basics for lighttpd

Dockerfile

@@ -11,6 +11,9 @@ RUN echo "http:https://dl-cdn.alpinelinux.org/alpine/edge/testing/" >> /etc/apk/reposi
  ln -s /usr/share/easy-rsa/easyrsa /usr/local/bin && \
  rm -rf /tmp/* /var/tmp/* /var/cache/apk/* /var/cache/distfiles/*
 
+ADD ./lighttpd/htdocs/ /var/www/localhost/
+ADD ./lighttpd/config/* /etc/lighttpd/
+
 # Needed by scripts
 ENV OPENVPN=/etc/openvpn
 ENV EASYRSA=/usr/share/easy-rsa \
@@ -21,6 +24,7 @@ VOLUME ["/etc/openvpn"]
 
 # Internally uses port 1194/udp, remap using `docker run -p 443:1194/tcp`
 EXPOSE 1194/udp
+EXPOSE 80/tcp
 
 CMD ["ovpn_run"]
 

lighttpd/config/lighttpd.conf

@@ -0,0 +1,285 @@
+###############################################################################
+# Default lighttpd.conf for Gentoo.
+# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/lighttpd.conf,v 1.3 2005/09/01 14:22:35 ka0ttic Exp $
+###############################################################################
+
+# {{{ variables
+var.basedir = "/var/www/localhost"
+var.logdir = "/var/log/lighttpd"
+var.statedir = "/var/lib/lighttpd"
+# }}}
+
+# {{{ modules
+# At the very least, mod_access and mod_accesslog should be enabled.
+# All other modules should only be loaded if necessary.
+# NOTE: the order of modules is important.
+server.modules = (
+# "mod_rewrite",
+# "mod_redirect",
+# "mod_alias",
+# "mod_access",
+# "mod_cml",
+# "mod_trigger_b4_dl",
+ "mod_auth",
+ "mod_authn_file",
+# "mod_status",
+# "mod_setenv",
+# "mod_proxy",
+# "mod_simple_vhost",
+# "mod_evhost",
+# "mod_userdir",
+# "mod_compress",
+# "mod_ssi",
+# "mod_usertrack",
+# "mod_expire",
+# "mod_secdownload",
+# "mod_rrdtool",
+# "mod_webdav",
+ "mod_accesslog"
+)
+# }}}
+
+# {{{ includes
+include "mime-types.conf"
+# uncomment for cgi support
+include "mod_cgi.conf"
+# uncomment for php/fastcgi support
+# include "mod_fastcgi.conf"
+# uncomment for php/fastcgi fpm support
+# include "mod_fastcgi_fpm.conf"
+# }}}
+
+# {{{ server settings
+server.username = "root"
+server.groupname = "root"
+
+server.document-root = var.basedir + "/htdocs"
+server.pid-file = "/run/lighttpd.pid"
+
+server.errorlog = var.logdir + "/error.log"
+# log errors to syslog instead
+# server.errorlog-use-syslog = "enable"
+
+server.indexfiles = ("index.cgi", "index.html",
+ "index.htm", "default.htm")
+
+# server.tag = "lighttpd"
+
+server.follow-symlink = "enable"
+
+# event handler (defaults to "poll")
+# see performance.txt
+# 
+# for >= linux-2.4
+# server.event-handler = "linux-rtsig"
+# for >= linux-2.6
+# server.event-handler = "linux-sysepoll"
+# for FreeBSD
+# server.event-handler = "freebsd-kqueue"
+
+# chroot to directory (defaults to no chroot)
+# server.chroot = "/"
+
+# bind to port (defaults to 80)
+# server.port = 81
+
+# bind to name (defaults to all interfaces)
+# server.bind = "grisu.home.kneschke.de"
+
+# error-handler for status 404
+# server.error-handler-404 = "/error-handler.html"
+# server.error-handler-404 = "/error-handler.php"
+
+# Format: <errorfile-prefix><status-code>.html
+# -> ..../status-404.html for 'File not found'
+# server.errorfile-prefix = var.basedir + "/error/status-"
+
+# FAM support for caching stat() calls
+# requires that lighttpd be built with USE=fam
+# server.stat-cache-engine = "fam"
+# }}}
+
+# {{{ mod_staticfile
+
+# which extensions should not be handled via static-file transfer
+# (extensions that are usually handled by mod_cgi, mod_fastcgi, etc).
+static-file.exclude-extensions = (".php", ".pl", ".cgi", ".fcgi")
+# }}}
+
+# {{{ mod_accesslog
+accesslog.filename = /dev/console
+# }}}
+
+# {{{ mod_dirlisting
+# enable directory listings
+# dir-listing.activate = "enable"
+#
+# don't list hidden files/directories
+# dir-listing.hide-dotfiles = "enable"
+#
+# use a different css for directory listings
+# dir-listing.external-css = "/path/to/dir-listing.css"
+#
+# list of regular expressions. files that match any of the
+# specified regular expressions will be excluded from directory
+# listings.
+# dir-listing.exclude = ("^\.", "~$")
+# }}}
+
+# {{{ mod_access
+# see access.txt
+
+url.access-deny = ("~", ".inc")
+# }}}
+
+# {{{ mod_userdir
+# see userdir.txt
+#
+# userdir.path = "public_html"
+# userdir.exclude-user = ("root")
+# }}}
+
+# {{{ mod_ssi
+# see ssi.txt
+#
+# ssi.extension = (".shtml")
+# }}}
+
+# {{{ mod_ssl
+# see ssl.txt
+#
+ ssl.engine = "enable"
+ ssl.pemfile = "/etc/openvpn/http/server.pem"
+ ssl.privkey = "/etc/openvpn/http/server.key"
+# }}}
+
+# {{{ mod_status
+# see status.txt
+#
+# status.status-url = "/server-status"
+# status.config-url = "/server-config"
+# }}}
+
+# {{{ mod_simple_vhost
+# see simple-vhost.txt
+#
+# If you want name-based virtual hosting add the next three settings and load
+# mod_simple_vhost
+#
+# document-root =
+# virtual-server-root + virtual-server-default-host + virtual-server-docroot
+# or
+# virtual-server-root + http-host + virtual-server-docroot
+#
+# simple-vhost.server-root = "/home/weigon/wwwroot/servers/"
+# simple-vhost.default-host = "grisu.home.kneschke.de"
+# simple-vhost.document-root = "/pages/"
+# }}}
+
+# {{{ mod_auth
+# see authentication.txt
+#
+ auth.backend = "plain"
+ auth.backend.htpasswd.file = "/etc/openvpn/http/htpasswd"
+ auth.backend.htpasswd.method = "basic"
+
+# auth.require = ( "/server-status" =>
+# (
+# "method" => "digest",
+# "realm" => "download archiv",
+# "require" => "user=jan"
+# ),
+# "/server-info" =>
+# (
+# "method" => "digest",
+# "realm" => "download archiv",
+# "require" => "valid-user"
+# )
+# )
+# }}}
+
+# {{{ mod_evhost
+# define a pattern for the host url finding
+# %% => % sign
+# %0 => domain name + tld
+# %1 => tld
+# %2 => domain name without tld
+# %3 => subdomain 1 name
+# %4 => subdomain 2 name
+#
+# evhost.path-pattern = "/home/storage/dev/www/%3/htdocs/"
+# }}}
+
+# {{{ mod_expire
+# expire.url = (
+# "/buggy/" => "access 2 hours",
+# "/asdhas/" => "access plus 1 seconds 2 minutes"
+# )
+# }}}
+
+# {{{ mod_rrdtool
+# see rrdtool.txt
+#
+# rrdtool.binary = "/usr/bin/rrdtool"
+# rrdtool.db-name = var.statedir + "/lighttpd.rrd"
+# }}}
+
+# {{{ mod_setenv
+# see setenv.txt
+#
+# setenv.add-request-header = ( "TRAV_ENV" => "mysql:https://user@host/db" )
+# setenv.add-response-header = ( "X-Secret-Message" => "42" )
+# }}}
+
+# {{{ mod_trigger_b4_dl
+# see trigger_b4_dl.txt
+#
+# trigger-before-download.gdbm-filename = "/home/weigon/testbase/trigger.db"
+# trigger-before-download.memcache-hosts = ( "127.0.0.1:11211" )
+# trigger-before-download.trigger-url = "^/trigger/"
+# trigger-before-download.download-url = "^/download/"
+# trigger-before-download.deny-url = "http:https://127.0.0.1/index.html"
+# trigger-before-download.trigger-timeout = 10
+# }}}
+
+# {{{ mod_cml
+# see cml.txt
+#
+# don't forget to add index.cml to server.indexfiles
+# cml.extension = ".cml"
+# cml.memcache-hosts = ( "127.0.0.1:11211" )
+# }}} 
+
+# {{{ mod_webdav
+# see webdav.txt
+#
+# $HTTP["url"] =~ "^/dav($|/)" {
+# webdav.activate = "enable"
+# webdav.is-readonly = "enable"
+# }
+# }}}
+
+# {{{ extra rules
+#
+# set Content-Encoding and reset Content-Type for browsers that
+# support decompressing on-thy-fly (requires mod_setenv)
+# $HTTP["url"] =~ "\.gz$" {
+# setenv.add-response-header = ("Content-Encoding" => "x-gzip")
+# mimetype.assign = (".gz" => "text/plain")
+# }
+
+# $HTTP["url"] =~ "\.bz2$" {
+# setenv.add-response-header = ("Content-Encoding" => "x-bzip2")
+# mimetype.assign = (".bz2" => "text/plain")
+# }
+#
+# }}}
+
+# {{{ debug
+# debug.log-request-header = "enable"
+# debug.log-response-header = "enable"
+# debug.log-request-handling = "enable"
+# debug.log-file-not-found = "enable"
+# }}}
+
+# vim: set ft=conf foldmethod=marker et :

