httpstorm is a secure and highly efficient web server for static content
☂︎ Low latency audio and video streaming platforms
☂︎ Efficient content dellivery in datacenterss
☂︎ Faster than the competition: NGINX, Apache, IIS
☂︎ Cross-platform: Linux, OpenWRT, Docker, BSD, Windows, macOS, iOS
☂︎ Cross-architecture: Intel, ARM, MIPS
☂︎ Secure and reliable with A+ score on
SSLlabs
☂︎ Optimized content delivery
☂︎ Easy to install and configure
☂︎ Directory listing with built-in image viewer and audio/video playback
The service commands start with -d
followed by one or more of the commands listed
in the table below. By default the default service named httpstorm
is addressed.
To address a service called service-name
, insert :service-name:
between -d
and the actual commands. As a shorthand for httpstorm.443
, :+.443:
can be used.
Service control | Description | Service control | Description |
---|---|---|---|
s | Start | P | Pause |
q | Stop | C | Continue |
r | Restart | H | Help ? |
i | Install | e | Enable |
u | Uninstall | d | Disable |
c | Reload configuration | l | Daemon-reload |
Service control | Description |
---|---|
-di | Install service with default name httpstorm |
-d:+.8080:i | Install service httpstorm.8080 |
-dir -uninstall | Commands are executed in the order they appear |
-d:httpstorm:i | Install service httpstorm |
-d:httpstorm | Run as service httpstorm |
-d:httpstorm:: | Run in foreground using httpstorm.ini |
# Install and start the default service instance: httpstorm - di# Install a service named `httpstorm.443`. The following commands are # equivalent: httpstorm - d:+. 443 : ihttpstorm - d: httpstorm. 443 : i# Remember to edit `/etc/httpstorm/httpstorm.443.ini`, and reload the # configuration: httpstorm - d:+. 443 : c# Restart the service. This can also be achieved with separate stop and start # commands, as seen on the second line. Service controls are executed in the # order of appearance: httpstorm - drhttpstorm - dqs
The default service-name is httpstorm
. To control a service named httpstorm.443
,
use :httpstorm.443:
or :+.443:
, where :+.443:
appends .443
to the default
service-name.
The configuration file name is derived from the service-name and has an
.ini
suffix. For example httpstorm.ini
.
Services and instances installed under /usr/sbin
or /usr/local/bin
store
configuration files under /etc/httpstorm
. Portable apps store
configuration locally. Note that due to a limitation on BSD systems,
programs cannot determine the path from which they are running, unless
started with /full-path/to/httpstorm
. BSD systems use rc.conf
, which does not
support special characters in the service-name. They can be replaced with underscore _
.
Note that double-underscore __
has a special meaning, see
Shared configuration.
The default configuration file name is httpstorm.ini
. For services, the
configuration file name is derived from the service-name and has an .ini
suffix.
Whenever a new configuration file is created, if the service name ends on a valid
port number e.g. httpstorm.443
, that port number is preset in the new configuration.
Multiple instances can share configuration, while listening on
different ports. A suffix of __
followed by a valid port number is omited from the
configuration file name. The following examples both read configuration from
httpstorm.ini
, the first instance respects the configured port, while the second
overrides it to 443
:
httpstorm - d: httpstorm httpstorm - d: httpstorm__443
Configuration .ini files for each service are stored in /etc/httpstorm/
or the application directory, and can be reloaded -reload
without restart.
