Thalassa CMS

☞ From Ananas (unverified) Sun Apr 7 17:20:40 2024

Pageset

Hi!

I'm trying to create a page that will have its own directory in the root directory of my website, where files and other pages associated with it will be located.

For example, let's take the following structure:

required result for website:

/node

/node/index.html

/node/page_1.html

node/page_2.html

source files for db:

db/pages/node

db/pages/node/content.txt

db/pages/node/page_1

db/pages/node/page_2

I create the node.ini in the root directory and specify it in config.ini like local ini-file. Run the thalassa for generate required pages, but in the /node/ directory except the required html-files appear copy of files from the db/pages/node directory (page_1, page_2) and content.txt.html. What am I doing wrong? Thanks!

From Andrey Stolyarov Sun Apr 7 17:54:29 2024

Re: Pageset

It's not intended to work the way you expect. Every item of a page set is intended to be a page. Generally, a page (that belongs to a set) has a single source file; e.g., if the item id is foobar, then the source is either text file named foobar, or foobar/content.txt. Depending on the configuration, either foobar.html, or foobar/index.html is generated. If there are multipage flat comments, additional html files may be generated, like foobar_2.html or foobar/page2.html (particular names are ajustable within the configiration file), but that's all, and even in this case the only source file analyzed for the page generation is that foobar/contents.txt (or just foobar if there's no directory).

Files with names starting with _, as well as hidden files (names starting with .) are ignored within the page set item's source directory, and all files that are not ignored and are not content.txt, are simply copied (strictly speaking, published) to the destination. The intended use for them is images accompanying the page.

From Ananas (unverified) Sun Apr 7 19:15:10 2024

Re: Pageset

Thanks for the explanation. I think I understood this point. But how do I achieve what I want? I need the structure to be the same for the source files and for the website pages. I need page like doc on this site. So that there is a directory with the source files on the basis of which will be created the html-pages in the appropriate location. Is it possible to arrange the source files so that they don't all lie in one place? Or all source files should be located in the root directory, and all links to them should be relative?

In my example above page_1 and page_2 must be in the root directory and links to them in the /node/content.txt should look like ../page_1.html?

From Andrey Stolyarov Sun Apr 7 20:20:33 2024

Re: Pageset

Well, on this site the doc/ directory is generated with a separate (dedicated) pageset, for which the source directory is copied (!) from the thalassa source tree, examples/thalassa/pages/ within the source tarball contains the real source for these docs (but the configuration of the pageset on this site is different from the configuration provided in examples/thalassa/thalassa.ini).

Several approaches are possible to create more or less sophisticated trees; choose the one that will work better for you.

First of all, you can have as many pagesets as you want. Perhaps if you're not planning to have like a hundred of subdirectories, or even more, then it will be the simplest solution just to configure a separate pageset for each of your destination directories. For 2, 3, 5, even 10 directories this will work perfectly, but this can become a nightmare if you're going to have more of them, as for each of them there must be a [pageset XXX] section in your configuration files, and a separate directory for the source files.

Another approach is to use the aliases facility. For example, on the stolyarov.info site, initially there was only one pageset, named node, and paths like http://www.stolyarov.info/books/programming_intro/e2 or http://www.stolyarov.info/license.html are made with aliases.

There's also one more approach, which I think should work, but please be warned I never tried it, so going this way you can run into a lot of bugs; I promise to fix them as soon as I can, provided that you report them. The idea is to add a custom header field to the source files in your pageset, like destpath: or something similar. Then, in your [pageset] section, use something like this:

  setdirname = /

  pagedirname = %[li:hf:destpath]

This way you can explicitly specify for every item where do you want it to be generated. If you decide to try this, please be sure to report your results, it is very interesting for me :-)

As of your question regarding links, well, your mileage may vary.

From Ananas (unverified) Tue Apr 9 06:19:59 2024

Re: Pageset

I decided to choose the aliases. For my modest website, this is still quite enough :-)

I tried the third option you suggested, but it didn't work out. Most likely, I did something wrong. Unfortunately, I don't have enough time to thoroughly understand everything. So far, I have done as it turned out. Thanks for the help!

☞ From notifications (unverified) Sun Mar 24 15:40:13 2024

Email-based reply notifications

It would be nice if registered users could receive notification emails, when somebody responds to their comments.

Of course, this option would be off by default and only enabled upon explicit user request in the settings, maybe even on per-comment basis.

The email body would contain either a reply content itself or just "someone replied to you", in case the reply contains harmful links that would trigger email server spam detection.

A better approach may be to have some sort of personalized RSS feed that can be generated for every comment tree parent.

The reason I'm asking is that right now I have to manually go to your website every day & check for replies to my comments and that annoys me a little.

From Andrey Stolyarov Sun Mar 24 22:58:25 2024

Re: Email-based reply notifications

Thank you for the suggestion. Unfortunately, as of now, I've got a lot of higher-priority TODO items. But the suggestion really sounds good, so maybe I'll return to it one day.

☞ From que (unverified) Mon Feb 19 16:17:03 2024

login security

In the user docs, it says that by the time login pass codes get sniffed by the attacker, they have already become useless & invalidated, but, since the connection is unencrypted, what if attacker also sniffs the cookie response from the server to the client? wont he get access to the user account then?

From Andrey Stolyarov Mon Feb 19 17:31:07 2024

Re: login security

The cookie changes on every request to the CGI, so technically it is possible to take over a single session. To do so, the attacker must sniff cookies until the user goes idle, and then, yes, it will be possible to "continue" the session pretending to be that user. In case the user resumes the activity (with the cookie s/he still has), the session will immediately become invalid.

The possibility to take over a single idle session (without the possibility to take over the account) is, well, a bad thing, but not that horrible. Actually, it is insufficiently horrible to make me use https, but please note you can use https on your Thalassa-based site if you want, as Thalassa doesn't prevent this in any way.