lighttpd/htdocs/defs

@@ -0,0 +1,9 @@
+HEAD='<!DOCTYPE html>
+<html>
+<head>
+ <meta http-equiv="Content-Type" content="text/html;charset=utf-8">
+ <title>Openvpn client management</title>
+</head>
+<body>'
+
+END='</body></html>'

lighttpd/htdocs/index.cgi

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+
+
+print_user_table()
+{
+# name,begin,end,status
+# ariya,Jul 21 11:15:44 2020 GMT,Jul 6 11:15:44 2023 GMT,VALID
+
+ echo '<table>'
+ echo '<tr><th>name</th><th>valid from</th><th>valid to</th><th>status</th><th>actions</th></tr>'
+
+ ovpn_listclients | tail -n +2 | while IFS=, read -r name valid_from valid_to status; do
+ echo "<tr><td>$name</td><td>$valid_from</td><td>$valid_to</td><td>$status</td><td>DELETE RENEW DOWNLOAD_CONFIG</td></tr>"
+ done
+
+ echo '</table>'
+}
+
+
+MY_PATH=$(readlink -f "$BASH_SOURCE")
+MYDIR=$(dirname "$MY_PATH")
+. "$MYDIR/defs"
+
+echo "$HEAD"
+
+print_user_table
+
+echo "$END"