Forum

Howdy,
Some years ago, I set up a couple of web servers using Hiawatha (thanks!) in an installation of Puppy 4.3.1-small on an IGEL thin client:

# hiawatha -v
Hiawatha v6.16, cache, IPv6, SSL, URL toolkit, XSLT

# inxi -b
System:    Host: puppypc Kernel: 2.6.30.5 i586 bits: 32 Console: tty 0 Distro: Puppy Linux
Machine:   Type: Unknown Mobo: N/A model: GXm-Cx5530A serial: N/A BIOS: Award v: 4.51 PG
           date: 03/21/02
CPU:       Single Core: Geode Integrated by National Semi type: UP speed: 301 MHz
Graphics:  Message: No PCI card data found.
           Display Server: X.org 1.3.0 driver: tty: 97x25
           Message: Unable to show advanced data. Required tool glxinfo missing.
Network:   Message: No PCI card data found.
Drives:    HDD Total Size: 3.73 GiB used: 988.6 MiB (25.9%)

# inxi -m
Memory:    RAM: total: 244.5 MiB used: 43.6 MiB (17.8%)
           Array-1: capacity: 256 MiB note: est slots: 4 EC: None
           Device-1: A0 size: N/A speed:
           Device-2: A1 size: 256 MiB speed:
           Device-3: A2 size: N/A speed:
           Device-4: A3 size: N/A speed:

# free
              total         used         free       shared buffers
  Mem:       250352       238484        11868            0 17376
 Swap:       523256            0       523256
Total:       773608       238484       535124
#

At first, I floundered around to get a working setup, so I might have borked something that's biting me, now, but it's been stable and reliable, afaict, for years. Namecheap registers mywebsite.biz and gfwebsite.com and, along the way, I added virtualhost statements to make the www.website variants resolve to our pages. I use the NameCheap dynamic dns service in my router running OpenWrt to keep our low-traffic sites live over the dynamic IP from my isp. With very few glitches, it's been set and forget.

Lately, I've noticed an increasing focus on https and tried to join the 20th century. First, I tried letsencrypt but it seems the script requires some newer software than I have on the puppypc and upgrading bits is a bit daunting, after all these years and changing of the Puppy guard. I did manage to generate a self-signed cert, configure it in hiawatha.conf, and view the https site after adding the exclusion in browsers, which is made increasingly hard to do and negates any benefit of making https available to visitors.

I broke down and paid namecheap a nominal amount for a couple of COMODO SSL certs that are supposed to cover both website and www.website addresses. In reading docs and howtos, I'm finding differences in syntax between my version of Hiawatha and what is readily available through google search. For example, what I have for the Bind statement, which works, as I described:

Binding {
    BindingID = main-https  *
    Port = 443
    SSLcertFile = /etc/hiawatha/tls/newkey-selfcert.pem
}

*BindingID is something I added today, trying to get my virtualhost statements to pass a hiawatha start. It doesn't throw a syntax error, at least. I've found I need to use SSLcertFile instead of TLScertFile and assume this difference would apply for every such statement, albeit I've tried TLScertFile and, even ServerKey, which is used in the default hiawatha.conf that came with my installation.

VirtualHost {
        Hostname = website.biz
        RequiredBinding = main-http, main-https   *
        WebsiteRoot = /root/httpd/hiawatha/website.biz/jobs_page
        StartFile = index.html
        AccessLogfile = /var/log/hiawatha/wsbizaccess.log
        ErrorLogfile = /var/log/hiawatha/wsbizerror.log
        UseFastCGI = PHP5
        UseXSLT = yes
#        SSLcertFile = /etc/hiawatha/tls/website.pem
#       HostnameAlias = *.website.biz
}

I also added RequiredBinding just today and it doesn't trigger an error at start. With the SSLcertFile statement uncommented, whether I use TLScertFile or ServerKey or relative path tls/website.pem that I saw in a newer post, today, or just website.pem that I've seen in an older howto, the error is

# /usr/sbin/hiawatha.run restart
Stopping webserver: Hiawatha
Starting webserver: Syntax error in hiawatha.conf on line 129.
error!
#

Looking at files on my desktop, I think I followed a howto by Growler on the Puppy forum just a little over 5 years ago, installing LHMP-8.0-5.3.4-5.3.10.pet on my puppypc to get this show rolling. Whether upgrading Hiawatha could be helpful or possible is interesting but I don't know a clear path to do that and migrate my sites.

