NAS4Free 11.0.0.4.4282 released (FreeBSD 11.0-RELEASE-P10)

[zoon01]

The NAS4Free Team is pleased to announce the release of version 11.0.0.4.4282 - Sayyadina

Download build 11.0.0.4.4282
Read the readme_11.0

Major Change!

cifs/smb note:
==============
From Samba 4.5.0 and up the default value for the "ntlm auth" option is changed from "yes" to "no".
This may have impact on very old clients which doesn't support NTLMv2 yet.
Only if you really need NTLMv1 Authentication you can set in Additional Parameters: "ntlm auth = yes".

BUILD 11.0.0.4.4282

Changes after release 11.0.0.4.4195
===============================
- Upgrade to FreeBSD 11.0-RELEASE-P10.
- Update translations.
- Add new framework to LAGG.
- Add healthcheck script for zfs.
- Add function: create a dataset by using the configuration of an existing dataset.
- Add some radio buttons/design changes to webgui.
- Upgrade syncthing to 0.14.27.
- Upgrade tmux to 2.4.
- Upgrade samba to 4.6.3.
- Upgrade nano to 2.8.3.
- Upgrade virtualbox-ose to 5.1.22.
- Fix IE11 and Edge browser issue with novnc.

Note:
Clear your browser's cache to avoid display issues after upgrade.
Make a new backup of your system configuration and store this on safe location.

Enjoy!

Regards,
The NAS4Free Team

[raulfg3]

Upgrade sucesfully, no problems here.

Thanks

[sleid]

Upgrade sucesfully, no problems here.

French translation completed.

Thanks

[doktornotor]

When you set up the WebGUI to use HTTPS, this doesn't work for IPv6. Instead, lighttpd uses HTTP on the [IPv6]:443 socket because the configuration is wrong and lighttpd's config is very "friendly".

See https://redmine.lighttpd.net/projects/l ... Pv6-Config and this discussion with lighttpd developer: https://github.com/pfsense/FreeBSD-ports/pull/284

This is not specific to this release, the configuration could have never worked as is. You need to repeat all the SSL options until at least 1.4.46 is included in N4F.

[doktornotor]

When you set up the WebGUI to use HTTPS, this doesn't work for IPv6. Instead, lighttpd uses HTTP on the [IPv6]:443 socket because the configuration is wrong and lighttpd's config is very "friendly".

Posting the fixed code and diff. (Also changed the script to not bother with certificates when $lighttpd_forcehttpfile exists.)

/etc/rc.d/lighttpd

Code: Select all

#!/bin/sh
#
# Part of NAS4Free (http://www.nas4free.org).
# Copyright (c) 2012-2017 The NAS4Free Project <info@nas4free.org>.
# All rights reserved.
#
# Lighttpd Daemon
#

# PROVIDE: lighttpd
# REQUIRE: htpasswd DAEMON
# KEYWORD: shutdown

. /etc/rc.subr
. /etc/util.subr
. /etc/configxml.subr

name="lighttpd"
desc="Lighttpd Daemon"
rcvar=lighttpd_enable

load_rc_config "${name}"

# Custom commands
start_precmd="lighttpd_mkconf"
stop_postcmd="lighttpd_poststop"
restart_precmd="lighttpd_check"
reload_precmd="lighttpd_prereload"
reload_postcmd="lighttpd_postreload"
mkconf_cmd="lighttpd_mkconf"
check_cmd="lighttpd_check"
extra_commands="reload check mkconf"

# Defaults
lighttpd_enable=${lighttpd_enable:-"NO"}
lighttpd_conf=${lighttpd_conf:-"/var/etc/lighttpd.conf"}
lighttpd_certpem=${lighttpd_certpem:-"/var/etc/cert.pem"}
lighttpd_docroot=${lighttpd_docroot:-"/usr/local/www"}
lighttpd_server_maxwriteidle=${lighttpd_server_maxwriteidle:-"360"}
lighttpd_pidfile=${lighttpd_pidfile:-"/var/run/${name}.pid"}
lighttpd_forcehttpfile=${lighttpd_forcehttpfile:-"/var/run/${name}.forcehttp"}
lighttpd_authrequire=${lighttpd_authrequire:-"NO"}
lighttpd_uploaddir=${lighttpd_uploaddir:-"/var/tmp"}
lighttpd_maxrequestsize=${lighttpd_maxrequestsize:-"524288"}
command=/usr/local/sbin/lighttpd
command_args="-f ${lighttpd_conf} -m /usr/local/lib/lighttpd"
pidfile=${lighttpd_pidfile}
sig_reload="-INT"

