Re: bozohttpd: user.domain URL (instead of ~user)
On Sun, May 01, 2022 at 12:22:36PM +, RVP wrote: > $ ln -sf "http://x202e.localdomain/~rvp; .bzabsredirect Thanks for the hint. I tried the following: In /var/www/virtual (passed as -v to httpd) ln -s ~user/public_html user.domain This seemed to work for URL http://user.domain I did not need .bzabsredirect Also moved the main site under /var/www/virtual/domain Hope this is workable. -- Mayuresh
Re: bozohttpd: user.domain URL (instead of ~user)
Is there any way in bozohttpd to redirect a URL of "user.domain" form to a user specific directory - (just like how domain/~user is). Will this do: virtual hosting + .bzabsredirect ? $ tail -n2 /etc/hosts 192.168.68.171 x202e.localdomain x202e 192.168.68.171 rvp.localdomain rvp $ mkdir ~/public_html $ mkdir /tmp/www /tmp/vroot $ cd /tmp/vroot $ mkdir rvp.localdomain; cd rvp.localdomain $ ln -sf "http://x202e.localdomain/~rvp; .bzabsredirect # bozohttpd -f -H -s -u -X -v /tmp/vroot /tmp/www $ curl -s http://rvp.localdomain/ Document Moved Document Moved This document had moved http://x202e.localdomain/~rvp;>here $ -RVP
bozohttpd: user.domain URL (instead of ~user)
Is there any way in bozohttpd to redirect a URL of "user.domain" form to a user specific directory - (just like how domain/~user is). Best if it generically works for all users, but even if a per user setting is required it would work for me for now. -- Mayuresh
Re: How to bind bozohttpd / inetd to port 8080?
Hi, Am 18.12.2021 um 11:47 schrieb Ignatios Souvatzis: On Sat, Dec 18, 2021 at 11:34:12AM +0100, Matthias Petermann wrote: I am currently trying to have bozohttpd listen on port 8080 instead of port 80 via inetd. In /etc/services there is an entry "http-alt" for this. yes, but in the distributed version there are two others (591 and 8008), both for TCP and UDP. I guess you'll have to edit your /etc/services and put comment signs before the two you don't want. Regards, -is You are right: ``` extranet$ getent services http-alt http-alt591/tcp ``` I had not counted on that - thanks for the tip :-) There were to more (8008) and after commenting them out it looks good: ``` extranet$ doas vi /etc/services extranet$ doas services_mkdb extranet$ getent services http-alt http-alt 8080/tcp ``` Many greetings Matthias
Re: How to bind bozohttpd / inetd to port 8080?
Hi, On Sat, Dec 18, 2021 at 11:34:12AM +0100, Matthias Petermann wrote: > > I am currently trying to have bozohttpd listen on port 8080 instead of port > 80 via inetd. > > In /etc/services there is an entry "http-alt" for this. yes, but in the distributed version there are two others (591 and 8008), both for TCP and UDP. I guess you'll have to edit your /etc/services and put comment signs before the two you don't want. Regards, -is
How to bind bozohttpd / inetd to port 8080?
Hello all, I am currently trying to have bozohttpd listen on port 8080 instead of port 80 via inetd. In /etc/services there is an entry "http-alt" for this. However, when I set in the /etc/inetd.conf: ``` http-altstream tcp nowait:600 _httpd /usr/libexec/httpd httpd -L wol /var/www/wol.lua /var/www ``` ...I still cannot access port 8080. Starting inetd in Debug mode shows: ``` extranet$ doas inetd -d /etc/inetd.conf ADD : http-alt proto=tcp, wait.max=0.600, user:group=_httpd:(null) builtin=0 server=/usr/libexec/httpd policy= registered /usr/libexec/httpd on 6 ``` Did I miss something? If it matters, it is NetBSD 9.2_STABLE. Many greetings Matthias
Re: Python flask app behind bozohttpd vs separate webserver for app
On Sun, May 17, 2020 at 04:34:46PM +0530, Mayuresh wrote: > gunicorn has an option to drop privileges to normal user, but it does so > `too soon', i.e. it can't then read the certificate and key files. If > that's the case why would one ever need to start it as root anyway and > what's the use of the option to drop privileges is unclear. For records, I finally gave read permissions to the app user to read the cert/key files - didn't want to do that as far as possible, but couldn't find any other way. Adopted gunicorn server running on a different port along side bozohttpd instead of attempting to reverse proxy. Mayuresh
Re: Python flask app behind bozohttpd vs separate webserver for app
On Sat, May 16, 2020 at 10:54:03PM +0530, Mayuresh wrote: > I have to start gunicorn as root so that it can get access to certificate > files, but run the worker process as a non root user which is an option > provided by gunicorn. gunicorn has an option to drop privileges to normal user, but it does so `too soon', i.e. it can't then read the certificate and key files. If that's the case why would one ever need to start it as root anyway and what's the use of the option to drop privileges is unclear. Seems a known issue already: https://github.com/benoitc/gunicorn/issues/1404 Mayuresh
Re: Python flask app behind bozohttpd vs separate webserver for app
On Sat, May 16, 2020 at 11:30 PM Mayuresh wrote: > > On Sat, May 16, 2020 at 03:56:47PM -0400, matthew sporleder wrote: > > Just use apache :) bozo has no proxy capabilities. > > I can invoke a Flask service from a cgi script using wget/curl - no? > (Haven't yet tried.) > > Apache looks a monster to me and I don't need majority of what it offers. > > Mayuresh FWIW I wrote the initial version of this: https://cwiki.apache.org/confluence/display/HTTPD/Minimal+Config and at my job will run zero config apache on docker with just appending -c's to the CMD.. With mpm_event, the minimal config, and whatever you need (mod_proxy_uwsgi etc) you can live, easily, inside of a few MB and run high performance.
