[Libwebsockets] Configuration questions.

Andy Green andy at warmcat.com
Sun Nov 14 06:47:18 CET 2021



On 11/14/21 00:51, Steve Calfee wrote:
> Seems most of my problems are sysadmin sorts of questions. In "conf" we 
> have
> 
> # these are the server global settings
> # stuff related to vhosts should go in one
> # file per vhost in ../conf.d/
> 
> {
>    "global": {
>     "uid": "48",
>     "gid": "48",
>     "interface": "eth0",
>     "count-threads": "1",
>     "server-string": "lwsws",
>     "ws-pingpong-secs": "200",
>     "init-ssl": "yes"
>   }
> }
> 
> What should be uid and gid? 48 seems random. I want to run as my local 
> user/group.

48 is what httpd (apache) runs under on redhat type systems.  On 
warmcat.com, lwsws is integrating with distro mailman and gitolite that 
are set up to be able to share some of its things with that user, so 
this avoids a lot of problems.

You can set them to whatever you want, if "local user/group" means a 
user you created for lwsws and your own group, or a group for externally 
reachable content and some other user, it's all good.

If it means your main user identity on the machine, although lws takes 
care to stop attacks like ../../../../home/user/..., it's highly 
advisable to segregate out internet facing things into their own user so 
if it somehow fails to block attempts to make it touch things it 
shouldn't, it anyway meets a brick wall at /home/user/ user:users (or 
whatever group) 0700 permissions, root:root on /etc/shadow and so on.

> What I would really like is to use lwsws as my user, so no sudo copying 
> etc while debugging. When I start using "lwsws -c lwsws" the server does 
> start using .../lwsws as my config directory. Good.

Selinux permitting, lwsws can read and write anything with read and 
write permissions respectively, and enter anything with enter 
permissions.  It doesn't care what the owner of the file is.

> But on my Mint (ubuntu) system the server data files are in 
> /usr/local/share/libwebsockets-test-server/. How can I put in my user 
> directory somewhere? Probably as cmake option? I would like them to be 
> f:reely r/w for my user/group.

No those are just the demo pieces that are installed from the package. 
You can put your own mounts anywhere (selinux permitting).

The way redhat uses for apache is what I use for the main vhost mount, 
so there are two dirs

/var/www/warmcat.com/
/var/www/libwebsockets.org/

for my purposes they are root:root 755, I ssh things into there as root. 
  For the warmcat.com vhost, in /etc/lwsws/conf.d/warmcat.com he has

...
                 "mounts": [{
                         "mountpoint": "/",
                         "origin": "file:///var/www/warmcat.com",
                         "default": "index.html",
                         "cache-max-age": "172800",
                         "cache-reuse": "1",
                         "cache-revalidate": "0",
                         "cache-intermediaries": "0",

                         "extra-mimetypes": {
                                 ".bin": "application/octet-stream",
                                 ".ttf": "application/x-font-truetype",
                                 ".otf": "application/font-sfnt",
                                 ".zip": "application/zip",
                                 ".webm": "video/webm",
                                 ".mp4": "video/mp4",
                                 ".romfs": "application/octet-stream",
                                 ".pdf": "application/pdf",
                                 ".odt": 
"application/vnd.oasis.opendocument.text"
                         }
                    }, {
...

there are several other mounts and some other vhosts in there for stuff 
on different ports etc.

If you want your user to access these dirs casually, you can set the dir 
owner to your user, and the group to whatever lwsws-specific group you 
created, and permissions to 0750.  Then you can copy things into there 
as the owning user just fine, so long as the files have o+r permission 
lwsws will be able to read them.

> I am creating my own protocol, so I copied protocol_lws_status.c. So far 
> ok; but this somewhat scary comment is in that file:
> 
> #define LWS_PLUGIN_PROTOCOL_LWS_STATUS \
> { \
> "lws-status", \
> callback_lws_status, \
> sizeof(struct per_session_data__lws_status), \
> 512, /* rx buf size must be >= permessage-deflate rx size */ \
> 0, NULL, 0 \
> }
> 
> #if !defined (LWS_PLUGIN_STATIC)
> 
> LWS_VISIBLE const struct lws_protocols lws_status_protocols[] = {
> LWS_PLUGIN_PROTOCOL_LWS_STATUS
> };
> 
> What are the rules for rx buf size? How do I know what or how big 
> permessage-deflate rx size is?

If you are not building for permessage-deflate, it is off by default and 
you can ignore it.

Incoming stuff passed to the protocol will be chunked at that size, and 
by default so will what is written out (you can control that 
independently at the next arg if it is nonzero).  So it affects memory 
usage and throughput if the protocol has bulk data.

-Andy

> Enough questions for one email,
> 
> Thanks, Steve
> 
> 
> 
> 
> _______________________________________________
> Libwebsockets mailing list
> Libwebsockets at ml.libwebsockets.org
> https://libwebsockets.org/mailman/listinfo/libwebsockets
> 


More information about the Libwebsockets mailing list