☞ From Anonimous (unverified) Wed Feb 14 20:27:52 2024

Thalassa as imageboard

I plan on patching Thalassa to work as an imageboard/textboard like 4chan, where anonymous users can create their own pages (threads) in specific categories (boards)

Right now, I can emulate this behaviour by creating predefined pages that act like boards, where top-level comments act as threads, but this is an ugly hack and I'm sure it can be done better. Also, this hack doesnt work on large amount of comments, as loading a large static page is resource intensive, and tree-like comment structure makes reading deeply nested comments really hard.

So can you please point me to how I could approach this problem and things I should be aware of?

From Andrey Stolyarov Fri Feb 16 10:44:38 2024

Re: Thalassa as imageboard

Unfortunately, I don't think that the present version of Thalassa fits this task, as it is incapable of two important things:

it doesn't support file uploading, including images;
it can not create new pages on its own, only new comments; pages can only be created by either adding new files or editing configuration files, both manually, not via the web-based interface.

I plan to add support for both things, but I can't take any obligations on terms and deadlines.

As of your concerns, well, this page http://www.stolyarov.info/thalcgi.cgi/moderation/gb/6 (it's in Russian, sorry) contains 1200+ comments, and I see no performance-related issues. Also Thalassa supports plain comments, like here: http://infoviolence.org/ru/guestbook.html, for them it is possible to specify how many comments to place on a single page, and the generator automatically adds more pages (on the page pointed to here, the limit is 50 and there's one additional page, as of now). This functionality is not available for tree-like comments, because I don't see any consistent way to split a tree. Well, there's some approach to it at LiveJournal, but pages are generated dynamically there, AND there's one more thing: if one of the trees on a page grows large enough, other comments can move to different pages, thus making references to particular comments mutable (unstable).

It may be possible to add more styles for rendering comments, e.g., only show top-level comments on the head page (possibly splitting them too, as necessary), and making a separate web page for every discussion (that is, for all comments that respond to a given top-level comment). See the forumgen.[ch]pp module, the plain comments are implemented by the PlainForumGenerator class, and the tree is implemented by SingleTreeForumGenerator.

If you decide to code something on your own, please be sure to consult what I have at the developer documentation section, specially C++ subset restrictions and the list of banned techniques.

From Anonimous (unverified) Fri Feb 16 11:21:26 2024

Re: Re: Thalassa as imageboard

Thanks for the reply, I'll look at forumgen module.

As for user created pages, I'm thinking of maybe using dullcgi framework provided in the last release, it seems easier than patching Thalassa directly.

I mean, on the high level, I just need to take user input string, wrap some html tags around it and pipe it to a file, it can't be that hard right?

From Andrey Stolyarov Fri Feb 16 12:56:14 2024

Re: Thalassa as imageboard

It is far from being that easy; otherwise I'd have implemented it long ago.

☞ From how (unverified) Sun Feb 11 20:54:17 2024

How I can give admin to me?

I dont use premod and other features

From Andrey Stolyarov Sun Feb 11 22:43:36 2024

Re: How I can give admin to me?

Let me cite the README file which is found in $thalassa/examples/templ_smoky:

To grant a user one of the roles mentioned above, go to your CGI user db
directory (the one specified as [options cgi]/userdbdir in your
config.ini), change to the ``_users/NNNN'' subdirectory (where NNNN is the
login name of the user), open the file named ``_data'' in your preferred
text editor and a line like

   roles = admin

☞ From anon (unverified) Sat Feb 10 10:18:02 2024

Does deployed cms use upstream?

The sites listed here (http://www.infoviolence.org and http://www.stolyarov.info), are they deployed with exact same Thalassa versions published in Downloads section or you modified code specifically for those? And if so, what are the differences. I mean just code, not templates, content or configs obviously.

From Andrey Stolyarov Sat Feb 10 21:14:36 2024

Re: Does deployed cms use upstream?

It's exactly the same version, actually I've got a clone of my working git repo on the hosting machine, so it's kinda continuous integration.

But yes, these two sites don't use the Smoky template, exactly the opposite is true — the template was made using fragments of those sites.

As of this site (I mean, thalassa.croco.net), it is even made with Smoky. I use the site to convince myself Smoky is working.

Why did you suspect I have different versions of Thalassa? The two sites are simple enough to be generated with the published Thalassa version.

From anon (unverified) Sun Feb 11 05:10:24 2024

Re: Re: Does deployed cms use upstream?

> Why did you suspect I have different versions of Thalassa?

Because in release notes it says "the ytid.cgi CGI program, which has long been working at the Infoviolence site, is finally available", so I naturally expected, that there are other features already being deployed and not yet merged with the upstream.

From Andrey Stolyarov Sun Feb 11 22:50:55 2024

Re: Does deployed cms use upstream?

Ah, Ok, I see.

Well, there was a long pause between releases, and during that time I really made some progress, so it is really possible that at a certain moment the sites are being run with fresher version of Thalassa than the last available release.

However, whenever another release is made available, it always includes all I had to the moment.

☞ From Rol (unverified) Fri Feb 9 16:23:24 2024

admin in templ_smoky have got no access to moderation

Maybe I’m doing something wrong, but I can’t get access to moderation (..../thalcgi.cgi/moderation/gb/1 write "You’ve got no access to this page") with the user’s admin role.

I use templ_smoky and click on the pencil icon at the bottom of the guestbook.

From Andrey Stolyarov Sat Feb 10 21:39:45 2024

Re: admin in templ_smoky have got no access to moderation

I can't reproduce it, sorry. This site (thalassa.croco.net) is made with Smoky, my user account (admin) has only one role (yes, "admin") specified in its _data file, and I'm perfectly able to perform moderation.