Re: Python flask app behind bozohttpd vs separate webserver for app
On Sat, May 16, 2020 at 03:56:47PM -0400, matthew sporleder wrote: > Just use apache :) bozo has no proxy capabilities. I can invoke a Flask service from a cgi script using wget/curl - no? (Haven't yet tried.) Apache looks a monster to me and I don't need majority of what it offers. Mayuresh
Python flask app behind bozohttpd vs separate webserver for app
I have a setup where NetBSD's native bozohttpd serves certain static contents. It uses https and basic auth and the setup is pretty stable. There are some small pieces of requirements to add some python web apps developed using Flask. The app needs to use the same authentication data used by the basic setup above. Fortunately that turns out to be easy. Now I have two options: Option 1: Run a separate instance of a python based web server such as gunicorn on a separate port for the apps and use bozohttpd for static contents. I have to start gunicorn as root so that it can get access to certificate files, but run the worker process as a non root user which is an option provided by gunicorn. One problem with this is, I don't get the environment variables right this way. There are ways to feed those into gunicorn, but that would amount to replicating my rc scripts that elaborately define the environment. Option 2: Run python web server on localhost and via bozohttpd cgi route the requests/responses to/from it. There may be slight overhead of this, but it's not a performance critical application. I can also use a simple http and Flask's simple builtin server internally as it is not exposed to the internet. Would appreciate any comments / pros and cons etc. Mayuresh
Re: authentication scheme to share password between bozohttpd and asterisk
On Tue, Apr 28, 2020 at 06:20:44PM +0300, Pierre-Philipp Braun wrote: > How is authentication handled on Asterisk's side? And if that's WebRTC, > could a reverse proxy take care of it in the middle? Not sure, does it mean modifying with asterisk's webrtc server? > A original way to approach the problem would be to go for something even > better -- I think -- than SSO, namely plain and simple PKI. You setup a > private CA, sign a few client certificates, deliver those to your users' > workstations, and they won't have to bother with passwords anymore, > while being authenticated by that client certificate. Yes, quite convenient, not sure if bozohttpd supports. Also, I am doing this for largely non-tech users, though. Have to see whether it will be easy enough to administer installation of certificates at their end. > Bozohttpd seems to support SSL but probably only for the server side. I > hope you did enable SSL by the way, since Basic HTTP auth sends the > password in clear, no matter what hash function you're using to store > the passwords. Digest would be preferred, if supported. Yes, taken care of using SSL when using basic auth. > Besides, I've had good experiences with Jitsi Meet which is essentially > providing video conferencing facilities, I don't know however how hard > it would be to package it for NetBSD. Yes, my server runs NetBSD, so it may have to start with a wip project... But I am curious about the following line in the documentation. Asterisk works pretty well with NAT with the client using STUN. Is that not the case with Jitsi? https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md "Jitsi Videobridge can run behind a NAT, provided that both required ports are routed (forwarded) to the machine that it runs on. By default these ports are TCP/4443 and UDP/1" Besides, dialplan etc in asterisk are quite flexible. Not sure whether jitsi has. Mayuresh
Re: authentication scheme to share password between bozohttpd and asterisk
Whenever I open up use of sip/webrtc to users, as far as possible I don't want them to be bothered with yet another password and preferably not even ask to enter the same password when using the webrtc app. How is authentication handled on Asterisk's side? And if that's WebRTC, could a reverse proxy take care of it in the middle? A original way to approach the problem would be to go for something even better -- I think -- than SSO, namely plain and simple PKI. You setup a private CA, sign a few client certificates, deliver those to your users' workstations, and they won't have to bother with passwords anymore, while being authenticated by that client certificate. Bozohttpd seems to support SSL but probably only for the server side. I hope you did enable SSL by the way, since Basic HTTP auth sends the password in clear, no matter what hash function you're using to store the passwords. Digest would be preferred, if supported. In any case, one could consider using the same SSL engine + PKI authentication end-point + reverse-proxy for both Asterisk and HTTP. You will need hardware accelerated SSL to handle 15+ users at once, esp. for video streams. Besides, I've had good experiences with Jitsi Meet which is essentially providing video conferencing facilities, I don't know however how hard it would be to package it for NetBSD. -- Pierre-Philipp
authentication scheme to share password between bozohttpd and asterisk
