diff mbox series

[v4,09/10] Use lighttpd as a example how to add a dracut module

Message ID 20251022150737.3639891-10-Quirin.Gylstorff@siemens.com
State Changes Requested
Headers show
Series [v4,01/10] add dracut to custom kernel builds | expand

Commit Message

Quirin Gylstorff Oct. 22, 2025, 3:06 p.m. UTC 
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
 .../dracut-example-lighttpd_0.1.bb            | 26 ++++++++++
 .../dracut-example-lighttpd/files/install.sh  | 21 ++++++++
 .../files/lighttpd.conf                       | 52 +++++++++++++++++++
 .../files/lighttpd.service                    | 13 +++++
 .../files/sysuser-lighttpd.conf               |  3 ++
 .../recipes-initramfs/images/isar-dracut.bb   |  3 ++
 6 files changed, 118 insertions(+)
 create mode 100644 meta-isar/recipes-initramfs/dracut-example-lighttpd/dracut-example-lighttpd_0.1.bb
 create mode 100644 meta-isar/recipes-initramfs/dracut-example-lighttpd/files/install.sh
 create mode 100644 meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.conf
 create mode 100644 meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.service
 create mode 100644 meta-isar/recipes-initramfs/dracut-example-lighttpd/files/sysuser-lighttpd.conf

Comments

Jan Kiszka Oct. 22, 2025, 4:08 p.m. UTC | #1 
On 22.10.25 17:06, Quirin Gylstorff wrote:
> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> 

Some words about what we will get? An initramfs that runs a tiny
webserver, right?

> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> ---
>  .../dracut-example-lighttpd_0.1.bb            | 26 ++++++++++
>  .../dracut-example-lighttpd/files/install.sh  | 21 ++++++++
>  .../files/lighttpd.conf                       | 52 +++++++++++++++++++
>  .../files/lighttpd.service                    | 13 +++++
>  .../files/sysuser-lighttpd.conf               |  3 ++
>  .../recipes-initramfs/images/isar-dracut.bb   |  3 ++
>  6 files changed, 118 insertions(+)
>  create mode 100644 meta-isar/recipes-initramfs/dracut-example-lighttpd/dracut-example-lighttpd_0.1.bb
>  create mode 100644 meta-isar/recipes-initramfs/dracut-example-lighttpd/files/install.sh
>  create mode 100644 meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.conf
>  create mode 100644 meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.service
>  create mode 100644 meta-isar/recipes-initramfs/dracut-example-lighttpd/files/sysuser-lighttpd.conf
> 
> diff --git a/meta-isar/recipes-initramfs/dracut-example-lighttpd/dracut-example-lighttpd_0.1.bb b/meta-isar/recipes-initramfs/dracut-example-lighttpd/dracut-example-lighttpd_0.1.bb
> new file mode 100644
> index 00000000..7895e689
> --- /dev/null
> +++ b/meta-isar/recipes-initramfs/dracut-example-lighttpd/dracut-example-lighttpd_0.1.bb
> @@ -0,0 +1,26 @@
> +#
> +# Copyright (c) Siemens AG, 2025
> +#
> +# Authors:
> +#  Quirin Gylstorff <quirin.gylstorff@siemens.com>
> +#
> +# SPDX-License-Identifier: MIT
> +#
> +require recipes-initramfs/dracut-module/dracut-module.inc
> +
> +DEBIAN_DEPENDS:append = ",lighttpd"
> +SRC_URI += "file://install.sh \
> +            file://lighttpd.conf \
> +            file://lighttpd.service \
> +            file://sysuser-lighttpd.conf \
> +            "
> +DRACUT_REQUIRED_BINARIES = "lighttpd"
> +DRACUT_MODULE_DEPENDENCIES = "systemd-network-management"
> +
> +do_install[cleandirs] += "${D}/usr/lib/sysusers.d/"
> +do_install:append() {
> +        install -m 666 ${WORKDIR}/lighttpd.conf ${DRACUT_MODULE_PATH}
> +        install -m 666 ${WORKDIR}/lighttpd.service ${DRACUT_MODULE_PATH}
> +        install -m 666 ${WORKDIR}/sysuser-lighttpd.conf ${D}/usr/lib/sysusers.d/lighttpd.conf

But this config file is not for the dracut building rootfs, it's for the
initramfs, right? Is that installation location a good idea then?

