You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
359 lines
9.2 KiB
Markdown
359 lines
9.2 KiB
Markdown
10 years ago
|
|
||
|
This is a simple http server for pure static content. You
|
||
|
can use it to serve the content of a ftp server via http for
|
||
|
example. It is also nice to export some files the quick way
|
||
|
by starting a http server in a few seconds, without editing
|
||
|
some config file first.
|
||
|
|
||
|
It uses sendfile() and knows how to use sendfile on linux and FreeBSD.
|
||
|
Adding other systems shouldn't be difficult. To use it with linux
|
||
|
you'll need a 2.2.x kernel and glibc 2.1.
|
||
|
|
||
|
There is some sendfile emulation code which uses a userland bounce
|
||
|
buffer, this allows to compile and use webfs on systems without
|
||
|
sendfile().
|
||
|
|
||
|
|
||
|
Features/Design:
|
||
|
================
|
||
|
|
||
|
* single process: select() + non-blocking I/O.
|
||
|
* trimmed to use as few system calls as possible per request.
|
||
|
* use sendfile to avoid copying data to userspace.
|
||
|
* optional thread support. Every thread has its own select
|
||
|
loop then (compile time option, off by default, edit the
|
||
|
Makefile to turn it on).
|
||
|
* automatically generates directory listings when asked for a
|
||
|
directory (check for index.html available as option), caches
|
||
|
the listings.
|
||
|
* no config file, just a few switches. Try "webfsd -h" for a
|
||
|
list, check the man page for a more indepth description.
|
||
|
* Uses /etc/mime.types to map file extentions to mime/types.
|
||
|
* Uses normal unix access rights, it will deliver every regular
|
||
|
file it is able to open for reading. If you want it to serve
|
||
|
public-readable files only, make sure it runs as nobody/nogroup.
|
||
|
* supports keep-alive and pipelined requests.
|
||
|
* serves byte ranges.
|
||
|
* supports virtual hosts.
|
||
|
* supports ipv6.
|
||
|
* optional logging in common log file format.
|
||
|
* optional error logging (to syslog / stderr).
|
||
|
* limited CGI support (GET requests only).
|
||
|
* optional SSL support.
|
||
|
|
||
|
|
||
|
Plans/BUGS/TODO
|
||
|
===============
|
||
|
|
||
|
* figure out why the acroread plugin doesn't like my
|
||
|
multipart/byteranges responses.
|
||
|
* benchmarking / profiling.
|
||
|
|
||
|
Don't expect much more features. I want to keep it small and
|
||
|
simple. It is supported to serve just files and to do this in a good
|
||
|
and fast way. It is supposed to be HTTP/1.1 (RfC 2068) compliant.
|
||
|
Conditional compliant as there is no entity tag support.
|
||
|
|
||
|
|
||
|
Compile/Install
|
||
|
===============
|
||
|
|
||
|
$ make
|
||
|
$ su -c "make install"
|
||
|
|
||
|
See INSTALL for more details.
|
||
|
|
||
|
|
||
|
Tuning
|
||
|
======
|
||
|
|
||
|
The default for the number of parallel connections is very low (32),
|
||
|
you might have to raise this.
|
||
|
|
||
|
You probably don't get better performance by turning on threads. For
|
||
|
static content I/O bandwidth is the bottleneck. My box easily fills
|
||
|
up the network bandwidth while webfsd uses less than 10% CPU time
|
||
|
(Pentium III/450 MHz, Fast Ethernet, Tulip card).
|
||
|
|
||
|
You might win with threads if you have a very fast network connection
|
||
|
and a lot of traffic. The sendfile() system call blocks if it has to
|
||
|
read from harddisk. While one thread waits for data in sendfile(),
|
||
|
another can keep the network card busy. You'll probably get best
|
||
|
results with a small number of threads (2-3) per CPU.
|
||
|
|
||
|
Enough RAM probably also helps to speed up things. Although webfs
|
||
|
itself will not need very much memory, your kernel will happily use
|
||
|
the memory as cache for the data sent out via sendfile().
|
||
|
|
||
|
I have no benchmark numbers for webfsd.
|
||
|
|
||
|
|
||
|
Security
|
||
|
========
|
||
|
|
||
|
I can't guarantee that there are no security flaws. If you find one,
|
||
|
report it as a bug. I've done my very best while writing webfsd, I hope
|
||
|
there are no serious bugs like buffer overflows (and no other bugs of
|
||
|
course...). If webfsd dumps core, you /have/ a problem; this really
|
||
|
shouldn't happen.
|
||
|
|
||
|
Don't use versions below 1.20, there are known security holes.
