httpstorm

Lightning fast web server designed for security, streaming and static content

Description

httpstorm is a secure and highly efficient web server for static content

Highlights

☂︎ Low latency audio and video streaming platforms
☂︎ Efficient content dellivery in datacenterss
☂︎ Faster than the competition: NGINX, Apache, IIS
☂︎ Cross-platform: Linux, OpenWRT, Docker, BSD, Windows, macOS, iOS
☂︎ Cross-architecture: Intel, ARM, MIPS
☂︎ Secure and reliable with A+ score on SSLlabs
☂︎ Optimized content delivery
☂︎ Easy to install and configure
☂︎ Directory listing with built-in image viewer and audio/video playback

Command line options (service control)

The service commands start with -d followed by one or more of the commands listed in the table below. By default the default service named httpstorm is addressed. To address a service called service-name, insert :service-name: between -d and the actual commands. As a shorthand for httpstorm.443, :+.443: can be used.

Service controlDescriptionService controlDescription
sStartPPause
qStopCContinue
rRestartHHelp ?
iInstalleEnable
uUninstalldDisable
cReload configurationlDaemon-reload

Sample use (service control)

Service controlDescription
-diInstall service with default name httpstorm
-d:+.8080:iInstall service httpstorm.8080
-dir -uninstallCommands are executed in the order they appear
-d:httpstorm:iInstall service httpstorm
-d:httpstormRun as service httpstorm
-d:httpstorm::Run in foreground using httpstorm.ini
# Install and start the default service instance:
  httpstorm -di

# Install a service named `httpstorm.443`. The following commands are
# equivalent:
  httpstorm -d:+.443:i
  httpstorm -d:httpstorm.443:i

# Remember to edit `/etc/httpstorm/httpstorm.443.ini`, and reload the
# configuration:
  httpstorm -d:+.443:c

# Restart the service. This can also be achieved with separate stop and start
# commands, as seen on the second line. Service controls are executed in the
# order of appearance:
  httpstorm -dr
  httpstorm -dqs

Notes

The default service-name is httpstorm. To control a service named httpstorm.443, use :httpstorm.443: or :+.443:, where :+.443: appends .443 to the default service-name.

The configuration file name is derived from the service-name and has an .ini suffix. For example httpstorm.ini.

Services and instances installed under /usr/sbin or /usr/local/bin store configuration files under /etc/httpstorm. Portable apps store configuration locally. Note that due to a limitation on BSD systems, programs cannot determine the path from which they are running, unless started with /full-path/to/httpstorm. BSD systems use rc.conf, which does not support special characters in the service-name. They can be replaced with underscore _. Note that double-underscore __ has a special meaning, see Shared configuration.

The default configuration file name is httpstorm.ini. For services, the configuration file name is derived from the service-name and has an .ini suffix. Whenever a new configuration file is created, if the service name ends on a valid port number e.g. httpstorm.443, that port number is preset in the new configuration.

Shared configuration

Multiple instances can share configuration, while listening on different ports. A suffix of __ followed by a valid port number is omited from the configuration file name. The following examples both read configuration from httpstorm.ini, the first instance respects the configured port, while the second overrides it to 443:

httpstorm -d:httpstorm
httpstorm -d:httpstorm__443

Configuration

Configuration .ini files for each service are stored in /etc/httpstorm/ or the application directory, and can be reloaded -reload without restart.