# Create symlink for lighttpd file upload if it doesn't exist.
#if [ ! -h "${lighttpd_uploaddir}/ftmp" ]; then
#	ln -s /ftmp "${lighttpd_uploaddir}/ftmp"
#fi
if [ -h "${lighttpd_uploaddir}/ftmp" ]; then
	rm -f "${lighttpd_uploaddir}/ftmp"
fi
if [ ! -d "${lighttpd_uploaddir}/ftmp" ]; then
	mkdir -p "${lighttpd_uploaddir}/ftmp"
fi
chmod 1777 "${lighttpd_uploaddir}/ftmp"

# FastCGI socket directory
mkdir -p /var/tmp/fastcgi
chmod 755 /var/tmp/fastcgi


lighttpd_mkconf()
{
	local _protocol _certificate _privatekey _tmpfile
	local _ifn _ipaddr _ipv6addr _port
	local _subnet _network _ipv6subnet _ipv6network _hostsallow

	# get LAN interface
	_ifn=`configxml_get "//interfaces/lan/if"`
	_ifn=`get_if ${_ifn}`
	# get IPv4 LAN address and network
	_ipaddr=`configxml_get "//interfaces/lan/ipaddr"`
	if [ "${_ipaddr}" = "dhcp" ]; then
		_ipaddr=`get_ipaddr inet ${_ifn}`
		_network=`get_network inet ${_ifn}`
		if [ "${_ipaddr}" = "0.0.0.0" ]; then
			echo "can't get DHCP address"
			_network="0.0.0.0/0"
		fi
	else
		_subnet=`configxml_get "//interfaces/lan/subnet"`
		_network="${_ipaddr}/${_subnet}"
	fi
	# get IPv6 LAN address and network
	_ipv6addr=""
	_ipv6network=""
	if configxml_isset "//interfaces/lan/ipv6_enable"; then
		_ipv6addr=`configxml_get "//interfaces/lan/ipv6addr"`
		if [ "${_ipv6addr}" = "auto" ]; then
			_ipv6addr=`get_ipv6addr_nll ${_ifn}`
			_ipv6network=`get_ipv6network_nll ${_ifn}`
		else
			_ipv6subnet=`configxml_get "//interfaces/lan/ipv6subnet"`
			_ipv6network="${_ipv6addr}/${_ipv6subnet}"
		fi
	fi

	# TCP port
	if [ -f "${lighttpd_forcehttpfile}" ]; then
		_protocol="http"
		_port="80"
	else
		_protocol=`configxml_get "//system/webgui/protocol"`
		_port=`configxml_get "//system/webgui/port"`
		if [ -z "$_port" ]; then
			if [ "${_protocol}" = "https" ]; then
				_port="443"
			else
				_port="80"
			fi
		fi
	fi
	# hosts allow
	_hostsallow=`configxml_get "//system/webgui/hostsallow"`
	_hostsallow_disable=0
	# fallback if hostsallow is not configured
	if [ -z "${_hostsallow}" ]; then
		# add IPv4 network
		if [ -n "${_network}" ]; then
			_hostsallow="${_hostsallow} ${_network}"
		fi
		# add IPv6 network
		if [ -n "${_ipv6network}" ]; then
			_hostsallow="${_hostsallow} ${_ipv6network}"
		fi
	fi
	# add IPv4 localhost
	if [ -n "${_network}" ]; then
		_hostsallow="${_hostsallow} 127.0.0.1"
	fi
	# add IPv6 localhost
	if [ -n "${_ipv6network}" ]; then
		_hostsallow="${_hostsallow} ::1"
	fi
	# trim _hostsallow
	_hostsallow="${_hostsallow#"${_hostsallow%%[![:space:]]*}"}"

	if configxml_isset "//system/webgui/hostsallow_disable"; then
		_hostsallow_disable=1
	fi

