Web Interface with lighttpd

About this document

Original Author: {de} FelixKaechele <felix@fetzig.org>

This is a short howto to show how to use the DSPAM CGI with lighttpd. The main problem is that lighttpd does not have a suexec function like Apache does. We'll be using Apache's suexec binary with a wrapper script to run the Perl files with the right permission.

Installing Apache suexec

If you already have Apache Webserver installed you should be all set. Check if the suexec binary is available on your machine by doing which sudo. If it returns a path your all set.

If you have no Apache installation on you machine we need to build suexec manually.

  1. Download Apache from http://httpd.apache.org

  2. Unpack Apache tar xzf httpd-2.x.tar.gz

  3. cd httpd-2.x

  4. ./configure

  5. cd support

  6. edit suexec.h in your favorite editor. following values need tweaking:

    1. #define AP_HTTPD_USER "www" change this to you lighttpd user

    2. comment out the whole LOG_EXEC section unless you want logging. then you need do set the logfile path.

    3. #define AP_DOC_ROOT DEFAULT_EXP_HTDOCSDIR change this to your webserver root. for example: #define AP_DOC_ROOT "/var/www"

  7. make suexec

  8. cp suexec /usr/bin

suexec is now installed

The perl wrapper script

The wrapper script runs the DSPAM perl scripts with the correct user. 

#!/bin/sh

SUEXEC=/usr/bin/suexec

DIR=`dirname $1`
SCRIPT=`basename $1`
USER=`stat -c '%U' $1`
GROUP=`stat -c '%G' $1`

cd $DIR
exec $SUEXEC $USER $GROUP $SCRIPT

Save it somewhere (e.g. in the webroot for your DSPAM Web interface) and make it executable (chmod 755). As an example we'll use /var/www/spam/perl-wrapper.sh When using this script the cgi files must be owned by the dspam user and group.

lighttpd configuration

We'll create a new vhost for our DSPAM Web interface. 

$HTTP["host"] == "spam.example.com" {
  server.document-root = "/var/www/spam/htdocs/"
  cgi.assign = ( ".cgi" => "/var/www/spam/perl-wrapper.sh" )
  auth.backend = "htpasswd"
  auth.backend.htpasswd.userfile = "/var/www/spam/users"
  auth.require = ( "/" =>
                   (
                     "method"  => "basic",
                     "realm"   => "DSPAM",
                     "require" => "valid-user"
                   )
                 )
}

Change the paths so they work with your setup. Remember to create a htpasswd file with the same users as the email users.

{i}

I use a mailserver setup with MySQL backend for user management. If you use this kind of setup you can create your htpassword file with a small perl script that reads the users from the database. You can find the perl script here.
If your passwords are saved in plain md5 you might want to try the htdigest authentication backend. Please see the lighttpd docs.

If you want to redirect the user directly to the Web interface when entering spam.example.com you need to add following line to the vhost config: 

url.redirect = ("^/?$" => "/cgi-bin/dspam.cgi")

In this example dspam.cgi is installed at /cgi-bin/dspam.cgi.

Configuration is now finished. Restart lighttpd and have fun using your DSPAM Web interface.

Credits

Credits for the suEXEC Wrapper go to http://d.hatena.ne.jp/ikasam_a/20060817/1155826140

last edited 2007-01-23 23:51:29 by FelixKaechele