How to run two webservers

[sesamebike]

Hi,

I've seen several questions regarding how to setup a second webserver on the wl500g so I thought I'd share my experiences on this matter.

First you need to start the webserver. Add the following line to /usr/local/init/post-boot:

Code:

busybox_httpd -c /mnt/usbfs/etc/httpd.conf -p 8080 -r "My dungeon" -h /mnt/usbfs/web

Here' s the documentation fot the busybox webserver

/*
* httpd implementation for busybox
*
* Copyright (C) 2002,2003 Glenn Engel <glenne@engel.org>
* Copyright (C) 2003 Vladimir Oleynik <dzo@simtreas.ru>
*
* simplify patch stolen from libbb without using strdup
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
************************************************** ***************************
*
* Typical usage:
* for non root user
* httpd -p 8080 -h $HOME/public_html
* or for daemon start from rc script with uid=0:
* httpd -u www
* This is equivalent if www user have uid=80 to
* httpd -p 80 -u 80 -h /www -c /etc/httpd.conf -r "Web Server Authentication"
*
*
* When a url contains "cgi-bin" it is assumed to be a cgi script. The
* server changes directory to the location of the script and executes it
* after setting QUERY_STRING and other environment variables.
*
* The server can also be invoked as a url arg decoder and html text encoder
* as follows:
* foo=`httpd -d $foo` # decode "Hello%20World" as "Hello World"
* bar=`httpd -e "<Hello World>"` # encode as "&#60Hello&#32World&#62"
* Note that url encoding for arguments is not the same as html encoding for
* presentation. -d decodes a url-encoded argument while -e encodes in html
* for page display.
*
* httpd.conf has the following format:
*
* A:172.20. # Allow address from 172.20.0.0/16
* A:10.0.0.0/25 # Allow any address from 10.0.0.0-10.0.0.127
* A:10.0.0.0/255.255.255.128 # Allow any address that previous set
* A:127.0.0.1 # Allow local loopback connections
* D:* # Deny from other IP connections
* /cgi-bin:foo:bar # Require user foo, pwd bar on urls starting with /cgi-bin/
* /adm:admin:setup # Require user admin, pwd setup on urls starting with /adm/
* /adm:toor:PaSsWd # or user toor, pwd PaSsWd on urls starting with /adm/
* .au:audio/basic # additional mime type for audio.au files
*
* A/D may be as a/d or allow/deny - first char case insensitive
* Deny IP rules take precedence over allow rules.
*
*
* The Deny/Allow IP logic:
*
* - Default is to allow all. No addresses are denied unless
* denied with a D: rule.
* - Order of Deny/Allow rules is significant
* - Deny rules take precedence over allow rules.
* - If a deny all rule (D:*) is used it acts as a catch-all for unmatched
* addresses.
* - Specification of Allow all (A:*) is a no-op
*
* Example:
* 1. Allow only specified addresses
* A:172.20 # Allow any address that begins with 172.20.
* A:10.10. # Allow any address that begins with 10.10.
* A:127.0.0.1 # Allow local loopback connections
* D:* # Deny from other IP connections
*
* 2. Only deny specified addresses
* D:1.2.3. # deny from 1.2.3.0 - 1.2.3.255
* D:2.3.4. # deny from 2.3.4.0 - 2.3.4.255
* A:* # (optional line added for clarity)
*
* If a sub directory contains a config file it is parsed and merged with
* any existing settings as if it was appended to the original configuration.
*
* subdir paths are relative to the containing subdir and thus cannot
* affect the parent rules.
*
* Note that since the sub dir is parsed in the forked thread servicing the
* subdir http request, any merge is discarded when the process exits. As a
* result, the subdir settings only have a lifetime of a single request.
*
*
* If -c is not set, an attempt will be made to open the default
* root configuration file. If -c is set and the file is not found, the
* server exits with an error.
*
*/

That's the easy part. What is a bit more trickier is to configure iptables so that you can access your webserver from the WAN. I want this webserver to be used when I browse to my external IP, e.g. http://sesamebike.dyndns.org (bogus url, don't click). Still I want the wl500g admin webserver to be used if I browse to http://my.router. Finally, I don't want the external web server to be accessable on port 8080, only port 80.

Edit the /usr/local/init/post-firewall and add the following:

Code:

/usr/sbin/iptables -t nat -I PREROUTING -p tcp -d "$2" --dport 80 -j DNAT --to "$2":8080
/usr/sbin/iptables -t nat -D PREROUTING -i "$1" -p tcp --dport 80 -j DROP
/usr/sbin/iptables -t nat -I PREROUTING -i "$1" -p tcp --dport 8080 -j DROP
/usr/sbin/iptables -A INPUT -i "$1" -d "$2" -p tcp --syn --dport 8080 -j ACCEPT

Remember to save your changes to the flash using flashfs save and flashfs commit.

Hopefully this will get you started. At least this setup worked for me on Oleg's excellent 1.7.5.9-5 firmware.

Cheers!