	# Create lighttpd.conf file
	cat <<EOF > ${lighttpd_conf}
server.modules = (
  "mod_access",
  "mod_auth",
  "mod_expire",
  "mod_cgi",
  "mod_fastcgi",
  "mod_setenv"
 )
server.document-root = "${lighttpd_docroot}"
server.errorlog-use-syslog = "enable"
#server.event-handler = "freebsd-kqueue"
server.event-handler = "libev"
server.max-write-idle = ${lighttpd_server_maxwriteidle}
index-file.names = ( "index.php" )
# set trust path
setenv.add-environment = ( "PATH" => "/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin" )
\$HTTP["url"] =~ "\.(js|css|png|gif|jpg)$" {
    expire.url = ( "" => "access plus 1 hours" )
}
# mimetype mapping
mimetype.assign             = (
  ".pdf"          =>      "application/pdf",
  ".sig"          =>      "application/pgp-signature",
  ".spl"          =>      "application/futuresplash",
  ".class"        =>      "application/octet-stream",
  ".ps"           =>      "application/postscript",
  ".torrent"      =>      "application/x-bittorrent",
  ".dvi"          =>      "application/x-dvi",
  ".gz"           =>      "application/x-gzip",
  ".pac"          =>      "application/x-ns-proxy-autoconfig",
  ".swf"          =>      "application/x-shockwave-flash",
  ".tar.gz"       =>      "application/x-tgz",
  ".tgz"          =>      "application/x-tgz",
  ".tar"          =>      "application/x-tar",
  ".zip"          =>      "application/zip",
  ".mp3"          =>      "audio/mpeg",
  ".m3u"          =>      "audio/x-mpegurl",
  ".wma"          =>      "audio/x-ms-wma",
  ".wax"          =>      "audio/x-ms-wax",
  ".ogg"          =>      "application/ogg",
  ".wav"          =>      "audio/x-wav",
  ".gif"          =>      "image/gif",
  ".jar"          =>      "application/x-java-archive",
  ".jpg"          =>      "image/jpeg",
  ".jpeg"         =>      "image/jpeg",
  ".png"          =>      "image/png",
  ".svg"          =>      "image/svg+xml",
  ".xbm"          =>      "image/x-xbitmap",
  ".xpm"          =>      "image/x-xpixmap",
  ".xwd"          =>      "image/x-xwindowdump",
  ".css"          =>      "text/css",
  ".html"         =>      "text/html",
  ".htm"          =>      "text/html",
  ".js"           =>      "text/javascript",
  ".asc"          =>      "text/plain",
  ".c"            =>      "text/plain",
  ".cpp"          =>      "text/plain",
  ".log"          =>      "text/plain",
  ".conf"         =>      "text/plain",
  ".text"         =>      "text/plain",
  ".txt"          =>      "text/plain",
  ".spec"         =>      "text/plain",
  ".dtd"          =>      "text/xml",
  ".xml"          =>      "text/xml",
  ".mp4"          =>      "video/mp4",
  ".mpg4"         =>      "video/mp4",
  ".mpeg"         =>      "video/mpeg",
  ".mpg"          =>      "video/mpeg",
  ".mov"          =>      "video/quicktime",
  ".qt"           =>      "video/quicktime",
  ".avi"          =>      "video/x-msvideo",
  ".asf"          =>      "video/x-ms-asf",
  ".asx"          =>      "video/x-ms-asf",
  ".wmv"          =>      "video/x-ms-wmv",
  ".bz2"          =>      "application/x-bzip",
  ".tbz"          =>      "application/x-bzip-compressed-tar",
  ".tar.bz2"      =>      "application/x-bzip-compressed-tar",
  ".rpm"          =>      "application/x-rpm",
  # make the default mime type application/octet-stream.
  ""              =>      "application/octet-stream",
 )
#url.access-deny = ( "~", ".inc", ".htpasswd" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
server.pid-file = "${pidfile}"
#cgi.assign = (".php" => "/usr/local/bin/php-cgi")

# FastCGI
fastcgi.server = ( ".php" =>
  ( "localhost" =>
    ( "socket" => "/var/tmp/fastcgi/php.socket",
        "bin-path" => "/usr/local/bin/php-cgi",
        "check-local" => "disable",
        "bin-environment" => (
            "PHP_FCGI_CHILDREN" => "2",
            "PHP_FCGI_MAX_REQUESTS" => "500"
        ),
        "bin-copy-environment" => (
            "PATH", "SHELL", "USER" ),
        "broken-scriptfilename" => "enable",
        "min-procs" => 1,
        "max-procs" => 2,
        "max-load-per-proc" => 90,
        "idle-timeout" => 360,
        "x-sendfile" => "enable"
    )
  )
)
EOF

