[moving to tech@, there's a diff for the manpage below]
On 2023/08/13 01:04:11 -0700, Alfred Morgan <alf...@54.org> wrote:
> I was surprised that `server "default"` didn't act like I expected. In this
> example I expected `test1` to get 200 and everything else to get 404 but
> this is not the case. In this example server "test1" actually catches all:
> localhost, test1, and test2 will get code 200.
>
> /etc/hosts:
> 127.0.0.1 localhost test1 test2
>
> /tmp/httpd.conf:
> server "test1" {
> listen on localhost port 8080
> block return 200
> }
>
> server "default" {
> listen on localhost port 8080
> block return 404
> }
>
> httpd -df /tmp/httpd.conf &
as you've found out, there's no special meaning behind the "default"
server name. It just means you're defining a virtua host called
"default".
let's go through your tests.
> ftp -o - http://localhost:8080/ #200
no `server' block match "localhost", so httpd uses the first server.
(this is actually undocumented AFAICS)
> ftp -o - http://test1:8080/ #200
this matches your first server.
> ftp -o - http://test2:8080/ #200
This also doesn't match any server block, so httpd uses the first one.
> man httpd.conf says:
> "Match the server name using shell globbing rules. This can be an explicit
> name, www.example.com, or a name including wildcards, *.example.com."
>
> There is no mention as to what `server "default"` does even though it is
> used several times in the man page. I find the behaviour to be odd
> for it not to be documented. It isn't until I change the line to `server
> "*"` when it starts doing what I expected:
>
> ftp -o- http://localhost:8080/ #404
> ftp -o- http://test1:8080/ #200
> ftp -o- http://test2:8080/ #404
>
> This is a gotcha in general. I would think the examples should use server
> "*" instead and document what server "default" actually does.
I agree that's a gotcha and it's easy to misunderstand from the
manpage. I'd prefer to use "example.com" as is done on many other
manpages and sample configurations. Diff below.
While here, add a note that if there's no match the first one is used.
IMHO it's not a great choice, I would have preferred if it returned a
4XX error instead (not found or a generic bad request maybe).
> and while we are here. Why does running httpd as a user say:
> httpd: need root privileges
>
> does it...?
If it say so... :)
httpd needs to chroot and run as 'www' user so needs to be started as
root. It also may need to read private keys which are also owned by
root.
diff /usr/src
commit - a7b17fe845fceeb2940fa5924ec5843681aa2c64
path + /usr/src
blob - 16b086a9ee00cd6d8e796a890e9774968556f147
file + usr.sbin/httpd/httpd.conf.5
--- usr.sbin/httpd/httpd.conf.5
+++ usr.sbin/httpd/httpd.conf.5
@@ -98,7 +98,7 @@ server "default" {
For example:
.Bd -literal -offset indent
ext_ip="10.0.0.1"
-server "default" {
+server "example.com" {
listen on $ext_ip port 80
}
.Ed
@@ -179,7 +179,8 @@ section starts with a declaration of the server
Each
.Ic server
section starts with a declaration of the server
-.Ar name :
+.Ar name .
+If no one matches the request the first one defined is used.
.Bl -tag -width Ds
.It Ic server Ar name Brq ...
Match the server name using shell globbing rules.
@@ -779,7 +780,7 @@ server "default" {
.Bd -literal -offset indent
prefork 2
-server "default" {
+server "example.com" {
listen on * port 80
}
@@ -800,7 +801,7 @@ server "default" {
.Qq egress
group.
.Bd -literal -offset indent
-server "default" {
+server "example.com" {
listen on egress port 80
}
.Ed
