From 12b9efaebb6d008437af4a72a98d05c4319fc825 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Fri, 28 Dec 2018 15:42:52 +0100
Subject: Merging upstream version 1.11.1+dfsg

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 doc/Running-behind-lighttpd.md | 60 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 doc/Running-behind-lighttpd.md

(limited to 'doc/Running-behind-lighttpd.md')

diff --git a/doc/Running-behind-lighttpd.md b/doc/Running-behind-lighttpd.md
new file mode 100644
index 000000000..17fb9c629
--- /dev/null
+++ b/doc/Running-behind-lighttpd.md
@@ -0,0 +1,60 @@
+# lighttpd v1.4.x
+
+Here is a config for accessing netdata in a suburl via lighttpd 1.4.46 and newer:
+
+```txt
+$HTTP["url"] =~ "^/netdata/" {
+    proxy.server  = ( "" => ("netdata" => ( "host" => "127.0.0.1", "port" => 19999 )))
+    proxy.header = ( "map-urlpath" => ( "/netdata/" => "/") )
+}
+```
+
+If you have older lighttpd you have to use a chain (such as bellow), as explained [at this stackoverflow answer](http://stackoverflow.com/questions/14536554/lighttpd-configuration-to-proxy-rewrite-from-one-domain-to-another).
+
+```txt
+$HTTP["url"] =~ "^/netdata/" {
+    proxy.server  = ( "" => ("" => ( "host" => "127.0.0.1", "port" => 19998 )))
+}
+
+$SERVER["socket"] == ":19998" {
+    url.rewrite-once = ( "^/netdata(.*)$" => "/$1" )
+    proxy.server = ( "" => ( "" => ( "host" => "127.0.0.1", "port" => 19999 )))
+}
+```
+
+---
+
+If the only thing the server is exposing via the web is netdata (and thus no suburl rewriting required),
+then you can get away with just
+```
+proxy.server  = ( "" => ( ( "host" => "127.0.0.1", "port" => 19999 )))
+```
+Though if it's public facing you might then want to put some authentication on it.  htdigest support
+looks like:
+```
+auth.backend = "htdigest"
+auth.backend.htdigest.userfile = "/etc/lighttpd/lighttpd.htdigest"
+auth.require = ( "" => ( "method" => "digest", 
+                         "realm" => "netdata", 
+                         "require" => "valid-user" 
+                       )
+               )
+```
+other auth methods, and more info on htdigest, can be found in lighttpd's [mod_auth docs](http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModAuth).
+
+---
+
+It seems that lighttpd (or some versions of it), fail to proxy compressed web responses.
+To solve this issue, disable web response compression in netdata.
+
+Open /etc/netdata/netdata.conf and set in [global]:
+
+```
+enable web responses gzip compression = no
+```
+
+## limit direct access to netdata
+
+You would also need to instruct netdata to listen only to `127.0.0.1` or `::1`.
+
+To limit access to netdata only from localhost, set `bind socket to IP = 127.0.0.1` or `bind socket to IP = ::1` in `/etc/netdata/netdata.conf`.
-- 
cgit v1.2.3