	# hosts allow
	if [ $_hostsallow_disable -eq 0 ]; then
		cat <<EOF >> ${lighttpd_conf}
url.access-deny = ( "" )
EOF
		for h in $_hostsallow; do
			cat <<EOF >> ${lighttpd_conf}
\$HTTP["remoteip"] == "$h" {
	url.access-deny = ( "~", ".inc", ".htpasswd" )
}
EOF
		done
	fi

	# Set temporary directory
	cat <<EOF >> ${lighttpd_conf}
server.upload-dirs = ( "${lighttpd_uploaddir}/ftmp", "${lighttpd_uploaddir}" )
server.max-request-size = ${lighttpd_maxrequestsize}
EOF

	# Disable File Manager
	if [ `configxml_get_count "//system/disablefm"` -gt 0 ]; then
		cat <<EOF >> ${lighttpd_conf}
\$HTTP["url"] =~ "^/quixplorer/" {
  url.access-deny = ( "" )
}
EOF
	fi

	# Is authentication (RFC 2617) required?
	if checkyesno lighttpd_authrequire; then
		/usr/local/bin/xml sel -t \
			-o "auth.backend = \"htpasswd\"" -n \
			-o "auth.backend.htpasswd.userfile = \"${lighttpd_docroot}/.htpasswd\"" -n \
			-o "auth.require = ( \"/\" => (" -n \
			-o "  \"method\"  => \"basic\"," -n \
			-v "concat('  \"realm\"   => \"',//system/hostname,'\",')" -n \
			-o "  \"require\" => \"valid-user\"" -n \
			-o "  )," -n \
			-o ")" -n \
			${configxml_file} | /usr/local/bin/xml unesc >> ${lighttpd_conf}
	fi

	# HTTPS
	if [ "${_protocol}" = "https" ] && [ ! -f "${lighttpd_forcehttpfile}" ]; then
		_certificate=`configxml_get "//system/webgui/certificate"`
		_privatekey=`configxml_get "//system/webgui/privatekey"`
		# Create /var/etc/cert.pem file
		if [ -n "${_certificate}" -a -n "${_privatekey}" ]; then
			_tmpfile=/tmp/lighttpd$$.tmp

			echo "${_certificate}" > ${_tmpfile}
			/usr/bin/uudecode -m -p -r ${_tmpfile} > ${lighttpd_certpem}
			echo "" >> ${lighttpd_certpem}
			echo "${_privatekey}" > ${_tmpfile}
			/usr/bin/uudecode -m -p -r ${_tmpfile} >> ${lighttpd_certpem}

			/bin/rm -f ${_tmpfile}
		fi

		[ -e ${lighttpd_certpem} ] && /bin/chmod 0600 ${lighttpd_certpem}

		# Set IP address and TCP port (SSL)
		# IPv4
		if [ -n "${_ipaddr}" ]; then
			cat <<EOF >> ${lighttpd_conf}
server.bind = "${_ipaddr}"
server.port = "${_port}"
EOF
			/usr/local/bin/xml sel -t \
				-i "//system/webgui/protocol[. = 'https']" \
					-o "ssl.engine = \"enable\"" -n \
					-o "ssl.pemfile = \"${lighttpd_certpem}\"" -n \
					-o "ssl.use-sslv3 = \"disable\"" -n \
				-b \
				${configxml_file} | /usr/local/bin/xml unesc >> ${lighttpd_conf}

			# IPv4 + IPv6
			if [ -n "${_ipv6addr}" ]; then
				cat <<EOF >> ${lighttpd_conf}
\$SERVER["socket"] == "[${_ipv6addr}]:${_port}" {
EOF

				/usr/local/bin/xml sel -t \
					-i "//system/webgui/protocol[. = 'https']" \
						-o "ssl.engine = \"enable\"" -n \
						-o "ssl.pemfile = \"${lighttpd_certpem}\"" -n \
						-o "ssl.use-sslv3 = \"disable\"" -n \
					-b \
					${configxml_file} | /usr/local/bin/xml unesc >> ${lighttpd_conf}