> +}
> +
> diff --git a/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/install.sh b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/install.sh
> new file mode 100644
> index 00000000..e7e50ad4
> --- /dev/null
> +++ b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/install.sh
> @@ -0,0 +1,21 @@
> +install() {
> +        inst_binary /usr/sbin/lighttpd
> +        inst_binary /usr/sbin/lighttpd-angel
> +        inst_binary /usr/sbin/lighttpd-disable-mod
> +        inst_binary /usr/sbin/lighttpd-enable-mod

Can't we generate that? Like HOOK_COPY_EXECS?

> +        inst_multiple -o /usr/lib/lighttpd/*.so
> +        inst_multiple -o /usr/share/lighttpd/*
> +        inst_simple "${moddir}/lighttpd.service" "$systemdsystemunitdir/lighttpd.service"
> +        mkdir -p -m 0700 "$initdir/etc/lighttpd/"
> +        mkdir -p -m 0700 "$initdir/var/cache/lighttpd/compress"
> +        mkdir -p -m 0700 "$initdir/var/cache/lighttpd/uploads"
> +        mkdir -p -m 0700 "$initdir/var/log/lighttpd/"
> +        mkdir -p -m 0755 "$initdir/var/www/html"
> +        /usr/bin/install -m 0644 /usr/share/lighttpd/index.html "$initdir/var/www/html/index.html"
> +        touch "$moddir"/error.log
> +        /usr/bin/install -m 0644 "$moddir"/error.log "$initdir/var/log/lighttpd/error.log"
> +        chown -R www-data:www-data "$initdir/var/log/lighttpd/"
> +        inst_simple "${moddir}/lighttpd.conf" /etc/lighttpd/lighttpd.conf
> +        inst_sysusers lighttpd.conf
> +        systemctl -q --root "$initdir" enable lighttpd

This is a rather complex example. I'm still wondering what of all these
will repeat often enough to maybe simplify the install() functions
people will need to write (or not?) for their modules.

Did you already try to convert some of the isar-cip-core hooks? Those
basically made me create initramfs-hook/hook.inc in the end.