Thanks.

Addendum: After writing this, I looked into the Puppy Package Manager and see that hiawatha-6.17.1-1-p4 is available, there, in case that would make a difference.

Also, I noticed building the latest Hiawatha on my machine would require a newer cmake, so I got 3.11.1 gave it a whirl.
Pretty early on, `bootstrap` complained "Cannot find a C++ compiler supporting C++11 on this system" so I think I'll back-burner that strategy.

Hi Rolf. Does your certificate file contain both private key and certificate as described in the howto?

I'll try to post only, Yes, as a more thorough report was rejected, as before.

I am running Hiawatha version 6+ through to version 10.8.1 on various variations of Puppy Linux. I use Hiawatha now almost exclusively to run ZoneMinder. All I ever do is download the Debian version of Hiawatha and let PETGET install the .deb file. Since I mostly stick with Ubuntu binary based Puppies I have also have successfully added the Hiawatha PPA to the Puppy Package Manager and have had success install it that way as well.

If you decide to upgrade the Hiawatha server that comes built into Puppy Linux from v 6+ to version 10.8.1 and you are running Tahr, Xenial, Artful or Bionic you can simply download the Debian .deb and click on it. PETGET will install it. REMEMBER to back up your /etc/hiawatha directory before you install the newer version. Any Questions I may be able to help.

Thanks Erik. I've searched on the Puppy release names you suggested + related links and, apart from Puppy 5.2.5 Retro [puppylinux.org], which is derived from the 4.3.1 I am running, the specifications of my hardware (see first post) don't rise to the challenge.

As an update, I spent 1.5 hours with the always helpful Namecheap support staff in a chat with a certificates expert. He assembled what he said was the proper certificate file for me, which might or might not be different from what I have done, and which also triggered the syntax error failure when starting Hiawatha. To me, it seems to me the error derives from just that, syntax of the line in Hiawatha.conf...

I will probably try, at first, to perform the minor update of Hiawatha available in my PPM. I will also try booting some newer Puppy on CD from a usb CD drive but I'm not sure the IGEL will allow that. Any further suggestions would be welcome, thanks very much!

Ok, I installed v6.17.1from the PPM on my 4.3.1 Puppy installation and restored /etc/hiawatha.conf, as you mentioned, Erik. It works but displays the same error when I try to include the certificate statement. Since clicking on a deb in the ROX file manager results in installation of such a file, I tried that with the newest Hiawatha v10.8.1 i386 deb. There is not much in the way of dependency checking for this method, however, and that installation will not run:

# hiawatha -v
hiawatha: /lib/libz.so.1: no version information available (required by hiawatha)
hiawatha: /usr/lib/libxml2.so.2: no version information available (required by hiawatha)
hiawatha: /usr/lib/libxml2.so.2: no version information available (required by hiawatha)
hiawatha: /usr/lib/libxslt.so.1: no version information available (required by hiawatha)
hiawatha: /usr/lib/libxslt.so.1: no version information available (required by hiawatha)
Hiawatha v10.8.1, copyright (c) by Hugo Leisink <hugo@leisink.net>

What happens if you go to the Debian site and grab those 3 packages and install them? Maybe the wheezy packages?