Please try this:

go to the main page of the site;
check whether the username, shown with green-on-black in the upper-right corner of the screen, is what you expect;
click on that username, it will bring you to the page with the session's details, including the current active roles (for me it shows Your role list: admin auth all;
check if there's the admin role in the list and if there's a phrase "You are one of the moderators."

From Rol (unverified) Sun Feb 11 10:31:45 2024

Re: Re: admin in templ_smoky have got no access to moderation

Sorry for that, I just wrote in _data 'role = ' not 'roles ='...

Now I’ve fixed it and it’s working properly, sorry for the misinformation.

From Andrey Stolyarov Sun Feb 11 22:46:54 2024

Re: admin in templ_smoky have got no access to moderation

No problem, Thalassa & Smoky are not so mature, so bugs are expectable. Feel free to come again if you don't understand their behavior.

☞ From Rol (unverified) Thu Feb 8 21:39:51 2024

not provided ytid.ini and ytid.css in a source tarball

I may have misunderstood something, but I couldn’t find ytid.ini and ytid.css...

From Andrey Stolyarov Thu Feb 8 22:30:28 2024

Re: not provided ytid.ini and ytid.css in a source tarball

You're right, thank you for reporting this. Just a moment...

upd: 0.1.21 uploaded, the files are there

From Rol (unverified) Fri Feb 9 11:08:00 2024

Re: Re: not provided ytid.ini and ytid.css in a source tarball

Also forgot to say that the premod.html is also not in tarball.

From Andrey Stolyarov Fri Feb 9 13:30:59 2024

Re: not provided ytid.ini and ytid.css in a source tarball

Well, it's better to say premod.html is not generated despite there's a reference to it. This isn't THAT critical, it is possible both to remove the reference and to add a file named premod to the db/pages/ subdirectory, so I'll perhaps fix this issue in the next release.

UPD: Fixed in 0.2.00.

☞ From wtf (unverified) Sun Feb 4 07:54:47 2024

very simple simple simple generate html pages?

I need fast generate many html pages. How i can do this with cms?

From Andrey Stolyarov Sun Feb 4 09:11:59 2024

Re: very simple simple simple generate html pages?

There are two ways of doing so with the Thalassa CMS. One is to use a list with item pages; you define the page template by the itempage_template parameter within the [list whatever] section of your configuration, set a certain ini section group as the source for your list, and use sections of that group to customize every page, like

  [list mypages]
  source = ini xpage
  itempage_template = your page template here

  ...

  [xpage first]
  ...

  [xpage second]
  ...

For a working example to start, please see the "crocodiles" example available at the download page; the [list croco] is built this way, using sections like [crocodile gharial], [crocodile saltwater] etc. to define particular pages.

The other way is to use a page set. In this case you specify the template in your ini file, and make a headed text file for every page. Again, see the "crocodiles" example, it contains a pageset named "articles"; take a look at the [pageset articles] in the configuration file, and the files in the articles/ subdirectory of the archive.

If you provide some details for the task you have, I'll perhaps be able to give you more specific recommendations.

UPD: in the first version of this comment, the word page was used for the section group name that defines pages for the list; that won't work, as Thalassa itself uses the [page ] section group. So, I replaced the word with xpage.

From hmmm (unverified) Sun Feb 18 22:51:24 2024

Re: Re: very simple simple simple generate html pages?

I just need to learn how to generate Thalassa pages. I don’t understand anything, where should I enter all this? Put everything in square brackets in config.ini? Please tell us about this in as much detail as possible. I read all your manuals and documentation - it doesn’t help. I just need something like:

[page principles.html] + text + text + text

From Andrey Stolyarov Mon Feb 19 11:04:53 2024

Re: very simple simple simple generate html pages?

Well, do I get it right you don't need almost all features Thalassa provides? No comments, no navigation, errr... nothing? Just pages, giving the html file names explicitly? Okay, perhaps the absolute minimum for thalassa.ini will be like this:

[general]
rootdir = path/to/directory/where/to/place/all/the/stuff

[template t1]
params = txt
body = your html headings here, at least you need
+to open the html and the body tag
+
+ %txt%
+
+your html footer here, like closing body and html
+tags

[page foo.html]
template = t1
txt = the text for the page foo.html, it will
+be inserted into the template in place of that
+%txt% macro

[page bar.html]
template = t1
txt = text for the bar.html page

I doubt this is really what you need, but yes, perhaps this is the simplest thing I can offer. Please note however that pages made this way don't support comments.

Once the thalassa.ini file is ready, just launch

   your/path/to/binary/thalassa gen -a

right in the same directory where the thalassa.ini resides. All the generated stuff will go to the dir you specified as [general]/rootdir

Hmmm, just in case: this is what is called stand-alone pages in the docs, details are here.

☞ From ipu (unverified) Mon Jan 22 13:03:47 2024

Bottomnavbar arrows

When I click on bottom arrow for next/prev page of docs, then page opens already in the bottom, and I should scroll up.

I don't know, but maybe you want fix it?

From Andrey Stolyarov Mon Jan 22 13:16:17 2024

Re: Bottomnavbar arrows

You may be right, I'll think on this.

UPD: fixed; thanks for reporting this.

☞ From q (unverified) Wed Jan 17 23:48:15 2024

500 Check userdata directory

Please, help me! I am configuring apache2. I am including cgi. I am copying files from directory "target" to /var/www/html (with replace) after the generate. I launch cgi and... I'm got error from the title. My site is work but without interactive possibles =( I did tried permissions, paths but it is not successfull

From Andrey Stolyarov Thu Jan 18 12:00:06 2024

Re: 500 Check userdata directory

Userdata directory is explained here, and there's a parameter named userdata_dir in the global configuration section of the CGI program.