> +}
> diff --git a/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.conf b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.conf
> new file mode 100644
> index 00000000..3a1bb351
> --- /dev/null
> +++ b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.conf
> @@ -0,0 +1,52 @@
> +server.modules = (
> +	"mod_indexfile",
> +	"mod_access",
> +	"mod_alias",
> + 	"mod_redirect",
> +)
> +
> +server.document-root        = "/var/www/html"
> +server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
> +server.errorlog             = "/var/log/lighttpd/error.log"
> +server.pid-file             = "/run/lighttpd.pid"
> +server.username             = "www-data"
> +server.groupname            = "www-data"
> +server.port                 = 80
> +
> +# features
> +#https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_feature-flagsDetails
> +server.feature-flags       += ("server.h2proto" => "enable")
> +server.feature-flags       += ("server.h2c"     => "enable")
> +server.feature-flags       += ("server.graceful-shutdown-timeout" => 5)
> +#server.feature-flags       += ("server.graceful-restart-bg" => "enable")
> +
> +# strict parsing and normalization of URL for consistency and security
> +# https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails
> +# (might need to explicitly set "url-path-2f-decode" = "disable"
> +#  if a specific application is encoding URLs inside url-path)
> +server.http-parseopts = (
> +  "header-strict"           => "enable",# default
> +  "host-strict"             => "enable",# default
> +  "host-normalize"          => "enable",# default
> +  "url-normalize-unreserved"=> "enable",# recommended highly
> +  "url-normalize-required"  => "enable",# recommended
> +  "url-ctrls-reject"        => "enable",# recommended
> +  "url-path-2f-decode"      => "enable",# recommended highly (unless breaks app)
> + #"url-path-2f-reject"      => "enable",
> +  "url-path-dotseg-remove"  => "enable",# recommended highly (unless breaks app)
> + #"url-path-dotseg-reject"  => "enable",
> + #"url-query-20-plus"       => "enable",# consistency in query string
> +)
> +
> +index-file.names            = ( "index.php", "index.html" )
> +url.access-deny             = ( "~", ".inc" )
> +static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
> +
> +# default listening port for IPv6 falls back to the IPv4 port
> +include "/etc/lighttpd/conf-enabled/*.conf"
> +
> +#server.compat-module-load   = "disable"
> +server.modules += (
> +	"mod_dirlisting",
> +	"mod_staticfile",
> +)
> diff --git a/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.service b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.service
> new file mode 100644
> index 00000000..da8c9033
> --- /dev/null
> +++ b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.service
> @@ -0,0 +1,13 @@
> +[Unit]
> +Description=Lighttpd Daemon
> +DefaultDependencies=no
> +
> +[Service]
> +Type=simple
> +PIDFile=/run/lighttpd.pid
> +ExecStartPre=/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf
> +ExecStart=/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf
> +ExecReload=/bin/kill -USR1 $MAINPID
> +Restart=on-failure
> +[Install]
> +WantedBy=sysinit.target
> diff --git a/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/sysuser-lighttpd.conf b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/sysuser-lighttpd.conf
> new file mode 100644
> index 00000000..6507ccf3
> --- /dev/null
> +++ b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/sysuser-lighttpd.conf
> @@ -0,0 +1,3 @@
> +g www-data - -
> +u www-data - - /var/www /usr/sbin/nologin
> +
> diff --git a/meta-isar/recipes-initramfs/images/isar-dracut.bb b/meta-isar/recipes-initramfs/images/isar-dracut.bb
> index 226fdeaa..95739b12 100644
> --- a/meta-isar/recipes-initramfs/images/isar-dracut.bb
> +++ b/meta-isar/recipes-initramfs/images/isar-dracut.bb
> @@ -14,4 +14,7 @@ INITRAMFS_PREINSTALL += " \
>  
>  # Recipes that should be installed into the initramfs build rootfs.
>  INITRAMFS_INSTALL += " \
> +    dracut-example-lighttpd \
>      "
> +
> +DRACUT_EXTRA_MODULES += "example-lighttpd"

We cannot derive a package name from the module name, right? Packages
might be named differently or have multiple modules included?

Jan
Quirin Gylstorff Oct. 23, 2025, 8:19 a.m. UTC | #2 
On 10/22/25 18:08, Jan Kiszka wrote:
> On 22.10.25 17:06, Quirin Gylstorff wrote:
>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>
> 
> Some words about what we will get? An initramfs that runs a tiny
> webserver, right?
> 
I will write something in v5. The intention was to have a complex 
example which contains the most stuff necessary to create a module.