I have a separate thread going on to setup webrtc with asterisk on NetBSD8. I have an existing website that uses stock bozohttpd on NetBSD. It uses .htpasswd aka basic authentication. The passwords are stored using blowfish encryption. Whenever I open up use of sip/webrtc to users, as far as possible I don't want them to be bothered with yet another password and preferably not even ask to enter the same password when using the webrtc app. Firstly asterisk doesn't seem to support blowfish. It supports md5, which bozohttpd also does (I guess). So I may have to have all passwords reset once - which is not so good, but acceptable. That may solve the `no 2 passwords' requirement. But I'd prefer not to prompt for a password for asterisk if the user has reached the landing page of webrtc app with basic auth. That seems difficult, as browser will have to send the credentials to asterisk directly. [I can possibly have a separate asterisk password which I can return to the browser to let it send it to asterisk, but that may be somewhat insecure.] Mayuresh
Re: bozohttpd letsencrypt not working with firefox/chrome
On Sun, Jun 09, 2019 at 08:38:39PM +0530, Mayuresh wrote: > It's a bit strange, but with https enabled, "index.html" is returned by > default only for the home page, when the URL doesn't specify it. For all > other pages, different browsers give different errors. Some versions of > firefox actually work (may be by trying to suffix index.html themselves). Giving -x index.html option (which I think should not be required) the problem is solved. Bug? Mayuresh
Re: bozohttpd letsencrypt not working with firefox/chrome
On Sun, Jun 09, 2019 at 08:09:21PM +0530, Mayuresh wrote: > Ok, I need -z. Thanks[1]. It's a bit strange, but with https enabled, "index.html" is returned by default only for the home page, when the URL doesn't specify it. For all other pages, different browsers give different errors. Some versions of firefox actually work (may be by trying to suffix index.html themselves). With explicit index.html all pages work in all browsers. Is that having some reasoning or is it a bug? Mayuresh
Re: bozohttpd letsencrypt not working with firefox/chrome
On Sun, Jun 09, 2019 at 08:01:23PM +0530, Mayuresh wrote: > I have started httpd with -Z option. Ok, I need -z. Thanks[1]. [1] https://atomicules.co.uk/2017/07/21/Now-serving-https-as-well.html Mayuresh
bozohttpd letsencrypt not working with firefox/chrome
I am trying to httpsize a NetBSD 8.1 based website. Got the certificate from letsencrypt using security/py-certbot I have started httpd with -Z option. When accessing this site firefox says: An error occurred during a connection to flowervalleywanawadi.in. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP Tried chrome on android, it says: server sent an invalid response ERR_INVALID_REDIRECT On the other hand, a stock browser on mobile phone is able to connect with the site with no error! What could the way out? Mayuresh
Re: bozohttpd .htpasswd basic auth being non recursive
On Sat, Jun 01, 2019 at 08:53:56AM +0200, Martin Husemann wrote: > I am using a .bzremap file to map the externally visible url to that > /some/internal/dir/my-cgi.pl url. In this case the -c option should point to externally visible url or /some/internal/dir? And is cgi-bin directory required under /some/internal/dir? I tried a few things though haven't got it to work. (Normal file remap worked, not cgi as yet.) Mayuresh
Re: bozohttpd .htpasswd basic auth being non recursive
On 01 Jun 2019, mayur...@acm.org wrote: > On Sat, Jun 01, 2019 at 08:33:42AM +0100, Mark Carroll wrote: >> I'm running lighttpd on NetBSD, also hosting DokuWiki. Seems great so >> far, > > Thanks for sharing first hand experience. My requirement is also like > yours - simple hardware, not too many concurrent users (may be in single > digit max). > > What sort of auth did you use? (This will make more sense once you've glanced over lighttpd's config file structure but,) I start out the configuration with having url.access-allow permit nothing then I protect subdirectories based on users and passwords. I have some HTTPS setup setting ssl.pemfile, ssl.cipher-list, etc. then within a $HTTP["scheme"] == "https" block I set auth.backend and auth.backend.htdigest.userfile and have stuff like, auth.require = ( "/some/subdirectory/" => ("method" => "digest", "realm" => "some-realm", "require" => "valid-user", ), then still in that "https" block I write some inner $HTTP["url"] =~ "^/some/URL/regex" blocks that set url.access-allow for whatever file extensions I want to permit in them. For that htdigest userfile I set it was just a case of putting the hashes of the users, passwords, realms line-by-line. I didn't attempt to integrate with DokuWiki's authentication so for the more sensitive areas of the wiki people have to go through two layers but they haven't complained, I suppose their browsers just remember it all anyway for them. (I don't want to get my wiki access substructure mixed into my web server access stuff!) It's highly likely that I just tweaked existing official examples because porting my whole configuration took no more than a few hours then I spent a bit of time another day getting the HTTPS all green in the usual online server checking sites. The lighttpd official docs are quite reasonable, I don't remember having to dig up secret knowledge or being long frustrated by mysterious behaviors or having to read over the whole manual three times. The main thing for me is just remembering to include enough of /var/ among critical_filesystems_local so I get to see logs at all. (-: (I tend to put things that might grow plenty onto separate partitions.) -- Mark