In your particular setup, I'd recommend you to create a directory like /var/www/mysite_data and make sure that in the thalcgi.ini, in the [global] section, the parameter looks like

userdata_dir = ../mysite_data

In case you use the Smoky template, the thalcgi.ini is generated by the template; in the config.ini file, in the section [options cgi] set the parameter userdbdir like this:

userdbdir = ../mysite_data

and in the section [options dir] section, set something like

spool = ../mysite_data/_spool

BTW, thank you for reporting this, as now I see these two parameters (instead of just one) may be confusing, so I'll consider to remove that "spool" parameter in future versions.

And one more thing: why don't you just specify your /var/www/html as the target directory?

From q (unverified) Thu Jan 18 12:36:00 2024

500 Session creation error

Wow! It's work! But...

 And one more thing: why don't you just specify your /var/www/html as the target directory?

i don't know It is not help me

From Andrey Stolyarov Thu Jan 18 12:42:58 2024

Re: 500 Session creation error

Can you give more details what happens if you set /var/www/html as the target directory?

From q (unverified) Mon Jan 22 06:07:45 2024

Re: Re: 500 Session creation error

I just set /var/www/html as the target directory. Thalassa is generating site (templ smoky) to path. But then after the launch apache if user input correct captcha he is got...

 500 Session creation error

From Andrey Stolyarov Mon Jan 22 10:11:04 2024

Re: Re: Re: 500 Session creation error

This just means the userdata directory is not writable for thalcgi.cgi, so it can't create the session file. If you go without suexec, then perhaps thalcgi.cgi runs with the same credentials as Apache itself, so the ../mysite_data (or whatever the name of the directory you created for that purpose) and all the stuff inside it must be writable for the account (pseudouser) used by Apache, typically it's something like httpd, www-data or the like (use ps axu | grep apache to figure out).

From q (unverified) Tue Jan 23 00:51:33 2024

Error was fixed

Thank you very much!

☞ From Andy (unverified) Sun Dec 24 09:27:04 2023

Possible bug was found

Hello! It looks like there is a bug in navigation tools behavior.

Steps to reproduce the bug: 1) Go to the page http://thalassa.croco.net/doc/doyouneedit.html 2) Click on "to the list" button

Expected result: render of http://thalassa.croco.net/doc page. Actual result: Bad request error.

From Andrey Stolyarov Sun Dec 24 13:15:19 2023

Re: Possible bug was found

Fixed. Thanks!

From Bububu (unverified) Sat Dec 30 23:44:27 2023

Re: Re: Possible bug was found

I am not sure if you would consider this worthy of changing/fixing, but if you go to a page with a subdirectory in its URL, but without a trailing slash (e.g., http://thalassa.croco.net/doc in the comment above instead of http://thalassa.croco.net/doc/), every link on that page that is supposed to refer to the same subdirectory will be broken (http://thalassa.croco.net/principles.html instead of http://thalassa.croco.net/doc/principles.html, and so on).

From Andrey Stolyarov Sun Dec 31 00:21:58 2023

Re: Possible bug was found

This behavior as such is nothing wrong, it's how browsers handle local URIs: if there's no trailing slash, that doc is assumed to be a file, not a directory, and the reference to "principles.html", which means file with the given name, located in the same dir where we are, is handled by replacing current file name (doc) with new one (principles.html).

What was the bug is that URLs requesting a directory (as opposing to a file), should it have no trailing slash, must be redirected to the same URL with the trailing slash added. With Apache, this is typically done using directives in the .htaccess file, which Thalassa generates. Okay, it simply generated a wrong directive.

Now that problem is fixed, thank you for reporting it.

☞ From andy (unverified) Fri Dec 22 21:30:37 2023

Re: stack of tech

No disrespect, but what do you think about [link removed]? would it suit you? I liked him in past and I immediately remembered him when I came to your site.

I understand why Thalassa CMS was written, and also what influenced the choice of technologies, but your opinion on the concept of openresty and lua-git is interesting (you might even like it).

Thx!

From Andrey Stolyarov Sat Dec 23 10:13:22 2023

Re: stack of tech

There's a lot of Javascript right at the main page, and there's no reason to look into it any further. If you consider it acceptable to send turing-complete code to your visitor's browser, we've got nothing to discuss at all.

Anyway, you must be mad to think such a bastard that needs SQL, is written in an interpreted language and even utilizes parallel programming is smth. I can like.

Actually, I believe such "technologies" must be criminalized, with significant money penalties for distributing software written in interpreted languages, and with several years in prison for making JS-containing sites publicly available. Actually, imprisoning should be in effect for creating any situation when a end-user's computer downloads any program code and executes it, unless explicitly ordered to do so by the user (with lots of warnings). Besides the so-called "web-applications", this antipattern covers automatic software updates, various plugins and a lot of other bad things.

UPD: having read your next comment, I confirm that we've got nothing to discuss. I generally don't waste my time on jerks who advocate usage of client-side execution in any way. No further comments from your part will ever pass premoderation on any of my sites.

☞ From anonymous (unverified) Sun Dec 10 08:54:47 2023

Why don't you like nginx?

From Andrey Stolyarov Sun Dec 10 13:36:47 2023

Re: Why don't you like nginx?

First of all, why do you assume that I dislike it? That's not true, the truth is that I never tried it and I'm not going to give it a single try in any foreseeable future. I got used to Apache in 1997 when nginx didn't exist; Apache serves my needs as an HTTP server. At hands, I've got no problem, which nginx can be a solution for. Why the fuck would I spend (well, waste) my time learning how to deal with nginx? My time is too precious to waste it trying every new piece of software just because it becomes available.

What I know for sure is that it doesn't support the CGI interface directly, so it is likely to cause problems for me rather than to solve any of problems I really have.

☞ From Rol (unverified) Sun Oct 8 21:14:26 2023

Re: set up thalassa with Apache 2

Can you tell me what the file permissions on apache should be?