I should also try to document the stuff more.>> Signed-off-by: Quirin 
Gylstorff <quirin.gylstorff@siemens.com>
>> ---
>>   .../dracut-example-lighttpd_0.1.bb            | 26 ++++++++++
>>   .../dracut-example-lighttpd/files/install.sh  | 21 ++++++++
>>   .../files/lighttpd.conf                       | 52 +++++++++++++++++++
>>   .../files/lighttpd.service                    | 13 +++++
>>   .../files/sysuser-lighttpd.conf               |  3 ++
>>   .../recipes-initramfs/images/isar-dracut.bb   |  3 ++
>>   6 files changed, 118 insertions(+)
>>   create mode 100644 meta-isar/recipes-initramfs/dracut-example-lighttpd/dracut-example-lighttpd_0.1.bb
>>   create mode 100644 meta-isar/recipes-initramfs/dracut-example-lighttpd/files/install.sh
>>   create mode 100644 meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.conf
>>   create mode 100644 meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.service
>>   create mode 100644 meta-isar/recipes-initramfs/dracut-example-lighttpd/files/sysuser-lighttpd.conf
>>
>> diff --git a/meta-isar/recipes-initramfs/dracut-example-lighttpd/dracut-example-lighttpd_0.1.bb b/meta-isar/recipes-initramfs/dracut-example-lighttpd/dracut-example-lighttpd_0.1.bb
>> new file mode 100644
>> index 00000000..7895e689
>> --- /dev/null
>> +++ b/meta-isar/recipes-initramfs/dracut-example-lighttpd/dracut-example-lighttpd_0.1.bb
>> @@ -0,0 +1,26 @@
>> +#
>> +# Copyright (c) Siemens AG, 2025
>> +#
>> +# Authors:
>> +#  Quirin Gylstorff <quirin.gylstorff@siemens.com>
>> +#
>> +# SPDX-License-Identifier: MIT
>> +#
>> +require recipes-initramfs/dracut-module/dracut-module.inc
>> +
>> +DEBIAN_DEPENDS:append = ",lighttpd"
>> +SRC_URI += "file://install.sh \
>> +            file://lighttpd.conf \
>> +            file://lighttpd.service \
>> +            file://sysuser-lighttpd.conf \
>> +            "
>> +DRACUT_REQUIRED_BINARIES = "lighttpd"
>> +DRACUT_MODULE_DEPENDENCIES = "systemd-network-management"
>> +
>> +do_install[cleandirs] += "${D}/usr/lib/sysusers.d/"
>> +do_install:append() {
>> +        install -m 666 ${WORKDIR}/lighttpd.conf ${DRACUT_MODULE_PATH}
>> +        install -m 666 ${WORKDIR}/lighttpd.service ${DRACUT_MODULE_PATH}
>> +        install -m 666 ${WORKDIR}/sysuser-lighttpd.conf ${D}/usr/lib/sysusers.d/lighttpd.conf
> 
> But this config file is not for the dracut building rootfs, it's for the
> initramfs, right? Is that installation location a good idea then?
inst_sysuser will use that config and it needs to be in that location.
I will write some documentation or a new hook.

