A few newbie questions before using Mongoose, Lua, and SQLite

508 views
Skip to first unread message

Gilles

unread,
Jan 14, 2014, 9:58:41 AM1/14/14
to mongoos...@googlegroups.com
Hello

I went through the online docs before posting, but didn't find the answers.

As said in the Subject, I'd like to use Mongoose to run small web sites with support for Lua and SQLite:

  1. Can Mongoose be launched at boot time as a service? "Mongoose does not detach from terminal." says the docs
  2. What should file access rights be for CGI scripts? Is 500 OK?
  3. .htaccess: What is a realm? This doesn't work: ./mongoose-lua-sqlite -A .htpasswd 192.168.0.10 joe test -> joe:192.168.0.10:c8b1228323d9839b089a4ebd57c131cf -> 404 when typing login/password
  4. How to handle 404 instead of just displaying "404 Not Found"?
  5. How to log access/error? Even with "error_log_file mongoose.error.log" in mongoose.conf, no file is created when a 404 occurs
  6. docs/LuaSqlite.md doesn't mention Lua scripts with .mg.lua extension: Are HTML with embedded Lua code (.lp) still available in addition to Lua scripts with .mg.lua extension? Which way do you recommend?
  7. Any tips about how to handle HTML forms safely, and generally, about running Mongoose safely, including Lua scripting?
  8. Is using LuaRocks OK to install Lua modules and access them from Lua scripts in Mongoose?

Thanks for any help.

Sergey Lyubka

unread,
Jan 14, 2014, 10:11:13 AM1/14/14
to mongoose-users
On Tue, Jan 14, 2014 at 2:58 PM, Gilles <frdt...@gmail.com> wrote:
Hello

I went through the online docs before posting, but didn't find the answers.

As said in the Subject, I'd like to use Mongoose to run small web sites with support for Lua and SQLite:

  1. Can Mongoose be launched at boot time as a service? "Mongoose does not detach from terminal." says the docs

Yes. On Windows, mongoose executable can be installed as a windows service.
On UNIX, start mongoose detached in your startup script. I use the following
upstart config file:

description "The Mongoose web server"
start on stopped rc
stop on runlevel [016]
respawn
script
/usr/bin/mongoose -document_root /var/www
end script
post-stop exec sleep 3

  1. What should file access rights be for CGI scripts? Is 500 OK?
500 might not be OK, it depends on the owner of the file and webserver UID. 755 is OK.
 
  1. .htaccess: What is a realm? This doesn't work: ./mongoose-lua-sqlite -A .htpasswd 192.168.0.10 joe test -> joe:192.168.0.10:c8b1228323d9839b089a4ebd57c131cf -> 404 when typing login/password
Default realm is "mydomain.com", could be changed with -auth_domain option. It's in the docs.
 
  1. How to handle 404 instead of just displaying "404 Not Found"?
mongoose -url_rewrites 404=/cgi-bin/error.cgi
It's also in the docs.

  1. How to log access/error? Even with "error_log_file mongoose.error.log" in mongoose.conf, no file is created when a 404 occurs
There is no error_log_file. Errors are reported back to the client. CGIs can intercept stderr.
 
  1. docs/LuaSqlite.md doesn't mention Lua scripts with .mg.lua extension: Are HTML with embedded Lua code (.lp) still available in addition to Lua scripts with .mg.lua extension? Which way do you recommend?
There are only .lp Lua scripts.  ".mg.lua" was an experiment prior to 5.0 release.
 
  1. Any tips about how to handle HTML forms safely, and generally, about running Mongoose safely, including Lua scripting?
I suggest using "-run_as_user nobody" option, and run mongoose in a jail environment.


  1. Is using LuaRocks OK to install Lua modules and access them from Lua scripts in Mongoose?
If luarocks modules are compiled C libraries, they won't work. Pure Lua modules will.


Gilles

unread,
Jan 14, 2014, 10:25:37 AM1/14/14
to mongoos...@googlegroups.com
Thanks for the infos.

1. I can't either create an .htaccess file or have it work as planned (login refused):
"./mongoose-lua-sqlite -A .htpasswd -auth_domain 192.168.0.10 joe test"
OR
mongoose.conf includes "auth_domain 192.168.0.10" and I ran "./mongoose-lua-sqlite -A .htpasswd joe test"

2. Is error_log_file deprecated?

3. So ".mg.lua" scripts must be moved to HTML + embedded .lp scripts?

4. "If luarocks modules are compiled C libraries, they won't work. Pure Lua modules will.": "Pure lua modules" = source script compiled on-the-fly by the embedded Lua interpreter, as opposed to external, compiled C librarires?

Does someone know if most Lua libraries are C, in which case, most libraries aren't usable with Mongoose?

Thank you.

Sergey Lyubka

unread,
Jan 14, 2014, 10:31:30 AM1/14/14
to mongoose-users
On Tue, Jan 14, 2014 at 3:25 PM, Gilles <frdt...@gmail.com> wrote:
Thanks for the infos.

1. I can't either create an .htaccess file or have it work as planned (login refused):
"./mongoose-lua-sqlite -A .htpasswd -auth_domain 192.168.0.10 joe test"
OR
mongoose.conf includes "auth_domain 192.168.0.10" and I ran "./mongoose-lua-sqlite -A .htpasswd joe test"

./mongoose-lua-sqlite -A .htpasswd mydomain.com joe test
./mongoose
 

2. Is error_log_file deprecated?

yes 

3. So ".mg.lua" scripts must be moved to HTML + embedded .lp scripts?

yes

Gilles

unread,
Jan 14, 2014, 10:38:58 AM1/14/14
to mongoos...@googlegroups.com
Thanks but still no go (this is in a test lab, so no DNS server):
  1. Added server host to "hosts" file on client host: 192.168.0.10<TAB>srv
  2. Ran ./mongoose-lua-sqlite -A .htpasswd srv joe test
  3. Hit "http://srv:8080/mysecret": Doesn't pass authentication, and ends in 404

Sergey Lyubka

unread,
Jan 14, 2014, 10:46:44 AM1/14/14
to mongoose-users
On Tue, Jan 14, 2014 at 3:38 PM, Gilles <frdt...@gmail.com> wrote:
Thanks but still no go (this is in a test lab, so no DNS server):
  1. Added server host to "hosts" file on client host: 192.168.0.10<TAB>srv
  2. Ran ./mongoose-lua-sqlite -A .htpasswd srv joe test
  3. Hit "http://srv:8080/mysecret": Doesn't pass authentication, and ends in 404
Note that your question is not mongoose specific. I've shown you a working sequence of commands,
and you turned around with non-working one saying it is not working. Wasn't that expected?

an example with explanation.

Here is another working sequence that uses "srv" domain rather then the default one:

mongoose -A .htpasswd srv joe test
mongoose -auth_domain srv

I have no problem explaining things, but please read carefully.

Gilles

unread,
Jan 14, 2014, 10:56:29 AM1/14/14
to mongoos...@googlegroups.com
Thanks it worked.

For the benefit of other newbies:

  1. Generate the password file, and put in the directory you wish to protect:

    ./mongoose -A .htpasswd myserver joe test

  2. Next, either launch Mongoose with "./mongoose -auth_domain myserver" or edit mongoose.conf to include the auth_domain directive.
Reply all
Reply to author
Forward
0 new messages