summaryrefslogtreecommitdiff
path: root/mini_httpd.8
diff options
context:
space:
mode:
Diffstat (limited to 'mini_httpd.8')
-rw-r--r--mini_httpd.8455
1 files changed, 455 insertions, 0 deletions
diff --git a/mini_httpd.8 b/mini_httpd.8
new file mode 100644
index 0000000..8c4695e
--- /dev/null
+++ b/mini_httpd.8
@@ -0,0 +1,455 @@
+.TH mini_httpd 8 "05 October 1999"
+.SH NAME
+mini_httpd - small HTTP server
+.SH SYNOPSIS
+.B mini_httpd
+.RB [ -C
+.IR configfile ]
+.RB [ -p
+.IR port ]
+.RB [ -d
+.IR dir ]
+.RB [ -dd
+.IR data_dir ]
+.RB [ -c
+.IR cgipat ]
+.RB [ -u
+.IR user ]
+.RB [ -h
+.IR hostname ]
+.RB [ -r ]
+.RB [ -v ]
+.RB [ -l
+.IR logfile ]
+.RB [ -i
+.IR pidfile ]
+.RB [ -T
+.IR charset ]
+.RB [ -P
+.IR P3P ]
+.RB [ -M
+.IR maxage ]
+.RB [ -S ]
+.RB [ -E
+.IR certfile ]
+.RB [ -Y
+.IR cipher ]
+.RB [ -D ]
+.RB [ -V ]
+.SH DESCRIPTION
+.PP
+.I mini_httpd
+is a small HTTP server.
+Its performance is not great, but for low or medium traffic sites it's
+quite adequate.
+It implements all the basic features of an HTTP server, including:
+.TP 3
+*
+GET, HEAD, and POST methods.
+.TP 3
+*
+CGI.
+.TP 3
+*
+Basic authentication.
+.TP 3
+*
+Security against ".." filename snooping.
+.TP 3
+*
+The common MIME types.
+.TP 3
+*
+Trailing-slash redirection.
+.TP 3
+*
+index.html, index.htm, index.cgi
+.TP 3
+*
+Directory listings.
+.TP 3
+*
+Multihoming / virtual hosting.
+.TP 3
+*
+Standard logging.
+.TP 3
+*
+Custom error pages.
+.PP
+It can also be configured to do SSL/HTTPS.
+.PP
+mini_httpd was written for a couple reasons.
+One, as an experiment to see just how slow an old-fashioned forking
+web server would be with today's operating systems.
+The answer is, surprisingly, not that slow - on FreeBSD 3.2, mini_httpd
+benchmarks at about 90% the speed of Apache.
+The other main reason for writing mini_httpd was to get a simple
+platform for experimenting with new web server technology, for instance SSL.
+.SH OPTIONS
+.TP
+.B -C
+Specifies a config-file to read.
+All options can be set either by command-line flags or in the config file.
+See below for details.
+.TP
+.B -p
+Specifies an alternate port number to listen on.
+The default is 80.
+The config-file option name for this flag is "port".
+.TP
+.B -d
+Specifies a directory to chdir() to at startup.
+This is merely a convenience - you could just as easily do a cd in the
+shell script that invokes the program.
+The config-file option name for this flag is "dir".
+.TP
+.B -dd
+Specifies a directory to chdir() to after chrooting.
+If you're not chrooting, you might as well do a single chdir() with
+the -d flag.
+If you are chrooting, this lets you put the web files in a subdirectory
+of the chroot tree, instead of in the top level mixed in with the
+chroot files.
+The config-file option name for this flag is "data_dir".
+.TP
+.B -c
+Specifies a wildcard pattern for CGI programs, for instance "**.cgi"
+or "cgi-bin/*".
+The default is no CGI.
+The config-file option name for this flag is "cgipat".
+.TP
+.B -u
+Specifies what user to switch to after initialization when started as root.
+The default is "nobody".
+The config-file option name for this flag is "user".
+.TP
+.B -h
+Specifies a hostname to bind to, for multihoming.
+The default is to bind to all hostnames supported on the local machine.
+The config-file option name for this flag is "host".