I have a testcms user whose home directory contains the "mysite" directory (a copy of the template).

In config.ini I specify "sitesrc=/home/testcms/mysite", "target=/var/www/html/mysite/data".

thalcgi.cgi and thalcgi.ini end up in the target directory by default.

How do I configure suexec to use testcms to throw files into target and thalcgi.ini was only available to the user from which thalcgi.cgi runs?

Or you can tell me how to organize this.

From Andrey Stolyarov Sun Oct 8 21:34:07 2023

Re: Re: set up thalassa with Apache 2

> How do I configure suexec to use testcms to throw files into target

Actually, I don't understand this question. Suexec does not throw any files anywhere.

Perhaps it is possible to create a kind of step-by-step instruction how to configure the apache+suexec+thalassa bundle, but it's definitely not for a small comment, it's a task for a day or so. As of now, may be I can provide some help if you tell what actually doesn't work, and how does that look.

From Rol (unverified) Mon Oct 9 00:05:39 2023

Re: Re: Re: set up thalassa with Apache 2

> Actually, I don't understand this question. Suexec does not throw any files anywhere.

Sorry, I meant running thalcgi gen from testcms to update files to /var/www/html/... or am I doing something wrong?

> if you tell what actually doesn't work, and how does that look

I tried installing thalassa locally on my computer. I was able to get the generated site to display and, apart from thalcgi.ini being accessible through the site, everything works fine.

After that I decided to figure out how to use suexec, but got caught up in file permissions.

I created a new "thalassa" user that I wanted to use in suexec. But it seems that the cgi owner and the directory in which it is located (/var/www/html/...) must be the same user.

But I thought that to own this directory should be www-data (user apache2). That’s why I never figured out how to give permission.

From Andrey Stolyarov Mon Oct 9 00:44:36 2023

Re: set up thalassa with Apache 2

> I meant running thalcgi gen from testcms to update files to /var/www/html/.

Well, this has nothing to do with suexec. Anyway, do I get it right that this (I mean, site generation to be done by thalassa) works for you and there's no problem with it?

> But it seems that the cgi owner and the directory in which it is located (/var/www/html/...) must be the same user.

It is intended to work this way, yes.

> But I thought that to own this directory should be www-data (user apache2).

This is true for a setup without suexec. Well, let me try to explain why we do need suexec, perhaps you don't fully understand it.

Actually, the web tree (these /var/www/html subtrees) may belong to any user, even to different users, the only important thing is to make all the content accessible to Apache, which is typically done making it world-readable, like with chmod o+rX /var/www/html -R, which will set permissions for all files to smth. like 644 and directories like 755.

For static content, this works perfectly, but it is problematic if you want to implement something server-side running programs, like CGI. Without suexec, Apache can only run anything under the same credentials it has itself. If your CGIs (or other server-side programs) only read something and never write, things are still more or less easy (just make everything readable to the same good uid which your Apache uses, and everything's fine), but once you need your programs to write something, you need to provide them with a place to do so, like directories writable for the apache user. In case of Thalassa, that session database directory must be made writable for the thalcgi.cgi.

From the other hand, you should never let all your static content AND the CGI binaries be writable for the Apache, as it is insecure. So, the site's administrator (that is, the person who is in charge for the content and for the server-side programs) from now on needs to have full access to TWO "users" of the system: the one which owns static content and the one which owns these CGI-writable dirs... which means the Apache user!

Well, if you ever tried to work with setups like this, you know it is terribly inconvenient unless you actually work as root, and this is exactly what people trying to run CGI without suexec typically end up with. Besides the fact that doing things like web content administering from under root is terrible from the security point of view, this might be just inappropriate in case you try with shared hosting, like if a single unix system (e.g., a VPS) serves two or more sites belonging to different users (that is, real persons who are different, heh). BTW, actually their CGIs can interfere because they will run under the same account, and even any of them can make bad things like killing the Apache :-) so that all other's sites will go down together.

Here's where suexec jumps in. The intention here is to have a designated site administrator account for every site on the machine, and to let the CGIs that belong to that site to run with the site administrator's credentials, not with the http server's creds. In your setup the "thalassa" user is perfectly suitable for that purpose. Even if there's only one site on the machine, using suexec is still convenient as everything you need (both the content and all these dirs your CGIs will write to) belongs to a single user, so you can either log in right under that user, or login as root and then do su - thalassa to become that user (well... not recommended, heh; root account should never be used when it is possible to avoid it).

However, suexec is a SUID binary, and, like any SUID binary, it must always be assumed as an attractive target for various attacks. So it is written, well, paranoid enough. It performs a lot of security-related checks before actually running the CGI binary, and, among other things, neither the directory where the CGI resides, nor the CGI itself must be writable by someone else than the user configured as the site's user. So actually both the dir and the binary must belong to that user, because if they belong to someone else, that account will be able to rewrite the content of the binary, thus breaking into the site admin's account.

What I'd recommend is to make a subdir under your /var/www for each site-admin-user, in this case this can be /var/www/thalassa (well... leave that /var/www/html alone, for the "default" site, when the requested url doesn't match any of your virtual sites). There can be more than one of these accounts, e.g., if you decide to invite a friend to your server to host his/her site; add smth. like /var/www/johnny in that case. Let these dirs be owned by the respective accounts, e.g., do

chown thalassa: /var/www/thalassa -R

Then, for each site to be served with Thalassa, make two directories, one for the site itself, and the other for its session database, like /var/www/thalassa/mysite and /var/www/thalassa/_mysite. And... well, and enjoy :-)

In your setup I'd recommend to create the third directory, like /var/www/thalassa/Mysite, for the site source (the place where to unpack Smoky to, that is, the place where these config.ini, thalassa.ini, base/ subdir and the company live). In case you want the thalassa account's home to be somewhere else, like traditionally in /home/thalassa, then make some symlinks pointing from there to /var/www/thalassa for convenience.

