Solved The most dumb Web Server available for FreeBSD

[freezr]

Dear All,

I have a pet server that runs a couple of services, one of those is Nginx.

The scope of Nginx is to serve one only (badly made) HTML page, however Nginx is a serious, reliable and well appreciate project, the point is I do not need all its features and power.

I am looking for the most simple web server able to provide static pages only but still compatible with let's encrypt, do you know if there is available anything close to my description on the FreeBSD repo/ports?

Thanks in advance,
tgl

 

[eternal_noob]

If you like programming in C++ i can recommend the ASIO library.
It has an example for an HTTP server. Adding SSL support to that is very easy.

 

[jbo@]

If you like programming in C++ i can recommend the ASIO library.

I wrote an easy-to-use high-level library around that: https://github.com/tectu/malloy
You can get a multi-threaded webserver supporting HTTP, HTTPS, WS & WSS in just a few lines of code.

You may compare the example linked by eternal_noob to this: https://github.com/Tectu/malloy/blob/main/examples/server/ssl/main.cpp

My work was well received by the authors of the underlying boost infrastructure: https://github.com/boostorg/beast/issues/2205#issuecomment-908573504

Producing a ready-to-use webserver with file based configuration similar to apache and nginx would be trivial from here. I just didn't do it yet (feel free to contribute!). Adding a FreeBSD port would be easy too.

 

[SirDice]

I am looking for the most simple web server able to provide static pages only but still compatible with let's encrypt, do you know if there is available anything close to my description on the FreeBSD repo/ports?

Did you have a look at www/lighttpd yet?

 

[Phishfry]

I like how www/lighttpd is minimal but features can be added.
You can have plain http server or add security for external use.
I guess you could say that about all webservers but the lightness is greatly appreciated.
I first studied it with monoWall and then later pfSense.
It was not until FreeBSD did I deploy it at Linode. The URL's people try to pass! Wow. Checkout those logs often.
I also wanna advocate for jails here. Webservers are the single most attacked surface you will probably have.

 

[freezr]

If you like programming in C++ i can recommend the ASIO library.
It has an example for an HTTP server. Adding SSL support to that is very easy.

Nope, I don't know anything about coding or programming... ?

I wrote an easy-to-use high-level library around that: https://github.com/tectu/malloy
You can get a multi-threaded webserver supporting HTTP, HTTPS, WS & WSS in just a few lines of code.

You may compare the example linked by eternal_noob to this: https://github.com/Tectu/malloy/blob/main/examples/server/ssl/main.cpp

My work was well received by the authors of the underlying boost infrastructure: https://github.com/boostorg/beast/issues/2205#issuecomment-908573504

Producing a ready-to-use webserver with file based configuration similar to apache and nginx would be trivial from here. I just didn't do it yet (feel free to contribute!). Adding a FreeBSD port would be easy too.

It looks very interesting but I don't have the knowledge to deal with such project. ?

 

[freezr]

SirDice & Phishfry

My very first intention at the very beginning was using Lighttpd but since the documentation available (especially for DigitalOcean) wasn't very good and I ended up with Nginx.

At this rate I am interested in the most basic web server if it actually does exist, but I may decide to remove entirely the web server and to have a better peace of mind...

 

[kpedersen]

I believe Python has a http(s) server built in:

https://blog.anvileight.com/posts/simple-python-http-server/#python-3-x-1

think of the tiny script as a flexible config file.

Annoyingly I don't think you can access the https features entirely via the command line (i.e $ python -m http.server). If you can forgo your requirement of SSL, then this is very possible.

There is also websocketd (http://websocketd.com/) A trivial static https server (with websocket support). Annoyingly it is written in Google Golang which is a dependency I wouldn't want personally. A cool idea though.

 

[freezr]

kpedersen I like this websocketd I am not sure I would be able to use it, but I will dig into, looks brutally minimalist! ?

 

[Hakaba]

What about quark and stunnel ?

 

[drhowarddrfine]

My current favorite: H2O
Modern. Actively maintained. Easy to use.

 

[freezr]

But are those lesser know HTTP servers compatible with "Let's Encrypt" ?
Apache and Nginx do have modules/plugins to integrate it.

 

[kpedersen]

But are those lesser know HTTP servers compatible with "Let's Encrypt" ?
Apache and Nginx do have modules/plugins to integrate it.

Lets Encrypt is really just a service you can request an SSL certificate (i.e via tools like certbot or anything that talks ACME protocol). So any web server that supports SSL effectively supports Let's Encrypt certificates.

A cron job to update the certificate every couple of weeks and restart the web server is enough "integration" needed I find.

stunnel does support an SSL certificate, so in this case you would be restarting that instead of the server.

Edit: There is also the OpenBSD web server. This is pretty bare bones and simple. I use this for my personal stuff (with the occasional CGI binary). https://cgit.freebsd.org/ports/tree/www/obhttpd

 

[freezr]

Suckless tools suck lesser only if you have the expertise to use them... ?