NameDescription
rootRoot directory of the web server
portListening port. Use separate service instances to handle multiple
ports. If a valid certificate is configured, both HTTP and HTTPS
connections will be accepted on the same port.
userDrop credentials to the selected user when accessing files under
the root directory. Only supported on Linux, when started as the
user root.
view_mdAllow conversion of markdown files to HTML e.g. GET /README.md?view
tls_cerTLS certificate or chain file. It may start with the private key.
tls_keyTLS key file (can be the same as tls_cer). Multiple key-cer pairs
can be used to provide different certificate types e.g.
ECC and RSA for better compatibility with old clients.
tls_min_bits_ec256 384 448 521
Minimal EC strength used for key exchange. Affects the named groups.
tls_no_weak_ciphers0 1
Ciphers know to be weak e.g. CBC can be disabled to
achieve higher security when compatibility with old clients
is not needed.
upgrade_hsts0 1
Enable HTTP Strict-Transport-Security. Clients successfully
connected over HTTPS will be forced to use only HTTPS for future
connections up to two years. If disabled, clients are instructed to
clear the HSTS flag.
upgrade_https0 1
Automatically upgrade to HTTPS if the client sends
Upgrade-Insecure-Requests:1. The server certificate name and
expirity date are checked, to make sure we can safely upgrade the
connection to secure.
list_directories0 1
Enable directory listing
min_gz0 1
Serve minified files br gz min webp: file.[br gz],
file.min.[css js htm html], file.[gif jpg jpeg png].webp before
the original file, unless file is newer. br is preferred than
gzip, as it provides better compression and is well supported.
vdir{
vdir|path|[user]
vdir|/var/vdir|www-data
}
Define virtual directories with alternate root path and user.
The path can be absolute or relative to root. An absolute vdir
path overrides the host path. A vdir user has precedence over
the host user. A relative path is constructed as
/root-path/[host-path]/[vdir-path]
host{
host|path|[user]
nanortos.com|/var/www/nano|www-data
}
Define virtual hosts with alternate root path and user.
The path can be absolute or relative to root.
ext= allow|block{
css htm html js
gif jpg jpeg png
}
Define a list of allowed or blocked file extensions
ext_no_extallow block
Allow or block files which do not have an extension
#This line is a comment. Invalid parameter names are ignored.

Sample configuration

root=/var/www
port=80
# user=nobody
# tls_cer=httpstorm.com.pem
# tls_key=httpstorm.com.pem
# tls_min_bits_ec=384
# tls_no_weak_ciphers=1
# upgrade_hsts=1
upgrade_https=1
# list_directories=1
# min_gz=1

vdir=
{
	# dir|path|[user]
}

ext=allow
{
	css htm html js json xht xhtml xml gif ico jpg jpeg png svg svgz woff woff2
	apng avif avifs bmp emf heic heics heif heifs tga tif tiff webp wmf
	aac aif aiff ape flac m4a mid midi mka mp3 mpa mpga oga ogg ra wav weba wma
	asf avi avs flv heiv m3u m4v mkv mov mp2 mp4 mpeg mpg ogm ogv webm wmv
	ai book eps epub fon indd odb odc odf odg odp ods odt otf ps psd ttf
	csv doc docx drawio pdf pps ppsx ppt pptx rtf txt vdx vsd vsdx wri xls xlsx
	001 7z arj cab cpio deb dmg ipk ipkg lha lhz lzma pkg rar rpm torrent
	br bz2 bzip2 gz gzip tar taz tbz tbz2 tbzip2 tgz tpz txz xar xz z zip
	bin dsk esd fat hfs ima img ipsw iso ntfs squashfs swm vhd vhdx wim
	cat cer crl crt der dll dylib exe so ini log dsn opj pat v vams vhdl
	buildinfo cap pcap pcapng
}

# ext=block
{
	key p7b pem
	# cat cer crl crt der dll dylib exe so
	# a com cpl idb ilk log lnk manifest o obj pch pdb pif res scr sys tmp
	# asp aspx bat class cmd hta jar java php php3 pl py pyc sh vb vbs wsh
	# conf config db inf ini htaccess rdp reg
}

# ext_no_ext=block

Supported Platforms

☂︎ Apple iOS, macOS
☂︎ FreeBSD
☂︎ Linux, OpenWRT
☂︎ Windows

Prerequisites and build instructions

                                     ⚡︎
    _       ______  ______    ___        ____   ______   _____    ___    _    _
    ╱   ╱  ╱  ╱  ╱ ╱  ╱  ╱   ╱  ╱       ╱   ╱  ╱  ╱  ╱  ╱    ╱   ╱  ╱   ╱⎪   ╱⎪
   ╱   ╱     ╱       ╱      ╱  ╱       ╱         ╱     ╱    ╱   ╱  ╱   ╱ ⎪  ╱ ⎪
  ╱‾‾‾╱     ╱       ╱      ╱‾‾‾        ‾‾‾╱     ╱     ╱    ╱   ╱╲‾‾   ╱  ⎪ ╱  ⎪
 ╱   ╱     ╱       ╱      ╱          ╱   ╱     ╱     ╱    ╱   ╱  \_ _╱   ⎩╱   ⎩
                                     ‾‾‾‾            ‾‾‾‾‾

© 2015-2023 Georgi Valkov

https://httpstorm.com/