Re: bozohttpd .htpasswd basic auth being non recursive
On Sat, Jun 01, 2019 at 01:11:53PM +0530, Mayuresh wrote: > On Sat, Jun 01, 2019 at 09:35:34AM +0200, Martin Husemann wrote: > > It is in 8.1 but not in 8.0. > > Ok, I'll try out the pkg version which shows 20181215 (8 shows 20170201). > Hope I'll get the feature. You should update to 8.1 ;-) Martin
Re: bozohttpd .htpasswd basic auth being non recursive
On Sat, Jun 01, 2019 at 09:35:34AM +0200, Martin Husemann wrote: > It is in 8.1 but not in 8.0. Ok, I'll try out the pkg version which shows 20181215 (8 shows 20170201). Hope I'll get the feature. Mayuresh
Re: bozohttpd .htpasswd basic auth being non recursive
On Sat, Jun 01, 2019 at 08:33:42AM +0100, Mark Carroll wrote: > I'm running lighttpd on NetBSD, also hosting DokuWiki. Seems great so > far, Thanks for sharing first hand experience. My requirement is also like yours - simple hardware, not too many concurrent users (may be in single digit max). What sort of auth did you use? Mayuresh
Re: bozohttpd .htpasswd basic auth being non recursive
On Sat, Jun 01, 2019 at 01:04:00PM +0530, Mayuresh wrote: > In the man page there are .bzdirect, .bzredirect, .bzabsredirect > (added by you!). Didn't notice .bzremap. Is it something newer or > undocumented or just an alias to one of these? The version I am using is > of 8.0 base. It is in 8.1 but not in 8.0. Martin
Re: bozohttpd .htpasswd basic auth being non recursive
On Sat, Jun 01, 2019 at 08:53:56AM +0200, Martin Husemann wrote: > It does, but not for /cgi-bin/ ones. Thanks. It may solve the problem I am facing quite amicably. > I run a service that I implemented in a perl cgi script and that is .htpasswd > protected. The .pl file just lives in the same directory as the .htpasswd > file, and I am using a .bzremap file to map the externally visible url > to that /some/internal/dir/my-cgi.pl url. In the man page there are .bzdirect, .bzredirect, .bzabsredirect (added by you!). Didn't notice .bzremap. Is it something newer or undocumented or just an alias to one of these? The version I am using is of 8.0 base. Mayuresh
Re: bozohttpd .htpasswd basic auth being non recursive
On 01 Jun 2019, mayur...@acm.org wrote: > Any takers for lighttpd, it it light as its name suggests? Of course, > whether .htpasswd applies recursively or not is to be checked. I'm running lighttpd on NetBSD, also hosting DokuWiki. Seems great so far, also appears still actively developed. Configuring it as a newbie wasn't too bad, the configuration file feels as clean as OpenHTTPD's. My choice of server software was more gut feeling after reading around than it was a careful comparison though. The hardware it's running on isn't powerful but also it's not having to serve many users so if it's /not/ really very light I could easily have not noticed, sorry. -- Mark
Re: bozohttpd .htpasswd basic auth being non recursive
On Sat, Jun 01, 2019 at 07:12:29AM +, Christopher Pinon wrote: > > > apache? ;-) > > > You did notice the smiley, right? :-) Ah, I did miss! > Just wondering: did you take a glance at thttpd? (Given that you're keen > on minimalistic.) Sounds good from its description, but the bad news is, basic auth is not recursive. man page: "The protection does not carry over to subdirectories." Mayuresh
Re: bozohttpd .htpasswd basic auth being non recursive
Mayuresh wrote: > On Fri, May 31, 2019 at 07:52:25PM +, Christopher Pinon wrote: > > > I meant, if we can't solve this in bozohttpd, please suggest some other > > > httpd which is nearest match to its minimalistic approach. > > > > apache? ;-) > > Well... minimalistic? You did notice the smiley, right? :-) Just wondering: did you take a glance at thttpd? (Given that you're keen on minimalistic.) C.
Re: bozohttpd .htpasswd basic auth being non recursive
On Sat, Jun 01, 2019 at 12:09:34PM +0530, Mayuresh wrote: > On Sat, Jun 01, 2019 at 08:59:45AM +0530, Mayuresh wrote: > > I wish bozohttpd supported .htpasswd for cgi scripts! > > I just checked, that it doesn't. It does, but not for /cgi-bin/ ones. I run a service that I implemented in a perl cgi script and that is .htpasswd protected. The .pl file just lives in the same directory as the .htpasswd file, and I am using a .bzremap file to map the externally visible url to that /some/internal/dir/my-cgi.pl url. Martin
Re: bozohttpd .htpasswd basic auth being non recursive
On Sat, Jun 01, 2019 at 08:59:45AM +0530, Mayuresh wrote: I wish bozohttpd supported .htpasswd for cgi scripts! I just checked, that it doesn't. I could have wrapped static contents under a cgi script to meet the auth requirement for all contents with one .htpasswd file. Mayuresh
Re: bozohttpd .htpasswd basic auth being non recursive
> On May 31, 2019, at 10:01 PM, Mayuresh wrote: > > On Fri, May 31, 2019 at 07:52:25PM +, Christopher Pinon wrote: >>> I meant, if we can't solve this in bozohttpd, please suggest some other >>> httpd which is nearest match to its minimalistic approach. >> >> apache? ;-) > > Well... minimalistic? > > Any takers for lighttpd, it it light as its name suggests? Of course, > whether .htpasswd applies recursively or not is to be checked. > > Mayuresh Apache runs in well under 1MB and does all of this stuff and more. I wrote the original version of this if the default config freaks you out https://cwiki.apache.org/confluence/display/HTTPD/Minimal+Config Don’t use .htaccess