				cat <<EOF >> ${lighttpd_conf}
}
EOF
			fi
		else
			# IPv6-only
			if [ -n "${_ipv6addr}" ]; then
				cat <<EOF >> ${lighttpd_conf}
server.bind = "${_ipv6addr}"
server.port = "${_port}"
EOF
			/usr/local/bin/xml sel -t \
				-i "//system/webgui/protocol[. = 'https']" \
					-o "ssl.engine = \"enable\"" -n \
					-o "ssl.pemfile = \"${lighttpd_certpem}\"" -n \
					-o "ssl.use-sslv3 = \"disable\"" -n \
				-b \
				${configxml_file} | /usr/local/bin/xml unesc >> ${lighttpd_conf}
			fi
		fi
	# HTTP
	else
		# Set IP address and TCP port (no SSL)
		# IPv4
		if [ -n "${_ipaddr}" ]; then
			cat <<EOF >> ${lighttpd_conf}
server.bind = "${_ipaddr}"
server.port = "${_port}"
EOF
			# IPv4 + IPv6
			if [ -n "${_ipv6addr}" ]; then
				cat <<EOF >> ${lighttpd_conf}
\$SERVER["socket"] == "[${_ipv6addr}]:${_port}" { }
EOF
			fi
		else
			# IPv6-only
			if [ -n "${_ipv6addr}" ]; then
				cat <<EOF >> ${lighttpd_conf}
server.bind = "${_ipv6addr}"
server.port = "${_port}"
EOF
			fi
		fi
	fi

	# Add auxparam
	/usr/local/bin/xml sel -t -m "//webgui" \
		-m "auxparam" \
			-v "." -n \
		-b \
		${configxml_file} | /usr/local/bin/xml unesc >> ${lighttpd_conf}
}

lighttpd_check()
{
	echo "Performing sanity check on ${name} configuration:"
	eval "${command} ${command_args} -t"
}

lighttpd_poststop()
{
	rm -f ${pidfile}
}

lighttpd_prereload()
{
	echo "Stopping ${name} and starting gracefully."
}

lighttpd_postreload()
{
	rm -f ${pidfile}
	run_rc_command start
}

run_rc_command "$1"

Patch only:

Code: Select all

--- a/etc/rc.d/lighttpd	2017-05-19 17:16:03.000000000 +0200
+++ b/etc/rc.d/lighttpd	2017-05-23 11:58:00.000000000 +0200
@@ -255,25 +255,6 @@
 )
 EOF
 
-	# Set IP address and TCP port
-	if [ -n "${_ipaddr}" ]; then
-		cat <<EOF >> ${lighttpd_conf}
-server.bind = "${_ipaddr}"
-server.port = "${_port}"
-EOF
-		if [ -n "${_ipv6addr}" ]; then
-			cat <<EOF >> ${lighttpd_conf}
-\$SERVER["socket"] == "[${_ipv6addr}]:${_port}" { }
-EOF
-		fi
-	else
-		if [ -n "${_ipv6addr}" ]; then
-			cat <<EOF >> ${lighttpd_conf}
-server.bind = "${_ipv6addr}"
-server.port = "${_port}"
-EOF
-		fi
-	fi
 	# hosts allow
 	if [ $_hostsallow_disable -eq 0 ]; then
 		cat <<EOF >> ${lighttpd_conf}
@@ -317,25 +298,8 @@
 			${configxml_file} | /usr/local/bin/xml unesc >> ${lighttpd_conf}
 	fi
 
-	if [ ! -f "${lighttpd_forcehttpfile}" ]; then
-		/usr/local/bin/xml sel -t \
-			-i "//system/webgui/protocol[. = 'https']" \
-				-o "ssl.engine = \"enable\"" -n \
-				-o "ssl.pemfile = \"${lighttpd_certpem}\"" -n \
-				-o "ssl.use-sslv3 = \"disable\"" -n \
-			-b \
-			${configxml_file} | /usr/local/bin/xml unesc >> ${lighttpd_conf}
-	fi
-
-	# Add auxparam
-	/usr/local/bin/xml sel -t -m "//webgui" \
-		-m "auxparam" \
-			-v "." -n \
-		-b \
-		${configxml_file} | /usr/local/bin/xml unesc >> ${lighttpd_conf}
-
-
-	if [ "${_protocol}" = "https" ]; then
+	# HTTPS
+	if [ "${_protocol}" = "https" ] && [ ! -f "${lighttpd_forcehttpfile}" ]; then
 		_certificate=`configxml_get "//system/webgui/certificate"`
 		_privatekey=`configxml_get "//system/webgui/privatekey"`
 		# Create /var/etc/cert.pem file
@@ -352,7 +316,88 @@
 		fi
 
