[moving to tech@, there's a diff for the manpage below]

On 2023/08/13 01:04:11 -0700, Alfred Morgan <alf...@54.org> wrote:
> I was surprised that `server "default"` didn't act like I expected. In this
> example I expected `test1` to get 200 and everything else to get 404 but
> this is not the case. In this example server "test1" actually catches all:
> localhost, test1, and test2 will get code 200.
> /etc/hosts:
>  localhost  test1  test2
> /tmp/httpd.conf:
> server "test1" {
>   listen on localhost port 8080
>   block return 200
> }
> server "default" {
>   listen on localhost port 8080
>   block return 404
> }
> httpd -df /tmp/httpd.conf &

as you've found out, there's no special meaning behind the "default"
server name.  It just means you're defining a virtua host called

let's go through your tests.
> ftp -o - http://localhost:8080/ #200

no `server' block match "localhost", so httpd uses the first server.

(this is actually undocumented AFAICS)

> ftp -o - http://test1:8080/ #200

this matches your first server.

> ftp -o - http://test2:8080/ #200

This also doesn't match any server block, so httpd uses the first one.

> man httpd.conf says:
> "Match the server name using shell globbing rules. This can be an explicit
> name, www.example.com, or a name including wildcards, *.example.com."
> There is no mention as to what `server "default"` does even though it is
> used several times in the man page. I find the behaviour to be odd
> for it not to be documented. It isn't until I change the line to `server
> "*"` when it starts doing what I expected:
> ftp -o- http://localhost:8080/ #404
> ftp -o- http://test1:8080/ #200
> ftp -o- http://test2:8080/ #404
> This is a gotcha in general. I would think the examples should use server
> "*" instead and document what server "default" actually does.

I agree that's a gotcha and it's easy to misunderstand from the
manpage.  I'd prefer to use "example.com" as is done on many other
manpages and sample configurations.  Diff below.

While here, add a note that if there's no match the first one is used.
IMHO it's not a great choice, I would have preferred if it returned a
4XX error instead (not found or a generic bad request maybe).

> and while we are here. Why does running httpd as a user say:
> httpd: need root privileges
> does it...?

If it say so... :)

httpd needs to chroot and run as 'www' user so needs to be started as
root.  It also may need to read private keys which are also owned by

diff /usr/src
commit - a7b17fe845fceeb2940fa5924ec5843681aa2c64
path + /usr/src
blob - 16b086a9ee00cd6d8e796a890e9774968556f147
file + usr.sbin/httpd/httpd.conf.5
--- usr.sbin/httpd/httpd.conf.5
+++ usr.sbin/httpd/httpd.conf.5
@@ -98,7 +98,7 @@ server "default" {
 For example:
 .Bd -literal -offset indent
-server "default" {
+server "example.com" {
        listen on $ext_ip port 80
@@ -179,7 +179,8 @@ section starts with a declaration of the server
 .Ic server
 section starts with a declaration of the server
-.Ar name :
+.Ar name .
+If no one matches the request the first one defined is used.
 .Bl -tag -width Ds
 .It Ic server Ar name Brq ...
 Match the server name using shell globbing rules.
@@ -779,7 +780,7 @@ server "default" {
 .Bd -literal -offset indent
 prefork 2
-server "default" {
+server "example.com" {
        listen on * port 80
@@ -800,7 +801,7 @@ server "default" {
 .Qq egress
 .Bd -literal -offset indent
-server "default" {
+server "example.com" {
        listen on egress port 80

Reply via email to