notes.html

嵌入式http源代码的文档资料

<HTML>
<HEAD><TITLE>thttpd notes</TITLE></HEAD>
<BODY BGCOLOR="#99cc99">

<!--AD_START-->
<DIV ALIGN="center"><CENTER>
<A HREF="tppmsgs/msgs0.htm#1" tppabs="http://www.acme.com/resources/ads/acme.cgi"><IMG WIDTH=470 HEIGHT=88 SRC="acme1.gif" tppabs="http://www.acme.com/resources/ads/acme1.gif" BORDER=0></A>
</CENTER></DIV>
<HR>
<CENTER><DIV ALIGN="center">
<FONT SIZE="+2"><B><A HREF="tppmsgs/msgs0.htm#2" tppabs="http://www.acme.com/donate/">Donate $5 to help support ACME Labs</A></B></FONT>
</DIV></CENTER>
<HR>
<!--AD_END-->

<IMG ALIGN=RIGHT WIDTH=111 HEIGHT=64 SRC="anvil_thttpd.gif" tppabs="http://www.acme.com/software/thttpd/anvil_thttpd.gif">
<H3>thttpd notes</H3>

<P>
Topics:

<UL>
<LI><A HREF="#samples">sample installations</A>
<LI><A HREF="#chroot">setting up a chroot jail</A>
<LI><A HREF="#throttle">throttling</A>
<LI><A HREF="#select">select</A>
<LI><A HREF="#listen">listen queue length</A>
<LI><A HREF="#aliasing">IP aliasing</A>
<LI><A HREF="#developers">HTTP developers</A>
<LI><A HREF="#syslog">syslog</A>
</UL>

<HR>

<H3><A NAME="samples">Sample installations:</A></H3>

<P>
To help you set up your own thttpd site, let's look in detail at two
sample setups.
We'll use FreeBSD, since that's the best OS for serious web serving.
The first sample will be for a plain old single-domain site.
Most of these steps require you to be root.

<UL>

<LI> Install. <BR>
First, do the usual unpack, <CODE>./configure</CODE>, <CODE>make</CODE>,
and <CODE>make install</CODE>.
No need to make any changes in config.h, it comes with reasonable settings.
The executable will be installed as <CODE>/usr/local/sbin/thttpd</CODE>.

<P>
<LI> Startup script. <BR>
FreeBSD wants /usr/local daemons to get started by a shell script in
<CODE>/usr/local/etc/rc.d</CODE> - here's all you need for this:

<BLOCKQUOTE><CODE><PRE>
#!/bin/sh

if [ -x /usr/local/sbin/thttpd_wrapper ] ; then
    echo -n " thttpd"
    /usr/local/sbin/thttpd_wrapper &
fi
</PRE></CODE></BLOCKQUOTE>

Put this into a file called <CODE>thttpd.sh</CODE> in /usr/local/etc/rc.d,
and make sure it's executable.

<P>
<LI> Wrapper script. <BR>
You may have noticed that the startup script didn't call thttpd itself,
rather it runs a wrapper script.
This script is very simple - all it does is run thttpd, and if thttpd
ever exits then the script waits ten seconds and then starts it again.

<BLOCKQUOTE><CODE><PRE>
#!/bin/sh

while true ; do
    /usr/local/sbin/thttpd -D -C /usr/local/www/thttpd_config
    sleep 10
done
</PRE></CODE></BLOCKQUOTE>

The -D flag tells thttpd to <B>not</B> put itself into the background,
and the -C flag tells it to get the rest of its configuration from
the specified config file.
Again, make sure the script is executable.

<P>
<LI> Config file. <BR>
I like to put config stuff in a file like this, instead of doing it
as command-line flags in the wrapper script, so that making configuration
changes doesn't require editing an executable.
So, create the directory <CODE>/usr/local/www</CODE> if necessary
and then put this into <CODE>/usr/local/www/thttpd_config</CODE>:

<BLOCKQUOTE><CODE><PRE>
dir=/usr/local/www/data
chroot
cgipat=**.cgi
logfile=/usr/local/www/logs/thttpd_log
pidfile=/var/run/thttpd.pid
</PRE></CODE></BLOCKQUOTE>

Note that while this allows anyone to make CGI programs, it also puts
everything into a chroot tree.
Unless you make special provisions, the only CGIs that will run inside
chroot tree are compiled and statically-linked executables.
This is a very secure setup, but admittedly somewhat inconvenient for
those writing the CGIs.

<P>
<LI> Data directory. <BR>
The config file specifies that the data directory is
<CODE>/usr/local/www/data</CODE>; this is what Apache calls the DocumentRoot.
So, create this directory and put your HTML files there.
If you want to allow local users to put up there own web stuff,
create subdirectories for them and chown/chmod them accordingly.