 		[ -e ${lighttpd_certpem} ] && /bin/chmod 0600 ${lighttpd_certpem}
+
+		# Set IP address and TCP port (SSL)
+		# IPv4
+		if [ -n "${_ipaddr}" ]; then
+			cat <<EOF >> ${lighttpd_conf}
+server.bind = "${_ipaddr}"
+server.port = "${_port}"
+EOF
+			/usr/local/bin/xml sel -t \
+				-i "//system/webgui/protocol[. = 'https']" \
+					-o "ssl.engine = \"enable\"" -n \
+					-o "ssl.pemfile = \"${lighttpd_certpem}\"" -n \
+					-o "ssl.use-sslv3 = \"disable\"" -n \
+				-b \
+				${configxml_file} | /usr/local/bin/xml unesc >> ${lighttpd_conf}
+
+			# IPv4 + IPv6
+			if [ -n "${_ipv6addr}" ]; then
+				cat <<EOF >> ${lighttpd_conf}
+\$SERVER["socket"] == "[${_ipv6addr}]:${_port}" {
+EOF
+
+				/usr/local/bin/xml sel -t \
+					-i "//system/webgui/protocol[. = 'https']" \
+						-o "ssl.engine = \"enable\"" -n \
+						-o "ssl.pemfile = \"${lighttpd_certpem}\"" -n \
+						-o "ssl.use-sslv3 = \"disable\"" -n \
+					-b \
+					${configxml_file} | /usr/local/bin/xml unesc >> ${lighttpd_conf}
+
+				cat <<EOF >> ${lighttpd_conf}
+}
+EOF
+			fi
+		else
+			# IPv6-only
+			if [ -n "${_ipv6addr}" ]; then
+				cat <<EOF >> ${lighttpd_conf}
+server.bind = "${_ipv6addr}"
+server.port = "${_port}"
+EOF
+			/usr/local/bin/xml sel -t \
+				-i "//system/webgui/protocol[. = 'https']" \
+					-o "ssl.engine = \"enable\"" -n \
+					-o "ssl.pemfile = \"${lighttpd_certpem}\"" -n \
+					-o "ssl.use-sslv3 = \"disable\"" -n \
+				-b \
+				${configxml_file} | /usr/local/bin/xml unesc >> ${lighttpd_conf}
+			fi
+		fi
+	# HTTP
+	else
+		# Set IP address and TCP port (no SSL)
+		# IPv4
+		if [ -n "${_ipaddr}" ]; then
+			cat <<EOF >> ${lighttpd_conf}
+server.bind = "${_ipaddr}"
+server.port = "${_port}"
+EOF
+			# IPv4 + IPv6
+			if [ -n "${_ipv6addr}" ]; then
+				cat <<EOF >> ${lighttpd_conf}
+\$SERVER["socket"] == "[${_ipv6addr}]:${_port}" { }
+EOF
+			fi
+		else
+			# IPv6-only
+			if [ -n "${_ipv6addr}" ]; then
+				cat <<EOF >> ${lighttpd_conf}
+server.bind = "${_ipv6addr}"
+server.port = "${_port}"
+EOF
+			fi
+		fi
 	fi
+
+	# Add auxparam
+	/usr/local/bin/xml sel -t -m "//webgui" \
+		-m "auxparam" \
+			-v "." -n \
+		-b \
+		${configxml_file} | /usr/local/bin/xml unesc >> ${lighttpd_conf}
 }
 
 lighttpd_check()

[ms49434]

When you set up the WebGUI to use HTTPS, this doesn't work for IPv6. Instead, lighttpd uses HTTP on the [IPv6]:443 socket because the configuration is wrong and lighttpd's config is very "friendly".

Posting the fixed code and diff. (Also changed the script to not bother with certificates when $lighttpd_forcehttpfile exists.)

An updated lighttpd.conf has been committed including the SSL configuration for IPv6 you suggested:
https://sourceforge.net/p/nas4free/code ... d/lighttpd

many thanks for your support!

[doktornotor]

An updated lighttpd.conf has been committed including the SSL configuration for IPv6 you suggested:
https://sourceforge.net/p/nas4free/code ... d/lighttpd

Thanks, tested and working.

[machasm]

Updated and working fine on embedded zfs root mirror

[JoseMR]

Updated and working fine on embedded zfs root mirror

Hello machasm, I think you mean "Full" zfs root mirror instead Embedded.