|
||
|
|
||
|
|
||
|
Changes in 1.21
|
||
|
===============
|
||
|
|
||
|
* large file support.
|
||
|
* s/sprintf/snprintf/ in some places.
|
||
|
* changed timestamp handling, webfs doesn't attempt to parse them
|
||
|
any more but does a strcmp of rfc1123 dates.
|
||
|
* access log uses local time not GMT now.
|
||
|
* some ssl/cgi cleanups (based on patches from Ludo Stellingwerff).
|
||
|
* misc fixes.
|
||
|
|
||
|
|
||
|
Changes in 1.20
|
||
|
===============
|
||
|
|
||
|
* CGI pipe setup bugfix.
|
||
|
* Don't allow ".." as hostname (security hole with vhosts enabled).
|
||
|
* fix buffer overflow in ls.c with very long file names.
|
||
|
* misc other fixes / cleanups.
|
||
|
|
||
|
|
||
|
Changes in 1.19
|
||
|
===============
|
||
|
|
||
|
* documentation spell fixes (Ludo Stellingwerff).
|
||
|
* added missing items (last two) to the 1.18 Changes notes
|
||
|
(pointed out by Jedi/Sector One <j@pureftpd.org>).
|
||
|
* Makefile changes.
|
||
|
* finished user home-directory support.
|
||
|
|
||
|
|
||
|
Changes in 1.18
|
||
|
===============
|
||
|
|
||
|
* added -j switch.
|
||
|
* compile fixes for the threaded version.
|
||
|
* use accept filters (FreeBSD).
|
||
|
* shuffled around access log locks.
|
||
|
* added optional SSL support (based on patches by
|
||
|
Ludo Stellingwerff <ludo@jonkers.nl>).
|
||
|
* run only the absolute needed code with root privileges
|
||
|
(bind+chroot) if installed suid-root.
|
||
|
* Makefile tweaks.
|
||
|
* fixed buffer overflow in request.c
|
||
|
* started user home-directory support.
|
||
|
|
||
|
|
||
|
Changes in 1.17
|
||
|
===============
|
||
|
|
||
|
* fix bug in request cleanup code (didn't cleanup properly after
|
||
|
byte-range requests, thus making webfsd bomb out on non-range
|
||
|
requests following a byte-range request on the same keep-alive
|
||
|
connection).
|
||
|
|
||
|
|
||
|
Changes in 1.16
|
||
|
===============
|
||
|
|
||
|
* fix bug in %xx handling (adding CGI support broke this).
|
||
|
|
||
|
|
||
|
Changes in 1.14
|
||
|
===============
|
||
|
|
||
|
* allways use Host: supplied hostname if needed (redirect, ...).
|
||
|
* added -4 / -6 switches.
|
||
|
* Added CGI support (GET requests only).
|
||
|
* compile fix for OpenBSD
|
||
|
|
||
|
|
||
|
Changes in 1.13
|
||
|
===============
|
||
|
|
||
|
* fixed a bug in Basic authentication.
|
||
|
|
||
|
|
||
|
Changes in 1.11
|
||
|
===============
|
||
|
|
||
|
* bumped the version number this time :-)
|
||
|
* small freebsd update (use strmode).
|
||
|
* added -e switch.
|
||
|
|
||
|
|
||
|
Changes in 1.10
|
||
|
===============
|
||
|
|
||
|
* fixed byte rage header parser to deal correctly with 64bit off_t.
|
||
|
|
||
|
|
||
|
Changes in 1.9
|
||
|
==============
|
||
|
|
||
|
* added pidfile support.
|
||
|
|
||
|
|
||
|
Changes in 1.8
|
||
|
==============
|
||
|
|
||
|
* added TCP_CORK support.
|
||
|
|
||
|
|
||
|
Changes in 1.7
|
||
|
==============
|
||
|
|
||
|
* one more security fix (drop secondary groups).
|
||
|
* catch malloc() failures in ls.c.
|
||
|
|
||
|
|
||
|
Changes in 1.6
|
||
|
==============
|
||
|
|
||
|
* security fix (parsing option '-n' did unchecked strcpy).
|
||
|
* documentation updates.
|
||
|
|
||
|
|
||
|
Changes in 1.5
|
||
|
==============
|
||
|
|
||
|
* fixed the sloppy usage of addrlen for the ipv6 name lookup
|
||
|
functions. Linux worked fine, but the BSD folks have some
|
||
|
more strict checks...
|
||
|
* allow to write the access log to stdout (use "-" as filename)
|
||
|
|
||
|
|
||
|
Changes in 1.4
|
||
|
==============
|
||
|
|
||
|
* fixed a bug in the base64 decoder (which broke basic auth for some
|
||
|
user/passwd combinations)
|
||
|
* added virtual host support.