> 
>> +}
>> +
>> diff --git a/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/install.sh b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/install.sh
>> new file mode 100644
>> index 00000000..e7e50ad4
>> --- /dev/null
>> +++ b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/install.sh
>> @@ -0,0 +1,21 @@
>> +install() {
>> +        inst_binary /usr/sbin/lighttpd
>> +        inst_binary /usr/sbin/lighttpd-angel
>> +        inst_binary /usr/sbin/lighttpd-disable-mod
>> +        inst_binary /usr/sbin/lighttpd-enable-mod
> 
> Can't we generate that? Like HOOK_COPY_EXECS?
I will try to adapt that code.>
>> +        inst_multiple -o /usr/lib/lighttpd/*.so
>> +        inst_multiple -o /usr/share/lighttpd/*
>> +        inst_simple "${moddir}/lighttpd.service" "$systemdsystemunitdir/lighttpd.service"
>> +        mkdir -p -m 0700 "$initdir/etc/lighttpd/"
>> +        mkdir -p -m 0700 "$initdir/var/cache/lighttpd/compress"
>> +        mkdir -p -m 0700 "$initdir/var/cache/lighttpd/uploads"
>> +        mkdir -p -m 0700 "$initdir/var/log/lighttpd/"
>> +        mkdir -p -m 0755 "$initdir/var/www/html"
>> +        /usr/bin/install -m 0644 /usr/share/lighttpd/index.html "$initdir/var/www/html/index.html"
>> +        touch "$moddir"/error.log
>> +        /usr/bin/install -m 0644 "$moddir"/error.log "$initdir/var/log/lighttpd/error.log"
>> +        chown -R www-data:www-data "$initdir/var/log/lighttpd/"
>> +        inst_simple "${moddir}/lighttpd.conf" /etc/lighttpd/lighttpd.conf
>> +        inst_sysusers lighttpd.conf
>> +        systemctl -q --root "$initdir" enable lighttpd
> 
> This is a rather complex example. I'm still wondering what of all these
> will repeat often enough to maybe simplify the install() functions
> people will need to write (or not?) for their modules.
> 
> Did you already try to convert some of the isar-cip-core hooks? Those
> basically made me create initramfs-hook/hook.inc in the end.
I haven't start yet. But I should start now the get the hook in a better 
shape.>
>> +}
>> diff --git a/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.conf b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.conf
>> new file mode 100644
>> index 00000000..3a1bb351
>> --- /dev/null
>> +++ b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.conf
>> @@ -0,0 +1,52 @@
>> +server.modules = (
>> +	"mod_indexfile",
>> +	"mod_access",
>> +	"mod_alias",
>> + 	"mod_redirect",
>> +)
>> +
>> +server.document-root        = "/var/www/html"
>> +server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
>> +server.errorlog             = "/var/log/lighttpd/error.log"
>> +server.pid-file             = "/run/lighttpd.pid"
>> +server.username             = "www-data"
>> +server.groupname            = "www-data"
>> +server.port                 = 80
>> +
>> +# features
>> +#https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_feature-flagsDetails
>> +server.feature-flags       += ("server.h2proto" => "enable")
>> +server.feature-flags       += ("server.h2c"     => "enable")
>> +server.feature-flags       += ("server.graceful-shutdown-timeout" => 5)
>> +#server.feature-flags       += ("server.graceful-restart-bg" => "enable")
>> +
>> +# strict parsing and normalization of URL for consistency and security
>> +# https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails
>> +# (might need to explicitly set "url-path-2f-decode" = "disable"
>> +#  if a specific application is encoding URLs inside url-path)
>> +server.http-parseopts = (
>> +  "header-strict"           => "enable",# default
>> +  "host-strict"             => "enable",# default
>> +  "host-normalize"          => "enable",# default
>> +  "url-normalize-unreserved"=> "enable",# recommended highly
>> +  "url-normalize-required"  => "enable",# recommended
>> +  "url-ctrls-reject"        => "enable",# recommended
>> +  "url-path-2f-decode"      => "enable",# recommended highly (unless breaks app)
>> + #"url-path-2f-reject"      => "enable",
>> +  "url-path-dotseg-remove"  => "enable",# recommended highly (unless breaks app)
>> + #"url-path-dotseg-reject"  => "enable",
>> + #"url-query-20-plus"       => "enable",# consistency in query string
>> +)
>> +
>> +index-file.names            = ( "index.php", "index.html" )
>> +url.access-deny             = ( "~", ".inc" )
>> +static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
>> +
>> +# default listening port for IPv6 falls back to the IPv4 port
>> +include "/etc/lighttpd/conf-enabled/*.conf"
>> +
>> +#server.compat-module-load   = "disable"
>> +server.modules += (
>> +	"mod_dirlisting",
>> +	"mod_staticfile",
>> +)
>> diff --git a/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.service b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.service
>> new file mode 100644
>> index 00000000..da8c9033
>> --- /dev/null
>> +++ b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.service
>> @@ -0,0 +1,13 @@
>> +[Unit]
>> +Description=Lighttpd Daemon
>> +DefaultDependencies=no
>> +
>> +[Service]
>> +Type=simple
>> +PIDFile=/run/lighttpd.pid
>> +ExecStartPre=/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf
>> +ExecStart=/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf
>> +ExecReload=/bin/kill -USR1 $MAINPID
>> +Restart=on-failure
>> +[Install]
>> +WantedBy=sysinit.target
>> diff --git a/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/sysuser-lighttpd.conf b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/sysuser-lighttpd.conf
>> new file mode 100644
>> index 00000000..6507ccf3
>> --- /dev/null
>> +++ b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/sysuser-lighttpd.conf
>> @@ -0,0 +1,3 @@
>> +g www-data - -
>> +u www-data - - /var/www /usr/sbin/nologin
>> +
>> diff --git a/meta-isar/recipes-initramfs/images/isar-dracut.bb b/meta-isar/recipes-initramfs/images/isar-dracut.bb
>> index 226fdeaa..95739b12 100644
>> --- a/meta-isar/recipes-initramfs/images/isar-dracut.bb
>> +++ b/meta-isar/recipes-initramfs/images/isar-dracut.bb
>> @@ -14,4 +14,7 @@ INITRAMFS_PREINSTALL += " \
>>   
>>   # Recipes that should be installed into the initramfs build rootfs.
>>   INITRAMFS_INSTALL += " \
>> +    dracut-example-lighttpd \
>>       "
>> +
>> +DRACUT_EXTRA_MODULES += "example-lighttpd"
> 
> We cannot derive a package name from the module name, right? Packages
> might be named differently or have multiple modules included?
Mhm, I look into it but the problem is already in debian that the module 
name does not follow the pacakge name. We could add the convention to Isar:
- the package name must be `dracut-<module-name>`

