE-read() 533 694 2009-10-30 14:46:59: (connections.c.1253) CLOSE-read() 347 608 2009-10-30 14:46:59: (connections.c.1253) CLOSE-read() 49 608 2009-10-30 14:47:00: (connections.c.1253) CLOSE-read() 312 598 2009-10-30 14:47:02: (connections.c.1253) CLOSE-read() 308 663 Any help?
  13. InvarBrass Says:
    October 30th, 2009 at 07:06 PM Thanks for the latest version! I'd been worried that development on lighty had come to a standstill...
  14. Pierre Says:
    November 2nd, 2009 at 08:57 AM Is it correct that ssl client certificates aren't that usable because the env vars like email addresses aren't exported? Or is it just me but using the folowing config make firefox to ask to send the client cert but nothing can be found in PHP's $_SERVER var: $SERVER["socket"] == ":443" { ssl.engine = "enable" ssl.pemfile = "/etc/ssl/private/cert.pem" ssl.ca-file = "/etc/ssl/certs/cacert.org.pem" ssl.use-sslv2 = "disable" ssl.verifyclient.activate = "enable" ssl.verifyclient.enforce = "disable" ssl.verifyclient.depth = 2 }
  15. stbuehler Says:
    November 3rd, 2009 at 02:10 PM xcache.lighttpd.net is up again (trac was down).
    @tryme: i fixed it in svn. not in the release tarball - i'm not gonna change that :)
    @InvarBrass: most of the time goes into our new branch ("sandbox"), and we are certainly still here
    @Pierre: yes, that is right. see http://redmine.lighttpd.net/issues/1288 for the discussion.
  16. Fuffy Says:
    November 7th, 2009 at 12:25 AM Is there a package for Debian (Lenny)?
  17. nitrox Says:
    November 7th, 2009 at 07:08 PM Why don´t you submit the bugs you found to our bugtracker if you want them to be fixed? We usually try to get the bugs fixed which are in there, we don´t search through all the comments :-)

Sorry, comments are closed for this article.