+.TP
+.B -r
+Do a chroot() at initialization time, restricting file access
+to the program's current directory.
+See below for details.
+The config-file option names for this flag are "chroot" and "nochroot".
+.TP
+.B -v
+Do virtual hosting.
+See below for details.
+The config-file option name for this flag is "vhost".
+.TP
+.B -l
+Specifies a log file name.
+The default is no logging.
+The config-file option name for this flag is "logfile".
+.TP
+.B -i
+Specifies a file to write the process-id to.
+If no file is specified, no process-id is written.
+You can use this file to send signals to mini_httpd.
+The config-file option name for this flag is "pidfile".
+.TP
+.B -T
+Specifies the character set to use with text MIME types.
+The default is "iso-8859-1".
+The config-file option name for this flag is "charset".
+.TP
+.B -P
+Specifies a P3P server privacy header to be returned with all responses.
+See http://www.w3.org/P3P/ for details.
+Mini_httpd doesn't do anything at all with the string except put it in the
+P3P: response header.
+The config-file option name for this flag is "p3p".
+.TP
+.B -M
+Specifies the number of seconds to be used in a "Cache-Control: max-age"
+header to be returned with all responses.
+An equivalent "Expires" header is also generated.
+The default is no Cache-Control or Expires headers,
+which is just fine for most sites.
+The config-file option name for this flag is "maxage".
+.TP
+.B -S
+If mini_httpd is configured to do SSL/HTTPS, then the -S flag is available
+to enable this feature.
+The config-file option name for this flag is "ssl".
+.TP
+.B -E
+If mini_httpd is configured to do SSL/HTTPS, then you can specify a
+server certificate with this flag.
+You can make a certificate with the command "make cert".
+The default is "mini_httpd.pem" (in the directory where you start mini_httpd).
+The config-file option name for this flag is "certfile".
+.TP
+.B -Y
+If mini_httpd is configured to do SSL/HTTPS, then you can specify a
+cipher set with this flag.
+Examples of cipher sets: "RC4-MD5", "DES-CBC3-SHA", "AES256-SHA".
+The default is to let each browser negotiate ciphers separately, and
+unless you know what you're doing it's best to let them do so.
+The config-file option name for this flag is "cipher".
+.TP
+.B -D
+This was originally just a debugging flag, however it's worth mentioning
+because one of the things it does is prevent mini_httpd from making itself
+a background daemon.
+Instead it runs in the foreground like a regular program.
+This is necessary when you want to run mini_httpd wrapped in a little shell
+script that restarts it if it exits.
+The config-file option name for this flag is "debug".
+.TP
+.B -V
+Shows mini_httpd's version and then exits.
+.SH "CGI"
+.PP
+mini_httpd supports the CGI 1.1 spec.
+.PP
+In order for a CGI program to be run, its name must match the pattern
+you specify with the -c flag
+This is a simple shell-style filename pattern.
+You can use * to match any string not including a slash,
+or ** to match any string including slashes,
+or ? to match any single character.
+You can also use multiple such patterns separated by |.
+The patterns get checked against the filename
+part of the incoming URL.
+Don't forget to quote any wildcard characters so that the shell doesn't
+mess with them.
+.SH "BASIC AUTHENTICATION"
+.PP
+Basic Authentication uses a password file called ".htpasswd", in
+the directory to be protected.
+This file is formatted as the familiar colon-separated
+username/encrypted-password pair, records delimited by newlines.
+The protection does not carry over to subdirectories.
+The utility program htpasswd(1) is included to help create and
+modify .htpasswd files.
+.SH "CHROOT"
+.PP
+chroot() is a system call that restricts the program's view
+of the filesystem to the current directory and directories
+below it.
+It becomes impossible for remote users to access any file
+outside of the initial directory.
+The restriction is inherited by child processes, so CGI programs get it too.
+This is a very strong security measure, and is recommended.
+The only downside is that only root can call chroot(), so this means
+the program must be started as root.
+However, the last thing it does during initialization is to
+give up root access by becoming another user, so this is safe.