Quirin>
> Jan
>
diff mbox series

Patch

diff --git a/meta-isar/recipes-initramfs/dracut-example-lighttpd/dracut-example-lighttpd_0.1.bb b/meta-isar/recipes-initramfs/dracut-example-lighttpd/dracut-example-lighttpd_0.1.bb
new file mode 100644
index 00000000..7895e689
--- /dev/null
+++ b/meta-isar/recipes-initramfs/dracut-example-lighttpd/dracut-example-lighttpd_0.1.bb
@@ -0,0 +1,26 @@ 
+#
+# Copyright (c) Siemens AG, 2025
+#
+# Authors:
+#  Quirin Gylstorff <quirin.gylstorff@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+#
+require recipes-initramfs/dracut-module/dracut-module.inc
+
+DEBIAN_DEPENDS:append = ",lighttpd"
+SRC_URI += "file://install.sh \
+            file://lighttpd.conf \
+            file://lighttpd.service \
+            file://sysuser-lighttpd.conf \
+            "
+DRACUT_REQUIRED_BINARIES = "lighttpd"
+DRACUT_MODULE_DEPENDENCIES = "systemd-network-management"
+
+do_install[cleandirs] += "${D}/usr/lib/sysusers.d/"
+do_install:append() {
+        install -m 666 ${WORKDIR}/lighttpd.conf ${DRACUT_MODULE_PATH}
+        install -m 666 ${WORKDIR}/lighttpd.service ${DRACUT_MODULE_PATH}
+        install -m 666 ${WORKDIR}/sysuser-lighttpd.conf ${D}/usr/lib/sysusers.d/lighttpd.conf
+}
+
diff --git a/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/install.sh b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/install.sh
new file mode 100644
index 00000000..e7e50ad4
--- /dev/null
+++ b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/install.sh
@@ -0,0 +1,21 @@ 
+install() {
+        inst_binary /usr/sbin/lighttpd
+        inst_binary /usr/sbin/lighttpd-angel
+        inst_binary /usr/sbin/lighttpd-disable-mod
+        inst_binary /usr/sbin/lighttpd-enable-mod
+        inst_multiple -o /usr/lib/lighttpd/*.so
+        inst_multiple -o /usr/share/lighttpd/*
+        inst_simple "${moddir}/lighttpd.service" "$systemdsystemunitdir/lighttpd.service"
+        mkdir -p -m 0700 "$initdir/etc/lighttpd/"
+        mkdir -p -m 0700 "$initdir/var/cache/lighttpd/compress"
+        mkdir -p -m 0700 "$initdir/var/cache/lighttpd/uploads"
+        mkdir -p -m 0700 "$initdir/var/log/lighttpd/"
+        mkdir -p -m 0755 "$initdir/var/www/html"
+        /usr/bin/install -m 0644 /usr/share/lighttpd/index.html "$initdir/var/www/html/index.html"
+        touch "$moddir"/error.log
+        /usr/bin/install -m 0644 "$moddir"/error.log "$initdir/var/log/lighttpd/error.log"
+        chown -R www-data:www-data "$initdir/var/log/lighttpd/"
+        inst_simple "${moddir}/lighttpd.conf" /etc/lighttpd/lighttpd.conf
+        inst_sysusers lighttpd.conf
+        systemctl -q --root "$initdir" enable lighttpd
+}
diff --git a/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.conf b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.conf
new file mode 100644
index 00000000..3a1bb351
--- /dev/null
+++ b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.conf
@@ -0,0 +1,52 @@ 
+server.modules = (
+	"mod_indexfile",
+	"mod_access",
+	"mod_alias",
+ 	"mod_redirect",
+)
+
+server.document-root        = "/var/www/html"
+server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
+server.errorlog             = "/var/log/lighttpd/error.log"
+server.pid-file             = "/run/lighttpd.pid"
+server.username             = "www-data"