From Rol (unverified) Mon Oct 9 18:16:12 2023

Re: Re: set up thalassa with Apache 2

> the place where to unpack Smoky to, that is, the place where these config.cgi, thalassa.cgi, base/ subdir and the company live

*The suffixes must be . ini

> And... well, and enjoy :-)

I did everything you said. Now everything works as it should, thanks for the explanation!

From Andrey Stolyarov Mon Oct 9 20:39:22 2023

Re: Re: Re: set up thalassa with Apache 2

> The suffixes must be . ini

Sure, thank you. Fixed the text.

> Now everything works as it should

Congratulations :-)

☞ From Not a user (unverified) Thu Sep 28 09:57:23 2023

small dependency (not that bad meaning) bug in the Makefile

If I compile with just make, everything is ok. But with make -j4 I get an error:

captcha.c:40:10: fatal error: _letters.c: No such file or directory
   40 | #include "_letters.c"
      |

Here is an example patch for it if you want to fix:

--- Makefile	2023-09-28 12:53:53.111426254 +0300
+++ M	2023-09-28 12:52:39.959423405 +0300
@@ -5,7 +5,7 @@
 libcaptcha.a: _letters.o lodepng.o captcha.o
 	ar -rcs $@ $^

-%.o: %.c
+%.o: %.c _letters.c
 	$(CC) $(CFLAGS) -c $<

 _bin2c: _bin2c.c

From Andrey Stolyarov Thu Sep 28 21:07:33 2023

Thanks!

Thank you for catching this. It's unlikely I'd ever manage to catch this flaw on my own because the whole thing with all the libs builds in less than 10 seconds so it's very unlikely I'd ever run make with -j :-)

The right fix here is different though. It is a single line

captcha.o: captcha.c captcha.h lodepng.h _letters.c

added anywhere in the Makefile, and yes, only the dep line without the command. Well, heh, the only reason it wasn't there already is that the lib/captcha directory is nearly the only one with a code written by someone else, not me. Oh, okay, md5 is also someone else's, but, well, it wasn't made for this project (unlike the captcha, which was intended for Thalassa).

☞ From Ananas (unverified) Mon Sep 11 05:35:46 2023

Re: CGI settings

In order for the thalcgi.cgi to work, do I need to configure something else besides the config.ini. When trying to leave a comment on my site, for example, an error 404 is returned. Thanks!

From Andrey Stolyarov Mon Sep 11 10:11:04 2023

Re: CGI settings

The thalcgi.cgi program only uses one configuration file, named thalcgi.ini (~~NOT config.ini, which I don't know where you got from~~).

However, if you try thalcgi.cgi and get the 404, the problem is not with the config. In case thalcgi.cgi runs but fails to read its config file, it generates a built-in error page. So the problem is with your HTTP server configuration.

Try a script like this:

#!/bin/sh

echo "Content-type: text/html"
echo ""
echo "<h1>it works</h1>"

Place it in your site's directory, make sure you made it executable, and then hack your server's configuration until at the URL like http://your-site-domain-name.com/test.cgi you see the phrase "it works".

UPD: You didn't indicate it, but after some thoughts I suspect you're using the Smoky template, which really has a file named config.ini. This may make the situation more complicated, because thalcgi.cgi has its own 404 page, which it displays in case the requested path (these path tokens after thalcgi.cgi/) is either not configured, or the path predicate returns no for the respective page. So, it is necessary to have more information here, e.g., does thalcgi.cgi work properly for displaying the session status, the contact form and other things not related to comments.

From Ananas (unverified) Tue Sep 12 05:49:00 2023

Re: Re: CGI settings

1) Yes, I am using the Smoky template and I meant this particular config file. 2) Session status isn't displayed.The page with the suggestion to use cookies when necessary does not appear, contact form too. 3) I changed the server settings, now the scripts are running, but error 500 appears. I suspect that I have incorrectly configured access to some directories like thalcgi_db. I'll figure it out :)

From Andrey Stolyarov Tue Sep 12 10:47:21 2023

Re: Re: Re: CGI settings

> I suspect that I have incorrectly configured access to some directories like thalcgi_db

If thalcgi.cgi is able to run (that is, the server launches it upon the request), then no matter how wrong the environment is, it will show its own error message. What I'd check first is permissions set on the thalcgi.cgi and on the directory where it resides. And, okay, if it is able to run from its current location (some fascist sysadmins tend to set noexec everywhere, and it is simply stupid).

From Ananas (unverified) Wed Sep 13 06:01:10 2023

Re: Re: Re: Re: CGI settings

After experimenting on the local machine, I found out that the problem was in the wrong server settings and the inability to read the thalcgi.ini by the thalcgi.cgi. It remains to figure out how to configure the suexec to prevent leaking of the thalcgi.ini. I should have read the documentation carefully first :)

From Ananas (unverified) Wed Sep 13 09:26:23 2023

Re: Re: Re: Re: CGI settings

(In continuation of my comment today) Do I understand correctly that I need to activate the suexec in the Apache configuration, and set a SetUid for the thalcgi.cgi?

From Andrey Stolyarov Wed Sep 13 10:17:33 2023

Re: Re: Re: Re: Re: CGI settings

First of all, DO NOT set the SetUid bit!

As of suexec, I'm used to run sites with suexec, and that's what I strongly recommend, but it should still be possible to go without it. The thalcgi.cgi program has an additional check for that situation.

If you decide not to bother with suexec, then be sure to use your .htaccess file to prevent Apache from giving out the thalcgi.ini file. Without suexec, CGIs run under the same UID as the HTTP server (Apache itself), so the ini file must be readable for that UID (and for the server), so additional step is needed to make sure it doesn't leak.

