Mailing List Archive: Cherokee: users

new to cherokee and some questions

Index | Next | Previous | View Threaded

info at pcintelligence

Jun 27, 2009, 4:50 PM

Post #1 of 16 (326 views)
Permalink

new to cherokee and some questions

Hi,

I have some questions about cherokee:

- Can it do WebDav? so I can place a .ics or Ical file on my webserver?

- I have for example a webroot : /var/www/*website*/docroot which is a
php application (wordpress) but I also got a PHP application outside the
documentroot: /var/www/*website*/torrentflux/html .
I can create this torrenflux directory with FCGI php app settings and
can open it at http://*website*/torrentflux/html/index.php but not as
http://*website*/torrentflux/html - I have to specify the index.php it
seems it doesn't use the Directory Index option.
How can I fix this?

- How secure is cherokee in regards to nginx, lighttpd and apache?

- If I want to run cherokee chrooted, what are the requirements for the
chroot folder (for example /var/www) besided the permissions on the folder?

Kind Regards,

Michiel

_______________________________________________
Cherokee mailing list
Cherokee[at]lists.octality.com
http://lists.octality.com/listinfo/cherokee

stefan at konink

Jun 27, 2009, 5:25 PM

Post #2 of 16 (315 views)
Permalink

Re: new to cherokee and some questions [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Michiel van Es wrote:
> I have some questions about cherokee:
>
> - Can it do WebDav? so I can place a .ics or Ical file on my webserver?

There is no embedded dav and and the status code that implements
multiple stati at once is not implemented.

> - I have for example a webroot : /var/www/*website*/docroot which is a
> php application (wordpress) but I also got a PHP application outside the
> documentroot: /var/www/*website*/torrentflux/html .
> I can create this torrenflux directory with FCGI php app settings and
> can open it at http://*website*/torrentflux/html/index.php but not as
> http://*website*/torrentflux/html - I have to specify the index.php it
> seems it doesn't use the Directory Index option.
> How can I fix this?

Move the php rule up, as non-final.

> - How secure is cherokee in regards to nginx, lighttpd and apache?

I think you should never trust an audit of the creators of a product :)
They will always say it is better ;)

> - If I want to run cherokee chrooted, what are the requirements for the
> chroot folder (for example /var/www) besided the permissions on the folder?

As far as I know there is an internal chroot function for the
documentroot, or are you talking about running cherokee itself within a
chroot?

Stefan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEUEAREKAAYFAkpGuIwACgkQYH1+F2Rqwn1FKgCWPjlGCQsZZLaepOnsiyysz2jK
oQCfdmHU97hZ0IW+OXPU8t7xd0BJB/I=
=4kPk
-----END PGP SIGNATURE-----
_______________________________________________
Cherokee mailing list
Cherokee[at]lists.octality.com
http://lists.octality.com/listinfo/cherokee

stefan at konink

Jun 27, 2009, 5:29 PM

Post #3 of 16 (315 views)
Permalink

Re: new to cherokee and some questions [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Michiel van Es wrote:
> Michiel

If you don't want to receive email, please fix your reply-to settings.
Mail servers identifying content as spam are stupid.

Stefan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREKAAYFAkpGuXMACgkQYH1+F2Rqwn0X9QCfXOhhlt04YdKl5P80qrV0LNMu
9GoAn1wcFwVMw6vRNFJnvHnYG4E29rTS
=sYV4
-----END PGP SIGNATURE-----
_______________________________________________
Cherokee mailing list
Cherokee[at]lists.octality.com
http://lists.octality.com/listinfo/cherokee

alvaro at alobbs

Jun 28, 2009, 12:20 AM

Post #4 of 16 (315 views)
Permalink

Re: new to cherokee and some questions [In reply to]

`On 28-jun-09, at 02:25, Stefan de Konink wrote:
> Michiel van Es wrote:
>
>> - I have for example a webroot : /var/www/*website*/docroot which
>> is a
>> php application (wordpress) but I also got a PHP application
>> outside the
>> documentroot: /var/www/*website*/torrentflux/html .
>> I can create this torrenflux directory with FCGI php app settings and
>> can open it at http://*website*/torrentflux/html/index.php but not as
>> http://*website*/torrentflux/html - I have to specify the index.php
>> it
>> seems it doesn't use the Directory Index option.
>> How can I fix this?
>
> Move the php rule up, as non-final.