Re: bozohttpd .htpasswd basic auth being non recursive
On Fri, May 31, 2019 at 10:45:08PM -0400, Matt Sporleder wrote: >Apache runs in well under 1MB and does all of this stuff and more. >I wrote the original version of this if the default config freaks you out >https://cwiki.apache.org/confluence/display/HTTPD/Minimal+Config >Don’t use .htaccess I'd also prefer a minimal configuration. The benchmark is bozo has no conf file at all. Alternatives that have conf file, should have it at least very small. Wondering choosing 1 of the 2 ways: - Use .htpasswd (basic auth) with some other webserver (apatch/lighttpd/?) that allows recursive .htpasswd or other means to avoid password dialogue popping up on subdirectories. - Continue with lighttpd but drop .htpasswd auth. Use some lightweight framework (py-flask/others?). [Unfortunately that will bloat my htmls that are otherwise very simple.] Mayuresh
Re: bozohttpd .htpasswd basic auth being non recursive
On Fri, May 31, 2019 at 07:52:25PM +, Christopher Pinon wrote: > > I meant, if we can't solve this in bozohttpd, please suggest some other > > httpd which is nearest match to its minimalistic approach. > > apache? ;-) Well... minimalistic? Any takers for lighttpd, it it light as its name suggests? Of course, whether .htpasswd applies recursively or not is to be checked. Mayuresh
Re: bozohttpd .htpasswd basic auth being non recursive
Mayuresh wrote: > On Fri, May 31, 2019 at 11:18:40PM +0530, Mayuresh wrote: > > Has anyone come across this situation and how do you deal with it. I like > > bozohttpd's minimalistic approach and would switch away from it only as a > > last resort. > > I meant, if we can't solve this in bozohttpd, please suggest some other > httpd which is nearest match to its minimalistic approach. apache? ;-) I can't say for sure but perhaps http://pkgsrc.se/www/thttpd is an option. I don't see how to work around this issue in bozohttpd. C.
Re: bozohttpd .htpasswd basic auth being non recursive
On Fri, May 31, 2019 at 11:18:40PM +0530, Mayuresh wrote: > Has anyone come across this situation and how do you deal with it. I like > bozohttpd's minimalistic approach and would switch away from it only as a > last resort. I meant, if we can't solve this in bozohttpd, please suggest some other httpd which is nearest match to its minimalistic approach. Mayuresh
bozohttpd .htpasswd basic auth being non recursive
man httpd makes it clear that the .htpasswd authentication does not apply to subdirectories. .htpasswd exists in the directory of the current request, bozohttpd will restrict access to documents in that directory using the RFC 2617 HTTP “Basic” authentication scheme. Note: This does not recursively protect any sub-directories. Now, if one writes a script to replicate .htpasswd down the subdirs, that could have solved it. However now, most annoyingly, the browser would popup the password dialogue when you try to go to subdirectory. Has anyone come across this situation and how do you deal with it. I like bozohttpd's minimalistic approach and would switch away from it only as a last resort. Mayuresh
Re: bozohttpd mime types etting for markdown files
On Tue, May 28, 2019 at 12:02:04PM +0200, Andreas Krey wrote: > I wouldn't expect browsers to have markup processors. Ok. I was expecting that, but it's the servers that are doing the tricks. BTW I have used latex as a markup language to produce some simple websites, meant for documentation / information dissemination. I know htlatex has limitations, but for my purpose it's good enough. I thought md would be fit for that purpose as well, just with a simpler notation. But looks like I will need an md2html converter anyway. I might as well stick to latex in that case. Any other thoughts? Mayuresh
Re: bozohttpd mime types etting for markdown files
On Tue, 28 May 2019 14:28:26 +, Mayuresh wrote: ... > Clicking on a .md file in, for example, a git repository renders it > instead of asking to save. I assume that is not the rendering of just the plain file but also include navigation elemets around it? Like https://gitweb.torproject.org/tor.git/tree/doc/HACKING/Maintaining.md does? There the entire page is delivered as one html document. > Or may be my expectation is wrong and is a web server supposed to convert > it to html on the fly? That depends on your expectation of what the server does in turn. I wouldn't expect browsers to have markup processors. - Andreas -- "Totally trivial. Famous last words." From: Linus Torvalds Date: Fri, 22 Jan 2010 07:29:21 -0800
Re: bozohttpd mime types etting for markdown files
On Tue, May 28, 2019 at 02:28:26PM +0530, Mayuresh wrote: > Or may be my expectation is wrong and is a web server supposed to convert > it to html on the fly? Github renders it as html (AFAICT). You can check details in the debugger (F12), in network view. Martin
Re: bozohttpd mime types etting for markdown files