<P>
<LI> Log files. <BR>
Create the directory <CODE>/usr/local/www/logs</CODE> to hold your log files.
You will want to rotate your logs, so they don't get overly large.
Here's a rotate script that keeps the last seven days worth:

<BLOCKQUOTE><CODE><PRE>
#!/bin/sh

cd /usr/local/www/logs
rm -f thttpd_log.7
mv thttpd_log.6 thttpd_log.7
mv thttpd_log.5 thttpd_log.6
mv thttpd_log.4 thttpd_log.5
mv thttpd_log.3 thttpd_log.4
mv thttpd_log.2 thttpd_log.3
mv thttpd_log.1 thttpd_log.2
mv thttpd_log thttpd_log.1
kill -USR1 `cat /var/run/thttpd.pid`
</PRE></CODE></BLOCKQUOTE>

The last line tells thttpd to exit cleanly, and then the wrapper
will restart it and it'll start writing a fresh log file.
Save that script as <CODE>/etc/periodic/daily/500.thttpd-rotate</CODE>
to have it run every night, and once again make sure it's executable.

</UL>

<P>
And that's it.
Reboot and you should be up and running.

<P>
Now, what if you want to serve multiple domains?
With HTTP/1.1 you can do "name based" virtual domains, which are
very easy to set up.
As of version 2.05 thttpd supports them.

<UL>

<P>
<LI> DNS. <BR>
Name-based virtual hosts are set up via the domain name system.
You make a CNAME record (which is basically an alias) for each
virtual host pointing at the real host.
A full explanation of DNS and BIND is way beyond the scope of this
document, but if you just tell your local DNS person that you want
to make some CNAMEs, they'll know what to do.

<P>
<LI> Config file. <BR>
All you have to do here is add the "<CODE>vhost</CODE>" option to your
thttpd_config file.

<P>
<LI> Data directory. <BR>
The data dir for a vhost system is different.
The top level directory should not contain any HTML stuff.
Instead all it contains is subdirectories, one per virtual host.
The directory's name is just the virtual hostname, or an IP number
The HTML for each host goes in its subdirectory.
The vhost directory for my own secondary web server looks like this:

<BLOCKQUOTE><CODE><PRE>
lrwxr-xr-x   1 root  www   13 Nov 15 11:32 192.100.66.6@ -> gate.acme.com
lrwxr-xr-x   1 root  www   13 Nov 15 11:32 63.197.234.19@ -> gate.acme.com
drwxrwxr-x   3 root  www  512 Nov 15 12:15 gate.acme.com/
drwxrwxr-x   2 root  www  512 Nov 15 12:04 www.axilla.com/
drwxrwxr-x   2 root  www  512 Nov 15 12:16 www.cloaca.com/
drwxrwxr-x   2 root  www  512 Nov 15 12:04 www.foetid.com/
drwxrwxr-x   2 root  www  512 Nov 15 12:04 www.lirpa.com/
drwxrwxr-x   2 root  www  512 Nov 15 12:04 www.maxnix.com/
drwxrwxr-x   2 root  www  512 Nov 15 12:04 www.phoon.com/
drwxrwxr-x   2 root  www  512 Nov 15 12:04 www.setuid.com/
drwxrwxr-x   2 root  www  512 Nov 15 12:04 www.tranya.com/
</PRE></CODE></BLOCKQUOTE>

The server's "real" name is gate.acme.com, and I added symbolic links
for its two IP numbers.
In addition there are directories for all the virtual hosts I'm serving.

</UL>

That ought to do it for name-based vhosting.

<HR>

<H3><A NAME="chroot">Setting up a chroot jail:</A></H3>

<P>
As mentioned in the sample installations acticle, running your web server
in a chroot tree is very secure but inconvenient if you're using CGI.
The only CGI programs you can run in such a setup are compiled
statically-linked executables.
If you want to write CGIs in, say, shell script, you will need a
more complicated setup.

<P>
The basic idea of a chroot tree is you're reproducing a limited
copy of the system-wide file tree.
It includes only the files you need, nothing else.
When the web server issues the chroot() system call, this sub-tree
becomes the filesystem as far as that one process is concerned.
It can't break out and get to the larger filesystem.
Any child processes it spawns can't break out either.
Obviously this adds a big layer of security.
However, without access to things like shared libraries and
interpreters, most programs can't run.
So, to make a chroot tree in which you can run these programs,
you have to put in some extra files.

<P>
Below is an "ls -lR" of the files needed for a FreeBSD-based chroot tree
that allows shell script CGIs.
This should be considered a starting point for your own chroot tree.
If you're using another operating system, for instance Solaris, your
tree will likely be very different.
If you want to make one that allows perl, you'll have to add in all
the perl files - the perl interpreter, libraries, perl files, include
files, all sorts of stuff.