You have to be use you are a regular "Extension PHP" rule on the top
of the list marked as non-final. If there isn't one, there's a Wizard
that will add it for you.

Then, you'll have to add a new rule with the document root.
"Directory /torrentflux" should define the special local path, and it
should be set to use the "List & Send" handler (so it takes directory
indexes into account).

Finally, check that the 'directory index' includes index.php. Remember
that the property is defined on each virtual server.

>> - How secure is cherokee in regards to nginx, lighttpd and apache?
>
> I think you should never trust an audit of the creators of a
> product :)
> They will always say it is better ;)

Google helps to clarity things at this regard. Check this out:

http://webapp.iss.net/Search.do?searchType=keywd&keyword=Cherokee

The last security issue was found in Cherokee 0.5.4, which was release
in July 2006. That makes 3 whole years without a single tiny security
problem. (I cross my fingers we continue like this much longer..)

>> - If I want to run cherokee chrooted, what are the requirements for
>> the
>> chroot folder (for example /var/www) besided the permissions on the
>> folder?
>
> As far as I know there is an internal chroot function for the
> documentroot, or are you talking about running cherokee itself
> within a
> chroot?

The server can chroot itself. There is an option in the server
configuration that you can set from cherokee-admin.

However, that's something I wouldn't recommend you, actually. If you
use fairly complex software like TorrentFlux, a chroot'ed version of
the server would require a hell of an installation. Keep in mind that
you'd have to copy a whole lot of binaries and libraries to the chroot
in order to that software to run.

--
Octality
http://www.octality.com/

_______________________________________________
Cherokee mailing list
Cherokee[at]lists.octality.com
http://lists.octality.com/listinfo/cherokee

info at pcintelligence

Jun 28, 2009, 4:37 AM

Post #5 of 16 (315 views)
Permalink

Re: new to cherokee and some questions [In reply to]

Alvaro Lopez Ortega wrote:
> `On 28-jun-09, at 02:25, Stefan de Konink wrote:
>> Michiel van Es wrote:
>>
>>> - I have for example a webroot : /var/www/*website*/docroot which is a
>>> php application (wordpress) but I also got a PHP application outside the
>>> documentroot: /var/www/*website*/torrentflux/html .
>>> I can create this torrenflux directory with FCGI php app settings and
>>> can open it at http://*website*/torrentflux/html/index.php but not as
>>> http://*website*/torrentflux/html - I have to specify the index.php it
>>> seems it doesn't use the Directory Index option.
>>> How can I fix this?
>>
>> Move the php rule up, as non-final.
>
> You have to be use you are a regular "Extension PHP" rule on the top of
> the list marked as non-final. If there isn't one, there's a Wizard that
> will add it for you.
>
> Then, you'll have to add a new rule with the document root. "Directory
> /torrentflux" should define the special local path, and it should be set
> to use the "List & Send" handler (so it takes directory indexes into
> account).
>
> Finally, check that the 'directory index' includes index.php. Remember
> that the property is defined on each virtual server.

Superbe! :)

>
>>> - How secure is cherokee in regards to nginx, lighttpd and apache?
>>
>> I think you should never trust an audit of the creators of a product :)
>> They will always say it is better ;)
>
> Google helps to clarity things at this regard. Check this out:
>
> http://webapp.iss.net/Search.do?searchType=keywd&keyword=Cherokee
>
> The last security issue was found in Cherokee 0.5.4, which was release
> in July 2006. That makes 3 whole years without a single tiny security
> problem. (I cross my fingers we continue like this much longer..)

That sounds good, I will look into the security track..

>
>>> - If I want to run cherokee chrooted, what are the requirements for the
>>> chroot folder (for example /var/www) besided the permissions on the
>>> folder?
>>
>> As far as I know there is an internal chroot function for the
>> documentroot, or are you talking about running cherokee itself within a
>> chroot?
>
> The server can chroot itself. There is an option in the server
> configuration that you can set from cherokee-admin.
>
> However, that's something I wouldn't recommend you, actually. If you use
> fairly complex software like TorrentFlux, a chroot'ed version of the
> server would require a hell of an installation. Keep in mind that you'd
> have to copy a whole lot of binaries and libraries to the chroot in
> order to that software to run.

allrighty..