|
||
|
* webfsd can chroot to $DOCUMENT_ROOT now.
|
||
|
|
||
|
|
||
|
Changes in 1.3
|
||
|
==============
|
||
|
|
||
|
* overwrite the -b user:pw command line option to hide the password
|
||
|
(doesn't show up in ps anymore)
|
||
|
|
||
|
|
||
|
Changes in 1.2
|
||
|
==============
|
||
|
|
||
|
* added ipv6 support.
|
||
|
* bugfix in logfile timestamps.
|
||
|
|
||
|
|
||
|
Changes in 1.1
|
||
|
==============
|
||
|
|
||
|
* added basic authentication (one username/password for all files)
|
||
|
|
||
|
|
||
|
Changes in 1.0
|
||
|
==============
|
||
|
|
||
|
* added some casts to compile cleanly on Solaris.
|
||
|
* new -F flag (don't run as daemon).
|
||
|
|
||
|
|
||
|
Changes in 0.9
|
||
|
==============
|
||
|
|
||
|
* fixed a quoting bug.
|
||
|
* documentation updates, minor tweaks.
|
||
|
|
||
|
|
||
|
Changes in 0.8
|
||
|
==============
|
||
|
|
||
|
* fixed a bug in the directory cache.
|
||
|
* fixed uncatched malloc()/realloc() failures.
|
||
|
* added optional pthreads support. Edit the Makefile to turn
|
||
|
it on.
|
||
|
|
||
|
|
||
|
Changes in 0.7
|
||
|
==============
|
||
|
|
||
|
* some portability problems fixed (0.6 didn't compile on FreeBSD).
|
||
|
* added a sendfile() emulation based on read()/write() as fallback
|
||
|
if there is no sendfile() available.
|
||
|
* bugfix: '#' must be quoted too...
|
||
|
|
||
|
|
||
|
Changes in 0.6
|
||
|
==============
|
||
|
|
||
|
* increased the listen backlog.
|
||
|
* optionally flush every logfile line to disk.
|
||
|
* new switch to specify the location of the mime.types file.
|
||
|
* byte range bug fixes.
|
||
|
* switch for the hostname has been changed ('-s' => '-n').
|
||
|
* optional log errors to the syslog (switch '-s').
|
||
|
* added sample start/stop script for RedHat.
|
||
|
|
||
|
|
||
|
Changes in 0.5
|
||
|
==============
|
||
|
|
||
|
* FreeBSD port (Charles Randall <crandall@matchlogic.com>)
|
||
|
* minor tweaks and spelling fixes.
|
||
|
|
||
|
|
||
|
Changes in 0.4
|
||
|
==============
|
||
|
|
||
|
* last-modified headers (and 304 responses) for directory listings.
|
||
|
* new switch: -f index.html (or whatever you want to use for
|
||
|
directory indices)
|
||
|
* killed the access() system calls in the ls() function.
|
||
|
* added cache for user/group names.
|
||
|
* wrote a manual page.
|
||
|
|
||
|
|
||
|
Changes in 0.3
|
||
|
==============
|
||
|
|
||
|
* multipart/byteranges improved: You'll get a correct Content-length:
|
||
|
header for the whole thing, and we can handle keep-alive on these
|
||
|
requests now.
|
||
|
* bugfix: catch accept() failures.
|
||
|
* bugfix: quote the path in 302 redirect responses.
|
||
|
* accept absolute URLs ("GET http://host/path HTTP/1.1")
|
||
|
* fixed handling of conditional GET requests (hope it is RFC-Compilant
|
||
|
now...).
|
||
|
* bugfix: '+' must be quoted using %xx.
|
||
|
|
||
|
|
||
|
Changes in 0.2
|
||
|
==============
|
||
|
|
||
|
* added URL quoting.
|
||
|
* root can set uid/gid now.
|
||
|
* webfs ditches any setuid/setgid priviliges after binding to the
|
||
|
TCP port by setting effective to real uid/gid. It should be safe
|
||
|
to install webfsd suid root to allow users to use ports below
|
||
|
1024 (and _only_ this of course). If anyone finds a flaw in this
|
||
|
code drop me a note.
|
||
|
* more verbose directory listing.
|
||
|
* added logging. It does the usual logfile reopen on SIGHUP.
|
||
|
|
||
|
|
||
|
Changes in 0.1
|
||
|
==============
|
||
|
|
||
|
* first public release.
|
||
|
|
||
|
|
||
|
Have fun,
|
||
|
Gerd
|
||
|
|
||
|
--
|
||
|
Gerd Knorr <kraxel@bytesex.org>
|