On Tue, May 28, 2019 at 01:27:56PM +0530, Mayuresh wrote: > On Tue, May 28, 2019 at 09:33:12AM +0200, Martin Husemann wrote: > > So your example should be correct, assuming you put the single quotes only > > in the mail and not on the command line (or into inetd.conf). This needs > > to be 5 args to the server. > > I am using /etc/rc.conf > > httpd_flags="-M md text/markdown - -" > > (and many trials there after -M as mentioned). > > I do not know how much role the browser is playing. Tried only firefox > till now. It just offers to save the file and says it's a markdown file. Sounds like it is working? Martin
Re: bozohttpd mime types etting for markdown files
On Tue, May 28, 2019 at 09:33:12AM +0200, Martin Husemann wrote: > So your example should be correct, assuming you put the single quotes only > in the mail and not on the command line (or into inetd.conf). This needs > to be 5 args to the server. I am using /etc/rc.conf httpd_flags="-M md text/markdown - -" (and many trials there after -M as mentioned). I do not know how much role the browser is playing. Tried only firefox till now. It just offers to save the file and says it's a markdown file. Mayuresh
Re: bozohttpd mime types etting for markdown files
On Tue, May 28, 2019 at 12:27:00PM +0530, Mayuresh wrote: > The man page says: > -M suffix type encoding encoding11 > Adds a new entry to the table that converts file suffixes to > content type and encoding. This option takes four additional > arguments containing the file prefix, its ?Content-Type?, > ?Content-Encoding?, and ?Content-Encoding? for HTTP/1.1 > connections, respectively. If any of these are a single dash > (?-?), the empty string is used instead. > > Tried '-M md text/markdown - -' and variations like .md instead of md, > utf-8 instead of - etc. > > What is a proper way to specify this? I didn't try markdown but I have: -M .js "script/javascript" - - (plus a few other -M options) and it seemed to work for me last I tested. So your example should be correct, assuming you put the single quotes only in the mail and not on the command line (or into inetd.conf). This needs to be 5 args to the server. Martin
bozohttpd mime types etting for markdown files
The man page says: -M suffix type encoding encoding11 Adds a new entry to the table that converts file suffixes to content type and encoding. This option takes four additional arguments containing the file prefix, its “Content-Type”, “Content-Encoding”, and “Content-Encoding” for HTTP/1.1 connections, respectively. If any of these are a single dash (“-”), the empty string is used instead. Tried '-M md text/markdown - -' and variations like .md instead of md, utf-8 instead of - etc. What is a proper way to specify this? Mayuresh
bozohttpd, ~user + cgi
On NetBSD 8.0_RC1 the man page of httpd says: -c cgibin Enables the CGI/1.1 interface. The cgibin directory is expected to contain the CGI programs to be used. bozohttpd looks for URL's in the form of /cgi-bin/ where is a valid CGI program in the cgibin directory. In other words, all CGI URL's must begin with /cgi-bin/. Note that the CGI/1.1 interface is available with ~user translation using -E switch. I am able to get cgi work without ~user, e.g. with -c /var/cgi But when I want to use ~user/cgi-bin URL, what should be the argument to "-c" above? (It is clear that -u and -E should be specified, I have those in my httpd_flags.) Can someone share example of command line options to enable ~user/cgi-bin? Mayuresh
Re: bozohttpd : how to enable TLS
Mayuresh writes: > The man page of bozohttpd in the base (NetBSD 8.0) says TLS 1.1 and 1.2 is > supported. > > But I couldn't find much documentation about how to enable it. > > Are there any tutorials on how to use TLS with bozohttpd? > > Mayuresh In my inetd.conf I invoke it like this: https httpd -Z /usr/pkg/etc/httpd/server.crt /usr/pkg/etc/httpd/server.key /var/www man httpd -Z certificate_path privatekey_path Sets the path to the server certificate file and the private key file in pem format. It also causes bozohttpd to start SSL mode. Use -z to set ciphers -- Brad Spencer - b...@anduin.eldar.org - KC8VKS - http://anduin.eldar.org
Re: bozohttpd : how to enable TLS
Mayuresh wrote: > The man page of bozohttpd in the base (NetBSD 8.0) says TLS 1.1 and 1.2 is > supported. > > But I couldn't find much documentation about how to enable it. Adding the "-Z" flag with its required arguments automatically enables TLS support: -Z certificate_path privatekey_path Sets the path to the server certificate file and the private key file in pem format. It also causes bozohttpd to start SSL mode. -Jan
bozohttpd : how to enable TLS
The man page of bozohttpd in the base (NetBSD 8.0) says TLS 1.1 and 1.2 is supported. But I couldn't find much documentation about how to enable it. Are there any tutorials on how to use TLS with bozohttpd? Mayuresh
bozohttpd(8) mentions '-r' option, but not in synopsis
I noticed that the bozohttpd(8) man page http://netbsd.gw.com/cgi-bin/man-cgi?bozohttpd++NetBSD-current references the '-r' option in the FILES section, but there is no '-r' option listed in the SYNOPSIS section. Looking at main.c http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/httpd/main.c?rev=1.22=text/x-cvsweb-markup_with_tag=MAIN I see a comment that says -r option was removed, do not reuse it for a while So, I think the reference in the man page should be removed. Lewis
Re: bozohttpd