Hi,
RPM is my package manager and I'm without much experience in the Debian ways. However, I managed to ferret out this much on my server:

# dpkg-deb -I ./hiawatha_10.8.1_i386.deb 
 new debian package, version 2.0.
 size 498882 bytes: control archive= 1316 bytes.
     184 bytes,     7 lines      conffiles            
     494 bytes,    13 lines      control              
    1038 bytes,    16 lines      md5sums              
     216 bytes,    10 lines   *  postinst             #!/bin/sh
     165 bytes,     9 lines   *  postrm               #!/bin/sh
     173 bytes,     9 lines   *  prerm                #!/bin/sh
 Package: hiawatha
 Version: 10.8.1
 Architecture: i386
 Maintainer: Chris Wadge <cwadge@tuxhelp.org>
 Installed-Size: 1081
 Depends: libc6 (>= 2.3.6-6~), libxml2 (>= 2.7.4), libxslt1.1 (>= 1.1.25), zlib1g (>= 1:1.2.3.3), logrotate
 Suggests: php-fpm
 Provides: httpd, httpd-cgi
 Section: web
 Priority: optional
 Homepage: http://www.hiawatha-webserver.org/
 Description: Advanced and secure webserver for Unix
  Hiawatha is a webserver with the three key attributes: secure, easy-to-use, and lightweight.

Thanks for the suggestion but, at this point, bitter experience that I would expect is common to all package managers dissuades me from following down this path of chained versioned dependencies. IOW, a newer OS will be needed for a newer Hiawatha and my hardware of choice is at odds.

I've burned a couple of CDs, Puppy Precise 5.7.1 Retro and Puppy lupu 5.1.0. When time permits, I'll try to boot to these on the IGEL and continue the investigation whether it's a problem with my config file, a bug in the older Hiawatha, in the older Puppy, or else.

Thanks.

The IGEL doesn't have a boot option for usb CD-ROM. I probably installed Puppy on the 4G 44-pin DOM on another machine and don't want to go through that disruption to the server just to test another distro. There's a slightly more powerful IGEL 2110 LX [www.parkytowers.me.uk] on the way. Short of figuring out the syntax problem on the current setup, that'll be my next experiment.

<topic open post>

Since we last spoke, I've changed path, a little and made a little progress. I did purchase the IGEL 2110 LX as noted above but, while doing so, I spotted another candidate with better specs, Dell Wyse D90D7 Thin Client [www.cnet.com]. Also, I upgraded the flash storage from 4GB to an Apacer 16GB SSD SATA - CG0K9 [www.dell.com] card from Dell. I had tried, first, with a cheaper 16GB HP Phison model but could not get it to work. One online Dell support forum post said the Apacer was compatible and it's working. A memory upgrade from 2GB to 4GB DDR3-1600 PC3-12800S 1600Mhz HYNIX HMT351S6CFR8C-PB LAPTOP RAM completes getting the machine ready for an OS and Dell sold me, also, their one-of-a-kind Wyse Dual Mounting VESA Bracket Kit for 5010/5020 thin client [www.dell.com] so I can assemble the server with occasional-use monitor in a compact package.

[rolf@d90d7 ~]$ cat /etc/release
Mageia release 6 (Official) for x86_64                                                         
[rolf@d90d7 ~]$ rpm -q hiawatha
hiawatha-10.4-1.2.mga6
[rolf@d90d7 ~]$ sudo hiawatha -v
Hiawatha v10.4, copyright (c) by Hugo Leisink <hugo@leisink.net>
[rolf@d90d7 ~]$

The ability to upgrade hiawatha, eventually, has got https working in a proof of concept.

TLScertFile = /etc/hiawatha/tls/mywebsite.pem

It seems to me the upgrade has allowed me to use "TLScertfile" w/o triggering a syntax error and my https url now resolves in the browser. I say, "proof of concept" as what I've done is copy the website(s) files from the IGEL to the D90D7 and forwarded port 443 in the router to the Wyze. Port 80 traffic still goes to IGEL to not disrupt the functionality I had. Initially, I've pointed the Wyze hiawatha.conf to a file that only contains the key and certificate without optional intermediate CA certificate. So, I can serve the basic https site but haven't attempted to compile a complete key file for GF's site or my alias urls. It's a WIP but I think the fundamental problem is solved.

Thanks.