+server.groupname            = "www-data"
+server.port                 = 80
+
+# features
+#https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_feature-flagsDetails
+server.feature-flags       += ("server.h2proto" => "enable")
+server.feature-flags       += ("server.h2c"     => "enable")
+server.feature-flags       += ("server.graceful-shutdown-timeout" => 5)
+#server.feature-flags       += ("server.graceful-restart-bg" => "enable")
+
+# strict parsing and normalization of URL for consistency and security
+# https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails
+# (might need to explicitly set "url-path-2f-decode" = "disable"
+#  if a specific application is encoding URLs inside url-path)
+server.http-parseopts = (
+  "header-strict"           => "enable",# default
+  "host-strict"             => "enable",# default
+  "host-normalize"          => "enable",# default
+  "url-normalize-unreserved"=> "enable",# recommended highly
+  "url-normalize-required"  => "enable",# recommended
+  "url-ctrls-reject"        => "enable",# recommended
+  "url-path-2f-decode"      => "enable",# recommended highly (unless breaks app)
+ #"url-path-2f-reject"      => "enable",
+  "url-path-dotseg-remove"  => "enable",# recommended highly (unless breaks app)
+ #"url-path-dotseg-reject"  => "enable",
+ #"url-query-20-plus"       => "enable",# consistency in query string
+)
+
+index-file.names            = ( "index.php", "index.html" )
+url.access-deny             = ( "~", ".inc" )
+static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
+
+# default listening port for IPv6 falls back to the IPv4 port
+include "/etc/lighttpd/conf-enabled/*.conf"
+
+#server.compat-module-load   = "disable"
+server.modules += (
+	"mod_dirlisting",
+	"mod_staticfile",
+)
diff --git a/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.service b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.service
new file mode 100644
index 00000000..da8c9033
--- /dev/null
+++ b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.service
@@ -0,0 +1,13 @@ 
+[Unit]
+Description=Lighttpd Daemon
+DefaultDependencies=no
+
+[Service]
+Type=simple
+PIDFile=/run/lighttpd.pid
+ExecStartPre=/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf
+ExecStart=/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf
+ExecReload=/bin/kill -USR1 $MAINPID
+Restart=on-failure
+[Install]
+WantedBy=sysinit.target
diff --git a/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/sysuser-lighttpd.conf b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/sysuser-lighttpd.conf
new file mode 100644
index 00000000..6507ccf3
--- /dev/null
+++ b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/sysuser-lighttpd.conf
@@ -0,0 +1,3 @@ 
+g www-data - -
+u www-data - - /var/www /usr/sbin/nologin
+
diff --git a/meta-isar/recipes-initramfs/images/isar-dracut.bb b/meta-isar/recipes-initramfs/images/isar-dracut.bb
index 226fdeaa..95739b12 100644
--- a/meta-isar/recipes-initramfs/images/isar-dracut.bb
+++ b/meta-isar/recipes-initramfs/images/isar-dracut.bb
@@ -14,4 +14,7 @@  INITRAMFS_PREINSTALL += " \
 
 # Recipes that should be installed into the initramfs build rootfs.
 INITRAMFS_INSTALL += " \
+    dracut-example-lighttpd \
     "
+
+DRACUT_EXTRA_MODULES += "example-lighttpd"