<BLOCKQUOTE><CODE><PRE>
total 15
drwxr-xr-x  2 root  wheel  512 Nov 21 17:22 bin/
drwxr-xr-x  2 root  wheel  512 Nov 21 18:17 dev/
drwxr-xr-x  2 root  wheel  512 Nov 21 18:13 etc/
drwxrwxrwt  2 root  wheel  512 Nov 21 17:11 tmp/
drwxr-xr-x  7 root  wheel  512 Nov 21 18:06 usr/

./bin:
total 1309
-r-xr-xr-x  2 root  wheel   46600 May 17  1999 [*
-r-xr-xr-x  1 root  wheel   55392 May 17  1999 cat*
-r-xr-xr-x  1 root  wheel   58280 May 17  1999 chmod*
-r-xr-xr-x  1 root  wheel   61184 May 17  1999 cp*
-r-xr-xr-x  1 root  wheel  145784 May 17  1999 date*
-r-xr-xr-x  1 root  wheel   41620 May 17  1999 echo*
-r-xr-xr-x  1 root  wheel   84728 May 17  1999 expr*
-r-xr-xr-x  1 root  wheel  155976 May 17  1999 mv*
-r-xr-xr-x  1 root  wheel  158792 May 17  1999 rm*
-r-xr-xr-x  1 root  wheel  321760 May 17  1999 sh*
-r-xr-xr-x  1 root  wheel   42732 May 17  1999 sleep*
-r-xr-xr-x  2 root  wheel   46600 May 17  1999 test*

./dev:
total 0
crw-rw-rw-  1 root  wheel    2,   2 Nov 21 17:12 null
crw-rw-rw-  1 root  wheel   22,   2 Nov 21 18:17 stderr
crw-rw-rw-  1 root  wheel   22,   0 Nov 21 18:17 stdin
crw-rw-rw-  1 root  wheel   22,   1 Nov 21 18:17 stdout

./etc:
total 2
-r--r--r--  1 root  wheel  1000 Jul 21 15:50 localtime
-rw-r--r--  1 root  wheel    38 Nov 12 18:42 resolv.conf

./usr:
total 5
drwxr-xr-x  2 root  wheel  512 Nov 21 18:21 bin/
drwxr-xr-x  2 root  wheel  512 Nov 21 18:53 lib/
drwxr-xr-x  2 root  wheel  512 Nov 21 18:06 libexec/
drwxrwxrwt  2 root  wheel  512 Nov 21 17:11 tmp/

./usr/bin:
total 747
-r-xr-xr-x  1 root  wheel  119540 May 17  1999 awk*
-r-xr-xr-x  3 root  wheel   38572 May 17  1999 egrep*
-r-xr-xr-x  3 root  wheel   38572 May 17  1999 fgrep*
-r-xr-xr-x  3 root  wheel   38572 May 17  1999 grep*
-r-xr-xr-x  3 root  wheel   99448 May 17  1999 gunzip*
-r-xr-xr-x  3 root  wheel   99448 May 17  1999 gzcat*
-r-xr-xr-x  3 root  wheel   99448 May 17  1999 gzip*
-r-xr-xr-x  1 root  wheel    4540 May 17  1999 head*
-r-xr-xr-x  1 root  wheel    3356 May 17  1999 nice*
-r-xr-xr-x  1 root  wheel   19300 May 17  1999 sed*
-r-xr-xr-x  1 root  wheel   23940 May 17  1999 sort*
-r-xr-xr-x  1 root  wheel    9976 May 17  1999 tail*
-r-xr-xr-x  1 root  wheel    6388 May 17  1999 touch*
-r-xr-xr-x  1 root  wheel    8636 May 17  1999 tr*
-r-xr-xr-x  1 root  wheel    2356 May 17  1999 true*
-r-xr-xr-x  1 root  wheel    5064 May 17  1999 uniq*
-r-xr-xr-x  1 root  wheel    4384 May 17  1999 wc*

./usr/lib:
total 2507
-r--r--r--  1 root  wheel  1043748 Nov 21 18:52 libc.a
lrwxrwxrwx  1 root  wheel        9 Nov 21 18:53 libc.so@ -> libc.so.3
-r--r--r--  1 root  wheel   514015 May 17  1999 libc.so.3
-r--r--r--  1 root  wheel    27066 May 17  1999 libgnuregex.a
lrwxrwxrwx  1 root  wheel       16 Nov 21 18:53 libgnuregex.so@ -> libgnuregex.so.2
-r--r--r--  1 root  wheel    27154 May 17  1999 libgnuregex.so.2
-r--r--r--  1 root  wheel   262966 May 17  1999 libm.a
lrwxrwxrwx  1 root  wheel        9 Nov 21 18:53 libm.so@ -> libm.so.2
-r--r--r--  1 root  wheel   115780 May 17  1999 libm.so.2
-r--r--r--  1 root  wheel    57612 May 17  1999 libz.a
lrwxrwxrwx  1 root  wheel        9 Nov 21 18:53 libz.so@ -> libz.so.2
-r--r--r--  1 root  wheel    51010 May 17  1999 libz.so.2

./usr/libexec:
total 139
-r-xr-xr-x  1 root  wheel  63652 May 17  1999 ld-elf.so.1*
-r-xr-xr-x  1 root  wheel  77824 May 18  1999 ld.so*
</PRE></CODE></BLOCKQUOTE>