|-d||Enable debug mode. More informations about ongoing processes are written to the syslog(3) LOG_DAEMON facility. Be careful, the logs will grow very quickly in debug mode.|
|-h||Prints short listing of nhttpd options.|
|-r||nhttpd will chroot(2) to serverroot. If you use this option, you have to change docroot, virtual hosts, and aliases in configfile to paths within your serverroot.|
|-4||Enable IPv4 and IPv6.|
|-6||Enable IPv6 only.|
|Uses configfile as configuration file. If this option is not set, nostromo/conf/nhttpd.conf will be used by default.|
For security reasons it is recommended to run nhttpd under an extra user. To do that create a new user on your system which has a valid entry in the /etc/passwd file. Then set the user option in your configfile to that user. It is necessary to start nhttpd as root, so it can switch to that user afterwards. If the user option is not set, nhttpd will run under the user who started it, except root!
Be sure that the permissions on your docroot are set correct, as nhttpd needs write permissions at least on the logs directory.
To ask for basic authentication on certain directories within your docroot you have to create a file in that directory named like set by the htaccess option in your configfile. The htaccess file should contain one line including the realm option like in this example:realm Unix Developers Realm
If the realm option can not be parsed from the htaccess file, it will be set to a default value saying unknown realm.
The list of authorized users and their passwords (DES encrypted) are stored in the file set by the htpasswd option in configfile. To create a new user entry in this file, use the crypt tool.
On BSD systems it is also possible to use the BSD authentication framework. To do that, set the +bsdauth keyword in the htpasswd option instead of a filename. You are then able to authenticate via your operating system users. Be aware that +bsdauth requires a SSL connection to work, because you normally dont want to send your operating system password unencrypted over the network. If this condition is not met, the caller receives a 403 Forbidden response directly. You can allow none SSL connections to do BSD authentication by setting the +bsdauthnossl option. Be sure that you really want that!
Note: BSD authentication works just on OpenBSD for now.
All subdirectories below the htaccess file are protected automatically. The client will be prompted for basic authentication if accessing such a protected directory.
nhttpd uses the OpenSSL library, so be sure you have it installed on your system if you want to use SSL. To activate SSL uncomment sslport which is the port where we will listen for SSL connections, sslcert which is the certificate file, and sslcertkey which is the certificate key file. If the certificate and the key are correct nhttpd will startup with a log entry for SSL activation in the log, otherwise it will complain and the startup is aborted. After a successful startup we are able to handle secure HTTPS connections.
If an error response occurs the server will normally send a default answer saying for example 404 Not Found. Instead of this default response, you can define your personal responses, using the custom response options in the configfile. There you define an html file which will be displayed instead of the default response.
The custom response html file will be searched in every defined docroot, what means in your default docroot and every virtual host. So you can define different custom responses for each virtual host. If a custom response is defined but the corresponding html file is not found, the default response will be send. Supported custom responses are:
401 Unauthorized 403 Forbidden 404 Not Found
With aliases you can create a fake path which will point to a real path. For example, to let all links starting with /icons point to another path, just add the following line in your configfile:/icons nostromo/icons
To serve virtual hosts, just add a line for each virtual host in configfile with the domain name as option and port if not 80, and the docroot of that virtual host, as in this example:www.rahel.ch nostromo/htdocs/www.rahel.ch www.nazgul.ch:81 nostromo/htdocs/www.nazgul.ch
For each virtual host a separate access_log is written automatically with the following syntax as example:
To serve the home directories of your users via HTTP, enable the homedirs option by defining the path in where the home directories are stored, normally /home. To access a users home directory enter a ~ in the URL followed by the home directory name like in this example:
The content of the home directory is handled exactly the same way as a directory in your document root. If some users dont want that their home directory can be accessed via HTTP, they shall remove the world readable flag on their home directory and a caller will receive a 403 Forbidden response. Also, if basic authentication is enabled, a user can create an .htaccess file in his home directory and a caller will need to authenticate.
You can restrict the access within the home directories to a single sub directory by defining it via the homedirs_public option.
nostromo/conf/nhttpd.conf server configuration nostromo/conf/mimes mime types nostromo/logs/nhttpd.pid pid file nostromo/logs/access_log http log /usr/local/sbin/crypt create user with DES password /usr/local/sbin/nhttpd http daemon
First version of nhttpd appeared in 2004.
Thanks to Marc Balmer, Daniel Hartmeier, Boris Meyer, and Wouter Schoot for their support.
Marcus Glocker <email@example.com>