I have some small questions:

- is it possible to use webdav?
- how can I redirect all http traffic to https with the cherokee-admin?
I want to redirect/push all webmail clients to https to ensure that
their username/password is sent encrypted for example.

>
> --
> Octality
> http://www.octality.com/

Thanks for your kind help!

Regards,

Michiel

_______________________________________________
Cherokee mailing list
Cherokee[at]lists.octality.com
http://lists.octality.com/listinfo/cherokee

stefan at konink

Jun 28, 2009, 5:22 AM

Post #6 of 16 (315 views)
Permalink

Re: new to cherokee and some questions [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Michiel Van Es wrote:
> If I am doing something wrong with my spamfilter, please contact me
> private and let the mailinglist out of it.

Yeah right... and how should I contact you in private if my first mail
bounces?

Anyway complaining about reverse dns not being configured, something
that clearly is not in my hands, and ignoring my reply doesn't make
/you/ popular.

Stefan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREKAAYFAkpHYJwACgkQYH1+F2Rqwn24EwCfc+RhlN7PJDfBya+cWC5DDNKD
ImsAmwY+nIEA2x8NRSZWjgXKr72b6xIl
=MJ49
-----END PGP SIGNATURE-----
_______________________________________________
Cherokee mailing list
Cherokee[at]lists.octality.com
http://lists.octality.com/listinfo/cherokee

stefan at konink

Jun 28, 2009, 5:25 AM

Post #7 of 16 (316 views)
Permalink

Re: new to cherokee and some questions [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Michiel van Es wrote:
> - how can I redirect all http traffic to https with the cherokee-admin?
> I want to redirect/push all webmail clients to https to ensure that
> their username/password is sent encrypted for example.

You can make a rule in the Virtual Servers sections based on the
Incomming Port. And make a redirection to your https://server

Stefan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREKAAYFAkpHYT8ACgkQYH1+F2Rqwn2PswCeN+dyi6ggG/qObE1YGhcqv2Ec
g5UAn3l8DAuLWf6lCyrRxzzV+XzuUl32
=O8AM
-----END PGP SIGNATURE-----
_______________________________________________
Cherokee mailing list
Cherokee[at]lists.octality.com
http://lists.octality.com/listinfo/cherokee

info at pcintelligence

Jun 28, 2009, 5:38 AM

Post #8 of 16 (315 views)
Permalink

Re: new to cherokee and some questions [In reply to]

Stefan de Konink wrote:
> Michiel Van Es wrote:
>> If I am doing something wrong with my spamfilter, please contact me
>> private and let the mailinglist out of it.
>
> Yeah right... and how should I contact you in private if my first mail
> bounces?

Ask your mailprovider to fix your reverse dns or set up your own
mailserver or use free mail provider or use a smart host on your own
mailserver.

>
> Anyway complaining about reverse dns not being configured, something
> that clearly is not in my hands, and ignoring my reply doesn't make
> /you/ popular.
I am not ignoring your reply dude, I answered you and told you that your
mailserver isn't 100%.
And besided my own mailserver, I can expect that other mailservers will
drop mail from your mailserver too because I think it is part of a RFC
and most spamfilters will check it.

For example:
http://aplawrence.com/Blog/B961.html
http://www.google.nl/search?q=mailserver+must+have+PTR&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Don't complain about my mailserver dropping your non RFC
mailserver..anyhow..I put you in the no processing list so you won't be
dropped anymore.