From Ananas (unverified) Mon Sep 18 05:50:35 2023

Re: CGI settings

It seems that I managed to set everything up correctly. Now it works :) I have a question: why does the thalassa always try to replace an existing .htaccess when generating content?

From Andrey Stolyarov Mon Sep 18 13:04:02 2023

Re: Re: CGI settings

It is told to generate its own .htaccess by the Smoky template's base files. Take a look at the base/base.ini file, it contains the following section:

[page .htaccess]

body = 
+Options +FollowSymLinks
+RewriteEngine on
+RewriteCond %%{REQUEST_FILENAME} -d
+RewriteRule ^(.*[^/])$ /$1/ [L] 
+
+ErrorDocument 404 /404.html
+

This version does exactly three things: allows Apache to follow symbolic links (so that aliases can work, although Smoky by default doesn't use aliases), adds the trailing slash to directory URIs and sets the 404 page.

Is this problematic for you? If it is, perhaps I should think how to solve it in future versions of Smoky. As of now, you can simply comment out this section, the only downside of this is that you'll have to do it every time you update the base/ directory to a newer version.

From Ananas (unverified) Mon Sep 18 13:51:52 2023

Re: Re: Re: CGI settings

> Is this problematic for you?

My .htacces looks different, so I don't need a replacement. I have this file owned by one user, and the thalassa is run on behalf of another, so the replacement fails. So my .htacces remains intact, so it's not a big problem for me.

From Andrey Stolyarov Mon Sep 18 16:27:14 2023

Re: CGI settings

It's generally not a good idea to rely on a program being unable to replace a file which it badly wants to replace but the replacement is not what the user needs. Actually, an error condition should never be considered a norm.

Well, I'll think what to do on this.

BTW, do I get it right you managed to run the Thalassa CGI in a non-suexec configuration? It's interesting for me as, honestly speaking, I never tried this.

From Ananas (unverified) Tue Sep 19 06:40:39 2023

Re: CGI settings

> BTW, do I get it right you managed to run the Thalassa CGI in a non-suexec configuration?

Yes, I do. I have not activated the suexec module in Apache. The thalcgi.ini belongs to the server user and hiden with .htacces.

> It's generally not a good idea...

I agree, it's my bad. I wanted to launch a working website faster, and then slowly bring everything to mind, including the configuration of the server. I try different things, read your documentation and slowly everything falls into place. I want to create my own template later.

From Andrey Stolyarov Tue Sep 19 12:01:13 2023

Re: CGI settings

> I have not activated the suexec module

So it works. Great :-)

> The thalcgi.ini belongs to the server user

BTW, it doesn't have to belong to the server's uid, it only needs to be readable for the server's credentials (e.g., for the server's group).

> I wanted to launch a working website faster,

Understood, specially taking into account how immature both Thalassa and Smoky are. In the next version of Smoky I'll add an option to suppress generation of .htaccess, and, perhaps, I'll also add filtering of thalcgi.ini files to the default version of it.

> I want to create my own template later.

Oh, I really like this intention :-)

☞ From Anonymous (unverified) Thu Aug 24 17:25:38 2023

Does not work on FreeBSD

g++ -Wall -g -c cmd.cpp -o cmd.o
cmd.cpp: In function 'void safetcsetpgrp(int)':
cmd.cpp:146:5: error: 'sighandler_t' was not declared in this scope; did you mean 'sigandset'?
  146 |     sighandler_t oldsig = signal(SIGTTOU, SIG_IGN);
      |     ^~~~~~~~~~~~
      |     sigandset
cmd.cpp:148:21: error: 'oldsig' was not declared in this scope
  148 |     signal(SIGTTOU, oldsig);
      |                     ^~~~~~
cmd.cpp: In constructor 'ExecResultParse::ExecResultParse(const char*, ...)':
cmd.cpp:227:16: error: too few arguments to function 'int setpgrp(pid_t, pid_t)'
  227 |         setpgrp();
      |         ~~~~~~~^~
In file included from cmd.cpp:28:
/usr/include/unistd.h:572:10: note: declared here
  572 | int      setpgrp(pid_t, pid_t);                 /* obsoleted by setpgid() */
      |          ^~~~~~~
cmd.cpp: In constructor 'ExecAndWait::ExecAndWait(const char*, ...)':
cmd.cpp:265:16: error: too few arguments to function 'int setpgrp(pid_t, pid_t)'
  265 |         setpgrp();
      |         ~~~~~~~^~
/usr/include/unistd.h:572:10: note: declared here
  572 | int      setpgrp(pid_t, pid_t);                 /* obsoleted by setpgid() */
      |          ^~~~~~~
cmd.cpp: In constructor 'ExecAndWait::ExecAndWait(char* const*)':
cmd.cpp:281:16: error: too few arguments to function 'int setpgrp(pid_t, pid_t)'
  281 |         setpgrp();
      |         ~~~~~~~^~
/usr/include/unistd.h:572:10: note: declared here
  572 | int      setpgrp(pid_t, pid_t);                 /* obsoleted by setpgid() */
      |          ^~~~~~~
cmd.cpp: In constructor 'ChrootExecWait::ChrootExecWait(const char*, const char*, ...)':
cmd.cpp:313:16: error: too few arguments to function 'int setpgrp(pid_t, pid_t)'
  313 |         setpgrp();
      |         ~~~~~~~^~
/usr/include/unistd.h:572:10: note: declared here
  572 | int      setpgrp(pid_t, pid_t);                 /* obsoleted by setpgid() */
      |          ^~~~~~~
gmake[2]: *** [Makefile:39: cmd.o] Error 1
gmake[2]: Leaving directory '/root/thalassa-0.1.06/lib/scriptpp'
gmake[1]: *** [Makefile:55: ../lib/scriptpp/libscriptpp.a] Error 2
gmake[1]: Leaving directory '/root/thalassa-0.1.06/cms'
gmake: *** [Makefile:3: default] Error 2

From Andrey Stolyarov Thu Aug 24 22:07:35 2023

Re: Does not work on FreeBSD

Thank you for reporting this. It is more or less obvious why it doesn't compile and how to fix the problem; however, unfortunately I've got no access to a working FreeBSD now, so I'll be unable to check if the result is okay.