 

[scottro]

At work, we renew LetsEncrypt through ansible. At home, I'm lazy, and do nothing till they send an email saying it's gonna expire. However, in that email they tell me what to do, I run a really simple command and it's done. (They start like 10 days before it expires, so even if I miss the email that day, I have time.) The command is just

certbot renew >> /var/log/letsencrypt/letsencrypt.log

You probably know the rest of this but just in case.
When you get a certificate, whether LetsEncyrpt's or anyone else's, you edit your web server configuration to point to that cert. So I don't think it's "being compatible" with LetsEncrypt, you simply have to be able to run that renew command (or a cronjob or whatever). If your server, regardless of what you choose, works with SSL, it will work with LetsEncrypt. Then, once you update the cert, you restart the webserver. I'm not familiar with a method using stunnel that @kpederson mentions, but with apache and nginx you restart the webserver

 

[drhowarddrfine]

Forgot to mention Hugo

 

[freezr]

Well thanks to all, a lot stuff under the roof...

Just to summarize for the future:

• AISIO Library
• Malloy
• Lighttpd
• Websocketd
• Quark/Stunnel
• OpenBSD Httpd Server

Not listed above "Simple Python HTTP(S) Server" and Hugo.

 

[richardtoohey2]

Also OpenBSD's httpd server - think there's a port of it for FreeBSD: https://www.freshports.org/www/obhttpd/ (Oh, just noticed it's already been mentioned but didn't make your summary).

If you search for httpd on Freshports there are a few others, too! Spoilt for choice.

 

[freezr]

richardtoohey2 I missed it, thanks!

Actually that was in my target but I didn't know about its availability for FreeBSD, I can already say there I will go... ?

 

[hardworkingnewbie]

Talking about tiny web servers the collection at acme.com comes to mind. I do interpret "compatible with Let's encrypt" as it will do the challenge sent by that. For that it's enough to create a folder by hand, and put a file in there, which normally is done by the ACME client, which means any web server basically can do it.

So smallest, dumbest web server there is micro_httpd, around 200 lines of code in C. If you want to serve HTTPS, you have to put it behind stunnel. But hey, it runs standalone!

Then we've got mini_httpd, which can do SSL by itself and also does IPv6.

And of course THTTPD, the most feature loaden web server of the trio and probably best maintained one since its author is using it in production for acme.com.

Thttpd is part of FreeBSD's software collection, so it can be installed via pkg. Same applies to mini_httpd as well as micro_httpd.

In terms of simplicity and dumbness I guess it will not get much better than micro_httpd with stunnel, unless you want inetd to spawn a HTTP process every time and hand over that part to inetd. In terms of usability I would probably use though mini_httpd, since it does SSL by itself.

BTW smallest webserver EVER to serve just one static file with no other stuff like images, CSS files etc. necessary to load is:

while true; do { echo -e 'HTTP/1.1 200 OK\r\n'; \cat filename.html; } | nc -l 8080; done

PS: in case you want to know how to fight large scale spam, there's also some interesting insight (old, but still good) on that site because the owner of that site got lots of it day by day.

 

[Cath O'Deray]

… most simple web server able to provide static pages only but still compatible with let's encrypt, …

Well thanks to all, a lot stuff under the roof...

Just to summarize for the future: …

Recently ported: www/darkhttpd – "a simple, static web server. No configuration file, no CGI"

• from <https://github.com/emikulic/darkhttpd#readme> and other parts of the repo, I can't tell (sorry) whether it meets your requirement for compatibility with Let's Encrypt
• it probably is a good fit for people going by the subject line, which doesn't mention compatibility.

HTH

 

[freezr]

I bought just out of curiosity the Kindle version of "Relayd and Httpd Mastery" by MWL and Httpd is everything but a dumb and simple server... ?

I needed just a basic http server to manage a bunch of HTML files but know I learn how to create a server that can handle thousand of websites... ?

p.s. actually the book is becoming too much complicated for me and is touching a lot of argument that I will never use... ?

 

[freezr]

Recently ported: www/darkhttpd – "a simple, static web server. No configuration file, no CGI"

• from <https://github.com/emikulic/darkhttpd#readme> and other parts of the repo, I can't tell (sorry) whether it meets your requirement for compatibility with Let's Encrypt
• it probably is a good fit for people going by the subject line, which doesn't mention compatibility.

HTH

This is extreme but it doesn't support SSL/TLS... ?

 

[Deleted member 65380]

Let's Encrypt can spin up its own webserver for renewals, you just need to temporarily stop the existing webserver (sort of, you could leave https being served as LE only needs port 80).

 

[Cath O'Deray]

This is extreme but it doesn't support SSL/TLS... ?

It's extremely simple, maybe it wins the prize? Although I shouldn't use the word dumb

The most dumb Web Server available for FreeBSD

% darkhttpd /usr/local/poudriere/data/logs/bulk/main-default/latest --addr 127.0.0.1
darkhttpd/1.13, copyright (c) 2003-2021 Emil Mikulic.
listening on: http://127.0.0.1:8080/
…

– success