>
>
> Stefan
Michie
_______________________________________________
Cherokee mailing list
Cherokee[at]lists.octality.com
http://lists.octality.com/listinfo/cherokee
_______________________________________________
Cherokee mailing list
Cherokee[at]lists.octality.com
http://lists.octality.com/listinfo/cherokee

info at pcintelligence

Jun 28, 2009, 5:52 AM

Post #9 of 16 (315 views)
Permalink

Re: new to cherokee and some questions [In reply to]

Stefan de Konink wrote:
> Michiel van Es wrote:
>> - how can I redirect all http traffic to https with the cherokee-admin?
>> I want to redirect/push all webmail clients to https to ensure that
>> their username/password is sent encrypted for example.
>
> You can make a rule in the Virtual Servers sections based on the
> Incomming Port. And make a redirection to your https://server

Thanks, do you mean a regular expression redirect ala Apache:

And what do I have to put on the handler tab?
I got None right now (default) but it gives me an 405 Method Not Allowed
error..

>
>
> Stefan

Michiel
_______________________________________________
Cherokee mailing list
Cherokee[at]lists.octality.com
http://lists.octality.com/listinfo/cherokee
_______________________________________________
Cherokee mailing list
Cherokee[at]lists.octality.com
http://lists.octality.com/listinfo/cherokee

stefan at konink

Jun 28, 2009, 6:03 AM

Post #10 of 16 (315 views)
Permalink

Re: new to cherokee and some questions [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Michiel van Es wrote:
>
> Stefan de Konink wrote:
>> Michiel Van Es wrote:
>>> If I am doing something wrong with my spamfilter, please contact me
>>> private and let the mailinglist out of it.
>> Yeah right... and how should I contact you in private if my first mail
>> bounces?
>
> Ask your mailprovider to fix your reverse dns or set up your own
> mailserver or use free mail provider or use a smart host on your own
> mailserver.

With my reverse DNS is nothing wrong, it just is not set. And even if it
was set, it would be irrelevant because I own multiple domains and I am
really not going to waste IPv4 space per domainname.

Since my IPv6 space does have a pretty PTR record go v6, with a bit of
luck SpamAssassin is still not able to check ipv6 ips.

>> Anyway complaining about reverse dns not being configured, something
>> that clearly is not in my hands, and ignoring my reply doesn't make
>> /you/ popular.
> I am not ignoring your reply dude, I answered you and told you that your
> mailserver isn't 100%.

You ignored my ontopic reply; 2:25 vs 2:29.

Stefan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREKAAYFAkpHaiQACgkQYH1+F2Rqwn0jEgCggzxmKBvOVBTBXRLmYTMZJxl7
m9QAn3S+vgTIHJmoiKEDPWcRAYI5HYj2
=iCFF
-----END PGP SIGNATURE-----
_______________________________________________
Cherokee mailing list
Cherokee[at]lists.octality.com
http://lists.octality.com/listinfo/cherokee

stefan at konink

Jun 28, 2009, 6:05 AM

Post #11 of 16 (315 views)
Permalink

Re: new to cherokee and some questions [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Michiel van Es wrote:
>
> Stefan de Konink wrote:
>> Michiel van Es wrote:
>>> - how can I redirect all http traffic to https with the cherokee-admin?
>>> I want to redirect/push all webmail clients to https to ensure that
>>> their username/password is sent encrypted for example.
>> You can make a rule in the Virtual Servers sections based on the
>> Incomming Port. And make a redirection to your https://server
>
> Thanks, do you mean a regular expression redirect ala Apache:
>
> And what do I have to put on the handler tab?

'Redirection'

Stefan

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREKAAYFAkpHanwACgkQYH1+F2Rqwn0b2wCfZoM4Sbmj4/GeMrBWcewEqbLZ
pbYAn1UpMaXa0xW/pntrmTqrpTAbx4am
=v9XS
-----END PGP SIGNATURE-----
_______________________________________________
Cherokee mailing list
Cherokee[at]lists.octality.com
http://lists.octality.com/listinfo/cherokee

info at pcintelligence

Jun 28, 2009, 6:09 AM

Post #12 of 16 (315 views)
Permalink

Re: new to cherokee and some questions [In reply to]

Stefan de Konink wrote:
> Michiel van Es wrote:
>> Stefan de Konink wrote:
>>> Michiel van Es wrote:
>>>> - how can I redirect all http traffic to https with the cherokee-admin?
>>>> I want to redirect/push all webmail clients to https to ensure that
>>>> their username/password is sent encrypted for example.
>>> You can make a rule in the Virtual Servers sections based on the
>>> Incomming Port. And make a redirection to your https://server
>> Thanks, do you mean a regular expression redirect ala Apache:
>
>> And what do I have to put on the handler tab?
>
> 'Redirection'