Anyway, I'll do my best to fix this in the next source tarball to be published.

From Anonymous (unverified) Fri Aug 25 03:53:21 2023

Re: Does not work on FreeBSD

Also FreeBSD use clang and clang++ as default compillers. Please consider this feature.

From Anon (unverified) Fri Sep 1 17:40:34 2023

By the way...

~/thalassa-0.1.10$ grep '\s$' `find . -name '*.[ch]' -or -name '*.[ch]pp' -or -name Makefile` | wc -l
294
~/thalassa-0.1.10$

:-)

From Andrey Stolyarov Fri Sep 1 22:29:39 2023

Re: By the way...

Errr... thanks :-)

From lucy Sat Aug 26 13:14:10 2023

Re: Does not work on FreeBSD

Hello, i had same problem, but it is easy to repair. In file cmd.cpp just change all existing signalhandler_t to sig_t and setpgrp() to setpgrp(0, 0) and all will be work fine. look on man signal

From Andrey Stolyarov Sat Aug 26 19:19:02 2023

It's not THAT easy

If we do what you suggest, it won't compile under Linux and under some older unices.

sighandler_t is only used there to declare a single local variable, so void (*oldsig)(int); solves the problem. Well, no, sighandler_t can NOT be anything else.

As of setpgrp(), it must be replaced with setpgid(0, 0);, it is more or less portable. Furthermore, getpgid(0) should be used instead of getpgrp().

☞ From Anonymous (unverified) Sat Aug 19 20:47:22 2023

Interesting project!

This is a really fast html preprocessor! I want to try it next time for public information sites!

P.S. Logo image is too big.

From Andrey Stolyarov Mon Aug 21 11:49:11 2023

Re: Interesting project!

I myself was a bit surprised by how fast it works, specially taking into account that I didn't do any intentional optimizations for speed. However, surprisingly enough, it wasn't my goal to create another static HTML generator; for me it has any value only together with the CGI program which provides user comments feature.

Anyway, if you give Thalassa a try in one of your projects, any feedback is welcome.

As of the logo, you're right, I'll reduce it.

☞ From Anonymous (unverified) Thu Jul 27 08:32:18 2023

Files suffixes

Why .html, not .xhtml for XHTML 1.0 Strict?

By default a lot of web servers response text/html for .html files, not application/xhtml+xml. So browser parse this as HTML page, not as XML.

From Andrey V. Stolyarov Thu Jul 27 11:08:13 2023

Re: Files suffixes

> XHTML 1.0 Strict?

It's not strict, it's "Transitional", solely because I need the iframe tag which is prohibited in the "Strict": in the head of the main page, that small black window with green chars is generated by the CGI, while all the page is static. Anyway, no part of generated content is hardcoded into the binaries, it all comes from the configuration, so it's possible to switch to the "Strict" version just by editing the ini files.

> Why .html, not .xhtml

The exact names of the files being generated are configured, too, so this is not a problem for Thalassa itself. Well, honestly speaking, in the present version of the Smoky template, the respective part of the configuration is within the ``base/'' subdirectory, which is not intended as user-editable, but nonetheless it can be edited. Actually, if this is important for you, I can add an option for the file extension in one of the upcoming versions.

However, as for the parser version: for the ``text/html'' mime type, as far as I understand the logic, the actual markup version is to be determined by the file's content, in which the exact format is specified, and I think this is generally better; furthermore, I doubt it is really correct to use ``application/*'' for anything intended as a human-readable text (to be rendered by the browser, not by an external application), despite servers, including the Apache I use, really emit that ``application/xhtml+xml'' for .xhtml files.

☞ From Anon (unverified) Wed Jul 26 04:03:12 2023

Modules

Will there be support for modules/plugins without changing the core code?

From Andrey V. Stolyarov Wed Jul 26 09:14:35 2023

Re: Modules

Something like that is possible in future, but decisions of this sort should be balanced.

As of now, Thalassa consists of two statically-built binaries (the static content generator and the CGI), and the CGI even doesn't support loading multiple configuration files (the generator does, and in the Smoky template the configuration file for the CGI is actually composed by the generator). This minimalistic architecture has its own advantages, at least it is self-containing (hence minimal effort from the sysadmins) and quick.

Can you, maybe, give some examples of functionality you'd like to have implemented as modules?

As far as I can imagine, some useful things can be implemented simply as additional configuration sections, and some can be additional (optional) CGI programs, possibly using the same session data (the cookie and all related stuff) and user accounts; such CGIs can be thought of as plugins. Should we ever need more built-in macros in the generator, it is better to implement them within the existing program, may be as optional modules added at the compile time.

What I'd like to avoid is an infrastructure for real pluggable modules.

☞ From Nokia user (unverified) Tue Jul 25 11:56:47 2023

What about WAP version support?

What do you think about add generation WML versions of sites?

From Andrey V. Stolyarov Tue Jul 25 12:15:33 2023

Re: What about WAP version support?

There's no need to add anything like that to Thalassa itself, because actually Thalassa is a (domain-specific) macroprocessor, so it is able to generate whatever texts you want. For example, there's RSS feed on this site, despite there's no special support for RSS in Thalassa, it is solely a question of writing proper configuration files.

As of adding WAP, e.g., to the Smoky template, it might be a good idea, but personally I'm not familiar with WAP and right now I've got higher-priority tasks. Maybe later.