On Thu, 1 Mar 2018, Jeremy C. Reed wrote: > The -s works when not using -b > > With -s and -b the debugging is lost. > > I see it uses daemon(3) > to redirect standard error to /dev/null -f -b -s combination works for me
Re: bozohttpd
The -s works when not using -b With -s and -b the debugging is lost. I see it uses daemon(3) to redirect standard error to /dev/null
Re: bozohttpd
On Wed, Feb 28, 2018 at 07:11:56PM +, m...@netbsd.org wrote: > On Wed, Feb 28, 2018 at 04:41:57PM +, Patrick Welche wrote: > > /usr/libexec/httpd -d -d -d -d -P /tmp/foo.pid -i 127.0.0.1 -b -s /var/www > > works for me. What do you see? quark$ uname -srp NetBSD 8.99.12 x86_64 quark# /usr/libexec/httpd -d -d -d -d -P /tmp/foo.pid -i 127.0.0.1 -b -s /var/www quark# ftp http://127.0.0.1/index.html Requesting http://127.0.0.1/index.html 100% |***|781.14 MiB/s00:00 ETA 78 bytes retrieved in 00:00 (482.09 KiB/s) quark# All the output there is from ftp - I don't see anything from httpd? (I was hoping that "EXPLOSIVE" would be quite a lot of debug output.) > easier to debug: > /usr/libexec/httpd -d -d -d -d -P /tmp/foo.pid -i 127.0.0.1 -b -f /var/www (I'm trying to debug the attached script, so not very interactive - the puzzle is that /usr/tests/net/net do something very similar and pass.) Cheers, Patrick web.sh Description: Bourne shell script
Re: bozohttpd
On Wed, Feb 28, 2018 at 04:41:57PM +, Patrick Welche wrote: > /usr/libexec/httpd -d -d -d -d -P /tmp/foo.pid -i 127.0.0.1 -b -s /var/www works for me. easier to debug: /usr/libexec/httpd -d -d -d -d -P /tmp/foo.pid -i 127.0.0.1 -b -f /var/www
bozohttpd
Running /usr/libexec/httpd -d -d -d -d -P /tmp/foo.pid -i 127.0.0.1 -b -s /var/www and fetching index.html, I see no output whatsoever. Where is it going? -s Forces logging to be set to stderr always. Cheers, Patrick
re: bozohttpd minor fixes to man page
Swift Griggs writes: > > I like NetBSD's httpd. I noticed a couple of minor inconsistencies in the > bozohttpd(8) manual page. Where should I report these? thanks. directly to me is fine, and is send-pr from netbsd or from the send-pr form on gnats.netbsd.org. > * The -v option appears twice in the options summary. It's shown as both a > flag and a switch that takes options. They can't be both right. this got fixed late last year by shm@. > * The -V option is documented in the manual page, but does not appear in > the options summary block at the top of the manual page. It's also > unclear if "slashdir" is an option for -V or if the text refers to the > "slashdir" given as the document root. OK, i've cleared this one some. > * -V is also not documented in the usage when you get help directly from > the binary (ie.. just run /usr/libexec/httpd to see what I mean). i also fixed this. thanks! .mrg.
bozohttpd minor fixes to man page
I like NetBSD's httpd. I noticed a couple of minor inconsistencies in the bozohttpd(8) manual page. Where should I report these? * The -v option appears twice in the options summary. It's shown as both a flag and a switch that takes options. They can't be both right. * The -V option is documented in the manual page, but does not appear in the options summary block at the top of the manual page. It's also unclear if "slashdir" is an option for -V or if the text refers to the "slashdir" given as the document root. * -V is also not documented in the usage when you get help directly from the binary (ie.. just run /usr/libexec/httpd to see what I mean). -Swift
Re: bozohttpd support for SNI
On Fri, Sep 30, 2016 at 04:45:10PM -0400, matthew sporleder wrote: > > bozo is growing features pretty quickly as netbsd keeps trying to use it to > do actual stuff(tm). :) I'd prefer to see a lot of the complex functionality in bozo split out into helper programs. This feature, in particular, along with the rest of bozo's SSL handling, could go in something like pound -- except that pound is GPL. The helper could communicate with bozo on an AF_UNIX socket. Experience from a past life tells me such a program would take about two days to write, would leave me owing dyoung about six dinners for debugging, and would be about 1500 lines long. -- Thor Lancelot Simont...@panix.com "The dirtiest word in art is the C-word. I can't even say 'craft' without feeling dirty."-Chuck Close
Re: bozohttpd support for SNI
On Fri, Sep 30, 2016 at 4:43 PM, Alistair Crooks <a...@pkgsrc.org> wrote: > Personally, I'd love to have support for SNI (and multiple -Z paths > per site too) - I'd use it daily. > > In fact, I was just bemoaning that fact yesterday, but am not > best-placed to do anything about it right now (yes, I suck :() > > Best, > Alistair > > On 30 September 2016 at 13:37, J. Lewis Muir <jlm...@imca-cat.org> wrote: > > Hello! > > > > Does bozohttpd in NetBSD (7 or current) support SNI (Server Name > > Identification) such that multiple SSL sites can be served from one > > HTTPS server? If not, what is NetBSD's position on the feature: is it > > "we're open to accepting a quality patch," or is it more "we'd rather > > not add the feature; it's better to just use separate server instances > > on separate IP addresses; we're trying to keep with bozohttpd's main > > feature as stated on its website which is 'the lack of features, > > reducing the code size and improving verifiability'"? > > > > Thanks! > > > > Lewis > > > bozo is growing features pretty quickly as netbsd keeps trying to use it to do actual stuff(tm). :)