What would the regular expression be then?
The one I suggested?
%{SERVER_PORT} !^443$
to
https://*url*$

?
>
>
>
> Stefan

Michiel
>
>
>
_______________________________________________
Cherokee mailing list
Cherokee[at]lists.octality.com
http://lists.octality.com/listinfo/cherokee

stefan at konink

Jun 28, 2009, 6:12 AM

Post #13 of 16 (315 views)
Permalink

Re: new to cherokee and some questions [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Michiel van Es wrote:
> What would the regular expression be then?
> The one I suggested?
> %{SERVER_PORT} !^443$
> to
> https://*url*$

What about:

/(.*) => https://webmail.pcintelligence.nl/$1

Stefan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREKAAYFAkpHbEYACgkQYH1+F2Rqwn0KowCeLHioGF4e9m/kfiEwPJMqrP9M
qBIAn1hZ9FhtBZKqo6E0YPV8ONAvvQxV
=0kpm
-----END PGP SIGNATURE-----
_______________________________________________
Cherokee mailing list
Cherokee[at]lists.octality.com
http://lists.octality.com/listinfo/cherokee

info at pcintelligence

Jun 28, 2009, 6:22 AM

Post #14 of 16 (315 views)
Permalink

Re: new to cherokee and some questions [In reply to]

Stefan de Konink wrote:
> Michiel van Es wrote:
>> What would the regular expression be then?
>> The one I suggested?
>> %{SERVER_PORT} !^443$
>> to
>> https://*url*$
>
> What about:
>
> /(.*) => https://webmail.pcintelligence.nl/$1
>

I got a redirect loop..something to do with the order of the rules?
>
> Stefan

Michiel
_______________________________________________
Cherokee mailing list
Cherokee[at]lists.octality.com
http://lists.octality.com/listinfo/cherokee

stefan at konink

Jun 28, 2009, 6:28 AM

Post #15 of 16 (315 views)
Permalink

Re: new to cherokee and some questions [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Michiel van Es wrote:
>
> Stefan de Konink wrote:
>> Michiel van Es wrote:
>>> What would the regular expression be then?
>>> The one I suggested?
>>> %{SERVER_PORT} !^443$
>>> to
>>> https://*url*$
>> What about:
>>
>> /(.*) => https://webmail.pcintelligence.nl/$1
>>
>
> I got a redirect loop..something to do with the order of the rules?

Did set this redirection on 'Incomming Port, then Port 80'?

Stefan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREKAAYFAkpHcBMACgkQYH1+F2Rqwn3/eQCcCAeJbuqKYLc/e8QXUNYi/iBN
WDcAn2rw7yz/mDR0ftO+etA8bnyT8PnX
=31Ks
-----END PGP SIGNATURE-----
_______________________________________________
Cherokee mailing list
Cherokee[at]lists.octality.com
http://lists.octality.com/listinfo/cherokee

info at pcintelligence

Jun 28, 2009, 6:30 AM

Post #16 of 16 (315 views)
Permalink

Re: new to cherokee and some questions [In reply to]

Stefan de Konink wrote:
> Michiel van Es wrote:
>> Stefan de Konink wrote:
>>> Michiel van Es wrote:
>>>> What would the regular expression be then?
>>>> The one I suggested?
>>>> %{SERVER_PORT} !^443$
>>>> to
>>>> https://*url*$
>>> What about:
>>>
>>> /(.*) => https://webmail.pcintelligence.nl/$1
>>>
>> I got a redirect loop..something to do with the order of the rules?
>
> Did set this redirection on 'Incomming Port, then Port 80'?

Ah..I see it now: I also added a new 443 port..that is why it was looping ;)
Thanks! Working like a charm!

>
>
> Stefan
Michiel
_______________________________________________
Cherokee mailing list
Cherokee[at]lists.octality.com
http://lists.octality.com/listinfo/cherokee

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com