Forum

Hello everyone and Mr Hugo:

I am looking for more information on how to set up my hiawatha server to take over from my current apache2 setup.

So I compiled hiawatha from source so that I can toggle ON hiawatha/php-fpm with the php directories remaining unchanged from
my apache/php_mod server, which I can toggle OFF.

My hiwatha init.d script and /hia/conf/hiawatha.conf file is copied below for reference. My primary difficulty is that I am trying to get POST to work
and it is giving me "405 Method Not Allowed" errors.V

The HOW-TO and other forum posts suggest that POSTS require that I send those requests to a CGI file, how do I do that
since all of the requests are being re-written using URLtoolkit to route thru index.php

They have wonderful examples of Startfile = index.php as a NON-CGI file, but I could not find an example of the startfile
as a CGI file.

From a previous topic 432 from the forum:
"The URL '/' probably points to a static file. POST requests can only be done to a CGI. Perhaps you should change the StartFile to a CGI file? By default, it points to index.php, which is a static file."

Here is the 405 entry from my access log file:

192.168.6.20|Tue 14 Aug 2012 19:07:24 +0000|405|603||POST /srlogin/loginproc HTTP/1.1|Host: www.fb.org|User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.10) Gecko/20101005 Fedora/3.6.10-1.fc14 Firefox/3.6.10|Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8|Accept-Language: en-us,en;q=0.5|Accept-Encoding: gzip,deflate|Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7|Keep-Alive: 115|Connection: keep-alive|Referer: https://www.fb.org/srlogin/loginstart?psv=1&psl=1&psm=20&psp=10&|Content-Type: application/x-www-form-urlencoded|Content-Length: 144

My GET requests work OK.

My init.d script fully runs Hiawatha out of the /hia/ directory while
the /php/sbin/php-fpm binary is used for fastCGI calls to the /php/php-fpm.sock unix socket.


###########Hiawatha INIT.D Check command

user@rpz]# ./hiawatha check <enter>
Configuration check via Wigwam...
Using /hia/conf/
Reading hiawatha.conf
No non-fatal errors found in the Hiawatha configuration.

Configuration check via Hiawatha...
Using /hia/conf/
Reading hiawatha.conf
Reading mimetype.conf
Configuration OK.

#############################
# /hia/conf/Hiawatha.conf configuration file
###########################3

# GENERAL SETTINGS
#
#ServerId = www-data
ConnectionsTotal = 500
ConnectionsPerIP = 10
SystemLogfile = /hia/log/system.log
GarbageLogfile = /hia/log/garbage.log


# BINDING SETTINGS
# A binding is where a client can connect to.
#
Binding {
	Port = 80
	Interface = 192.168.6.20
	MaxKeepAlive = 30
	TimeForRequest = 3,20
}

Binding {
	Port = 443
	Interface = 192.168.6.20
	MaxKeepAlive = 30
	TimeForRequest = 3,20
	SSLcertFile = /hia/conf/fillbrain.allpem
}


Binding {
	Port = 80
	Interface = 192.168.6.21
	MaxKeepAlive = 30
	TimeForRequest = 3,20
}


Binding {
	Port = 443
	Interface = 192.168.6.21
	MaxKeepAlive = 30
	TimeForRequest = 3,20
	SSLcertFile = /hia/conf/fillbrain.allpem
}


# BANNING SETTINGS
# Deny service to clients who misbehave.
#
#BanOnGarbage = 300
#BanOnMaxPerIP = 60
#BanOnMaxReqSize = 300
#KickOnBan = yes
#RebanDuringBan = yes


# COMMON GATEWAY INTERFACE (CGI) SETTINGS
# These settings can be used to run CGI applications. Use the 'php-fcgi'
# tool to start PHP as a FastCGI daemon.
#
#CGIhandler = /usr/bin/perl:pl
#CGIhandler = /usr/bin/python:py
#CGIhandler = /usr/bin/ruby:rb
#CGIhandler = /usr/bin/ssi-cgi:shtml
#CGIextension = cgi
#

CGIhandler = /php/sbin/php-fpm:php

FastCGIserver {
	FastCGIid = PHP5
	#ConnectTo = 127.0.0.1:2005
	ConnectTo = /php/php-fpm.sock
	Extension = php
}



# URL TOOLKIT
# This URL toolkit rule was made for the Banshee PHP framework, which
# can be downloaded from http://www.hiawatha-webserver.org/banshee
#
UrlToolkit {
	ToolkitID = rpzbasic
	#RequestURI isfile Return
	#Match ^/(css|files|images|js|slimstat)($|/) Return
	Match ^/(css|js|jpg|jpeg|png|gif|bmp|jar|svg|pdf|zip|swf|apk)($|/) Return

	#Match ^/(favicon.ico|robots.txt|sitemap.xml)$ Return
	Match .*\?(.*) Rewrite /index.php?url=$1
}


# DEFAULT WEBSITE
# It is wise to use your IP address as the hostname of the default website
# and give it a blank webpage. By doing so, automated webscanners won't find
# your possible vulnerable website.
#
Hostname = 192.168.6.20
WebsiteRoot = /web/default
#ShowIndex=no
StartFile = index.html
AccessLogfile = /hia/log/defa.log
ErrorLogfile = /hia/log/defe.log
ErrorHandler = 404:/error.cgi
ServerId=apache:apache
PIDfile=/hia/hia.pid

