[Libwebsockets] Configuration questions.

Steve Calfee stevecalfee at gmail.com
Sun Nov 14 21:13:46 CET 2021

Thank you very much for your help. A couple of follow up questions:

On Sat, Nov 13, 2021 at 9:47 PM Andy Green <andy at warmcat.com> wrote:

> On 11/14/21 00:51, Steve Calfee wrote:
> > Seems most of my problems are sysadmin sorts of questions.

> If it means your main user identity on the machine, although lws takes
> care to stop attacks like ../../../../home/user/..., it's highly
> advisable to segregate out internet facing things into their own user so
> if it somehow fails to block attempts to make it touch things it
> shouldn't, it anyway meets a brick wall at /home/user/ user:users (or
> whatever group) 0700 permissions, root:root on /etc/shadow and so on.
> OK, I never understood why it was so difficult to install apache, seems
mainly the weird setups was to deal with historical security failures. In
my case I would like to be secure but have no immediate plans to be
internet facing.

> > But on my Mint (ubuntu) system the server data files are in
> > /usr/local/share/libwebsockets-test-server/. How can I put in my user
> > directory somewhere? Probably as cmake option? I would like them to be
> > f:reely r/w for my user/group.
> No those are just the demo pieces that are installed from the package.
> You can put your own mounts anywhere (selinux permitting).
> OK, so the conf.d/json file says where it should go. But my sysadmin
confusion continues, where is _lws_ddir_ defined? I cannot find it in the
source and I am using the
   12       "mounts": [{
   13         "mountpoint": "/",
   14:        "origin": "file://_lws_ddir_/libwebsockets-test-server",

and it is described, but not explained how to change in


   29:  - There's also a single substitution, if a string contains
"_lws_ddir_", then that is
   30  replaced with the LWS install data directory path, eg, "/usr/share"
or whatever was
   31  set when LWS was built + installed.

> there are several other mounts and some other vhosts in there for stuff
> on different ports etc.
> If you want your user to access these dirs casually, you can set the dir
> owner to your user, and the group to whatever lwsws-specific group you
> created, and permissions to 0750.  Then you can copy things into there
> as the owning user just fine, so long as the files have o+r permission
> lwsws will be able to read them.
> If you are not building for permessage-deflate, it is off by default and
> you can ignore it.
> If I am planning to be passing utf-8 json, is deflate a desirable option?
What does permessage-deflate for and why is it off? How would I turn it on
(I presume some cmake option).

> Incoming stuff passed to the protocol will be chunked at that size, and
> by default so will what is written out (you can control that
> independently at the next arg if it is nonzero).  So it affects memory
> usage and throughput if the protocol has bulk data.
> -Andy
> If I ever get this working, are you open to a contribution of a new plugin
protocol for a simple json exchange, maybe extendable for games? I am (for
testing) extending also test.{js,html} too.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://libwebsockets.org/pipermail/libwebsockets/attachments/20211114/0b0aecc0/attachment.htm>

More information about the Libwebsockets mailing list