+.PP
+Note that with some other web servers, such as NCSA httpd, setting
+up a directory tree for use with chroot() is complicated, involving
+creating a bunch of special directories and copying in various files.
+With mini_httpd it's a lot easier, all you have to do is make sure
+any shells, utilities, and config files used by your CGI programs and
+scripts are available.
+If you have CGI disabled, or if you make a policy that all CGI programs
+must be written in a compiled language such as C and statically linked,
+then you probably don't have to do any setup at all.
+.PP
+However, one thing you should do is tell syslogd about the chroot tree,
+so that mini_httpd can still generate syslog messages.
+Check your system's syslodg man page for how to do this.
+In FreeBSD you would put something like this in /etc/rc.conf:
+.nf
+ syslogd_flags="-l /usr/local/www/data/dev/log"
+.fi
+Substitute in your own chroot tree's pathname, of course.
+Don't worry about creating the log socket, syslogd wants to do that itself.
+(You may need to create the dev directory.)
+In Linux the flag is -a instead of -l, and there may be other differences.
+.SH "MULTIHOMING"
+.PP
+Multihoming means using one machine to serve multiple hostnames.
+For instance, if you're an internet provider and you want to let
+all of your customers have customized web addresses, you might
+have www.joe.acme.com, www.jane.acme.com, and your own www.acme.com,
+all running on the same physical hardware.
+This feature is also known as "virtual hosts".
+There are three steps to setting this up.
+.PP
+One, make DNS entries for all of the hostnames.
+The current way to do this, allowed by HTTP/1.1, is to use CNAME aliases,
+like so:
+.nf
+ www.acme.com IN A 192.100.66.1
+ www.joe.acme.com IN CNAME www.acme.com
+ www.jane.acme.com IN CNAME www.acme.com
+.fi
+However, this is incompatible with older HTTP/1.0 browsers.
+If you want to stay compatible, there's a different way - use A records
+instead, each with a different IP address, like so:
+.nf
+ www.acme.com IN A 192.100.66.1
+ www.joe.acme.com IN A 192.100.66.200
+ www.jane.acme.com IN A 192.100.66.201
+.fi
+This is bad because it uses extra IP addresses, a somewhat scarce resource.
+But if you want people with older browsers to be able to visit your
+sites, you still have to do it this way.
+.PP
+Step two.
+If you're using the modern CNAME method of multihoming, then you can
+skip this step.
+Otherwise, using the older multiple-IP-address method you
+must set up IP aliases or multiple interfaces for the extra addresses.
+You can use ifconfig(8)'s alias command to tell the machine to answer to
+all of the different IP addresses.
+Example:
+.nf
+ ifconfig le0 www.acme.com
+ ifconfig le0 www.joe.acme.com alias
+ ifconfig le0 www.jane.acme.com alias
+.fi
+If your OS's version of ifconfig doesn't have an alias command, you're
+probably out of luck.
+.PP
+Third and last, you must set up mini_httpd to handle the multiple hosts.
+The easiest way is with the -v flag.
+This works with either CNAME multihosting or multiple-IP multihosting.
+What it does is send each incoming request to a subdirectory based on the
+hostname it's intended for.
+All you have to do in order to set things up is to create those subdirectories
+in the directory where mini_httpd will run.
+With the example above, you'd do like so:
+.nf
+ mkdir www.acme.com www.joe.acme.com www.jane.acme.com
+.fi
+If you're using old-style multiple-IP multihosting, you should also create
+symbolic links from the numeric addresses to the names, like so:
+.nf
+ ln -s www.acme.com 192.100.66.1
+ ln -s www.joe.acme.com 192.100.66.200
+ ln -s www.jane.acme.com 192.100.66.201
+.fi
+This lets the older HTTP/1.0 browsers find the right subdirectory.
+.PP
+There's an optional alternate step three if you're using multiple-IP
+multihosting: run a separate mini_httpd process for each hostname, using
+the -h flag to specify which one is which.
+This gives you more flexibility, since you can run each of these processes
+in separate directories or with different options.