# VIRTUAL HOSTS
# Use a VirtualHost section to declare the websites you want to host.
#
VirtualHost {
	Hostname = www.fb.org, *.fb.org
	WebsiteRoot = /web/fb40
	StartFile = index.php
	AccessLogfile = /hia/log/fba.log
	ErrorLogfile = /hia/log/fbe.log
	TimeForCGI = 5
	UseFastCGI = PHP5
	UseToolkit = rpzbasic
}

VirtualHost {
	Hostname = www.wd.org, *.wd.org
	WebsiteRoot = /web/wd40
	StartFile = index.php
	AccessLogfile = /hia/log/wda.log
	ErrorLogfile = /hia/log/wde.log
	TimeForCGI = 5
	UseFastCGI = PHP5
	UseToolkit = rpzbasic
}

Here is the fixed configuration file:

# Hiawatha main configuration file
#

# GENERAL SETTINGS
#
#ServerId = www-data
ConnectionsTotal = 500
ConnectionsPerIP = 10
SystemLogfile = /hia/log/system.log
GarbageLogfile = /hia/log/garbage.log


# BINDING SETTINGS
# A binding is where a client can connect to.
#
Binding {
	Port = 80
	Interface = 192.168.6.20
	MaxKeepAlive = 30
	TimeForRequest = 3,20
}

Binding {
	Port = 443
	Interface = 192.168.6.20
	MaxKeepAlive = 30
	TimeForRequest = 3,20
	SSLcertFile = /hia/conf/fillbrain.allpem
}


Binding {
	Port = 80
	Interface = 192.168.6.21
	MaxKeepAlive = 30
	TimeForRequest = 3,20
}


Binding {
	Port = 443
	Interface = 192.168.6.21
	MaxKeepAlive = 30
	TimeForRequest = 3,20
	SSLcertFile = /hia/conf/fillbrain.allpem
}


# BANNING SETTINGS
# Deny service to clients who misbehave.
#
#BanOnGarbage = 300
#BanOnMaxPerIP = 60
#BanOnMaxReqSize = 300
#KickOnBan = yes
#RebanDuringBan = yes


# COMMON GATEWAY INTERFACE (CGI) SETTINGS
# These settings can be used to run CGI applications. Use the 'php-fcgi'
# tool to start PHP as a FastCGI daemon.
#
#CGIhandler = /usr/bin/perl:pl
#CGIhandler = /php/sbin/php-fpm:php
#CGIhandler = /usr/bin/python:py
#CGIhandler = /usr/bin/ruby:rb
#CGIhandler = /usr/bin/ssi-cgi:shtml
#CGIextension = cgi
#

	#ConnectTo = 127.0.0.1:2005

FastCGIserver {
	FastCGIid = PHP5
	ConnectTo = /php/php-fpm.sock
	Extension = php,java,html
}


# URL TOOLKIT
# This URL toolkit rule was made for the Banshee PHP framework, which
# can be downloaded from http://www.hiawatha-webserver.org/banshee
#

#RequestURI isfile Return


UrlToolkit {
	ToolkitID = rpzbasic
	Match ^/(css|js|jpg|jpeg|png|gif|bmp|jar|svg|pdf|zip|swf|apk)($|/) Return
	Match ^/(favicon.ico|robots.txt|sitemap.xml)$ Return
	Match .*\?(.*) Rewrite /index.java?url=$1
	Match .* Rewrite /index.java
}


# DEFAULT WEBSITE
# It is wise to use your IP address as the hostname of the default website
# and give it a blank webpage. By doing so, automated webscanners won't find
# your possible vulnerable website.
#
Hostname = 192.168.6.20
WebsiteRoot = /web/default
#ShowIndex=no
StartFile = index.html
AccessLogfile = /hia/log/defa.log
ErrorLogfile = /hia/log/defe.log
ErrorHandler = 404:/error.cgi
ServerId=apache:apache
PIDfile=/hia/hia.pid

# VIRTUAL HOSTS
# Use a VirtualHost section to declare the websites you want to host.
#
VirtualHost {
	Hostname = www.fb.org, *.fb.org
	WebsiteRoot = /web/fb40
	StartFile = index.php
	AccessLogfile = /hia/log/fba.log
	ErrorLogfile = /hia/log/fbe.log
	TimeForCGI = 30
	UseFastCGI = PHP5
	UseToolkit = rpzbasic
}

VirtualHost {
	Hostname = www.wd.org, *.wd.org
	WebsiteRoot = /web/wd40
	StartFile = index.php
	AccessLogfile = /hia/log/wda.log
	ErrorLogfile = /hia/log/wde.log
	TimeForCGI = 30
	UseFastCGI = PHP5
	UseToolkit = rpzbasic
}

It's hard for me to tell what went wrong, because I don't know anything about how your website works. I don't know what all the 'java' things are doing in your config, but I guess it's working now?

Hugo, yes, the java files are a legacy thing where customers or partners or whoever is thinking that I am running Tomcat/J2EE when in fact I was running PHP. So my public startfile is just a java file with a bunch of PHP inside of it.

Sometimes, there is still politics with implementation, so I just say java when I really mean PHP5.