About Archive Tags RSS Feed


Translating my website to Finnish

28 December 2017 21:50

I've now been living in Finland for two years, and I'm pondering a small project to translate my main website into Finnish.

Obviously if my content is solely Finnish it will become of little interest to the world - if my vanity lets me even pretend it is useful at the moment!

The traditional way to do this, with Apache, is to render pages in multiple languages and let the client(s) request their preferred version with Accept-Language:. Though it seems that many clients are terrible at this, and the whole approach is a mess. Pretending it works though we render pages such as:


Then "magic happens", such that the right content is served. I can then do extra-things, like add links to "English" or "Finnish" in the header/footers to let users choose.

Unfortunately I have an immediate problem! I host a bunch of websites on a single machine and I don't want to allow a single site compromise to affect other sites. To do that I run each website under its own Unix user. For example I have the website "steve.fi" running as the "s-fi" user, and my blog runs as "s-blog", or "s-blogfi":

root@www ~ # psx -ef | egrep '(s-blog|s-fi)'
s-blogfi /usr/sbin/lighttpd -f /srv/blog.steve.fi/lighttpd.conf -D
s-blog   /usr/sbin/lighttpd -f /srv/blog.steve.org.uk/lighttpd.conf -D
s-fi     /usr/sbin/lighttpd -f /srv/steve.fi/lighttpd.conf -D

There you can see the Unix user, and the per-user instance of lighttpd which hosts the website. Each instance binds to a high-port on localhost, and I have a reverse proxy listening on the public IP address to route incoming connections to the appropriate back-end instance.

I used to use thttpd but switched to lighttpd to allow CGI scripts to be used - some of my sites are slightly/mostly dynamic.

Unfortunately lighttpd doesn't support multiviews without some Lua hacks which will require rewriting - as the supplied example only handles Accept rather than the language-header I want.

It seems my simplest solution is to switch from having lighttpd on the back-end to running apache2 instead, but I've not yet decided which way to jump.

Food for thought, anyway.

hyvää joulua!



Comments on this entry

icon niq at 11:20 on 28 December 2017

Good that you're using the HTTP standard (as implemented in Apache's Multiviews) rather than some broken hack.

But surely your separation of ownership needs to be between the web server and the site contents, rather than between the different sites? The web server user has no write access anywhere on the filesystem, except perhaps under /tmp. If you have CGI with write privilege, you can use suexec to set the CGI user rather than a whole different server instance!

Or do you have deeper issues, like a persistent SQL connection with a fear of cross-site hijacking bugs? Even there, you can run a connection pool per-virtualhost!

icon Steve Kemp at 11:31 on 28 December 2017

There are two levels there - each server runs chrooted such that the lighttpd processes can't "do much". But also each local user can't see/modify/execute content belonging to other sites.

Really this setup is overkill given that most of the sites don't even have CGI enabled, and I don't run MySQL on this host. Any of the sites that require a database use sqlite.

Anyway yes suexec would be one way to go for dynamic content, and I could have used apache2-mpm-itk too - if that had been available years ago when I set this up.