Re: bozohttpd support for SNI
Personally, I'd love to have support for SNI (and multiple -Z paths per site too) - I'd use it daily. In fact, I was just bemoaning that fact yesterday, but am not best-placed to do anything about it right now (yes, I suck :() Best, Alistair On 30 September 2016 at 13:37, J. Lewis Muir <jlm...@imca-cat.org> wrote: > Hello! > > Does bozohttpd in NetBSD (7 or current) support SNI (Server Name > Identification) such that multiple SSL sites can be served from one > HTTPS server? If not, what is NetBSD's position on the feature: is it > "we're open to accepting a quality patch," or is it more "we'd rather > not add the feature; it's better to just use separate server instances > on separate IP addresses; we're trying to keep with bozohttpd's main > feature as stated on its website which is 'the lack of features, > reducing the code size and improving verifiability'"? > > Thanks! > > Lewis >
bozohttpd support for SNI
Hello! Does bozohttpd in NetBSD (7 or current) support SNI (Server Name Identification) such that multiple SSL sites can be served from one HTTPS server? If not, what is NetBSD's position on the feature: is it "we're open to accepting a quality patch," or is it more "we'd rather not add the feature; it's better to just use separate server instances on separate IP addresses; we're trying to keep with bozohttpd's main feature as stated on its website which is 'the lack of features, reducing the code size and improving verifiability'"? Thanks! Lewis
Re: bozohttpd and lua, getting input from user
On Wed, Jun 15, 2016 at 06:26:28PM +1000, Travis Paul wrote: > > > On Jun 15, 2016, at 5:03 PM, co...@sdf.org wrote: > > > > Trying to get GET/POST info. > > > > I feel like I've tried all the examples I could find, and they all fail > > with an error like: > > failed to execute script /var/www/hello.lua: /var/www/hello.lua:70:attempt > > to index a nil value (global 'httpd') > > > > Where that is httpd.register_handler(...) > > > > What would be a valid way to get any input from a user using bozo? > > > > Thanks. > > > > > Have you tried the example here: src/libexec/httpd/printenv.lua > > Last time I tried, that example worked. I’m traveling and not near a NetBSD > box at the moment :( > > If that fails can you share the command line args you are using with httpd? > > Best, > Travis P Seems good now that I am following it word to word. I'm not sure what I was doing wrong before. Thanks!
Re: bozohttpd and lua, getting input from user
> On Jun 15, 2016, at 5:03 PM, co...@sdf.org wrote: > > Trying to get GET/POST info. > > I feel like I've tried all the examples I could find, and they all fail > with an error like: > failed to execute script /var/www/hello.lua: /var/www/hello.lua:70:attempt to > index a nil value (global 'httpd') > > Where that is httpd.register_handler(...) > > What would be a valid way to get any input from a user using bozo? > > Thanks. > Have you tried the example here: src/libexec/httpd/printenv.lua Last time I tried, that example worked. I’m traveling and not near a NetBSD box at the moment :( If that fails can you share the command line args you are using with httpd? Best, Travis P
bozohttpd and lua, getting input from user
Trying to get GET/POST info. I feel like I've tried all the examples I could find, and they all fail with an error like: failed to execute script /var/www/hello.lua: /var/www/hello.lua:70:attempt to index a nil value (global 'httpd') Where that is httpd.register_handler(...) What would be a valid way to get any input from a user using bozo? Thanks.
Re: segfault in bozohttpd
> On Nov 3, 2015, at 4:19 PM, Jan Danielsson <jan.m.daniels...@gmail.com> wrote: > > Hello, > > Environment: Running netbsd-7, but using bozohttp from -current > > I built bozohttpd and started it using my regular script, but it > segfaulted immediately. The corefile said: > > [---] > Reading symbols from /home/jan/checkout/fsys/bozohttpd/bozohttpd...(no > debugging symbols found)...done. > [New process 1] > Core was generated by `bozohttpd'. > Program terminated with signal SIGSEGV, Segmentation fault. > #0 0x0040ab33 in bozo_add_lua_map () > (gdb) bt > #0 0x0040ab33 in bozo_add_lua_map () > #1 0x0040b94f in main () > > I rebuilt it with -g and the segfault didn't occur. I then cleaned > up again and rebuilt without -g again, and this time it didn't segfault. > > Non-deterministic segfaults.. :/ > > -- > Kind Regards, > Jan I saw seeing similar and marked it down to a bad build env from old builds hanging around.
segfault in bozohttpd
Hello, Environment: Running netbsd-7, but using bozohttp from -current I built bozohttpd and started it using my regular script, but it segfaulted immediately. The corefile said: [---] Reading symbols from /home/jan/checkout/fsys/bozohttpd/bozohttpd...(no debugging symbols found)...done. [New process 1] Core was generated by `bozohttpd'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x0040ab33 in bozo_add_lua_map () (gdb) bt #0 0x0040ab33 in bozo_add_lua_map () #1 0x0040b94f in main () I rebuilt it with -g and the segfault didn't occur. I then cleaned up again and rebuilt without -g again, and this time it didn't segfault. Non-deterministic segfaults.. :/ -- Kind Regards, Jan