Name | Description |
---|---|
root | Root directory of the web server |
port | Listening port. Use separate service instances to handle multiple |
ports. If a valid certificate is configured, both HTTP and HTTPS | |
connections will be accepted on the same port. | |
user | Drop credentials to the selected user when accessing files under |
the root directory. Only supported on Linux, when started as the | |
user root . | |
view_md | Allow conversion of markdown files to HTML e.g. GET /README.md?view |
tls_cer | TLS certificate or chain file. It may start with the private key. |
tls_key | TLS key file (can be the same as tls_cer ). Multiple key-cer pairs |
can be used to provide different certificate types e.g. | |
ECC and RSA for better compatibility with old clients. | |
tls_min_bits_ec | 256 384 448 521 |
Minimal EC strength used for key exchange. Affects the named groups. | |
tls_no_weak_ciphers | 0 1 |
Ciphers know to be weak e.g. CBC can be disabled to | |
achieve higher security when compatibility with old clients | |
is not needed. | |
upgrade_hsts | 0 1 |
Enable HTTP Strict-Transport-Security. Clients successfully | |
connected over HTTPS will be forced to use only HTTPS for future | |
connections up to two years. If disabled, clients are instructed to | |
clear the HSTS flag. | |
upgrade_https | 0 1 |
Automatically upgrade to HTTPS if the client sends | |
Upgrade-Insecure-Requests:1 . The server certificate name and | |
expirity date are checked, to make sure we can safely upgrade the | |
connection to secure. | |
list_directories | 0 1 |
Enable directory listing | |
min_gz | 0 1 |
Serve minified files br gz min webp : file.[br gz] , | |
file.min.[css js htm html] , file.[gif jpg jpeg png].webp before | |
the original file, unless file is newer. br is preferred than | |
gzip , as it provides better compression and is well supported. | |
vdir | { |
vdir |path |[user] | |
vdir |/var/vdir |www-data | |
} | |
Define virtual directories with alternate root path and user . | |
The path can be absolute or relative to root . An absolute vdir | |
path overrides the host path . A vdir user has precedence over | |
the host user . A relative path is constructed as | |
/root-path /[host-path] /[vdir-path] | |
host | { |
host |path |[user] | |
nanortos.com |/var/www/nano |www-data | |
} | |
Define virtual hosts with alternate root path and user . | |
The path can be absolute or relative to root . | |
ext= allow |block | { |
css htm html js | |
gif jpg jpeg png | |
} | |
Define a list of allowed or blocked file extensions | |
ext_no_ext | allow block |
Allow or block files which do not have an extension | |
# | This line is a comment. Invalid parameter names are ignored. |
root=/ var/ www port= 80# user=nobody # tls_cer=httpstorm.com.pem # tls_key=httpstorm.com.pem # tls_min_bits_ec=384 # tls_no_weak_ciphers=1 # upgrade_hsts=1 upgrade_https= 1# list_directories=1 # min_gz=1 vdir= { # dir|path|[user] } ext= allow{ css htm html js json xht xhtml xml gif ico jpg jpeg png svg svgz woff woff2 apng avif avifs bmp emf heic heics heif heifs tga tif tiff webp wmf aac aif aiff ape flac m4a mid midi mka mp3 mpa mpga oga ogg ra wav weba wma asf avi avs flv heiv m3u m4v mkv mov mp2 mp4 mpeg mpg ogm ogv webm wmv ai book eps epub fon indd odb odc odf odg odp ods odt otf ps psd ttf csv doc docx drawio pdf pps ppsx ppt pptx rtf txt vdx vsd vsdx wri xls xlsx001 7 z arj cab cpio deb dmg ipk ipkg lha lhz lzma pkg rar rpm torrent br bz2 bzip2 gz gziptar taz tbz tbz2 tbzip2 tgz tpz txz xar xz z zip bin dsk esd fat hfs ima img ipsw iso ntfs squashfs swm vhd vhdx wimcat cer crl crt der dll dylib exe so ini log dsn opj pat v vams vhdl buildinfo cap pcap pcapng} # ext=block { key p7b pem# cat cer crl crt der dll dylib exe so # a com cpl idb ilk log lnk manifest o obj pch pdb pif res scr sys tmp # asp aspx bat class cmd hta jar java php php3 pl py pyc sh vb vbs wsh # conf config db inf ini htaccess rdp reg } # ext_no_ext=block
☂︎ Apple iOS, macOS
☂︎ FreeBSD
☂︎ Linux, OpenWRT
☂︎ Windows
⚡︎ _ ______ ______ ___ ____ ______ _____ ___ _ _ ╱ ╱ ╱ ╱ ╱ ╱ ╱ ╱ ╱ ╱ ╱ ╱ ╱ ╱ ╱ ╱ ╱ ╱ ╱ ╱⎪ ╱⎪ ╱ ╱ ╱ ╱ ╱ ╱ ╱ ╱ ╱ ╱ ╱ ╱ ╱ ⎪ ╱ ⎪ ╱‾‾‾╱ ╱ ╱ ╱‾‾‾ ‾‾‾╱ ╱ ╱ ╱ ╱╲‾‾ ╱ ⎪ ╱ ⎪ ╱ ╱ ╱ ╱ ╱ ╱ ╱ ╱ ╱ ╱ ╱\ _ _╱ ⎩╱ ⎩ ‾‾‾‾ ‾‾‾‾‾