+Example:
+.nf
+ ( cd /usr/www ; mini_httpd -h www.acme.com )
+ ( cd /usr/www/joe ; mini_httpd -u joe -h www.joe.acme.com )
+ ( cd /usr/www/jane ; mini_httpd -u jane -h www.jane.acme.com )
+.fi
+But remember, this multiple-process method does not work with CNAME
+multihosting - for that, you must use a single mini_httpd process with
+the -v flag.
+.SH "CUSTOM ERRORS"
+.PP
+mini_httpd lets you define your own custom error pages for the various
+HTTP errors.
+There's a separate file for each error number, all stored in one
+special directory.
+The directory name is "errors", at the top of the web directory tree.
+The error files should be named "errNNN.html", where NNN is the error number.
+So for example, to make a custom error page for the authentication failure
+error, which is number 401, you would put your HTML into the file
+"errors/err401.html".
+If no custom error file is found for a given error number, then the
+usual built-in error page is generated.
+.PP
+If you're using the virtual hosts option, you can also have different
+custom error pages for each different virtual host.
+In this case you put another "errors" directory in the top of that
+virtual host's web tree.
+mini_httpd will look first in the virtual host errors directory, and
+then in the server-wide errors directory, and if neither of those
+has an appropriate error file then it will generate the built-in error.
+.SH "NON-LOCAL REFERERS"
+.PP
+Sometimes another site on the net will embed your image files in their
+HTML files, which basically means they're stealing your bandwidth.
+You can prevent them from doing this by using non-local referer filtering.
+With this option, certain files can only be fetched via a local referer.
+The files have to be referenced by a local web page.
+If a web page on some other site references the files, that fetch will
+be blocked.
+There are three config-file variables for this feature:
+.TP
+.B urlpat
+A wildcard pattern for the URLs that should require a local referer.
+This is typically just image files, sound files, and so on.
+For example:
+.nf
+ urlpat=**.jpg|**.gif|**.au|**.wav
+.fi
+For most sites, that one setting is all you need to enable referer filtering.
+.TP
+.B noemptyreferers
+By default, requests with no referer at all, or a null referer, or a
+referer with no apparent hostname, are allowed.
+With this variable set, such requests are disallowed.
+.TP
+.B localpat
+A wildcard pattern that specifies the local host or hosts.
+This is used to determine if the host in the referer is local or not.
+If not specified it defaults to the actual local hostname.
+.SH SIGNALS
+.PP
+mini_httpd will terminate cleanly upon receipt of a number of different
+signals, which you can send via the standard Unix kill(1) command.
+Any of SIGTERM, SIGINT, or SIGUSR1 will do the trick.
+All requests in progress will be completed.
+The network socket used to accept new connections gets
+closed immediately, which means a fresh mini_httpd can be started up
+right away.
+This is convenient when you're rotating your log files.
+.PP
+In addition, a SIGHUP will attempt to close and re-open the log file.
+This is a little tricky to set up correctly, for instance if you are using
+chroot() then the log file must be within the chroot tree, but it's
+definitely doable.
+.SH CERTIFICATES
+.PP
+If you're going to serve SSL/HTTPS you will need a server certificate.
+There are a bunch of companies that will issue one for you; see the
+lists at http://www.apache-ssl.org/#Digital_Certificates and
+http://www.modssl.org/docs/2.4/ssl_faq.html#ToC23
+.PP
+You can also create one for yourself, using the openssl tool.
+Step one - create the key and certificate request:
+.nf
+ openssl req -new > cert.csr
+.fi
+Step two - remove the passphrase from the key:
+.nf
+ openssl rsa -in privkey.pem -out key.pem
+.fi
+Step three - convert the certificate request into a signed certificate:
+.nf
+ openssl x509 -in cert.csr -out cert.pem -req -signkey key.pem -days 365
+.fi
+This creates four files.
+The ones you want are cert.pem and key.pem.
+You don't need cert.csr and privkey.pem, and may remove them.
+.SH "SEE ALSO"
+htpasswd(1), weblog_parse(1), http_get(1)
+.SH AUTHOR
+Copyright © 1999,2000 by Jef Poskanzer <jef@mail.acme.com>. All rights reserved.
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-19 02:34:41 +0000